Is the PH Army merely browsing alternative news? Experts say otherwise


MANILA — A Filipino IT expert said that the behavior flagged in the cyberattacks against alternative news sites does not exhibit normal browsing, contrary to claims of the Philippine military during the budget deliberations at the House of Representatives.

“If we review Quirium’s report, we see that there were spikes in the types of requests. The server was receiving these types of requests, (which) are not typical of normal browsing behavior,” said Kim Cantillas of Computer Professionals Union during a recent Twitter Spaces titled, “Cyber-a-talk,” hosted by Bulatlat.

Rep. Ruffy Biazon, sponsor of the budget of the Department of National Defense, claimed that the IP address belonging to the Philippine Army only stayed at the website for “30 seconds, more or less” and that the “transmission of data is consistent with surfing activity only.”

However, in a forensic investigation report by Sweden-based Qurium Media Foundation, the attacks that were carried out from May to June 2021 had two specific signatures, including a type of scan used by attackers to verify if the attacks were successful.

Unauthorized vulnerability scan, said Cantillas, is considered a precursor to graver attacks because it intends to know security gaps in a website, which can be vulnerable to attacks.

Read: Timeline | Cyberattacks against alternative news

“It is concerning because the election is coming, and these attacks are publicly funded. We should be on the lookout on possible attacks, which could be done during elections, or the months leading to it,” Cantillas said.

No further investigation from DOST

While the decision of the Department of Information and Communications Technology (DICT) to provide alternative news sites with a copy of their investigation report came in as a pleasant surprise, Tord Lundström, technical director of Qurirum, said during the Twitter Spaces that the delay in the investigation is unprofessional.

“Slowing down the responses, postponing, asking people to be patient in fact is a mechanism to hinder the investigation. When it comes to cybersecurity, rapid response is key. It should not take two months to finish. There’s no real reason for not reaching out to us,” Lundström said.

Qurium is hosting the websites of Bulatlat, Altermidya and human rights group Karapatan. The media foundation has also been providing cyberattack mitigation for the said websites since 2019.

Meanwhile, the Department of Science and Technology, which owns the IP addresses in question, refused to release a copy of their investigation, saying that the DICT report is the only available report.

“No one from the Department of Science and Technology (DOST) asked us for the logs, they didn’t ask us to clarify any aspects of our forensic report. They didn’t ask us for the specifics of our methodology. They just ignored our reporting. We find that quite unprofessional in a sense.” Lundström said.

Read: Hold the Philippine Army accountable for cyberattacks against PH media websites

In a joint statement, Bulatlat and AlterMidya said that they are extremely disappointed with the DOST’s curt and insufficient reply to their demands for the release of their investigation report. The group said, “we will not stop in demanding accountability for the brazen attacks on our right to publish and the people’s right to information.” (

Share This Post