DICT unit findings bare cyberattacks vs alternative media outlets traced to Philippine Army

September 23, 2021 - 6:39 PM
A man types on a computer keyboard in this illustration picture February 28, 2013. (Reuters/Kacper Pempel/Illustration/)

Philippine alternative media outlets announced that the cyberattacks they experienced earlier this year were traced to the Philippine Army.

Quirium: The Media Foundation or Quirium Media previously found cyberattacks against websites of Bulatlat, Karapatan and Altermidya from May to June 2021.

READ: Quick dive into recent cyberattacks vs Altermidya, Bulatlat, Karapatan websites 

In their joint statement on September 23, Bulatlat and Altermidya stated that the Computer Emergency Response Team under the Department of Information and Communications Technology had confirmed to them that the cyberattacks came from an IP address assigned to the Philippine Army.

The outlets noted that the CERT-PH gave them a copy of these initial findings stated in a report on Aug. 11, 2021.

“CERT-PH validated what we already know from the forensic investigation by our hosting provider, Sweden-based Qurium Media Foundation. When we published Qurium’s findings in June, the Armed Forces of the Philippines feigned ignorance, and issued a statement claiming that the institution upholds press freedom,” read their statement.

They also noted that the report was initially marked restricted. They, however, made a decision to release the findings for the sake of public awareness.

“There is no reason to keep it confidential especially if state agents used public funds and resources to infringe upon our right to publish and the people’s right to information,” they said.

What the report says

The two progressive outlets cited portions of the CERT-PH report, which states:

“CERT-PH called DOST [Department of Science and Technology] ,and confirmed the IP was assigned to the Philippine Army. This IP was also seen in the provided log file by bulatlat/altermidya which is 202.90.137[.].42.”

“CERT PH noted the 2182 lines of logs with destination bulatlat.com from the IP 202.90.137[.].42 which was submitted by the investigation requester.  An additional analysis did not prosper due to non-established coordination with the organization currently using the said IP.”

The IP address mentioned was the one Quirium found in its report. This IP address was also present on the Wikipedia page for “Chief of Army (Philippines)” and related pages to the Philippine Army.

The foundation also found a machine from the Department of Science and Technology that ran a scan on Bulatlat’s website on May 18.

DOST previously denied taking part in these cyberattacks. The agency also stated that they will conduct an internal probe about it.

Bulatlat and Altermidya, however, have yet received updates about DOST’s investigation.

“In response to our letter requesting for a formal investigation, the DOST said it has asked the DICT to conduct an independent probe, and assured us that the DOST will never infringe upon any right, including the right to press freedom,” they said.

“As of today, we have not received any communication from the DOST regarding its investigation, which we requested a copy of. We tried reaching out to them via office phone and email, but we have yet to receive a response,” they added.

Bulatlat and Altermidya also condemned anew the Philippine Army for carrying out such attacks against their websites, including the website of Karapatan.

They also expressed disappointment to DOST for the perceived “cover-up” of these cases.

“DOST should not allow its infrastructure be used to suppress the truth, and should impose penalties for agencies found to commit abuses,” they said.