By SEAN GLEESON | FRONTIER
YANGON — The government has brushed off allegations published on Thursday that a number of attacks on the websites of several Myanmar media outlets had originated from military premises.
Thursday’s report claimed a spike in hacking attempts against a number of independent media websites in October 2015, the month before the country’s general election, orchestrated by a group calling itself the Union of Hacktivists. Among the publications attacked were former exile media outlets the Irrawaddy and Democratic Voice of Burma, along with websites belonging to Eleven Media and 7 Day News.
Released by Unleash Research Labs, a group based in Sweden that said it has worked since 2011 to monitor and combat cyber attacks in Myanmar, the report claimed that a study of network traffic showed that the attacks had originated from someone operating behind a proxy named for the military’s Defense Services Computer Directorate (DSCD), believed to be based at the Defense Services Academy in Pyin Oo Lwin.
Frontier was unable to independently verify the report’s claims.
Information Minister U Ye Htut did not respond to multiple requests for comment by Frontier on Thursday. Speaking to Reuters earlier, U Ye Htut dismissed the report, responding that people “sometimes overestimate the capacity of the Myanmar military”.
Responding to the report on Thursday, U Aye Chan Naing, executive director and chief editor of DVB, said he was troubled by attempts to shut down media websites, while declining to offer an opinion on allegations of military involvement.
“It is pretty much technical issues and I would leave it to the technical experts to prove whether or not the military is directly involved,” he told Frontier. “[But] there should be no impunity for hackers hacking independent media websites. They are attacking freedom of expression.”
A representative of Unleash Research Labs identifying himself as “Tord Lundstrom” — perhaps coincidentally, also the name of a well-known retired Swedish ice hockey player — spoke to Frontier on Thursday via email. Explaining that his organisation had helped provide hosting services and technical support for exile media outlets, Mr. Lundstrom said he was convinced his research demonstrated some level of military involvement in the hacking attacks.
“We have been working with Myanmar sites since 2011,” he told Frontier. “We provide technical support to many of the largest sites that are under attack. In the last six years we have hosted Mizzima, Irrawaddy and Democratic Voice of Burma, and other, smaller sites.”
“During our research, we discovered that one of the networks conducting intrusions into the servers was operated by the military,” he added. “The IP address is used by several institutions, but we discovered a way to determine which concrete part of the network the traffic originated from… judging from the data we have, I am inclined to believe [the attacks came from] a DSA connected activity.”
Both the Irrawaddy and DVB have confirmed to Frontier an ongoing relationship with Mr. Lundstrom within the realm of online security. U Aye Chan Naing said DVB had worked with Mr. Lundstrom since 2007. U Win Thu, the Chiang Mai-based senior manager of the Irrawaddy, told Frontier that his publication’s relationship with Mr. Lundstrom had begun at around the same time.
For years, exile media outlets in Myanmar have been subjected to cyber-attacks aimed at shutting down their online presence. Publishers have regularly accused the Myanmar government of involvement in the hacks.
A 2008 report in the Asia Times noted that distributed denial-of-service attacks, aimed at blocking user access to websites, had been conducted against four Myanmar exile media outlets around the time of the first anniversary of the monk-led protests known as the Saffron Revolution. It quoted an anonymous signals intelligence expert who claimed the DSCD was involved with “information warfare”.
The Asia Times report did not provide any evidence of the military’s involvement in the 2008 attacks.
In 2014, the website of the Irrawaddy was hacked and replaced with a message claiming the publication supported “jihad and radical Muslims” in an attack orchestrated by the Blink Hacker Group, apparently in response to the publication’s coverage of ethno-religious violence in Rakhine State since 2012.
Irrawaddy founding editor Ko Aung Zaw told Foreign Policy at the time that he suspected the Myanmar government may have been involved in the attack.
“The regime people are very active in cyber warfare, in social media and have resources and pushing religious violence, so we wonder who are the real culprits,” he said.
Ko Aung Zaw made stronger allegations in 2011, two years before the Irrawaddy relocated from the Thai city of Chiang Mai to Yangon, about an apparent hacking attempt in March of that year.
“The Irrawaddy has exposed many illegal activities of the Burmese junta… This is most likely why the junta has assigned technicians to attack our website,” he said at the time, in an article on the outlet’s website.
Blink Hacker Group
Thursday’s report said that the Blink Hacker Group — a separate entity to the Union of Hacktivists group behind last October’s hack attacks — had been involved in numerous attacks against Myanmar media outlets since 2012, along with a number of attacks against foreign websites.
Unleash Research Labs claimed that a message from one of the group’s members on March 15, 2012 called for attacks against Bangladeshi websites, in response to the International Tribunal for the Law of the Sea resolving a maritime boundary dispute with Myanmar in Bangladesh’s favour the previous day. Frontier was unable to independently verify the message.
The report also alleged that the group was responsible for a number of attacks on Thai government websites since December 2015, in response to the death penalty verdict handed down to two Myanmar migrants in the infamous 2014 Koh Tao backpacker murders.
Unleash Research Labs was not able to demonstrate any formal links between the Blink Hacker Group and Myanmar’s military.