Connect with us

Technology

Philippines’ Alternative Media Organizations Took DDoS Attackers To Court

Published

on

Alternative media organizations have been targeted by cyber attacks that aim to silence them for their critical news reports against the Philippine government, a court filing revealed Friday. Different organizations have filed a civil case against groups and individuals believed to be behind the cyber attacks on their websites.

In a 28-page complaint, several alternative media organizations including Alipato Media Center Inc, Altermidya-People’s Alternative Media Network Inc, Kodao Productions Inc, and Pinoy Media Center Inc, filed a civil case against IP Converge Data Services Inc and Suniway Group of Companies Inc.

Civil cases were also filed against their officers. Ernesto Alberto, Nerissa Ramos, Anabelle Chua, Juan, Victor Hernandez, Patrick David de Leon, Sherwin Torres, Christian Villanueva, and Cean Archivald Reyes were included in the case against IP Converge Data Services Inc. Furthermore, Suniway Group of Companies Inc’s Rolando Fernandez, Julia Mae Celis, Mary Ann Recomono, Jiang Zongye, and Jiang Xingzhong were also tagged in the complaint.

According to Danilo Arao, a journalism professor from the University of the Philippines and a journalist from one of the plaintiffs, the cases were filed at the Quezon City Regional Trial Court.

The complaint alleges that the cyber attacks carried out by the respondents are “deliberate and organized.” The groups said the cyber attacks “could not have occurred without being orchestrated and well-funded.”

“The attackers employed a wide array of technological means and methods to conduct various forms of DDoS attacks against Plaintiffs’ websites…. Individual defendants, being private individuals who directly or indirectly obstructed, defeated, violated, impeded or impaired Plaintiffs freedom to maintain publications shall be liable to the latter for damages under Article 32(3) of the Civil Code.”

The local news outlet Bulatlat was the first among the newsgroups that were targeted by the DDoS attack. A DDoS attack or distributed denial of service attack is a form of cyber offense where the victim’s site will be bombarded by traffic that it can no longer support, prompting it to misbehave or not to work at all. Amid the DDoS attack, Qurium, a Swedish nonprofit organization which provides rapid response services to media organizations and civil society groups, provided services to the affected alternative news organizations.

How a DDoS attack works. Image Source: Creative Commons

“Qurium’s investigation resulted in the discovery of Defendants IP Converge and Suniway as the sources of attacks,” the complaint read.

According to the report made by Qurium, their response team attempted to contact the Cyber Security Philippines Computer Emergency Response Team and the defendants but neither both of them provided any form of response.

The National Union of Journalists of the Philippines website was also attacked in early February. The site went down on the night of February 8, after a wave of distributed denial of services (DDoS) attack, and again on February 11. This wave of cyber attacks began in December 2018 which first hit the sites Pinoy Weekly, Kodao Productions, and Bulatlat. Kodao and Bulatlat were hit for a second time on January 25. The 3 are all members of the Altermidya network.

This included a single attack that dropped 468 gigabytes on their site – ten times the 50 gigabytes that brought down another alternative news site Bulatlat earlier, according to NUJP.

In a statement relative to the earlier attacks, the International Federation of Journalists, of which the NUJP is an affiliate said: “The use of DDoS attacks to silence critical voices and opinions is the latest threat to press freedom. Blocking access to information is a violation of people’s rights and weakens democracy. We will stand with NUJP and the media community as they strive for press freedom.”

Amid the DDoS attacks against news outlets in the Philippines, the organizations who were affected by the attacks blamed them to the country’s President Duterte. In a statement during their attack, Altermidya believes that “there is no one else that could be behind these attacks than the Duterte administration itself, which has taken increasingly bold steps to curtail press freedom and the people’s right to know.”

Altermidya added it would not cower in the face of attacks online or offline. The organization said it remains committed to reporting “the truths that need urgent telling.”

NUJP added that their organization would “fight back because we cannot allow you to deprive our people of their right to the information they need to chart their individual and collective futures, we cannot allow you to deprive them of their voice. We will fight back because no less than democracy and our basic freedoms are at stake.”

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Mozilla Will Roll Out A Feature That Would Alert Users If They Passwords Were Compromised

The new feature is expected to rolled out with Firefox 70.

Published

on

Photo: Mozilla Website

In the age where the majority of human life is centered around the internet, passwords are one of the most important things to secure, especially that data breaches and system infiltrations seem to become a commonplace. In order to protect user passwords, Firefox is launching a feature that would alert the user who saves their passwords in the browser whenever those passwords have been compromised in a breach.

Last year, teach giant, Mozilla Firefox have collaborated with Hunt to develop a built-in password monitoring feature that would alert users if their passwords were part of a publicly disclosed breach. Furthermore, the Monitor tool from Firefox would send users notifications to users whenever the saved data in their system has the potential to be compromised aside from running a scan retroactively.

“It can be hard to keep track of when your information has been stolen, so we’re going to help by launching Firefox Monitor, a free service that notifies people when they’ve been part of a data breach. After testing this summer, the results and positive attention gave us the confidence we needed to know this was a feature we wanted to give to all of our users,” reads a blog post from Mozilla.

Now, Mozilla Firefox is said to be in the works to integrate the feature to Lockwise password manager, a system that protects and encrypts users passwords. They are working on launching the new feature along with the new version of the browser, the Firefox 70.

The feature works with cross-referencing data with the popular data breach database, Have I Been Pwned. The integration will scan and detect all saved login credentials in both Locwise password manager as well as Mozilla Firefox browser and cross-referencing those entries to a massive database of data leaks reported by Have I Been Pwned, while simultaneously and continuously alerting users if a match has been made.

“Visit monitor.firefox.com and type in your email address. Through our partnership with Troy Hunt’s “Have I Been Pwned,” your email address will be scanned against a database that serves as a library of data breaches. We’ll let you know if your email address and/or personal info was involved in a publicly known past data breach. Once you know where your email address was compromised you should change your password and any other place where you’ve used that password,” explains Mozilla on how the Monitor works.

According to Mozilla, Firefox Monitor has already had 635,000 people have signed up for alerts, and they are expanding with Lockwise to increase this number and help people secure their passwords.

The notifications and alerts will be curated in the Firefox Monitor Dashboard. Through the breach dashboard, users will receive a quick summary of updates for all registered email accounts and passwords. They will be able to easily identify which emails and passwords are being monitored, how many known data breaches may have exposed their information, and specifically if any passwords have been leaked across those breaches.

“Being part of a data breach is not fun, but keeping track of and knowing where your private information may have been made public is one of the first steps in taking control of your online privacy,” Mozilla penned in a blog post.

However, for Locwise users, the monitoring will not work retroactively. That means that users have to manually check if their passwords were part of an older breach.

Nonetheless, the new feature has been updated to include more detailed stats will also be displayed on the extent of the impact on your account, including the number of email addresses affected, amount of breaches they are involved with, and the number of passwords exposed in the breaches.

For those who are wondering how Mozilla will be handling the submitted emails to their monitoring system, they said that they would do their best to protect the emails submitted for scanning.

“If you’re wondering about how we’re handling your email address, rest assured we will protect your email address when it’s scanned. We talked about the technical details on how that works when we first launched the experiment. This is all in keeping with our principles at Mozilla, where we’re always looking for features that will protect people’s privacy and give them greater control when they’re online.”

Firefox 70 is expected to be out in October.

Continue Reading

Technology

Study Finds Google And Facebook Trackers In Porn Sites

Google and Facebook are watching you watching porn.

Published

on

Photo: Gonçalo Nobre | Flickr | CC BY 2.0

The success of online advertising relies on the ability of advertisers to track the online behavior of their target market. And to do this; they have to clip in several trackers all around the internet to ping back a response that gauges a target customer’s online presence. However, a recent study suggests that these trackers are also present in porn sites that allow massive advertising platforms like Facebook, Google, and Oracle to track people’s pornographic behavior.

The study entitled “Tracking sex: The implications of widespread sexual data leakage and tracking on porn websites” suggests that a massive number of porn sites available on the internet contain ad pixels that can be traced back to the three mentioned above companies. Researchers from Microsoft, Carnegie Mellon, and the University of Pennsylvania scanned 22,484 porn sites, and they found out that these sites are platforms for Facebook, Google, and Oracles to track people’s porn-viewing.

“Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party. Tracking on these sites are highly concentrated by a handful of major companies, which we identify. We successfully extracted privacy policies for 3,856 sites, 17% of the total. The policies were written such that one might need a two-year college education to understand them. Our content analysis of the sample’s domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user,” the study’s abstract stated.

The study reveals that out of the more than 22 thousand porn sites examined by the researches, 16,638 sites had Google trackers, 5,396 had Oracle trackers, and 2,248 Facebook trackers. Researchers warned that this information leak should be extremely worrying for many users: “The fact that the mechanism for adult site tracking is so similar to, say, online retail should be a huge red flag.”

“These porn sites need to think more about the data that they hold and how it’s just as sensitive as something like health information. Protecting this data is crucial to the safety of its visitors. And what we’ve seen suggests that these websites and platforms might not have thought all of this through like they should have,” said Elena Maris, a postdoctoral researcher at Microsoft and the study’s lead author.

According to the researchers, people generally think that the websites they visit are owned by one single entity. However, they are not aware that most of the sites on the internet have third parties installing their hidden codes. Such “third-party” code can allow companies to monitor the actions of users without their knowledge or consent and build detailed profiles of their habits and interests. Such profiles are often used for targeted advertising, for example, by showing ads for dog food to dog owners.

And advertising is where platforms like Facebook and Google earns much of its revenue. “Many websites and apps have revenue-sharing agreements with third-party advertising networks and gain direct monetary benefit from including third-party code,” the study suggests.

However, in a statement, a Google spokesperson denied that they allow their advertisers to run ads in sexually explicit websites and porn sites. “We don’t allow Google Ads on websites with adult content, and we prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online. Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.”

Similarly, Facebook also echoed the same statement saying that the company’s ad Community Guidelines does not allow running Facebook trackers on adult websites and pornographic hubs. Facebook’s pixel tracker is, however, can easily be installed on any website, but Facebook claims not to track data collected from pornography websites.

Nonetheless, the researchers said that the results of their study suggest that there are indeed tracking codes in the porn sites they have scanned. Moreover, they said that their results have opened to different implications. Most of these implications revolve around the risk of tracking pornographic behavior as well as to the process of giving out consent to being tracked.

“We identify three core implications of the quantitative results: 1) the unique/elevated risks of porn data leakage versus other types of data, 2) the particular risks/impact for vulnerable populations, and 3) the complications of providing consent for porn site users and the need for affirmative consent in these online sexual interactions,” they concluded.

Continue Reading

Technology

FaceApp And The Double Standards Against Tech Startups — An Opinion

FaceApp is crucified for doing the exact same thing as other photo-sharing platforms like Facebook and Instagram.

Published

on

Photo: charlene mcbride | Flickr | CC BY 2.0

There’s much speculating about how the popular photo-manipulation app, FaceApp, would use the data it collected from users who used the platform to take a sneak-peek of how they would look like in the future.

Following the success of the small-time Russian app on social media platforms like Facebook, Instagram, and Twitter; many have raised concerns regarding how the app could potentially be a privacy and security risk for users. After the news broke out, major news outlets shared their opinions of how the app has gained access to a dataset of photos from millions of people and how the app can use the materials without the owner’s concern — which is clearly stated in the app’s terms and conditions.

By submitting your photo to the app, you “grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”

The issue of FaceApp being blown out of proportions highlights the fact that people don’t really care about their online security and privacy. Many of the app’s users responded with a blunt “I don’t care” to the news that FaceApp could potentially compromise their data.

Double standards vs. FaceApp

However, one of the most untalked elements of the issue is how it highlights the double standard that people impose on small-time developers and tech startups, as compared to tech superpowers like Facebook, Google, and Youtube.

In the get-go, it is clear that there is a potential security risk involving FaceApp and the fact that it is connected to a Russian company. However, these risks are also present in models of massive tech companies, especially social media and photo-sharing platforms like Facebook and Instagram.

Facebook and Instagram, as platforms where users freely “upload” and share photos (and other data) of themselves, process millions of terabytes of data every day. These two platforms have access to a much more significant database of photos that can be compromised at any time.

If you come to think of it, the risk in sharing your photo on Facebook and Instagram is much damning than when you use FaceApp. But we have not heard the media calling out Facebook and warning people not to upload their photos on Instagram.

The risk is the same.

The difference between Facebook and FaceApp is that Facebook (and Google) has a history of selling your data to third parties. Last year, Facebook faced the US government for allegedly selling US citizens’ data to Cambridge Analytica, a British PR firm accused of helping the Russians and Donald Trump influence public opinion through fake news, and a series of anti-Hillary campaigns.

Another argument used against FaceApp is that it asks a series of permission, including access to a user’s camera roll. They stipulate that once given this access; the app would have the capability to gain unauthorized access to all the photos saved on the user’s device.

In a statement, FaceApp clarifies that the permission was necessary for them to gain access to the photo selected by their users. FaceApp added that the app “performs most of the photo processing in the cloud, upload a photo selected by a user for editing, and never transfer any other images from the phone to the cloud.”

While this is indeed a sketchy practice, it is also worthy to note that Facebook and Instagram also ask for this permission. Meaning, they too have access to the plethora of photos (embarrassing or not) saved in a user’s phone. And again, we don’t hear media and experts telling us not to upload pictures on Facebook and Instagram, nor are they stopping us from giving that permission to those social media giants.

This is a reality for small-time developers and tech start-ups. Often, when they release innovation, people quickly become too skeptical and raise concerns about their new product.

But this does not go to show that we should stop criticizing technology. At all cost, we should. The only problem with the reality right now is that we burden budding technology with so many things to prove while we let established tech companies get away with the exact same thing.

The bottom line is that if we are going to tell people to be vigilant of FaceApp, we should not single the app out. Instead, we should tell people to be watchful of the risks that come with all technology — including those that are produced by large tech companies.

Continue Reading

Trending