A Swedish digital forensic group called Qurium Media Foundation (QMF) reported last week that a series of cyberattacks against alternative news organizations bulatlat.com and altermidya.org and the human rights group Karapatan were traced to computer networks of the DOST and the Philippine Army. The detailed report of the QMF showed “brief but frequent’’ attacks in the form of distributed denial of service (DDoS) against the three organizations, which have been among those Red-tagged by the Duterte administration’s anti-insurgency task force.
The DDoS attack involves flooding the website with superfluous requests to overload the host, rendering it inaccessible. At least five attacks were mounted on May 17, 18, and 20 and two more on June 6, according to the group.
The cyberattacks happened as the three groups were reporting about the request of outgoing International Criminal Court prosecutor Fatou Bensouda to investigate President Duterte for crimes against humanity over the drug war killings, as well as the designation of “terrorist” organizations, the arrest of elderly peasant leaders in Mindanao, and the continuing low mass testing for COVID-19.
The morning after the May 17 attack, one machine that identified its internet protocol (IP) address as from the DOST conducted a “vulnerability scan,’’ an indication that the perpetrators checked whether the cyberattacks were successful. The IP address belonged to the Philippine Research, Education and Government Information Network (Preginet), a unit under the Advanced Science and Technology Institute (Asti) of the DOST, according to Qurium. Another unit in the same IP address was registered to “acepcionecjr@army.mil.ph,” which is under the official domain and website of the Philippine Army.
Such cyberattacks are illegal under Philippine law. These incidents emanating from government-owned networks, if true, either show that the “perpetrators’’ were so confident about getting away with their illegal actions that they didn’t mind having their IP addresses out in the open and traceable to their offices, which have no business undermining the operations of private entities; or they were too inept to have known that their addresses could in fact be traced.
In a statement, the DOST said its reported involvement in the cyberattacks was “unfounded and patently false.’’
“This statement was solely based on the tracked IP address and does not translate to the Department’s involvement in the matter,’’ it said. The DOST “assists other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies.’’
There goes another denial-nondenial. If the department is “allowing” other government agencies the use of some of its IP addresses, shouldn’t it require that such use be in accordance with the law at all times? Is there no clause or protocol in its terms of service obligating users to refrain from using government property and resources for illegal, nefarious purposes? The DOST statement is a virtual washing of hands over that fundamental responsibility. The IP address was clearly traced to the Asti unit located in the DOST offices inside the University of the Philippines campus in Diliman, Quezon City; the DOST’s mealy-mouthed statement implies that an entity like the Philippine Army may indeed be behind the use of its IP address to mount the cyberattacks—but the department cannot be held responsible for such criminal activity. What a cop-out.
The DOST must conduct an investigation at the very least, or call on the appropriate agency to investigate the cyberattacks launched from its own computers. The report of the Swedish group is detailed enough for any determined office, especially one at risk of being tainted by underhanded third-party actuations, to identify exactly who the actors were behind the malicious cyberattacks.
The same must be demanded of the Philippine Army, whose statement was likewise a study in pro-forma evasion: “We take these accusation of cyberattack seriously and we will not condone or tolerate it if such occurred against media entities. Rest assured we are servants of the people and protector of freedom of expression,’’ said Army spokesperson Col. Ramon Zagala.
The cyberattacks deployed from government networks appear to represent a new weapon in the administration’s arsenal as it ramps up its campaign against groups it deems its enemies. But the actions are a clear violation of the law and an infringement on free speech rights—and to discover that government agencies may be behind such assaults on media outfits and outspoken citizens is utterly unacceptable.
If the two agencies continue ignoring calls for accountability and transparency, the Senate and the House must step in to conduct a probe to unmask those using public resources for their devious ends.