Gov’t cyberattacks

The Department of Information and Communications Technology’s Computer Emergency Response Team (CERT-PH) has confirmed that the cyberattacks on the sites of two alternative media outlets and a human rights group back in May originated from the computer network of the Philippine Army.

According to Bulatlat and Altermidya-People’s Alternative Media Network, the CERT-PH’s report was able to verify with the Department of Science and Technology (DOST) that the attacks came from an internet protocol (IP) address assigned to the Philippine Army. The CERT-PH’s Aug. 11 report was confidential, but the two outlets decided to disclose it to the public, because “There is no reason to keep it confidential especially if state agents used public funds and resources to infringe upon our right to publish and the people’s right to information,” they said.

The CERT-PH report also validated the findings of a digital forensic analysis made by Swedish company Qurium Media Foundation (QMF) last June that Bulatlat, Altermidya, and Karapatan were the subject of “brief but frequent’’ attacks in the form of distributed denial of service (DDoS), which involved flooding the websites with superfluous requests to overload the host, thus rendering the sites inaccessible.

The attacks occurred on May 17, 18, and 20 and June 6, when the groups — which are among those that have been Red-tagged by the military — were reporting on the International Criminal Court’s investigation of President Duterte’s drug war, the arrest of peasant leaders in Mindanao, and the low testing for COVID-19, among other issues.

The QMF traced the hostile IP address to the Philippine Research, Education and Government Information Network, a unit under the Advanced Science and Technology Institute of the DOST. Another unit in the same IP address was registered to “acepcionecjr@army.mil.ph,” which is under the Army’s official domain and website.

With no less than the government’s main cybersecurity arm making the damning report, the Army has no more grounds to insist on its denial and obfuscation of this sinister crime. It has been caught red-handed through its own digital footprints.

Cyberattacks are punishable under Republic Act No. 10175 or the Cybercrime Prevention Act of 2012, which defines and provides stiff penalties for cybercrime offenses.

These cyberattacks are also a brazen assault on basic freedoms and rights enshrined in the Constitution, and they must be denounced by any freedom-loving citizen, more so if they originate from the military, an institution sworn to protect the people.

Clearly, from the QMF and CERT-PH reports, what happened was not case of a “mere visit’’ or browsing of the sites, as ridiculously claimed by the Army’s spokesperson Col. Ramon Zagala. The QMF report said the perpetrators even conducted a vulnerability scan on the morning after the May 17 attack, to check whether the cyberattacks were successful.

If it has nothing to hide or cover up, the Philippine Army would be more forthcoming and would welcome the chance to cooperate in any inquiry into this illegal activity. But the CERT-PH noted in its report that when it coordinated with the military in July to seek “the right person to engage with” in the investigation, it got no response.

“An additional analysis did not prosper due to the none (sic) established coordination with the organization currently using the said IP,” the report read. Why ignore this official inquiry if no wrongdoing was committed?

Bulatlat and Altermidya-People’s Alternative Media Network have every right to denounce the military’s action. “We condemn the Philippine Army for carrying out cyber crimes against independent media outfits. We take offense at the duplicity they have shown regarding this incident — publicly professing respect for press freedom but launching vicious digital attacks, and never cooperating with other government agencies,’’ the two groups said.

That goes for the DOST, too, which refused the two groups’ request to identify the agency using the IP address involved in the attacks, and has until now failed to provide them a copy of its investigation.

The gravity of the offense and the lack of transparency by the Army and the DOST are unacceptable, and this illegal act, using government resources at that, cries out for a thorough, unrestricted investigation. Under RA 10175, the National Bureau of Investigation and the Philippine National Police are tasked to enforce and investigate violations of the cybercrime law. These agencies must now look into this incident and unmask those who are using the government’s technological arsenal as weapons to ambush and try to shut down online media outlets, especially since the perpetrators point to men in uniform.

Ordinary citizens have been charged for lesser offenses under the cybercrime law. Is the Army above the law?

Read more...