“It’s like being under siege”: How DDoS became a censorship tool – Rest of World

philipines ProxyEgg “It's like being under siege”: How DDoS became a censorship tool - Rest of World

On February 27, as CNN Philippines was gearing up to livestream a debate between candidates standing in the country’s presidential elections, its website went down. It was the second time in a matter of months that the site had been hit. 

Since June 2021, opposition politicians, independent media, and fact-checking websites in the Philippines have been hit over and over with brute-force cyberattacks known as distributed denial-of-service, or DDoS, attacks. CNN, major news network ABS-CBN, Rappler (the outlet founded by the 2021 Nobel Peace Prize winner Maria Ressa), and VERA Files, a fact-checking organization, have all been targeted, along with the website of Vice President Leni Robredo, who is a staunch critic of the current president, Rodrigo Duterte.

For the past 10 months, the attacks have escalated in frequency and aggression, as the country moves towards the vote in May. Some of the organizations have been under a constant barrage of DDoS attempts. “It’s like being under siege,” Ellen Tordesillas, VERA Files’ president, told Rest of World. “You’re always on alert.”

DDoS is one of the oldest forms of cyberattack. Attackers build a network of compromised machines and use them to flood the target’s server with thousands upon thousands of requests for data, overloading it and forcing it offline.

“In the beginning, [DDoS] was used as a social activist tool,” said Dmitri Vitaliev, director and co-founder of eQualitie, a coalition of cybersecurity experts and developers who help civil society organizations, including VERA Files, defend against cyberattacks. Now, he said, the polarity has reversed. It’s become a tool for intimidation and censorship, aimed at civil society groups and independent media. “Our clients receive attacks on a daily basis. We see two to three significant attacks every week,” he told Rest of World.

More than 20 years have passed since the first documented DDoS attack, when a network of 114 computers infected by the Trin00 script were used to take down a computer system at the University of Minnesota in 1999. But it was Anonymous, an anarchic movement that spiraled out of 4chan discussion forums, that popularized their use.

In the U.S., people using the Anonymous name coordinated attacks that took down websites belonging to neo-Nazis, the Church of Scientology, and the billionaire oil magnates and political donors, the Koch Brothers. Their activities weren’t always political or wholesome — and were often self-interested — but the targets of their fury were often those who’d challenged the collective’s general belief that the internet should be free and uncensored.

In 2009, after the Green Movement protests in Iran, Anonymous attacked Iranian government websites in support of the political opposition. Hackers claiming to be affiliated with the group later hacked government servers, stealing thousands of emails. In 2011, in the early days of the Arab Spring, Anonymous led attacks on government websites in Tunisia and Egypt, including the site of President Hosni Mubarak’s political party, the National Democratic Party. Leaderless groups, which formed under the Anonymous name and disappeared just as quickly, targeted government sites and services in Zimbabwe, Malaysia, Israel, Nigeria, Myanmar, and the Philippines.

In February 2022, after Russia used DDoS attacks to take down the websites of Ukrainian government agencies and banks ahead of its invasion of the country, people rallied under the Anonymous name again to target Russia in retaliation.

Anonymous’ crowdsourced, collective approach was made possible by the availability of tools to launch a DDoS attack, such as easily-accessible scripts. Meanwhile, the universe of devices that can be infected and brought into a botnet in order to launch such an attack has grown substantially. The Internet of Things has meant that hundreds of thousands of new processors are online, in household appliances and commercial systems, and are often unprotected from cyberattacks. With relative simplicity, a cybercriminal can co-opt, for example, a smart energy meter in Ukraine to join a botnet that attacks a human rights organization in the Philippines.

“Our clients receive attacks on a daily basis. We see two to three significant attacks every week.”

Today, 24 hours of a DDoS attack can be procured for a few hundred dollars, and the economics of attacks have shifted so much that supply is driving demand, Vitaliev said. “This is why we do see the whole gamut of attacks, you know, from script kiddies to nationalists to commercial companies.”

It’s become a constant hazard in the Philippines, where large, organized digital groups — some directly linked to the government, others probably working for hire — routinely attack opponents of the Duterte regime with bots and trolls pushing out misinformation and cyberattacks. Several of the attacks this year have been claimed by the Pinoy Vendetta hacking group.

Pinoy Vendetta, although apparently independent, has received vocal support and encouragement from members of the government’s “National Task Force to End Local Communist Armed Conflict,”or NTF-ELCAC. The NTF-ELCAC, whose purpose is reminiscent of the U.S. McCarthy-era “reds-under-the-bed” communist purge, habitually accuses members of the opposition or media of being communists and terrorists, sometimes with deadly consequences. In August 2021, investigations by the Philippines’ Department of Information and Communications Technology found that DDoS attacks on two independent media sites, AlterMidya and Bulatlat, originated from IP addresses assigned to the Philippine Army, but the report into the incident was not widely-published, and there was no subsequent action.

A forensic analysis of the December 2021 attacks on Rappler, conducted by the digital rights organization Qurium, found that the traffic came via almost 14,000 IP addresses, mostly open proxies — proxy servers for common use, which allow a user to mask their identity — in the U.S., China, Germany, Indonesia, Russia, and Vietnam. Qurium’s investigation also found that Pinoy Vendetta was directing supporters to pay-to-play botnets on its social media accounts. 

As May’s election approaches, the frequency and scale of the attacks is ramping up, in particular targeting media and politicians who have been critical of the Duterte administration’s signature policies — its “anti-communist” campaign and its brutal “war on drugs,” in which thousands have died in extrajudicial violence.

Distributed denial of service attacks: from protest tool to state censorship

DDoS is a simple but often very effective way to force a website offline.

  1. A Distributed Denial of Service, or DDoS, attack disrupts a website or service by overloading its servers with spurious requests.
  2. The attacker needs to have access to a huge network of computers that they can use to send the hundreds of thousands of requests it needs to disrupt the target’s servers.
  3. Often an attacker, or someone building a “botnet” for hire, will illicitly install malware onto computers using simple phishing attacks, which trick users into clicking on compromised links.
  4. Botnets are increasingly easy to build, due to the proliferation of internet-connected devices — including “Internet of Things” hardware — with weak cybersecurity.
  5. Free services, such as virtual private networks, sometimes also include software that can be used to build botnets, which can be hired or hijacked for DDoS attacks.
  6. Criminal groups now offer botnets as a service. Privacy Affairs’ Dark Web Price Index puts the cost of a one-hour attack against an unprotected website at $15.
  7. The attacker directs their botnet to send thousands of repeated requests to a specific website address. The sheer volume of traffic overwhelms the server, which can’t process the information fast enough.
  8. DDoS attacks have been used as a form of protest, and for financial gain, taking sites down and demanding ransoms. But they’re increasingly used by governments and political actors to harass and disrupt civil society. 
  9. Civil society and independent media groups from the Philippines, Vietnam, Azerbaijan, and Iran have been routinely targeted by DDoS attacks.

Tordesillas didn’t want to speculate who might be targeting her organization. She only said: “Maybe the ones who have been hurt by what we have been putting out; maybe they’re the ones who have the motivation to disrupt our operations.”

It’s quite rare for DDoS attacks to actually take down independent media sites for any sustained period of time, but that doesn’t mean they’re not effective. The targets of these assaults talk about a grinding, attritional process of constant mitigation. It’s not always technically complicated, but it wastes their resources and wears them down — which is probably the point, Joris van Duijne, the executive director of Zamaneh Media, a website and radio station founded by Iranian exiles, told Rest of World. He said that mitigating relentless DDoS attacks is just another line on the organization’s budget. They pay a premium for resilient web hosting, but at least the cost is predictable. 

Van Duijne also said that the steady backbeat of DDoS is complemented by other attacks, where the blunt-force assaults create openings for more targeted hacks. Behind the DDoS barrage, for example, Zamaneh’s journalists are targeted by spear phishing attacks – attempts to hack their email and social media accounts – at least once a month. Social media accounts spread hateful rumors, particularly about female journalists, and staff receive calls and messages threatening them and their families back in Iran.

These more targeted attacks are harder to budget for, because “you don’t know when they will happen and what the cost is going to be that flows from that,” van Duijne said. “Even harder to budget for is the psychology of it.”

Under constant attack, it’s the emotional cost that is perhaps the most widespread, and least measurable. “I know this is true of other exile media initiatives that I’ve talked to … the level of sick leave is generally quite high,” van Duijne said. “Burnouts are more common than in other organizations. And that all has to do with the pressure.”

Source of this news: https://restofworld.org/2022/blackouts-ddos/

Related posts:

Lyceum APT Returns, This Time Aiming for Tunisian Firms - Threatpost
This administrator of your personal knowledge will be Threatpost, Inc., 900 Unicorn Park, Woburn, EPPURE 01801. Detailed information on the very processing of personal data can be found in the ...
Envoy Proxy is Generally Available on Windows - InfoQ.com
The CNCF-graduated project Envoy Proxy was recently announced as generally available on Windows. Starting with version 1.18.3, engineers can use the Envoy proxy on Windows for production workloads. S...
Is Your Measurement Provider Giving You A Compass Or A GPS? – AdExchanger - AdExchanger
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media. Today’s column is written by Marc Goldberg, CRO at Method Media Intel...
Fortnite game hackers earning covering Rs 8. 7 crore a year - Sify Data
"The dark-colored market for the buying and selling with stolen Fortnite accounts is one of the expansive, and also the most lucrative, alone according to a new report at the hands of Night Lion ...
Unable to remove proxy server - Virus, Trojan, Spyware, and Malware Removal Help - Ble...
Hi there, I hope I can get some help on this issue as I have tried everything I can . I am stuck with this proxy server which I cannot remove. I have tried in rege...
Macdonalds Developing "SiliFuzz" For Fuzzing CPUs To Uncover Electrical Blemishes - Phoronix
By having OSS-Fuzz for continuous fuzzing of open-source projects and after that along with working on the various sanitizers for compilers, Google has been doing a lot for proactively unveiling s...
9 Alternative Ways To Access Blocked Sites 2021 Tips - BollyInside
This blog is about the 9 Alternative Ways To Access Blocked Sites. We will try our best so that you understand this guide . I hope you like this blog 9 Alternative Ways To Access Blocked Sites. If yo...
ASSOCIATED WITH US Capital Markets Regulations Dolorous US Companies | Pillsbury Winthrop Shaw Pittm...
Monetary markets in the United States provide an astonishing source of investment capital, measured living in trillions of dollars. You. S. markets and ground rules allow companies to raise loans...
NordVPN Black Friday Sale: Save 72% on a 2-Year Plan / PCMag UK
Get two years about secure browsing for as little as £2. 44 per month. NordVPN is offering these two years of service for £2. 44 per month — that's 72% there are many regular retail price a...
Unauthorised streamers like Tamilrockers dents entertainment revenue - top Dariya News
In a country of all the stories with a multicultural base and over 750 million smartphone the bracket is a big recent base for any product insurer, and selling stories is not at all new content. ...
North America Cloud Content Delivery Network (CDN) Market is the key contributor to the global marke...
A cloud content delivery network (CDN) is a cloud-based globally distributed network of proxy servers installed in multiple data centers. The goal of cloud CDN is to ensure faster delivery of conten...
Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack | eSecurityPlanet - eSecurity Pl...
A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security ...
ExpressVPN vs. IPVanish: Which is Better? - Alphr
ExpressVPN vs. IPVanish: Which is Better? Get Secure with ExpressVPN and Get 3 Months Free! Download Now Disclaimer: Some pages on this site may include an af...
Dallas Invents: 134 Patents Granted for Week of Feb. 22 » Dallas Innovates - dallasinnovates.com
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
5 Reasons to use proxies with sneaker bots - Business MattersBusiness Matters
@media screen and (min-width: 1201px) { .tzdlt60e2cb5b3eedc { display: none; } } @media screen and (min-width: 993px) and (max-width: 1200px) { .tzdlt60e2cb5b3eedc { display: none; } } @media screen...
An Overview of Website Reinfection Vectors - Security Boulevard
The website security landscape is as complicated as it is treacherous. We often deal with clients who become reinfected over and over again. Once the attackers establish a foothold in an environmen...
5 secure ways to configure a Firewall - Security Boulevard
Internet access is no longer an option; it has become a requirement for everyone. Internet connection has its own set of advantages for an organization, but it also allows the outside world to commu...
Workplace tools for Brokers Adds See and Futures Trading Underpin Powered by Binance exactly what yo...
Workplace tools For Brokers (TFB), a foreign FX technology company, delivers announced on Monday that the cord has added support for position and futures trading electric by Binance, a cryptocur...

IP Rotating Proxy Onsale


First month free with coupon code FREE30