Technology from China has helped the Myanmar military upgrade its internet controls, but resourceful users continue to exploit holes in the cyber dragnet.
By ALLEGRA MENDELSON | FRONTIER
Over the past two months, Ko Thurein has watched revenue from his online clothes sales plummet.
“My business relies on live-streaming on Facebook,” said the Yangon-based businessman who asked to be identified by a pseudonym. “Since the military regime’s ban on VPNs I’ve stopped my live sales due to fear of repercussions,” he told Frontier, adding that he’d incurred “significant financial losses” as a result.
In May, the junta blocked virtual private networks, which allow people to access websites and applications that are otherwise restricted while concealing their personal information. It then attempted to do the same to encrypted messaging application Signal, widely considered the most secure platform on the market. However, the app has its own built-in software that, if activated, can easily bypass the ban.
These moves are a continuation of a trend that began when the military seized power in February 2021. The regime imposed internet blackouts – first nationwide, then in a more targeted manner aimed at resistance strongholds. Soon after the coup it also blocked access to dozens of social media platforms, including Facebook, as well as several news outlets and other websites. While this crackdown was mainly aimed at stifling dissent, it had repercussions for Myanmar’s small businesses, the vast majority of which operated through Facebook, rather than a company or third-party website.
VPN demand exploded by 7,200 percent in the days immediately after the coup, with activists, entrepreneurs and ordinary citizens successfully skirting the social media blocks. The regime immediately issued directives outlawing VPN use but lacked the technology to enforce the ban – until recently, thanks to help from Chinese companies. Beyond blocking VPN access, leaked documents accessed by activist group Justice For Myanmar found that the regime’s new Chinese software also has the ability to intercept and decrypt web traffic.
While the new block has dealt a significant blow, some networks have remained online thanks to holes in the technology and the adaptability of VPN providers. However, using the tool now comes with an even greater risk.
Behind the ban
According to JFM, the new VPN block uses Tiangou Secure Gateway and Cyber Narrator software. Both were developed by Chinese IT company Geedge Networks, whose founder Fang Binxing is widely considered the father of China’s Great Firewall.
TSG is a Secure Web Gateway or firewall used to perform deep packet inspection, an invasive type of processing that accesses data sent over a network and has the ability to decrypt and inspect traffic between the server and user.
“A Secure Web Gateway acts as a choke point, inspecting and filtering all internet traffic entering and leaving the country based on defined policies and blocklists,” said Mr Simon Migliano, head of research at Top10VPN.com, an independent VPN review and research company.
Migliano said it’s common for SWGs to be used on a smaller-scale by organisations and companies “to protect themselves from web-based threats”, but in Myanmar it’s now being “leveraged to impose centralized control over internet access on a national scale”.
Cyber Narrator is similarly designed to monitor internet traffic and identify potential threats, including the use of VPNs.
While a big player in the tech world, the Chinese company wasn’t acting alone; a Myanmar conglomerate called Mascots Group was also allegedly involved.
JFM revealed it has been working with the junta’s Information Technology and Cyber Security Department within the Ministry of Transport and Communications to secure a location tracking system from the China National Electronics Import and Export Corporation. The Chinese state-owned defence trading company specialises in electronics and has previously supplied the Myanmar military with air defence radar systems.
The involvement of Mascots Group took many in Myanmar’s digital space by surprise, because it was a minor player in the country’s telecommunications sector before this. The conglomerate’s managing director Dr Win Kyaw is better known for his venture into craft beer.
“They are one of around 20 internet service providers but are very tiny. They don’t really have much of a business presence in the telecoms sector, especially not with technology related to firewalls,” said Daw Wai Phyo Myint, Asia Pacific policy analyst at digital rights group Access Now.
But perhaps more importantly, Mascots Group and its managing director do appear to have a cosy relationship with the regime. The conglomerate includes Mascots Technologies Company Limited, which is a registered supplier of the military’s Directorate of Defense Procurement. Win Kyaw is also a shareholder in King Royal Technologies, a company that was sanctioned by the United States after the coup for providing “satellite communication services” to the military.
Neither Win Kyaw nor Mascots Group responded to Frontier’s request for comment.
A war of attrition
Knowing what technology is being used is only one part of the puzzle, however. Understanding how it’s being used remains a point of speculation, partly because the technological sands keep shifting.
Internet protocols, known as IPs, are guidelines that dictate how data is sent over the web. IP addresses ensure that data packets are delivered to the right place, the same way that a postal address ensures that a letter or package is delivered to the right location.
VPNs, which obscure the users’ IP addresses, have their own protocols that dictate how data passes between the device and the network while also ensuring that the data is encrypted for safer use. One way to block a VPN is to deploy technology that stops its protocol from working.
“When the junta tried to crack down on VPNs, they not only introduced internet restrictions on the domain level where users might not be able to connect to certain websites, but on a protocol level so when the system detects a type of protocol that the VPN is using, the system will shut down,” explained Daw Htaike Htaike Aung, a digital rights advocate and executive director of the Myanmar Internet Project.
Wai Phyo Myint said that as of publishing, VPNs that use the popular OpenVPN and IPsec protocols still seem to be working but those that use Wirecut, which is also popular because of its speed, have stopped.
To sidestep the junta’s measures, Migliano said VPN providers “spin up new internet protocols and develop new obfuscation techniques”, in what he called a “well-established game of cat-and-mouse”.
The game could go on indefinitely or until one side exhausts its resources.
Migliano said the outcome “depends on a variety of factors like how much resources the authorities are prepared to pour into their efforts, how good their blocking technology is, how knowledgeable they are about obfuscation techniques, and how committed they are to the fight against VPNs”.
For the VPN providers, it also requires “significant investment”, which some companies “may not be able to sustain indefinitely in certain markets”, he added.
The junta maintaining an effective ban would similarly require a hefty investment, but experts told Frontier that eliminating access to Facebook falls very high on its list of priorities.
“They are trying to cut this remaining channel. They are trying to control people’s access to information and trying to control mobilising activities against the junta. This was more or less their main target; even though they know that this kind of absolute ban on Facebook will have a serious impact on local businesses, they don’t care,” said Wai Phyo Myint.
Facebook faceoff
Facebook became virtually synonymous with the internet in the years before the military seized power. After the coup, it was used to rally public participation in mass street protests and the Civil Disobedience Movement. Later on, resistance groups took to the platform to attract funds and public support, while exiled media used it to evade regime censorship and reach a mass domestic audience.
Ko Nat Mauk, a spokesperson for a PDF battalion in Bago Region’s Taungoo Township, said that the new VPN block and reduced access to Facebook has “significantly impeded” their income stream by making it more difficult for donors to send money. He also noted that the restrictions have made “information sharing” between troops more challenging.
Meanwhile, ordinary people in Myanmar have had to find new ways to access the internet and stay connected.
Mr Elijiah Lewien, a graduate student at the Oxford University’s Internet Institute who has been researching the use of VPNs in Myanmar, explained that the block has had a significant and continuing impact. But some providers have been hit harder than others, due to differences in the technology or features employed by each VPN service. This leaves openings for resourceful users to skirt the ban.
“People now have multiple different VPNs on their phone or laptop and run through them to find which one is actually working. They are MacGyvering this at this point and sharing information within their communities when they find a service that works,” he said, using a slang term for problem solving with whatever materials are at hand.
There was a spike in Google searches for VPNs immediately after the recent block was imposed – the third largest surge since the coup, Google Trends data shows, with the highest number of searches coming from Sagaing Region, followed by Mandalay Region then Kayah State. Searches overall increased by 2,333pc on May 30, compared to the daily average over the previous four weeks, according to data collected by Top10VPN.
Individual providers noticed this uptick as well. A spokesperson for ExpressVPN told Frontier in mid-June that their website experienced a traffic surge of 174pc. NordVPN, another popular paid provider, also told Frontier they “observed an increase in visitors” to their website on May 30.
While people in Myanmar are finding ways around the ban, they are now using VPNs more cautiously. Following the news of the block, reports surfaced that soldiers and police were stopping people randomly across the country to check devices for VPNs. If one were found, individuals could face a fine or even arrest.
While security forces have carried out such random searches since shortly after the coup, these efforts seem to come in waves. Wai Phyo Myint said that the frisking has largely subsided in the last month, “because they don’t have the resources to be able to conduct such phone checks all the time”, but people still remain on high alert.
A student in Ayeyarwady Region who spoke to Frontier on the condition of anonymity said that whenever he leaves the house, he now “uninstalls all VPN applications from his phone”. Nat Mauk said that his fighters are currently “limiting their VPN usage to essential activities”.
“Now our comrades undergo rigorous security checks before they leave our area. This includes a thorough inspection of their mobile devices to ensure they can travel safely,” the spokesperson said of the group’s internal measures.
No space for MySpace
But blocking access to VPNs seems to be step one in a much larger plan. In April, the regime announced that it had developed its own social media website and mobile application called MySpace, not to be mistaken for the popular networking site launched in the US in the early 2000s.
The MySpace website bears many resemblances to Facebook. The directory on the left hand side, for instance, has tabs for “events”, “games”, “group” and “pages”.
Dr Stefan Bächtold, a lecturer at Monash University in Malaysia who has researched internet use in Myanmar, said that the junta is trying to create its own version of Facebook that it can exercise complete control over.
While the MySpace homepage claims to have more than 20,000 active users, the regime has struggled to get the platform on its feet. Although the login page still advertises a downloadable app, it’s been removed from the GooglePlay, which serves Android users. It was reportedly available on the Apple App Store previously but has since been taken down.
“Thousands of people have been reporting these apps the second they hit the Apple market or the Android Play Store so they are rather difficult to download and it seems that for the moment this has been effective in keeping the military from establishing its own little world – it’s own little Facebook – in Myanmar,” said Bachtold.
At the same time, many people in Myanmar are scared to use a social media platform that was developed by the junta and could be used to access and monitor their information.
“It isn’t only that people don’t support the military; people are also concerned about their safety,” said Wai Phyo Myint. “They understand that any platform, any technology, associated with the military is not necessarily secure. Unless people are forced, unless they are put in a very challenging, risky situation, I don’t think people will use this kind of technology.”
Several sources inside Myanmar agreed. “Because MySpace is a platform developed by the military regime, the public has completely rejected it and are not using it,” said Nat Mauk.
The pre-coup decade of reform saw Myanmar people gain access to social media, international news outlets and a relatively free domestic media landscape. The military has tried to reverse this trajectory since seizing power, but the general public has fiercely resisted being dragged back into another digital dark age.
“This is the authoritarian playbook, to be able to control people’s access to information, their channel for free speech…since the first day of the coup, [the junta] has been trying to achieve this,” said Wai Phyo Myint.
But she insisted “it will never be able to control the people so long as people have access to alternative information… If people have access to different sources of information, they will have different perspectives and won’t buy the military’s propaganda.”