The website of the Philippines-based human rights organization Karapatan was subjected to a series of distributed denial of service attacks (DDoS) on July 29th. The attacks continued until August 18th.
The human rights organization noted that the cyberattacks were carried out to prevent people from accessing information hosted on Karapatan.org. The website contained periodical monitors directory, year-end reports, policy position papers, and public resources.
The website was attacked on the same day as a digital solidarity campaign against the killings in the Philippines under the hashtag #StopTheKillingsPH was taking place.
This campaign was carried out on behalf of hundreds of human rights organizations and advocates from various countries. Their goal was to hold the Philippines’ president accountable for the crimes against humanity committed by his government, according to Qurium.
“We know whose interests these attacks serve,” stated the Secretary-General of Karapatan, Cristina Palabay.
The solidarity campaign was held to commemorate human rights worker Zara Alvarez who was shot dead in Bacolod City in August 2020.
“These attacks only benefit those who want to silence us and our human rights work amid a pervasive state of impunity in the country. We thank our friends from Qurium for documenting these attacks as we seek further investigations on the perpetrators of such attacks,” Palabay added.
The group noted that the attackers targeted its online resources, which indicates they wanted to suppress its activities. They also wanted to restrict the public’s right to freedom of information.
The attackers used a technique known as application-layer web floods, consisting of billions of “malicious web requests.”
According to Karapatan, the attacks on August 16, 2021, became more sophisticated when attackers started to use JavaScript-based headless browsers able to fool “common anti-DDOS techniques as ‘captchas.’”
“The attackers used the very same proxy network with the ‘headless browsers’ to flood the website,” Qurium wrote.
The bots used in the attacks were from around the globe, with Russia, Indonesia, China, and Ukraine accounting for nearly half of them.
“The analysis of the different clusters of bad traffic shows a composition of multiple traffic generators proxying the random requests to specific pools of proxies. This behavior is very consistent across large pools of bots from Russia and China,” Qurium noted.
