Cyberattacks against media aided by tools ‘offered openly’ by companies – report
MANILA, Philippines – Individuals and groups who aim to suppress press freedom and access to information are now finding it easy to do so with the aid of tools “offered openly by for-profit companies.”
The Committee to Protect Journalists (CPJ), in its latest analysis published Tuesday, July 30, said that this reality makes it hard for media organizations around the world to defend themselves.
“Their use appears to be part of an emerging censorship strategy that poses a serious transnational threat to press freedom and access to information,” CPJ senior researcher Jonathan Rozen wrote in his piece, adding that these tools ensure the anonymity of the perpetrators.
The distributed denial of service (DDoS) attack, commonly carried out against news outlets, makes use of an amount of simulated traffic to overwhelm a website, possibly resulting in it going down. This means that readers will not be able to open or access the website, and the duration depends on the news outlet’s capability to address the attack.
Attackers use the following “to source and direct online traffic en masse,” according to CPJ:
- Proxy providers offering access to IP addresses
- Other marketplaces where IP addresses are leased or resold
- Data centers that host and route online traffic
Proxy providers may not necessarily be malicious since it can be used for different things, including privacy protection, “but they have also been abused.” Doug Madory, director of internet analysis at Kentik, warned that proxy services are “known for being vectors of DDoS attacks.”
“If you can large-scale anonymize many, many internet connections, there’s a lot of bad things you can do,” he told CPJ.
Attacks on media
The CPJ analysis cited several media outlets that were constantly attacked using proxy providers, including Rappler. In October 2023, Rappler was subjected to DDoS attacks that reached 26 million requests, peaking at 250,000 requests per second within a two-minute window.
In a report published in the aftermath, with the help of Swedish group Qurium, it was discovered that the proxy service providers used were US-based Rayobyte and Russia-based Fineproxy. At least 10% of the proxy IP addresses or proxy IPs involved in the attack were tracked to these companies.
Aside from Rappler, CPJ also said exiled Russian news website Meduza and the International Press Institute were also at the receiving end of similar DDoS attacks.
IPI’s website was down for three days following an attack in September 2023, while Meduza said that its “largest” DDoS attack in April 2024 resulted in them being unable to publish for four hours.
Qurium was able to identify that the attack on IPI and other Hungarian sites used the services of White Proxies (also called White Solutions).
The attacks on Meduza, meanwhile, were facilitated by at least two proxy providers, Vietnam-based MIN Proxy and Hong Kong-based RapidSeedbox.
In a statement to CPJ, RapidSeedbox said that they have “both automated and manual systems in place to monitor illicit activity” and that it does not “intend to work with clients who abuse our IPs in attacks.”
Big impact on monetization
Media organizations in the Philippines have long been the subject of DDoS attacks in recent years, including ABS-CBN, Vera Files, CNN Philippines, Bulatlat, and AlterMidya. In a 2021 report, Qurium said that the attacks on Bulatlat and AlterMidya had links to the Department of Science and Technology and the military.
The Philippine Center for Investigative Journalism, meanwhile, briefly took down its website in November 2023 in response to an “active hacking attack.”
CPJ’s Rozen wrote that DDoS attacks “could pose additional problems for online media trying to monetize journalism.”
“As news outlets work to block potentially malicious traffic, they may prevent actual readers from coming to their sites, hindering their ability to make money from viewership and ads,” Rozen said. – Rappler.com