Cyberattackers used US company RayoByte in efforts to crash media sites – Newstrends
Connect with us

International

Cyberattackers used US company RayoByte in efforts to crash media sites

Published

on

THE cyberattack against the Somali Journalists Syndicate could not have come at a worse time. A distributed denial-of-service attack known by its acronym DDoS, flooded the local press freedom group’s website with traffic in early August and knocked it offline.

Days later, authorities arrested SJS staff member and Kaab TV editor Mohamed Ibrahim Osman Bulbul in connection with his reporting on alleged corruption. The tandem crises placed major strain on the organization.

“It was a very traumatic week. Sleepless. Very stressful. We could not publish our statement, the first statement of Mohamed’s detention,” SJS secretary general Abdalle Ahmed Mumin told CPJ in an interview from the U.K., where he fled earlier this year after he was repeatedly arrested by Somali authorities. “Imagine someone attacking your team, detaining one of your team, and you’re not able to communicate to the international world because your website has been taken down.”

SJS found some relief when it connected with Qurium, a Sweden-based nonprofit that began hosting SJS’s website. But a week after the initial attack, another DDoS flood hit the website. This time, Qurium was able to protect SJS from going offline. Qurium’s analysis of these additional attacks also found that a U.S. company, RayoByte, had provided the tools used in the attack.

Sprious, which owns RayoByte, told Qurium in an email, which CPJ reviewed, that it had “removed the abusive user” from its network and added the SJS site to its “blacklist” to prevent it from being targeted further.

SJS isn’t the only news outlet that has suffered a DDoS attack using RayoByte’s services. News outlets from at least five other countries — Kosovo, Nigeria, Kyrgyzstan, the Philippines, and Turkmenistan — have faced similar attacks over the last two years, according to Qurium’s analysis. These incidents provide a rare look at the mechanics of online censorship efforts and how private corporations can profit from them.

READ ALSO:

Sprious declined CPJ’s requests for an interview and did not directly answer a list of written questions. But in emailed statements to CPJ, Sprious said it was “deeply concerned” about reports that its services were “allegedly” used in DDoS attacks. “We firmly stand against any form of online harassment or harm, including cyber-attacks, especially when it concerns entities that play a crucial role in promoting press freedom and the safety of journalists,” it said.

Headquartered in Lincoln, Nebraska, Rayobyte, formerly known as Blazing SEO, is one of many companies that sells clients access to Internet Protocol (IP) addresses, unique numbers assigned to internet-connected devices, for “scraping,” a method for extracting large amounts of data from websites. RayoByte’s website lists a range of prices for access to IP addresses based on variables including type and speed.

One way to conduct scraping is through repeated requests to visit a site with different IP addresses. Journalists and researchers use scraping as a reasearch technique, but when IP requests are directed quickly and en masse toward a specific site in order to overwhelm it and knock it offline, this constitutes a DDoS attack.

CPJ has documented DDoS attacks against outlets conducting critical journalism around the world. These cyberattacks also often take place alongside other threats to journalists’ safety and press freedom.

Qurium’s analysis shows that it blocked nearly 20,000 IP addresses from hitting the SJS website with millions of requests on August 18 and 19. The largest portion of the traffic (nearly 50%) came via RayoByte and its hosting partners, the analysis said. The second half of the traffic came through several other online channels, including virtual private networks (VPNs).

“We were very effective at mitigating the attack because within a few hours we realized we had seen this type of traffic before,” Qurium’s Lundström told CPJ. “We have met this [attacking] infrastructure in the past…this infrastructure is no joke.”

Similar DDoS attacks began almost immediately after Kosovo-based news site Nacionale began publishing in March 2022, covering local politics and social issues, co-founder Visar Arifaj told CPJ in a recent phone interview. “Our website would be down quite often. Because we were still fresh in the news market, it really had an impact for us to reach our audiences,” Arifaj said. “For us to be down a couple of hours during the day was a huge blow.”

Qurium began hosting and defending Nacionale in September 2022, and in March and April 2023 Qurium notified Sprious that attackers had been using its services against the outlet.

READ ALSO:

In emails from March, Qurium informed Sprious of attacks lasting “several hours non-stop.” One of the attacks “sourced” millions of web requests from IP addresses “publicly advertised by Rayobyte/BlazingSEO,” Qurium said. Sprious responded that it had “blacklisted” access to Nacionale’s website and it had barred the “user” responsible – which Sprious did not name — from accessing its services, but in April Qurium again tracked a DDoS attack against Nacionale involving RayoByte. In response to Qurium’s email about the April attack, Sprious said it had “discovered an issue” with its “security controls,” and had addressed it “to prevent further traffic.”

However, RayoByte-sourced internet traffic to Nacionale’s website did not stop and featured in DDoS attacks against the outlet in July and August, Lundström told CPJ. While Kosovo police arrested and prosecuted one man in connection with the cyberattacks and Qurium has successfully prevented the continued attacks from taking Nacionale offline, Lundström told CPJ that incoming traffic shows attackers continuing to harness IPs from a combination of proxy services, VPNs, and other sources.

Alongside the cyberattacks, Nacionale’s staff have been subjected to “constant” online harassment for their work and were recently physically attacked on the job, though those attackers have been arrested, Arifaj told CPJ. “This constant pressure, even when it doesn’t get to the journalists physically and in a direct manner, you can see that it does a lot for their burnout,” he added. “It does take a toll, mentally, on everyone.”

Since 2022, Qurium has additionally tracked DDoS attacks with IPs sourced from RayoByte against four other outlets: Peoples Gazette from Nigeria, Kloop from Kyrgyzstan, Bulatlat from the Philippines, and Turkmen.news, which reports on Turkmenistan from exile. The attacks on three of the four outlets, excluding Kloop, also involved traffic via VPNs.

In its statements to CPJ, Sprious said it investigates reports of DDoS attacks using its services and takes “appropriate actions with the end user that we believe is responsible” and “steps to mitigate the reported issues, including, but not limited to, blacklisting associated domains and working diligently to remove abusive users.”

The statements did not respond directly to CPJ’s requests for details of the customers responsible for these attacks and how the company responded in each case.

Lundström told CPJ that Sprious has yet to respond to Qurium’s emails concerning the attacks on Peoples Gazette, Kloop, Bulatlat, and Turkmen.news, as well as the additional attacks on Nacionale in July and August.

Proxies and VPNs have valid and important uses for ensuring internet users, including journalists, can maintain privacy online. Rights organizations, including CPJ, recommend the use of VPNs to defend against surveillance; individuals can use it to avoid state-backed online censorship, and companies use them to safeguard proprietary information. But Lundström described the use of proxy and VPN services to conduct DDoS attacks as a “weaponization” of these tools. “You’re hiding in a tool [made] for another purpose,” he said of the attackers. “I think it’s a strategic decision.”

READ ALSO:

“DDoS attacks are illegal under a section of the [U.S.] Computer Fraud and Abuse Act,” Gabe Rottman, director of the Technology and Press Freedom Project at the U.S.-based Reporters Committee for Freedom of the Press, which provides legal support to journalists, told CPJ. But he said that it is not necessarily illegal for proxy or VPN companies’ to provide services that are then used in DDoS attacks.

That doesn’t mean service providers can’t take actions. “You can have technology providers doing appropriate things to protect their users and others at the same time as they build their service in a way that protects privacy,” Rottman said. “If … you become aware of bad actors doing bad things, notify the authorities, stop them from using your service, mitigate the damage.”

Attacks on the SJS website have continued, Lundström told CPJ, though none of the IPs have come via RayoByte since Qurium and CPJ contacted Sprious for comment. Nevertheless, Lundström wants RayoByte’s leadership to do more to address the fact that attackers have repeatedly come to the company’s services to target media sites. “[RayoByte’s] making all the money,” he said. “And we have to do all this extra work and build new infrastructure to deal with all this shit.”

As for SJS, Abdalle remains worried about his colleague, who is still behind bars. But he says he’s confident that the press freedom group’s website will remain accessible.

He still doesn’t know the identity of the person or people who launched the cyberattack, but he imagines what they might be thinking: “Now they are witnessing, they are coming into a new reality that even after the attack SJS is still resilient. SJS is still active. SJS is still available and is able to work and operate effectively both online and physically inside Somalia.”

Jonathan Rozen is CPJ’s senior Africa researcher. Previously, he worked in South Africa, Mozambique, and Canada with the Institute for Security Studies, assessing Mozambican peace-building processes. He also wrote analyses for the think tank adelphi on links between climate action and conflict prevention. Rozen was a U.N. correspondent for IPS News and has written for Al-Jazeera English and the International Peace Institute.

Cyberattackers used US company RayoByte in efforts to crash media sites

International

Canada, Mexico, China respond to Trump tariff threats

Published

on

Canada, Mexico, China respond to Trump tariff threats

Officials from Canada, Mexico and China have warned US President-elect Donald Trump’s pledge to impose sweeping tariffs on America’s three largest trading partners could upend the economies of all four countries.

“To one tariff will follow another in response and so on, until we put our common businesses at risk,” Mexico’s President Claudia Sheinbaum said.

Trump vowed on Monday night to introduce 25% tariffs on goods coming from Mexico and Canada and an additional 10% on goods coming from China. He said the duties were a bid to clamp down on drugs and illegal immigration.

Canada’s Prime Minister Justin Trudeau said he spoke to Trump in the hours after the announcement and planned to hold a meeting with Canada’s provincial leaders on Wednesday to discuss a response.

A spokesman for China’s embassy in Washington DC told the BBC: “No-one will win a trade war or a tariff war.”

The international pushback came a day after Trump announced his plans for his first day in office, on 20 January, in a post on his social media website, Truth Social.

Trudeau said his country was prepared to work with the US in “constructive ways”.

“This is a relationship that we know takes a certain amount of working on, and that’s what we’ll do,” Trudeau told reporters.

In a phone call with Trump, Trudeau said the pair discussed trade and border security, with the prime minister pointing out that the number of migrants crossing the Canadian border was much smaller compared with the US-Mexico border.

READ ALSO:

Trump’s team declined to confirm the phone call.

But Trump spokesman Steven Cheung added that world leaders had sought to “develop stronger relationships” with Trump “because he represents global peace and stability”.

Mexico’s President Sheinbaum told reporters on Tuesday that neither threats nor tariffs would solve the “migration phenomenon” or drug consumption in the US.

Reading from a letter that she said she would send to Trump, Sheinbaum also warned that Mexico would retaliate by imposing its own taxes on US imports, which would “put common enterprises at risk”.

She said Mexico had taken steps to tackle illegal migration into the US and that “caravans of migrants no longer reach the border”.

The issue of drugs, she added, “is a problem of public health and consumption in your country’s society”.

Sheinbaum, who took office last month, noted that US car manufacturers produce some of their parts in Mexico and Canada.

“If tariffs go up, who will it hurt? General Motors,” she said.

Meanwhile, a spokesman for China’s embassy in Washington, Liu Pengyu, told the BBC that “China-US economic and trade co-operation is mutually beneficial in nature”.

He denied that China allows chemicals used in the manufacture of illegal drugs – including fentanyl – to be smuggled to the US.

“China has responded to US request for verifying clues on certain cases and taken action,” Liu said.

“All these prove that the idea of China knowingly allowing fentanyl precursors to flow into the United States runs completely counter to facts and reality.”

President Joe Biden has left in place the tariffs on China that Trump introduced in his first term, and added a few more of his own.

Currently, a majority of what the two countries sell to each other is subject to tariffs – 66.4% of US imports from China and 58.3% of Chinese imports from the US.

Speaking in the House of Commons in Ottawa, Trudeau told lawmakers that “the idea of going to war with the United States isn’t what anyone wants”.

He called on them to not “panic”, and to work together.

“That is the work we will do seriously, methodically. But without freaking out,” he said.

The leaders of Canadian provinces suggested that they would impose their own tariffs on the US.

“The things we sell to the United States are the things they really need,” Deputy Prime Minister Chrystia Freeland said on Tuesday. “We sell them oil, we sell them electricity, we sell them critical minerals and metals.”

America’s northern neighbour accounted for some $437bn (£347bn) of US imports in 2022, and was the largest market for US exports in the same year, according to US data.

Canada sends about 75% of its total exports to the US.

Doug Ford, the premier of Ontario, Canada’s most populous province, said on Monday the proposed tariff would be “devastating to workers and jobs in both Canada and the US”.

“To compare us to Mexico is the most insulting thing I’ve ever heard,” said Ford.

Ford was echoed by the premiers of Quebec, Saskatchewan and British Columbia, while a post on the X account of Alberta Premier Danielle Smith acknowledged that Trump had “valid concerns related to illegal activities at our shared border”.

The Canadian dollar, the Loonie, has plunged in value since Trump vowed to impose tariffs on Canadian imports come January.

The Canadian dollar dipped below 71 US cents, the lowest level the Loonie has fallen to since May 2020, when Trump threatened to impose tariffs on Canadian goods during his first stint as US president. The Mexican peso fell to its lowest value this year, around 4.8 cents.

Canada, Mexico, China respond to Trump tariff threats

BBC

Continue Reading

International

Relief as Israel agrees to ceasefire with Lebanon 

Published

on

Relief as Israel agrees to ceasefire with Lebanon 

 

Israeli Prime Minister Benjamin Netanyahu has said he will bring a US-brokered proposal for a ceasefire with Hezbollah in Lebanon to his government for approval as soon as Tuesday evening.

He said in a televised address that he would put “a ceasefire outline” to ministers “this evening”.

He however did not say how long the truce would last, noting “the length of the ceasefire depends on what happens in Lebanon”.

But it later learnt that the ceasefire would is for 60 days.

During the period, Hezbollah fighters are expected to retreat 40 kilometres from Israel’s border, with Israeli ground forces withdrawing from Lebanese territory.

“If Hezbollah violates the agreement and attempts to rearm, we will strike,” Netanyahu warned.

Key Israel backer the United States has led ceasefire efforts for Lebanon alongside France.

US President Joe Biden is optimistic the deal will lead to a “permanent cessation of hostilities”.

Biden added that the US would lead another push for a ceasefire in Gaza.

“In full coordination with the United States, we are maintaining full military freedom of action,” Netanyahu said, outlining the seven-front war Israel says it faces in Gaza, the occupied West Bank, Yemen, Iraq, Syria, Lebanon and Iran.

Even as Netanyahu spoke about the ceasefire, the Israeli military carried out multiple strikes on heart of Beirut while the army said some 15 projectiles had entered Israeli airspace from Lebanon.

Demonstrators raise placards and Israeli flags during a protest in front of the Israeli Defence Ministry in the coastal city Tel Aviv on November 26, 2024, against a possible ceasefire with Hezbollah in Lebanon. – Israel’s security cabinet has started discussing a proposed ceasefire deal in its war with Hezbollah in Lebanon, an Israeli official confirmed to AFP on November 26. (Photo by Jack GUEZ / AFP)

The war in Lebanon escalated after nearly a year of limited cross-border exchanges of fire begun by Hezbollah, which said it was acting in support of Hamas after its October 7, 2023 attack on Israel, which sparked the war in Gaza.

The war has killed at least 3,823 people in Lebanon since October 2023, according to the health ministry, most of them since September.

On the Israeli side, the hostilities have killed at least 82 soldiers and 47 civilians, authorities say.

Netanyahu said the ceasefire would allow Israel to focus on “the Iranian threat” and ramp up its fight against Hamas in Gaza.

“With Hezbollah out of the picture, Hamas is left on its own,” he said.

“We will increase our pressure on Hamas and that will help us in our sacred mission of releasing our hostages.”

During last year’s Hamas attack, militants took 251 hostages, of whom 97 are still held in Gaza, including 34 the army has declared dead.

Continue Reading

International

Israeli strikes pound central Beirut, suburbs

Published

on

Israeli strikes pound central Beirut, suburbs

BEIRUT: Israeli strikes pounded a densely-populated part of the Lebanese capital and its southern suburbs on Tuesday, hours ahead of an anticipated announcement of a ceasefire ending hostilities between Israel and Lebanese armed group Hezbollah.

A strike on Beirut hit the Noueiri district with no evacuation warning and killed at least one person, Lebanon’s health ministry said in a preliminary toll.

READ ALSO:

Minutes later, at least 10 Israeli strikes hit Beirut’s southern suburbs. They began approximately 30 minutes after the Israeli military issued evacuation orders for 20 locations in the area, the largest such warning yet.

As the strikes were under way, Israel’s military spokesperson Avichay Adraee said the air force was conducting a “widespread attack” on Hezbollah targets across the city.

 

Israeli strikes pound central Beirut, suburbs

ARAB NEWS

Continue Reading

Trending