DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia


Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks.

On November 30, 2023, Rappler, the leading digital media company in the Philippines, found itself under a massive series of crippling DDoS attacks (Distributed Denial of Service Attacks).

Qurium, the Swedish media foundation and human rights watchdog, leading the investigation into the recent DDoS attacks, has exposed the alleged participation of two major proxy providers, FineProxy and RayoByte, in facilitating the series of crippling DDoS attacks.

In a blog post published by Rappler, On December 5, 2023, the company experienced an unprecedented surge of over 40 million requests to its homepage within a span of one hour. The investigation, conducted by Qurium, analyzed 90GB of access log data provided by Rappler and traced the malicious activity back to FineProxy and RayoByte.

FineProxy from Russia

According to a report published by Qurium, FineProxy, a Russian-based proxy infrastructure, has a history of involvement in numerous DDoS attacks against various organizations.

Despite being approached multiple times by Qurium, FineProxy showed little interest in resolving the issue and instead offered to disclose the client responsible for the attacks on the condition that Qurium remove all forensic reports involving their name.

For a comprehensive understanding of the details provided in the screenshot above, delve into Qurium’s report outlining FineProxy’s infrastructure and a documented timeline of its business model.

RayoByte from the United States

RayoByte, based in Nebraska and operating under Sprious LLC, claims to be an “ethical proxy provider.” However, evidence collected by Qurium suggests otherwise, as the investigation revealed the use of fake geolocations in their networks and a willingness to engage in unethical practices.

It is worth noting that during the DDoS attack on Rappler, traffic peaked at a staggering 250,000 requests per second. The assailants targeted Rappler’s website with multiple waves of attacks, originating from both residential and data center connections.

Qurium’s investigation exposed the complex web of networks associated with FineProxy and RayoByte. Both proxy providers, despite claims of ethical standards, have allegedly tampered with geolocation data, associating their networks with fake locations to attract clients.

DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia
The alleged fake locations advertised by RayoByte (Screenshot taken from a separate report published by Qurium available here.

The report concludes that both FineProxy and RayoByte have designed their infrastructures to accommodate almost unlimited connections, enabling customers to automate tasks such as scraping and flooding sites with backlinks at high speeds. This focus on serving clients engaging in potentially abusive SEO practices has led to the use of their infrastructures for conducting DDoS attacks.

Qurium

For readers’ information, Qurium specializes in investigating DDoS attacks with a mission to identify perpetrators and ensure accountability. The organization has been actively investigating the recent surge in DDoS attacks targeting media and human rights organizations in the Philippines.

Qurium’s noteworthy track record includes investigations into significant cyber incidents. This includes their examination of weeks-long DDoS attacks on the Philippines Human Rights watchdog ‘Karapatan.’

In November 2023, Qurium exposed Chinese scammers exploiting cloned websites within an extensive gambling network. Furthermore, in September 2019, the organization released a report shedding light on how an illegal prostitution ring disrupted the Internet in Kazakhstan.

Nevertheless, the troubling findings call into question the responsibility and moral guidelines of proxy providers, which seem to shield users involved in harmful actions. The disclosures concerning the absence of supervision and accountability among these providers are troubling, provoking deep concerns about their function in protecting the Internet.

  1. List of Proxy IPs Exposed to Block Killnet’s DDoS Bots
  2. Cloudflare thwarts largest reported HTTP DDoS attack
  3. 48 DDoS-hiring Services Busted by FBI in Major Sweep
  4. UK Royal Family Website Hit by DDoS Attack from Russian KillNet
  5. Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom
  6. Operator of Major Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US





Source link