Cyberattacks on PH group traced
A Swedish digital forensic group has traced to an Israeli proxy server company a series of sustained cyberattacks since July against rights group Karapatan—an effort estimated to have cost at least hundreds of thousands of dollars, indicating a clear intent to take down the site.
On Thursday, Qurium published a report saying it had reviewed hundreds of servers linked to a wave of distributed denial of service (DDoS) attacks against Karapatan’s website that came from a proxy network operated by Bright Data (formerly Luminati), based in Netanya, Israel.
According to Qurium digital forensics technical director Tord Lundstrom, Bright Data “offers access to millions of proxies and other [information technology] services to mobile operators, data centers and residential buildings … a perfect infrastructure to hide the source of the DDoS attacks.”
Far from cheap
Based on the gravity and frequency of the attacks, Qurium estimated these must have cost around $260,000.
“Luminati traffic is far from cheap. One [gigabyte] of traffic ranges between $26-$35 for mobile proxies and $10-$15 for residential proxies,” it said in its report.
Between Aug. 10 and Aug. 20, the group estimated close to 10 terabyte worth of traffic attack from Luminati.
When Qurium asked the Israeli company for an explanation, it admitted that the IPs involved in the attacks “belonged to Bright Data, [although] we did not find any of them in the requests that were sent to the reported domain.”
It added that it had already blocked the reported domain for all its customers.
Last week, Qurium published a separate report noting a “long-lasting” series of DDoS attacks against Karapatan dating back to July 29.
DDoS attacks operate by overwhelming the target with malicious requests to disrupt normal traffic in the server, service or network.At that time, Karapatan was cohosting the online #StopTheKillingsPH solidarity campaign in the leadup to the first death anniversaries of peace talk consultant Randall Echanis and former Karapatan member Zara Alvarez.
30,000 bots
The attacks were carried out by 30,000 bots, half of which were distributed among Russia, Ukraine, Indonesia and China.
The Quirium report concluded that the attacker/s used several traffic generators to generate random requests.
In a statement, Karapatan secretary general Cristina Palabay condemned the “cowardly cyberattacks” that were “obviously made to prevent the public from accessing our reports on the worsening state of human rights in the Philippines.”
“We know whose interests these attacks serve,” she said, adding that “specifically targeting Karapatan’s online resources only means that these attacks were clearly trying to suppress our documentation and human rights work, and, of course, the people’s right to freedom of information.”
