By ALYSSA MAE CLARIN
MANILA – The Sweden-based Qurium Media Foundation has released its internal forensic investigation into the three-month-long distributed denial-of-service (DDoS) attack against several online news outlets in the Philippines, tracing this one to a group of Filipino hackers who had previously been hailed by the government’s counter-insurgency arm as “a bunch of computer geniuses.”
In December 2021, media websites were taken down consecutively due to targeted DDoS attacks. ABS-CBN, Rappler and Vera Files all had their online websites shut down and inaccessible to the public for hours.
After these initial attacks, the attacker turned to alternative media such as Bulatlat and Altermidyaas well as the human rights group Karapatan.
This prompted Qurium to conduct its own investigation to find out who was behind these targeted attacks.
On December 17, Qurium compared a sample of the attacks on Rappler with digital forensic information from the attack on Vera Files and found that the perpetrator had used the same attack infrastructure.
After further comparing the model with recorded attacks against ABS-CBN, Qurium discovered that the perpetrator had used a tool that makes other websites the source of the attack.
The majority of attack IPs were proxies in the United States, China, Germany, Indonesia, Russia, and Vietnam.
When Rappler and ABS-CBN suffered yet another round of DDoS attacks on December 23, 2021, Qurium saw that a Facebook page called “Pinoy Vendetta” claimed the attack was carried out by one of their “Abdul” members.
The attack lasted three hours and succeeded in flooding the websites with traffic that had peaked at one million requests per second.
According to Qurium’s findings, Pinoy Vendetta has been actively promoting online resources for carrying out DDoS attacks using their Facebook page since November 2021. They also use their page to document every attack they launch.
The National Task Force to End Local Communist Armed Conflict (NTF-ELCAC) had also praised and encouraged Pinoy Vendetta’s continued online attacks, even going so far as to call the page a “group of computer geniuses”. .
Undersecretary Lorraine Badoy has also openly shown her support for Pinoy Vendetta’s use of denial of service attacks and has even publicly posted about it on her official Facebook account.
In a report, Bulatlat condemned the attacks and said they were furious that the NTF-ELCAC applauded such cybercrimes against the Filipino media.
“At a time when the role of the media is crucial, such online attacks are even more deplorable,” Bulatlat said.
“These are clear attempts to deny the public access to relevant, timely and accurate information.” (JJE, RVO)