Monday, July 24, 2017

Govt, firms dismiss hacking report

A report claiming to expose the culprits of major cyber breaches and attacks on local media has been dismissed by the government and drawn the ire of individuals named.

The report, “Unleashed: Unveiling Cyber Warfare in Myanmar”, is the culmination of three years of monitoring by a Swedish cybersecurity expert, Tord Lundström.

Mr Lundström’s organisation has worked with formerly exiled media groups Irrawaddy and DVB, protecting them against the Distributed Denial of Service (DDoS) attacks and systematic backdoor breaches their websites have faced in recent years.

The report alleges hacking activities carried out by cyber vigilante groups such as Blink Hacker Group (BHG) include a major attack on the Thai judiciary in early January, which brought down nearly 300 government sites and saw 1 gigabyte of court data dumped online. The attack was carried out in response to the verdict in the high-profile Koh Tao murder trial, which saw death sentences handed to two ethnic Rakhine migrant workers.

Mr Lundström’s report, which largely centres around public posts on Facebook by alleged Blink members, identifies the individual he believes to be responsible for tools that made the Thai judiciary attack possible.

Thai authorities had announced they would investigate the breach in January. However, yesterday Reuters reported that the Thai police said they did not believe the hackers were based in Myanmar.

“DDoS attacks typically come from many sources distributed around the internet, thus making it very hard to track down the source. If it were coming from just a few sources within Myanmar, then yes – [MPT] may be able to trace back the source,” said analyst Doug Madory of Dyn Research, a firm which monitors networks worldwide.

Repeated attempts to reach the Thai embassy yesterday were unsuccessful, and MPT did not respond to requests for comment.

Computer hacking and cybercrime is a criminal offence in Myanmar, and falls under the 2004 Electronic Transactions Act.

A number of individuals named in the report expressed displeasure at the implication that they are involved with hacking outfits.

Ko Yan Naing Myint, a network and server engineer with Yangon-based firm CyberWings, said allegations that he is a key member of Blink Hacker Group are baseless and defamatory.

“You may see online that I am open to everyone and most of the guys, they are also like me – if [they] were [hackers] they wouldn’t be like this,” he said.

“There is no proof,” he added.

Ko Yan Naing Myint said his company CyberWings Asia had donated hosting to BHG’s website because of his belief in open source systems and a free web. The BHG website’s hosting has since lapsed, and was recently obtained by Mr Lundström.

Yangon-based business consultant and political analyst Thet Aung Min Latt, who was highlighted in the report over a March 2013 Facebook post, also rejected the implication that he was involved in BHG.

“Attending an online live chat doesn’t show anything,” he told The Myanmar Times yesterday, adding that he had requested the report’s authors to remove his information from the site.

Mr Lundström’s report proposes that Myanmar’s hacking scene has been infiltrated by political operators. He also suggests that the source of attacks against local media prior to last year’s elections by the Union of Hacktivists can been traced to government facilities.

These accusations could not be independently verified, and The Myanmar Times was unable to reach Minister for Information U Ye Htut yesterday. However, he told Reuters that “people sometimes overestimate the capacity of the Myanmar military”.