Digital ID

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

The list of sites blocked in MYANMAR includes many websites that did not fall under the categories adult content or fake news

Original post at: https://www.qurium.org/alerts/myanmar/internet-blocking-in-myanmar-secret-block-list-and-no-means-to-appeal

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. The order was based on article 77 of the Telecommunications Law and the MoTC directive stipulated that the list of blocked sites was confidential and could not be made public. If an operator publicized the list, it would be in violation of the directive and local law. However, the block list included many websites that did not fall under the categories “adult content or fake news”. Several legitimate and acknowledged media related to minority ethnic groups and news focusing on the Rakhine state were found on the list.

Telenor Myanmar – an attempt to resistance

There are four operators in Myanmar: state-owned Myanma Posts and Telecommunications (MPT), Qatar based Ooredoo, military-aligned Mytel, and privately owned Telenor Myanmar. Telenor initially challenged the blocking, and on March 23, Telenor Myanmar’s spokesperson said:

“Telenor Myanmar has not complied with the request to block sites in the category of ‘fake news’ as it has not been able to establish sufficient legal basis for this part of the request. Telenor Myanmar believes in open communication and regrets if any inconvenience is caused to the customers”

However, “dialogue with the authorities made it clear that non-compliance with the directive would have implications on the company’s ability to service the public” says Cathrine Stang Lund, Acting VP Communications at the Telenor Group, Singapore. In April 2020, Telenor complied with the directive and blocked ALL sites on the block list. In a press release from April 22, Telenor stated:

“Telenor has assessed that the risk involved in not following the directive as regards fake news is likely to have wider implications in terms of servicing the public. Hence, the remaining sites have been blocked bringing the total count to 230.”

Five months later, several legitimate and trusted news sites such as Mandalay In-Depth NewsKarenNews and Voice of Myanmar, remain blocked in Myanmar.

How is the blocking implemented?

In collaboration with the civil society organization Myanmar ICT for Development Organization (MIDO), Qurium has investigated the blocking methods implemented by Telenor Myanmar and the state-owned operator Myanma Posts and Telecommunications (MPT).

During the joint research with MIDO, traffic was recorded from Telenor (AS133385) and MPT inside Myanmar (AS9988) to a number of blocked legitimate news sites that had been classified as “fake news”. Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country.

Telenor – redirects blocked users to anonymous foreign server

.pw domains are inexpensive and often used by spammers.

The blocking mechanism of Telenor is curious and requires a bit of attention. Telenor redirects all users attempting to access a blocked domain to an inexpensive VPS outside of Telenor’s own infrastructure under a non-Telenor domain. The VPS (IP address 167.172.4{.}60) is hosted in Digital Ocean, Singapore under the domain urlblocked.pw, a domain purchased in late March 2020 for less than 2 USD.

According to Stang-Lund at Telenor Myanar, the reason for using an external domain hosted in Singapore as landing page is to protect the users. She says “this (decision) is based on a holistic evaluation, including privacy considerations, as user data on attempted access is outside of Myanmar’s jurisdiction”.

However, when redirecting blocked users to a Digital Ocean VPS in Singapore (outside of Telenor’s infrastructure), Telenor puts the readers in greater risk as the traffic leaves Telenor’s control and travels via several unknown operators. Qurium has requested a clarification from Telenor Myanmar on why Telenor did not place the block page within its own infrastructure (but outside of Myanmar’s jurisdiction), but have not received an answer.

Telenor’s anonymous block page under the obscure domain urlblocked.pw.

The block page provides the user a brief message in Burmese and English. The message does neither indicate that it is coming from Telenor nor provide means to appeal the blocking decision.

“Sorry, this URL is not available from Myanmar. You have tried to access a web page which has been blocked as per directive received from the Ministry of Transport and Communications Myanmar..”

Cathrine Stang-Lund explains “Since the authorities have not provided a complaint or appeal mechanism, nor contact details, Telenor Myanmar is unfortunately unable to provide that on the landing page. Any appeal should be made to the authorities.” Adding this information to the block page would increase the transparency and trustworthiness of Telenor Myanmar.

The block page uses the domain “urlblocked.pw” registered the 26th of March 2020 with a free Let’s encrypt certificate.

 Domain Name: URLBLOCKED.PW
 Registry Domain ID: D180106494-CNIC
 Registrar WHOIS Server: whois.namesilo.com
 Registrar URL: https://www.namesilo.com
 Updated Date: 2020-03-31T03:01:23.0Z
 Creation Date: 2020-03-26T02:55:00.0Z
 Registry Expiry Date: 2021-03-26T23:59:59.0Z
 Registrar: NameSilo, LLC

To confirm the domain ownership, Qurium tried to reach the domain owner via an online form provided by nic.pw. A month later, no response has been provided.

The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Blocking without accountability

There are several aspects of the Internet blocking in Myanmar that raise questions. In this section we have collected the open questions that still are unanswered.

  1. Why does not the MoTC release a public list of all blocked sites? How come that the block list is secret?
  2. Why does not MoTC provide a complaint or appeal mechanism, or at least contact details for questions regarding the blocking?
  3. Why did Telenor decide to use a VPS hosted in a third party provider to host the blocking page instead of using a server within the Telenor infrastructure?
  4. Why is this VPS hosted outside Myanmar, implying that visitors to blocked sites are redirected to a server outside of the jurisdiction of Myanmar?
  5. Why did Telenor register the domain urlblocked.pw without a proper contact information? Blocked websites have no means to identify and contact the organization responsible of the blocking and exercise their rights to object.
  6. Internet blocking is normally requested by the Ministry of Transport and Communication, but in order to force operators to implement the blocking, a legal decree is required. Did the operators receive such a decree from the Ministry of Justice of Myanmar?

Circumvention of Internet blocking

To circumvent Internet blocking of legitimate news sites, human rights organizations and LGBTQI initiatives, Qurium has developed the mirroring service Bifrost. Bifrost creates live-mirrors of WordPress sites, and pushes the content to large cloud storage services like Google or Amazon, which are too expensive for governments to block. In the case of Myanmar, Qurium has chosen to mirror In-Depth News Mandalay, a legitimate local news site focusing on the Mandalay region. The news site was blocked in March 2020 under the category “fake news”, after being openly critical against military violence and government corruption.

Further reading – OONI research report

For further reading on current situation of Internet blocking in Myanmar, we recommend the article “Myanmar blocks websites amid COVID19” published by OONI in May 2020.

About the author:

About the authors – Contacts:

Forensic report: Tord Lundström, Qurium Media Foundation < t@virtualroad.org >

Media: Clara Zid, Qurium Media Foundation < info@virtualroad.org >

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Myanmar)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

9 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

21 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.