- Have you looked into other hacking groups active in Myanmar, such as Myanmar Muslim Cyber Force (MMCF)?
Our research has focused on groups in Myanmar that targeted online media in July 2012. Howwver, we have started to look into MMCF as well, which has core members in Indonesia.
- Did the targeted websites ask for this investigation?
The media sites that we have been assisting the last years have always been more interested in keeping their websites functional and operative than anything else. This work was initiated by a group of system administrators and security specialists when we were building better tools and technologies to protect websites during key events. In the past, during events like the 20th anniversary of the 8888 uprising, the Saffron Revolution, or the Rakhine riots, we were very reactive to security incidents. Not until 2015, we had the time and motivation to plan ahead and track down the attackers.
- Can you explain for a person without strong technical background how you found out that some of the attacks came from a military network?
During a technical troubleshooting, we looked into how we could differentiate the traffic from different devices coming from the same Internet connection. We learned that some firewalls add a very specific piece of information to the requests that we could use in our systems to block infected machines. During the implementation of such a system, we discovered that a very specific brand of firewalls known to be used by the military in Myanmar was logged in our system. A few weeks after, a reporter reached out to us saying that someone has logged into his Gmail account from a strange location. We checked in our systems and verified that the very same location was blocked by our system several times in the past. Only then, we decided to look specifically into all traffic coming from this network.