#Op It’s time

[MM] [EN] [ES] [FR] [AR] [RU]


Executive summary

Since June 2012, the online media in Myanmar including Democratic Voices of Burma, The Irrawaddy, Mizzima, Eleven Media, 7 Day Daily and others have been on the receiving end of cyberattacks from several underground hacking groups. Attacks included compromising webservers, altering online content and launching denial of service attacks against their websites. Our research shows a connection between the underground hacking groups and the Myanmar military. Key undercover members of the Blink Hacker Group as “Thet Way Phyo (aka Gtone)” or “$n1ff3rg0d” run their attacks from military facilities and encourage youngsters using social media to join their politically motivated initiatives.

This report is a result of monitoring these groups malicious activities over three years. It exposes their motivations and the role of the Myanmar military in using and steering computer enthusiasts in Myanmar to run cyberwar undercover operations. The most notorious group behind the attacks is the Blink Hacker Group and from April 2015 the group “Union of Hacktivists”. The Blink Hacker Group (www.blinkhackergroup.org), alone is responsible of compromising thousand of servers and using the attacks as means to endorse a variety of racist and homophobic messages.

The Blink Hacker Group is closely connected to the IT consultancy company Cyberwings, the company is run by Yan Naing Myint (February 8, 1989) aka Orca-Krilozona, an active open source enthusiast and organizer of cyber security trainings and events like the recent Myanmar Cyber Conference.

A second black hacking group, “Myanmar Hackers Unite4m”, with members participating also in the attacks runs the Security Forum mmsecurity.net. The discussion forum is hosted by Creatigon, www.creatigon.com, a company operated by Min Ko Ko, core member of the hacking team and also known as 133720, cyberoot or DownFall.

An example of such undercover operations is the sudden appearance of a new hacking group “The Union of Hacktivists”, since April 2015 responsible for several website defacements and running the campaign “#Op Fucking Media” that specifically targets independent online media in Myanmar.

The Union of Hacktivists became increasingly active during October 2015, just one month before the General elections of the 8th November 2015. During one week, the group defaced half a dozen local media sites. During our efforts to defend several websites during the elections, we discovered that The Union of Hacktivists is in fact an undercover organization operating from military using the gateway with the name  of the Defense Services Computer Directorate (DSCD). Our report shows how the group has adopted the aesthetics of other hacker groups active in Myanmar to run operations to undermine the work of online media in the country.

Our report exposes for the very first time these unique details. It is time.