Connect with us

Cybersecurity

Philippines’ Alternative Media Organizations Took DDoS Attackers To Court

Published

on

Alternative media organizations have been targeted by cyber attacks that aim to silence them for their critical news reports against the Philippine government, a court filing revealed Friday. Different organizations have filed a civil case against groups and individuals believed to be behind the cyber attacks on their websites.

In a 28-page complaint, several alternative media organizations including Alipato Media Center Inc, Altermidya-People’s Alternative Media Network Inc, Kodao Productions Inc, and Pinoy Media Center Inc, filed a civil case against IP Converge Data Services Inc and Suniway Group of Companies Inc.

Civil cases were also filed against their officers. Ernesto Alberto, Nerissa Ramos, Anabelle Chua, Juan, Victor Hernandez, Patrick David de Leon, Sherwin Torres, Christian Villanueva, and Cean Archivald Reyes were included in the case against IP Converge Data Services Inc. Furthermore, Suniway Group of Companies Inc’s Rolando Fernandez, Julia Mae Celis, Mary Ann Recomono, Jiang Zongye, and Jiang Xingzhong were also tagged in the complaint.

According to Danilo Arao, a journalism professor from the University of the Philippines and a journalist from one of the plaintiffs, the cases were filed at the Quezon City Regional Trial Court.

The complaint alleges that the cyber attacks carried out by the respondents are “deliberate and organized.” The groups said the cyber attacks “could not have occurred without being orchestrated and well-funded.”

“The attackers employed a wide array of technological means and methods to conduct various forms of DDoS attacks against Plaintiffs’ websites…. Individual defendants, being private individuals who directly or indirectly obstructed, defeated, violated, impeded or impaired Plaintiffs freedom to maintain publications shall be liable to the latter for damages under Article 32(3) of the Civil Code.”

The local news outlet Bulatlat was the first among the newsgroups that were targeted by the DDoS attack. A DDoS attack or distributed denial of service attack is a form of cyber offense where the victim’s site will be bombarded by traffic that it can no longer support, prompting it to misbehave or not to work at all. Amid the DDoS attack, Qurium, a Swedish nonprofit organization which provides rapid response services to media organizations and civil society groups, provided services to the affected alternative news organizations.

How a DDoS attack works. Image Source: Creative Commons

“Qurium’s investigation resulted in the discovery of Defendants IP Converge and Suniway as the sources of attacks,” the complaint read.

According to the report made by Qurium, their response team attempted to contact the Cyber Security Philippines Computer Emergency Response Team and the defendants but neither both of them provided any form of response.

The National Union of Journalists of the Philippines website was also attacked in early February. The site went down on the night of February 8, after a wave of distributed denial of services (DDoS) attack, and again on February 11. This wave of cyber attacks began in December 2018 which first hit the sites Pinoy Weekly, Kodao Productions, and Bulatlat. Kodao and Bulatlat were hit for a second time on January 25. The 3 are all members of the Altermidya network.

This included a single attack that dropped 468 gigabytes on their site – ten times the 50 gigabytes that brought down another alternative news site Bulatlat earlier, according to NUJP.

In a statement relative to the earlier attacks, the International Federation of Journalists, of which the NUJP is an affiliate said: “The use of DDoS attacks to silence critical voices and opinions is the latest threat to press freedom. Blocking access to information is a violation of people’s rights and weakens democracy. We will stand with NUJP and the media community as they strive for press freedom.”

Amid the DDoS attacks against news outlets in the Philippines, the organizations who were affected by the attacks blamed them to the country’s President Duterte. In a statement during their attack, Altermidya believes that “there is no one else that could be behind these attacks than the Duterte administration itself, which has taken increasingly bold steps to curtail press freedom and the people’s right to know.”

Altermidya added it would not cower in the face of attacks online or offline. The organization said it remains committed to reporting “the truths that need urgent telling.”

NUJP added that their organization would “fight back because we cannot allow you to deprive our people of their right to the information they need to chart their individual and collective futures, we cannot allow you to deprive them of their voice. We will fight back because no less than democracy and our basic freedoms are at stake.”

A Consumer Tech and Cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

Indictment Against Hackers Involved In Anthem Data Breach Unsealed

Two men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Click To Tweet

Published

on

Twor men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015.
The indicted individuals are allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Photo: Tim Reckmann | a59.de | Flickr | CC BY 2.0

Two men were indicted in the U.S. in connection with the data breach at the health insurance company, Anthem, that siphoned more than 78.8 million customer and employee records between 2014 and 2015.

The Justice Department recently unsealed an indictment against two people who prosecutors say are part of a sophisticated hacking network group, based in China that was behind not only in Anthem data breach, but also the attacks against three other US businesses.

While the Justice Department did not name the said Chinese hacking group victimized the three other businesses who they said, they said that these companies were “data-rich.” One was a technology business, one was in necessary materials, and the third was in communications. They said that all of these three companies store a substantial amount – and some confidential – of data on their servers and data networks.

The suspects are 32-year-old Wang Fujie with the Western name of “Dennis” and another one that until now remained unnamed. The Justice Department could not find the real name of the unnamed man but said that he goes by various online nicknames such as “Daniel Jack,” “Kim Young” and “Zhou Zhihong.”

The charges are one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two counts of intentional damage to a protected computer.

According to the indictment documents, the hacker group where Dennis and the unnamed man belongs have carried out attacks using “sophisticated techniques” including spearphishing and malware from February 2014 and up until around January 2015.

They allegedly sent tailored spearphishing emails with links to malware and sent them to employees at the target companies. Once the targeted employee opened the email, the system would get affected by the malware that would later plant a backdoor Trojan that gives the hackers remote access via their command and control servers.

Wang is also accused of having set up the servers, hosted in California and Arizona that were used in the Anthem attacks.

The cyber attack suffered by the insurance company has had them cough up large amounts of money as settlement, making it the most significant data breach settlement ever. In 2017, the company agreed to pay $115 million to settle a class action suit over the breach.

The Anthem attack is also the most massive health insurance data breach, and the amount of data lost to the hackers dwarfed the biggest data breaches in the following years with 11 million breached at Premera and 10 million from Excellus.

The DOJ through a press release and Assistant Attorney General Brian Benczkowski called the hacking event as “unprecedented.”

“The allegations in the indictment unsealed today to outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”

Meanwhile, another set of indictments were released by the Justice Department against European hackers over the hacking of different private and public institutions in the United States. Ten individuals were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday.

According to the officials who filed the charges, the malware, which enabled cybercriminals and hackers from Eastern Europe infiltrate computer systems remotely and siphon funds from victim’s bank accounts, targeted companies and institutions across all sectors of American life.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Continue Reading

Cybersecurity

Winnti For Linux: Researchers Found Linux Variant Of Malware Used By Chinese Hackers In 2015

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers. Click To Tweet

Published

on

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers.
The discovered Linux malware bears significant similarities with its Windows counterpart. Photo: Christiaan Colen | Flickr | CC BY-SA 2.0

Linux systems are cybersecurity kings, but on a historic first, tech researchers have found a variant of a widespread malware, a favorite of Chinese hackers, have been discovered in a Linux system.

The discovery was made by researchers from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems. It was the malware used by Chinese hackers in the high-profile cybercrime against a Vietnamese game company in 2015.

Chronicle researchers said that they discovered the malware following the news that Bayer, one of the biggest pharma company in the world, had been hit by Chinese hackers, and the Winnti malware was discovered on its servers.

After the team scanned Bayer’s system using its VirusTotal platform, they found what appeared to be a Linux variant of the Winnti, dating back to 2015 when it was first used by Chinese hackers to attack a Vietnamese gaming company.

According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).

“As with other versions of Winnti, the core component of the malware doesn’t natively provide the operators with distinct functionality. This component is primarily designed to handle communications and the deployment of modules directly from the command-and-control servers. During our analysis, we were unable to recover any active plugins. However, prior reporting suggests that the operators commonly deploy plugins for remote command execution, file exfiltration, and socks5 proxying on the infected host. We expect similar functionality to be leveraged via additional modules for Linux,” said the researchers in their comprehensive report.

Lastly, the Linux version, just like the Window’s version, also has the ability for Chinese hackers to initiate communication with the infected host without going through the C&C servers – distinct characteristics in Windows Winnti.

“This secondary communication channel may be used by operators when access to the hard-coded control servers is disrupted,” Chronicle researchers said in a report published last week.

While infecting Linux systems is something already done especially by American and Russian hackers, it is also extremely rare, as pointed out by the Chronicle.

“Clusters of Winnti-related activity have become a complex topic in threat intelligence circles, with activity vaguely attributed to different codenamed threat actors. The threat actors utilizing this toolset have repeatedly demonstrated their expertise in compromising Windows-based environments. An expansion into Linux tooling indicates iteration outside of their traditional comfort zone. This may indicate the OS requirements of their intended targets, but it may also be an attempt to take advantage of a security telemetry blindspot in many enterprises, as is with Penquin Turla and APT28’s Linux XAgent variant,” added Chronicle.

Meanwhile, malware have become one of the most common tools to attack computer systems, even those of public institutions. A few days ago, ten Europeans were indicted for the malware attacks that have victimized several businesses and government agencies in the U.S.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday last week.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Officials reveal that the malware in the current court case has infected more than 41,000 computers by disguising as legitimate messages or invoice and was sent as spam emails. Once the email was opened, hackers will be able to record all keystrokes in the infected computer, sweeping data like baking information and wire money away from the victim’s account.

Continue Reading

Cybersecurity

10 European Cybercriminals Charged For Malware Attacks In The US

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. The charges include facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy… Click To Tweet

Published

on

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US.
European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. Photo: Christian Cohen | Flickr | CC BY-SA 2.0

The tech world has agreed that ransomware and malware are becoming one of the most prolific cyber attacks in recent (more…)

Continue Reading

Today’s Latest

Our Voices

Silicon Valley Silicon Valley
Our Voice2 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice6 days ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice2 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending