Wednesday, 1 October 2008

Myanmar on the cyber-offensive

By Brian McCartan

MAE SOT, Thailand (ATimes)- The distributed denial of service attacks, or DDoS, that hit and disabled several exile media websites between September 17 to 19, are widely held to be the latest attempt by Myanmar's military regime to silence its legion of critics.

The cyber-attacks, which flood a website with information requests which block regular traffic and eventually overload and crash it, coincided with the run-up to last year's "Saffron" revolution, in which soldiers opened fire and killed Buddhist monks and anti-government demonstrators. But the junta's cyber-warfare specialists appear to have wider designs than just censoring an uncomfortable anniversary and they are receiving plenty of foreign assistance in upgrading their political dissent-quashing capabilities.

The Defense Services Computer Directorate (DSCD) was set up by the War Office in around 1990, originally with the aim of modernizing the military's communications and administration systems. By the mid-1990s, however, the center had become much more focused on Information Warfare operations, according to a signals intelligence expert who spoke with Asia Times Online.

The center became responsible for monitoring telephone calls, faxes, e-mails and other forms of electronic data exchange. Another computer center was later set up at the Directorate of Defense Services Intelligence (DDSI), Myanmar's main military intelligence service. The DSCD is aimed more at military communications, while the intelligence service's computer center is more politically focused, including monitoring opposition groups both within and outside Myanmar.

The service was disbanded in 2004 after the arrest of former prime minister and intelligence chief General Khin Nyunt. It was later reformed as the Military Affairs Security (MAS), which has also presumably taken over cyber-warfare functions, and its capabilities have reportedly substantially improved in recent years.

Singapore has been the military's main partner in bolstering those capabilities. The DSCD was originally set up with computers from Singapore and the city-state has been heavily involved in the cyber-units technological evolution, including upgrades to the regime's computerized information systems hardware and training, says the signals intelligence expert. The intelligence service's center was also set up with Singapore-provided assistance.

Several opposition media sources, including The Irrawaddy magazine and Democratic Voice of Burma satellite television station, have said they received information that the most recent attacks on their Websites may have been conducted by Myanmar military officers trained or undergoing training in Russia and China. A longtime analyst of Myanmar's signals intelligence capabilities noted that many of the officers who have undergone training in Russia and China have taken courses in computing and information technology.

While China has been heavily involved in improvements to the Myanmar military's radio communications and, together with Singapore, connecting major military commands with fiber-optic cable, it apparently has been less involved in developing the regime's cyber-warfare capabilities, experts say.

The opposition movement has become noted for its extensive usage of the Internet to send and receive information, reports and news the regime has tried to suppress. As activists and underground journalists have become more tech-savvy, the intelligence service has become more determined to counter the outflow of information. Much of this has taken the form of harassment and more recently DDoS attacks.

Long-running media list server, BurmaNet News, has been a target of Myanmar's junta, which is known to have posted misleading and often inaccurate information to discredit the pro-democracy movement. In 2000, a wave of e-mail messages were received by activists with attachments containing a virus that many suspected came from the regime.

Exile-run political groups, human-rights groups and non-governmental organizations have all repeatedly accused the regime of launching viruses, and Trojan horses, defacing websites, sending waves of spam e-mail and even purchasing domain names with political significance. Although it is difficult to prove who exactly is behind the waves of cyber-harassment, the sheer volume of the attacks points to the regime's trained cyber-specialists, experts say.

Last year, the day after the regime's violent crackdown on street protesters, the Thailand-based Burmese media organization The Irrawaddy was hit by a virus that also infected visitors to their site. The timing of the attack raised suspicions of the junta's involvement.

In July 2008, the websites of the exile-run, Oslo-based Democratic Voice of Burma (DVB) and New Delhi-based Mizzima News were hit by DDoS attacks that shut down their websites for several days. The attacks followed both news organizations' extensive reporting on the junta's inept and some say corrupt response to the Cyclone Nargis disaster.

On September 17, another wave of DDoS attacks was launched, this time against The Irrawaddy, DVB and the Bangkok-based New Era Journal. Two community forums, Mystery Zillion and Planet Myanmar, were disabled and shut down by similar attacks in August. Although not political in nature, both websites provided information and instruction on how to circumvent the regime's tough Internet controls and firewalls, which include blocks on internationally hosted e-mail services gmail and Yahoo!.

Strategic attacks
Analysts say the cyber-attacks have notably ramped up during the anniversaries of the August 1988 pro-democracy uprising and military repression, and the September 2007 crackdown. Servers involved in the most recent attacks have apparently been situated in Russia and China - however, experts say this may have been done by hackers trying to cover their tracks.

According to communications security expert and Australian National University Professor Desmond Ball, DDoS attacks are relatively simple and can be engineered without the aid of powerful computers or an advanced computer science degree. Similar attacks, he says, have been carried out against Taiwan and Japan for years by young nationalistic Chinese hackers.

DDoS attacks, redirection and defacing of websites are all overt forms of cyber-harassment, but the real essence of cyber-warfare, says Ball, lies in the ability to penetrate a computer or a network, cover your tracks to avoid detection on the way in and out and steal information or disrupt systems without the target knowing that they have been hacked.

The military regime's capabilities in this regard may be where the real danger lies, he says. So far there is little known about the ability of Myanmar's government cyber-warriors to carry out these attacks, partly because the nature of these kinds of attacks is to remain undetected.

Internet security among computer users worldwide is notoriously lax and this includes Burmese exile political and media organizations. Without firewalls and anti-virus programs configured properly and IT specialists monitoring computer systems - an expensive proposition for most exile groups - they are at a distinct disadvantage against the junta.

Domestically, the regime has spent considerable effort to block the flow of information into the country through the use of filtering software that block certain media, human rights and political sites, as well as gambling, pornography and other sites deemed socially unacceptable. Through the use of proxy servers and encrypted webmail services, many of Myanmar's citizens have been able to circumvent some of these controls.

Their tech savvy was shown to the world in September 2007, when graphic images and video of the military's brutal crackdown on protesters were broadcast from an instant army of citizen reporters, who sent their files to outside news organizations over the Internet. In Myanmar's heavily controlled communications environment, there are only a handful of Internet service providers (ISPs), all of them either state-owned or with strong government ties, and thus easy for the regime to disconnect.

Exile groups and much of the media pointed to the three-day period between the beginning of the crackdown in late September 2007 and the shutdown of the Internet as evidence of the junta's lack of technical expertise. Ball, however, contends that the opposite is true.

The generals were willing to endure some international criticism in order to monitor who was communicating with whom before shutting the system down altogether. This information would likely have fueled their post-demonstration manhunts, where thousands were put behind bars, he says.

Myanmar's original ISP is the Ministry of Post and Telecommunications, which was later joined by Bagan Cybertech, a private communications company established by the son of former intelligence chief Khin Nyunt. Following his arrest, the company was partially taken over by the government and renamed BaganNet/Myanmar Teleport.

A third ISP was reportedly set up by the government-supported mass organization the Union Solidarity and Development Association (USDA) in 2007 and is known as Information Technology Central Services. In July 2008, a fourth ISP was launched called Hanthawaddy National Gateway.

Established with technical assistance from China's Alcatel Shanghai Bell, the service is currently only available to military officers, but is expected to eventually expand throughout the country. Alcatel Shanghai Bell is represented locally by Myanmar tycoon Tay Za, a close associate to the country's leader Senior General Than Shwe and other senior officers.

Speculation as to the extent of the regime's cyber-warfare capabilities comes during a fast expansion of Internet access across the country. In addition to two new ISP providers, the generals are pushing local and foreign investment in its Yadanabon Cyber City project, located east of Mandalay.

Over one-fifth of the 4,500 hectare city is slated for computer hardware and software factories and is expected to have modern Internet services available through ADSL, CATV, Triple Play and Wi Max. In July, 12 local and foreign companies, including CBOSS of Russia, agreed to invest US$22 million in the development of the city.

Although ostensibly a civilian initiative, much of the technology to be developed, built and used there would have dual use capabilities, experts say.

Brian McCartan is a Chiang Mai-based freelance journalist. He may be reached at brianpm@comcast.net.


No comments: