2010 cyberattacks on Myanmar

Last updated

The 2010 cyberattacks on Myanmar (also known as Burma) were distributed denial-of-service attacks (DDoS) that began on 25 October, [1] occurring ahead of the 2010 Burmese general election, which is widely viewed as a sham election. [2] [3] This election was the first that Burma had had in 20 years. [4] The attacks were significantly larger than attacks against Estonia and Georgia in 2007 and 2008 respectively. [5] The attack followed a similar one on 1 February 2010, [6] and also followed an incident of a total loss of connection to the internet the previous spring when a submarine communications cable was severed accidentally. [7]

Contents

Attacks beginning 25 October 2010

Over the period of a week, a large-scale massive DDoS attack targeted Burma's main Internet provider, the Ministry of Post and Telecommunication. Successful attacks to this network interfered with the majority of all incoming and outgoing network traffic.

The motivation for the attacks, and hence the culprits, were unclear, but there was significant speculation that blamed the Burmese government for a pre-emptive attack to disrupt Internet access just before the general elections. The ruling military junta, the State Peace and Development Council (SPDC), was known for denying universal human rights such as freedom expression; the government's efforts to silence dissent are extended to cyberspace, and it has one of the most restrictive systems of Internet control in Asia. [8] The fact that international observers and foreign journalists were not being allowed into the country to cover the polls raised suspicions that Burma's military authorities could have been trying to restrict the flow of information over the election period. [5]

Technical details

A DDoS attack attempts to flood an information gateway with data exceeding its bandwidth. The "distributed" element of a Distributed Denial of Service means that it involves PCs spread all over the world. These enslaved computers, called "botnets," are usually home computers that have been hijacked and compromised by a virus. Botnets are usually rented out by cyber criminals for various purposes, which includes web attacks. They can be controlled from across the internet. [5] The size of the October–November 2010 attacks increased daily from 0.5 to 10-15 Gbit/s, each daily attack lasting over eight hours (always during regular office hours), from computers across the globe. This was several hundred times more than enough to overwhelm the country's 45 Mbit/s T3 terrestrial and satellite links. [9] Attacks on blogging websites in September were also on the order of Gbit/s. [10]

By comparison, the 2007 cyberattacks on Estonia were at most 90 Mbit/s, lasting between a minute to over 10 hours. [11]

Cyberattacks in Burma prior to the 2010 election

This cyber attack notably followed a similar one on 1 February 2010, when the internet link service of Myanmar's Yatanarpon Teleport Company was struck, [6] and also followed the incident of a total loss of connection to the internet the previous spring when a submarine communications cable was severed accidentally. [7]

Despite the heavy hand that the regime wields over cyberspace, information communication technologies (ICTs) have provided Burmese opposition groups the means to challenge the government by broadcasting their message to the world. There has been an ongoing battle between the liberation technologies and the authoritarian government. In 2000, Burmese political activists received numerous e-mails that contained viruses, which many believe were part of an organised campaign perpetrated by state agents. [8] The first major example of a DDoS attack in Burma was in 2007, during the Saffron Revolution when Burmese activists managed to put videos and pictures of the demonstrations and government crackdown on the internet, at which time the government severed the internet connection for almost two weeks. [8]

Near the one-year anniversary of the Saffron Revolution, the websites of three main Burmese independent media organisations were attacked and effectively silenced. The Democratic Voice of Burma and The Irrawaddy were made inaccessible through a DDoS attack, and the website for Mizzima News was defaced. Through 2009 and 2010, attacks on Burmese opposition media sites continued periodically. [8] The timing of these attacks and the nature of the websites being attacked indicate a political connection. Although the identity of the attackers remain unknown, it is widely believed that the government played a role. This belief is still held, because the Burmese government has consistently made efforts to control and censor the communications environment of the country. Also, the timing and co-ordination of these attacks being around the anniversary of the Saffron Revolution suggests that the motivation of them was to prevent the websites from commemorating the protests and possibly mobilising new political actions. [8]

In September 2010, coinciding with the third anniversary of the Saffron Revolution, [12] the websites belonging to independent and opposition news sites and blogs were brought down by DDoS attacks similar to, but less powerful than, the ones that took place prior to the election. [10] On 27 September 2010, DDoS was used specifically against two news websites in Burma: the Democratic Voice of Burma and The Irrawaddy Magazine. Both of these magazines were providers of independent coverage of current affairs in Burma. These attacks were believed to originate from the Burmese government, and with the election a month away, media workers feared that this attack was a test run leading up to the election. In 2009, Burma ranked 171 out of 175 countries in the Reporters Without Borders (RSF) Press Freedom Index. [13]

See also

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Zombie (computing)</span> Compromised computer used for malicious tasks on a network

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Rizon is a large Internet Relay Chat (IRC) network with an average of around 20,000 users. The IRC network itself ranks number 5 among the largest IRC networks. Rizon is popular with many anime fansubbing groups who work online, many of whom provide their content through XDCC via IRC bots in their distribution channels. It is also used by many users of eRepublik as a means of communication. File sharing of other copyrighted material such as Warez is also common in some channels on the network.

<span class="mw-page-title-main">CyberBunker</span> Former Internet service provider

CyberBunker was an Internet service provider located in the Netherlands and Germany that, according to its website, "hosted services to any website except child pornography and anything related to terrorism". The company first operated in a former NATO bunker in Zeeland, and later in another former NATO bunker in Traben-Trarbach, Germany.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

The July 2009 cyberattacks were a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States. The attacks involved the activation of a botnet—a large number of hijacked computers—that maliciously accessed targeted websites with the intention of causing their servers to overload due to the influx of traffic, known as a DDoS attack. Most of the hijacked computers were located in South Korea. The estimated number of the hijacked computers varies widely; around 20,000 according to the South Korean National Intelligence Service, around 50,000 according to Symantec's Security Technology Response group, and more than 166,000 according to a Vietnamese computer security researcher who analyzed the log files of the two servers the attackers controlled. An investigation revealed that at least 39 websites were targets in the attacks based on files stored on compromised systems.

<span class="mw-page-title-main">Jart Armin</span> Cybercrime and computer security investigator and analyst

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.

<span class="mw-page-title-main">Internet outage</span> Loss of internet functionality over a small or large area

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

Stresser services provide denial-of-service attack as a service, usually as a criminal enterprise.

References

  1. "Internet out hits tourism sector". Myanmar Times. 1 November 2010. Archived from the original on 5 November 2010. Retrieved 4 November 2010.
  2. Clegg, Nick (3 October 2010). "Myanmar's Sham Election". The New York Times . Retrieved 4 November 2010.
  3. "Protesters in Japan decry Myanmar 'sham election' plan". Channel News Asia. 27 October 2010. Archived from the original on 30 October 2010. Retrieved 4 November 2010.
  4. Sutherland, J.J. (4 November 2010). "Myanmar's Internet Under Cyberattack". NPR. Retrieved 30 October 2014.
  5. 1 2 3 "Burma hit by massive net attack ahead of election". BBC News . 4 November 2010. Archived from the original on 5 November 2010. Retrieved 4 November 2010.
  6. 1 2 Feng, Yingqiu (3 November 2010). "Myanmar Internet link continues to meet with interruption". People's Daily. Archived from the original on 6 November 2010. Retrieved 8 November 2010.
  7. 1 2 Seltzer, Larry (11 April 2010). "DDoS Attack on Myanmar Takes the Country Offline". PC Magazine. Archived from the original on 7 November 2010. Retrieved 8 November 2010.
  8. 1 2 3 4 5 Sample, Charmaine; Nart Villeneuve; Masashi Crete-Nishihata (April 2013). "8" (PDF). Culture and Computer Network Attack Behaviors. pp. 153–176. Retrieved 1 November 2014.
  9. Labovitz, Craig (3 November 2010). "Attack Severs Burma Internet". Arbor Networks. Retrieved 4 November 2010.
  10. 1 2 Wade, Francis (29 September 2010). "Scale of cyber attacks 'rare and serious'". Democratic Voice of Burma. Archived from the original on 31 January 2013. Retrieved 13 February 2013.
  11. Nazario, Jose (29 September 2010). "Estonian DDoS Attacks - A summary to date". Arbor Networks. Archived from the original on 15 May 2013. Retrieved 13 February 2013.
  12. Nizza, Mike (28 September 2007). "Burmese Government Clamps Down on Internet". The New York Times . Retrieved 13 February 2013.
  13. "Stop Cyber Attacks Against Independent Burmese Media". Reporters Without Borders. 5 October 2010. Retrieved 28 October 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.