#Op It’s time

Our first encounter with a hacking group from Myanmar was back in June 2012, when the Blink Hacker Group (BHG) launched a coordinated denial of service attack against the Democratic Voices of Burma website www.dvb.no.

DVB is a non for profit organization run by Burmese expatriates that makes radio and television broadcasts aimed at providing uncensored news and information about Burma, the country’s military regime, and its political opposition.

What we did not know back then is that we were going to embark in a long three year quest to track down the attackers, stop a myriad of new attempts and ultimately understand their motivations.

This is our story.

The first attacks

The first attacks started during the night of the 9th June 2012 and by that time, we did not know much about the Myanmar’s black hacking scene, their methods and motivations. When we woke up the following morning, “Blink” had already claimed victory on their official website www.blinkhackergroup.org. DVB’s website was not ready to cope with the flooding of requests. The attack took the site down and a first report about the event went public on the site.

Honestly, we did not have a clue why the Democratic Voice of Burma site was targeted. In the past, the sites were receiving fully anonymous attacks but this time a “pseudonymous group” was taking responsibility. At least, some good news!

Organized denial of service attacks in Social Media
Organized denial of service attacks in Social Media
Compromised servers used to coordinate DDoS attacks (message from Taunggyi Technological University)
Compromised servers used to coordinate DDoS attacks (message from Taunggyi Technological University)

During the 9-12th June 2012 several websites previously compromised[#1] were used to host a control panel to control the denial of services.
Dealing with the attacks became part of our night routines for months. The idea that a group of young mobsters wanted to impose a vision of truth starting a cyber crusade was not new, understanding their methodology was our challenge. There was not a real dialogue, just attempts to shutdown undesired content.

Message calling for attacks (June 2012)
Message calling for attacks (June 2012)

Stopping their attacks was easier than tracking them down so at the beginning we did not pay much attention of what it seemed a bunch of teenagers playing the “we-are-the-latest-cyber-army” game while their parents were paying their University studies and their Internet bill.[#2]

Not until the 16th June 2012, a week later from those first denial of service attacks, that “Blink” declared “cyberwar” to Bangladesh and any online media that was not openly against the Rohingya during the crisis. And that is how we ended up in the middle of a cyber cross fire! Finally, we were going to understand how a cyberwar looked like!.

[#1] The following sites were used to host a DDOS control panel in June 2012:
(1) televisionoffers.co.uk (2) www.gurdeepestates.com (3) www.wagnergabriel.com.br (4) www.hostingbesparen.nl (5) www.mobileprofitsinfo.com (6) seisonic.com
(7) www.2agoodhealthyu.com (8)www.mobilecashonthego.com (9) kalbalia.me (10) shreeprandevents.com

[#2] In order to hide their location some of the attackers were using VPN services hosted in Russia or the free-gate proxy network or computers from the Bauman Moscow State Technical University where many students from the Myanmar Army Forces are trained.

Why now?

Two different views of how to draw a maritime border.
Two different views of how to draw a maritime border.

There is never a good time to receive a cyber attack and after all these years, we keep finding ourselves always asking the same question: Why now?

Myanmar and Bangladesh had a long irreconcilable views of their respective maritime boundaries in the Bay of Bengal, after all, the recognition of those borders decides which country will have access to vast underwater gas reserves. Maritime boundaries will determine who will eat the biggest piece of the cake.

During, March 2012, the International Tribunal for the Law of the Sea (ITLOS) took a final decision: the boundary will be literally, a middle path, in the center of the boundaries proposed by Bangladesh and Myanmar. That decision was accepted by the military but without any joy.

During the very same time period, riots escalated between ethnic Rakhine Buddhists and Rohingya Muslims in northern Rakhine State. The 10th June 2012, Rohingyas started to burn Rakhine’s Buddhist and other ethnic houses after returning from Friday’s prayers in Maungdaw township.

By October 2012, Muslims of all ethnicities had begun to be targeted resulting in at least 80 deaths, the displacement of more than 20,000 people, and the burning of thousands of homes. Things got even worse as time went on.