Media sites from at least six countries — Somalia, Kosovo, Nigeria, Kyrgyzstan, the Philippines, and Turkmenistan —have faced distributed denial-of-service (DDoS) attacks using U.S. company RayoByte’s services over the last two years. Such cyberattacks often take place alongside other threats to journalists’ safety and press freedom.
Headquartered in Nebraska, RayoByte is one of many companies that sells clients access to Internet Protocol (IP) addresses, unique numbers assigned to internet-connected devices, for “scraping,” a method for extracting large amounts of data from websites.
When IP requests are directed quickly and en masse toward a specific site in order to overwhelm it and knock it offline, this constitutes a DDoS attack.
The website of the Somali Journalists Syndicate (SJS) was knocked offline in a DDoS attack in early August. Days later, authorities arrested SJS staff member and Mohamed Ibrahim Osman Bulbul. Later cyberattacks involved RayoByte’s tools, said Qurium, a nonprofit that began hosting and defending SJS.
Similar DDoS attacks began almost immediately after Kosovo-based news site Nacionale began publishing in March 2022. Alongside ongoing cyberattacks, Nacionale’s staff were recently physically attacked on the job.
Qurium’s technical director Tord Lundström wants RayoByte and other companies that profit off the sale of proxy and VPN services to do more to address the fact that attackers access such tools to target media sites.
“You can have technology providers doing appropriate things to protect their users and others at the same time as they build their service in a way that protects privacy,” Gabe Rottman of Reporters Committee for Freedom of the Press told CPJ’s Jonathan Rozen. “If… you become aware of bad actors doing bad things, notify the authorities, stop them from using your service.”