CHIANG MAI – The Myanmar military’s firepower may be far superior compared to the scattered resistance armies that have popped up nationwide to fight the Tatmadaw since it staged a February 1 coup, but in cyberspace, pro-democracy forces have a tech-savvy upper hand.
Whether the Tatmadaw is killing civilians, burning villages or arresting activists in the dark of night, eyewitness accounts of the abuse are almost instantaneously spread worldwide over social media.
When an army truck rammed a peaceful demonstration in the old capital Yangon, killing and wounding several people, the murderous driver’s picture, name and even regimental number were quickly disseminated in online forums.
It’s thus not surprising that Myanmar’s ruling generals seek to build an internet firewall to prevent such damning text, images and videos from reaching both global and local online audiences. And they have turned to a logical and experienced partner for censorship and surveillance assistance: China.
Asian security officials who communicated with Asia Times and international internet watchdog organizations are following closely China’s role in helping Myanmar’s military regime develop its online blocking and snooping capabilities since the February 1 coup.
The cooperative effort, they say, aims to implement effective control over what can and cannot be accessed online in Myanmar, similar to the “Great Firewall of China” that Beijing has used for years to repressive effect to police the online activities of dissidents and ferret out anonymous and pseudonymous critics.
But what Myanmar’s generals may not realize – diplomats, analysts and technical experts monitoring the situation say – is that the Chinese security agencies now known to be building Myanmar’s firewall are simultaneously able to tap into the Tatmadaw’s military computers and potentially access and collect sensitive information in the construction process.
China, they say, has plenty of incentive to tap into the Tatmadaw’s information streams after vacillating hot and cold relations and years of mutual suspicion on a range of sensitive security issues.
Reports of Chinese technicians providing cyber assistance to Myanmar’s military first circulated on social media about a week after the February 1 coup. Those reports included a list of five cargo planes arriving on February 9 from Kunming, the capital of China’s southern Yunnan province, at Yangon International Airport that allegedly carried Chinese IT technicians and equipment.
Soon thereafter, huge crowds gathered outside the Chinse embassy in Yangon denouncing Beijing’s perceived support for the coup makers, who had just overthrown Aung San Suu Kyi’s elected government. The following day, the Chinese embassy rejected the reports, saying the planes were transporting seafood – a claim panned on social media.
According to research by security analysts and experts closely monitoring the situation, firewall technology has indeed been sent from China to Myanmar since the coup.
Local sources quoted by DigitalReach, an international organization that assesses the impact of technology on human rights in the region, highlighted news of the technology shipment on March 17, saying that developments in Myanmar as well as Cambodia – where China is playing a similar role – “have alarmed human rights advocates and created concerns about how internet controls are unfolding in Southeast Asia.”
Soon thereafter, the junta tabled a new Internet law that required telecom service providers like Ooredoo and Telenor to divulge information on their users’ addresses, phone numbers, national identification numbers and activity history to military authorities.
Norway’s Telenor found that and other draconian junta demands as unacceptable and, in July, the company announced that it would pull out of Myanmar and sell its assets to Lebanese investment firm M1 Group. The deal has been stalled, however, as the junta now prefers a sale to a local company, which would make blocking and surveillance quieter and easier.
According to a Southeast Asian security official who closely tracks Myanmar’s technology scene, Chinese technicians are now secretly building a social media network for use only within Myanmar, which is being designed to replace the use of Western social media platforms like Facebook and Twitter.
That mirrors China’s situation, where both popular US platforms are banned and where local companies that state authorities can closely monitor and tap for data dominate the market.
“Chinese technicians have also been training the junta to use hacking to obtain information on political dissidents and protesters, including how to bypass VPNs and monitor SMS traffic as well as commercial messaging applications,” the security official claimed.
Concurrently, technicians working for companies known to security analysts as being close to the Ministry of State Security (MSS), China’s main intelligence agency, have also been hacking into the computers and databases of the state-owned Myanmar Post and Telecommunications (MPT), a major internet service provider and operator of mobile phones favored by the Tatmadaw.
On June 2, ESET, a Slovakia-based security firm, detected that a cyber-espionage group had hacked into a central government website in Naypyitaw, Myanmar’s fortified national capital. The firm stated in a report that a hacker “planted a backdoor trojan inside a localized Myanmar font package available for download on the site’s front page.”
The report went on to say that “malware used in the attack has similarities to malware strains used in past spear-phishing campaigns aimed at Myanmar targets by a Chinese state-sponsored hacking group known under codenames such as Mustang Panda, RedEcho, or Bronze President.”
In order words, such attacks, or Computer Network Exploitation as they are called in technical language, are nothing new in Myanmar. The first reportedly took place between November 2014 and May 2015 while ex-General Thein Sein was Myanmar’s president.
According to ESET, a “suspected Chinese cyber-espionage group used the [Myanmar president’s] site to distribute a version of the EvilGrab malware.” The next known attack occurred in 2017 and resulted in the extraction of gigabytes of data, including classified military information, according to ESET.
Asian security officials say subsequent attacks occurred in March and August 2020 on MPT’s networks where malware was installed in select Myanmar computers to gain strategic intelligence relating to China’s global infrastructure project, the Belt and Road Initiative, in Myanmar.
Myanmar is not alone in being targeted by Chinese hackers. The Associated Press reported on December 9 that “Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.”
AP referred to a report by Insikt Group, the threat research division of Massachusetts-based Recorded Future, which said that targeted countries included government offices and military entities in Malaysia, Indonesia, Vietnam, the Philippines, Laos, Thailand, Singapore, Cambodia — and Myanmar.
According to ESET, dissidents are also being monitored by Chinese hackers and the information is often hidden in intelligence files with names like “NUG Meeting Report.zip.” The National Unity Government, or NUG, consists of lawmakers and others who fled central Myanmar after the coup and established a government in exile.
The close relationship between Chinese hackers and MSS was revealed when two US-based hackers, Li Xiaoyu and Dong Jiazhi, were indicted in Spokane, Washington on July 7 this year. According to court documents, they had “gained unauthorized access to computers around the world and stole terabytes of data” on behalf of the Chinese government.
Apart from collecting information from a host of Western countries, among them the US, Australia. Germany, the Netherlands, Sweden, Spain and Britain, the indictment states that they “provided the MSS with email accounts and passwords belonging to a Hong Kong community organizer, the pastor of a Chinese church in Xi’an, and a dissident and former Tiananmen Square protestor…and the office of the Dalai Lama.”
Curiously, the MSS, the court document says the Chinese state provided Li Xiaoyu with malware to help him compromise “the mail server of a Burmese [Myanmar] human rights group.”
The identity of that human rights group was not revealed during the hearings in Spokane, but it shows to what length MSS and its hackers are going to monitor a wide variety of governmental as well civilian actors in the region.
Myanmar’s internationally well-connected and computer-savvy dissidents may be able to detect malware, but the Tatmadaw will be exceptionally vulnerable given its limited experience in the field and overall lack of cyber know-how. Ultimately, that means Myanmar officials will be cyber-dependent on the very same Chinese technicians who are spying on them.