Hackers Try to Mess Up Burmese Opposition Website

Unknown hackers hijacked the English-language edition of the exile Burmese news website The Irrawaddy last Friday in an apparent attempt to discredit the publication, according to the editor, Aung Zaw.

One of the articles stated that Aung San Suu Kyi and her political party, the National League for Democracy (NLD), were responsible for the recent reduction in funding from international donors to The Irrawaddy and fellow exile news agency Democratic Voice of Burma (DVB). The other was a spurious story saying popular Burmese singer May Sweet had died.

Aung Zaw on Monday said he believed the cyber attack was launched by a pro-military junta group or Naypyidaw's cyber warfare department.

"The intent of the attack is to damage the credibility of The Irrawaddy," he said.

Last September, The Irrawaddy’s English and Burmese language websites came under attack by a two-gigabyte DDoS or distributed denial of service attack, which shut down both online editions. DDOS attacks consist of using computers to generate massive numbers of hits that overwhelm websites and make them inaccessible for days. The Irrawaddy’s sites were also temporarily disabled earlier in September by a one-gigabyte DDoS attack.

The Irrawaddy remains arguably the Burmese diaspora’s most important news site, exposing illegal activities of the Burmese junta, including the fixing of November's general election, high-level corruption, nepotism, and the release of exclusive photos of secret military missions from Burma to North Korea.

"This is most likely why the junta has assigned technicians to attack our website," Aung Zaw said.

Win Thu, the office manager of The Irrawaddy, acknowledged that there is a security weakness on the website and said he was trying to find the best solution to overcome the weakness.

"From the Web Content Management System (WCMS), the intruder posted two stories," said Win Thu. "It is important to protect ourselves against such an intrusion. We are investigating who the culprits could be. According to the style of the writing, the culprits may be regular readers who know well the style and layout of The Irrawaddy."

A WCMS is a system designed to simplify the publication of web content to websites and mobile devices—in particular, allowing content creators to submit content without requiring technical knowledge of HTML or the uploading of files.

Many exile Burmese websites are hacked and defaced by hackers, said an IT expert, though this latest incident indicates that the people hired to do the job are getting more sophisticated in their approach.

"Rather than merely attacking the technical infrastructure of the site, as they have in the past with DDoS [Distributed Denial of Service] attacks, or infecting the servers that host the site with a virus, they may be targeting something more valuable—the news agency's reputation," he said.

The second false article that was posted on the site carried the byline of Violet Cho, a former reporter for The Irrawaddy who left the company in 2009.

The article, that claimed that Burmese celebrity May Sweet had died, infuriated the singer who, not knowing the site had been hacked, launched an attack against The Irrawaddy on her Facebook account.

"I feel sorry for the persons who were mentioned in the fake articles, including May Sweet," said Win Thu.

With reporting from The Irrawaddy