Big, rich tech teams attack PH alternative media websites

Inday Espina-Varona

Posted at Feb 07 2019 04:53 PM

MANILA - A well-funded, sophisticated and multi-pronged attack on the country’s oldest alternative digital news outfit used over 4,000 compromised computers, editors of said Wednesday.

The attacks against Bulatlat, traced to Philippine-based entities, started in December 2018 and peaked in January. The focus has since shifted to another alternative news service, Kodao Productions.

A third outfit, the national Altermidya Network, also reported on Wednesday discovery of still unidentified spam and malware scripts, which IT specialists are addressing.

This year’s assaults coincided with growing cases of killings, arrests and surveillance and harassment of activists, including nationalist clergy.

University of the Philippines associate professor Danilo Arao, also Bulatlat’s associate editor, said this year’s assaults coincided with a series of reports critical of the government’s push to lower the age of criminality and the release of National Democratic Front of the Philippines peace panel consultant Rafael Baylosis after a court dismissed charges of of illegal possession of firearms and explosives.

It crested with reportage on the Jan. 30 murder Felix Randy Malayao Jr., another NDF consultant.


A visualization of the attacks by the Swedish Qurium Media Foundation showed small spheres of white with red undertones erupting in blasts, each representing a request to the website. 

The visualization, according to Bulatlat managing editor Len Olea, is a pale version of reality.

The distributed denial of service (DDoS) attack on Bulatlat involved 3 million requests per second.

Those 3 million requests per second represented the website’s average traffic over six months.

“We received 40,000 times the normal traffic of the site,” said Olea.

There were as many as 40 attacks in a week, she added.

A DDoS attack swamps a website’s capacity to serve its audience.

At its worst, administrators are not able to access their downed site. Tamer attacks can substantially slow down the site, with the possibility of the audience giving up on accessing the news.

Bulatlat was already served by a company with a pledged unlimited bandwidth and had safeguards, including Cloud Flare, a DDoS mitigation technology.

“They found a way around that,” Arao said.

Qurium, a non-profit foundation that helps democratic forces under technological fire from repressive governments and entities, managed to staunch the worst attacks and migrate Bulatlat to safer servers.

But the level of the assaults forced Qurium experts to monitor and troubleshoot round the clock, Arao said.

On January 30, the day assassins killed Malayao on a commuter bus, the hits “doubled from already heightened levels, with attackers working 24/7,” said Arao.

The attackers then shifted to Kodao, when it started publishing Bulatlat reports and during its coverage of the protests that broke out in the aftermath of Malayao’s killing.


Olea, sharing Qurium’s reports, said the attacks were not the work of a lone, disgruntled techie but of a large team with deep pockets.

It was planned warfare, not a spontaneous display of rage.

“They initially kept their requests at a low ratio to avoid flood detection,” said Arao. For less tech-versed site owners, these incidents could simply look like greater interest in stories.

The slow intermittent flood eventually became a deluge of packets of requests, with one attack involving some 1,100 compromised computers, with both human and botnet intervention.

The attackers hid behind a highly secured virtual private network. At one point, it took 400 hours to unravel information from around five gigabytes of data.

When general DDoS failed, the attackers took to session attacks, focusing on pages of specific reportage.

They also attacked the search engine using the keywords “XD” and “Duterte”.

Arao said Qurium’s sleuthing was helped along by some careless attackers, leading them to IP addresses.

“Takes a lot of money to do these attacks and the initial results of the investigation showed this,” Olea said.

Qurium has written to the Department of Information and Communications Technology but has still to get a reply, Olea said.

Disclaimer: The views in this blog are those of the blogger and do not necessarily reflect the views of ABS-CBN Corp.