^

Opinion

Who paid $260,000 to take down Karapatan website?

AT GROUND LEVEL - Satur C. Ocampo - The Philippine Star
August 28, 2021 | 12:00am

For 25 consecutive days beginning July 29, the website of human rights alliance Karapatan was subjected to cyber attack aimed at taking it down. The “unprecedented” attack targeted the website’s resource folder where the reports on human rights abuses in the Philippines are stored.

“Billions of requests, thousands of dollars spent on feeding garbage 24/7, night and day. They just kept going and going and going,” said Tord Lundstrom, a Swedish cyber security expert.

Lundstrom is technical director of Qurium Media Foundation, a Swedish non-profit digital security solutions provider, that made a detailed forensic investigation into a “sophisticated, well-resourced dedicated” denial-of-service (DDoS) attack against the website of Karapatan.

It was Lundstrom’s team that tracked and analyzed the DDoS attacks that used botnets – networks of infected devices – proxied through 30,000 bots in Russia, Ukraine, Indonesia and China. The bots directed millions of requests to the page karapatan.org/resources, where Karapatan stores its human rights violations reports.

After making a detailed forensic investigation, Qurium issued a report titled “Israeli firm ‘Bright Data’ (Luminati Network) enabled the attack against Karapatan.”

The onslaught against Karapatan was remarkable for the volume of requests and the relentlessness of the attack, leaving Lundstrom and his team exhausted as they worked around the clock to mitigate them, according to a report by Peter Guest, editor of Rest of the World, which reports on global technology developments.

“Ten years that we’ve been in this space, we have never seen [anything like] this,” Lundstrom acknowledged. “It’s almost, like, psychotic, you know? It’s almost sick.”

Qurium was able to trace thousands of IP addresses used in the cyber attack to Bright Data. The latter denied any involvement in the attack, but Qurium has shown correspondence from the firm which read: “We did find customers who were targeting this [Karapatan] website.” There’s no practical way that IPs from inside Bright Data’s network could be involved in the attack, Lundstrom pointed out, “unless the company’s infrastructure was being used.” Later the company claimed it had already blocked the reported domain (the Karapatan website) for all its customers.

The Israel-based firm previously known as Luminati Network rebranded to Bright Data last March. It offers proxy networks and data services to mobile operators, data centers and residential buildings, what Qurium said was “a perfect infrastructure to hide the source of the DDoS attacks.”

“The nature of the attack means that it was paid for, if not to Bright Data, then to another provider,” Guest pointed out. “Based on the amount of traffic (requests) that has been directed to Karapatan’s website, and typical rates, Qurium estimated that the attack could have cost at least $260,000 – meaning that someone, somewhere, is willing to spend serious money to take down Karapatan offline.”

“This is not for free,” Lundstrom said. “We know that it’s not a kid playing computer games that has decided…to have some fun. This is something different. You don’t do this for three weeks in a row if you don’t have the resources.”

Who could have paid for the cyber attack? Pointing to the timing of the attack, Karapatan has declared: “We see no other actor who would do that with the resources, with the motivation, or who (would) benefit most from our website being taken down, except for the government.”

Karapatan launched an online campaign, #StopTheKillings PH, to draw attention to violence against human rights defenders on Aug. 16, the anniversary of the extrajudicial killing of human rights worker Zara Alvarez in Bacolod City. On that day, Qurium observed the DDoS attack had “ramped up a notch.”

Karapatan also noted a connection: Online attacks happen “during critical or big campaigns that we have – on Stop the Killings, on political prisoners and on the International Criminal Court investigation (of extrajudicial killings in the ‘war on drugs’).”

“We know whose interests these attacks serve,” said Karapatan secretary general Cristina Palabay. “Specifically targeting Karapatan’s online resources only means that these attacks were clearly trying to suppress our documentation and human rights work and, of course, the people’s right to freedom of information.”

Recall that in July 2020, Karapatan’s website and those of online journalism outlets Bulatlat and AlterMidya were briefly targeted by DDoS attacks. Quriam then was able to link those attackers to a computer registered to the Department of Science and Technology. It turned out that military intelligence groups had used the DOST computer in trying to paralyze, if not take down, the three websites.

Trying to unravel the infrastructure used in the latest attack, the Qurium team recorded all the IP addresses sending requests to the Karapatan website, and determined which of them were so-called “open proxies” – publicly available machines that are often used to amplify and mask attacks – or other commonly used infrastructure. They found 2/3 of them were such.

Tracking down around 8,000 of the 30,000 IP addresses to a small number of places, they also found them coming in a regular pattern. Lundstrom observed: “That’s what made us believe [the attack] was something bought privately. The traffic was hitting the site in dense bursts, and the IPs were being renewed hourly.” Looking deeper at the requests, the Qurium team found that a lot of the proxies had the name “Luminati.”

Lundstrom warned that the type of attack against Karapatan could become “increasingly commoditized” as countries with weak regulations and poor network security…could have their compromised devices coopted by attackers for use in botnets.”

“Well-resourced governments or organizations can simply pay $10,000-$20,000 to take content they don’t like offline,” he added.

The targets of attack, he further warned, are “civil society groups with extremely small budgets. The money invested now to take them down is definitely much, much, much larger than the money they will ever have themselves.”

So, did the Karapatan website survive?

Lundstrom mused: “This time the attackers just got unlucky that some Swedish guys who have never been in the Philippines decided to help.”

*      *      *

Email: [email protected]

vuukle comment

DDOS
Philstar
x
  • Latest
  • Trending
Trending
Latest
Trending
abtest
abtest

Did hocus-PCOS do this in your town in 2022?

By GOTCHA | By Jarius Bondoc | 9 hours ago
This town of 30 barangays had only 153 precincts in Election 2022. Yet four candidates for mayor got identical votes in many precincts. In others, the three “losers” got 1, 2 or 3 additional or fewer...
Opinion
fbtw

School break

By SKETCHES | By Ana Marie Pamintuan | 9 hours ago
Two weeks ago a young mother I know was abruptly informed that the “Kiddie 1” classes of her three-year-old daughter, which were supposed to be until next month, were over for the school year.
Opinion
fbtw

Bad beyond pharma

By CTALK | By Cito Beltran | 9 hours ago
The alleged multi-level marketing practice of a local pharmaceutical company exposed by media is now the talk of the health care community.
Opinion
fbtw

Para sa ekonomiya: The need for regulatory coherence

By ROSES AND THORNS | By Pia Roces Morato | 9 hours ago
The Department of Trade and Industry said that in 2023, President Ferdinand Marcos Jr.’s trips abroad generated up to P4 trillion in foreign investments.
Opinion
fbtw

Smile, candid camera soon at toll booths

By COMMONSENSE | By Marichu A. Villanueva | 9 hours ago
After being repeatedly postponed, the mandated installation of the Radio Frequency Identification in all vehicles to allow passing through the country’s tollways will definitely be implemented not later than...
Opinion
fbtw
Latest
abtest

Our story in DC

By EYES WIDE OPEN | By Iris Gonzales | 1 day ago
This is a story of many stories and it begins with a group of Filipino bandsmen who tramped through a snowstorm while playing Wagner, Beethoven and what-have-you, here in the US capital more than a hundred years...
Opinion
fbtw

A stable peso& food security

By BREAKTHROUGH | By Elfren S. Cruz | 1 day ago
The past few weeks have been understandably dominated by the standoff between the Philippines and China in the West Philippine Sea.
Opinion
fbtw

Reflecting on the cost of conflict and the value of peace

By LETTER FROM AUSTRALIA | By HK Yu, PSM | 1 day ago
Every year, at dawn on April 25, Australians, New Zealanders and our friends from across the world come together. We remember the soldiers from the Australian and New Zealander Army Corps who landed at the beaches...
Opinion
fbtw

First Lady, a fine lady

By VIRTUAL REALITY | By Tony Lopez | 1 day ago
From January 2001 til June 30, 2022, the Philippines did not have a first lady, that is a woman legally married to a male president of the republic.
Opinion
fbtw
EDITORIAL - Wang-wang for sale

EDITORIAL - Wang-wang for sale

2 days ago
As of yesterday, 1,707 blinkers, sirens or wang-wang, and similar devices had been confiscated from vehicles not authorized to use the gadgets, according to the Philippine National Police.
Opinion
fbtw
Recommended
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with