Pages

Tuesday, May 10, 2011

ျပည္ပ မီဒီယာနဲ႔ Hacking

ဂ်ာနယ္လစ္မ်ား ကာကြယ္ေရး ေကာ္မတီရဲ႕ အေရွ႕ေတာင္ အာရွဆိုင္ရာ ကိုယ္စားလွယ္ ေရွာင္ ခရစၥပင္က ျပည္ပ သတင္းမီဒီယာ DDoS နဲ႔ အတိုက္ခံေနရတဲ့အေၾကာင္း ေရးထားပါတယ္။ အထူးသျဖင့္ ဧရာဝတီေပါ့။

ဧရာဝတီဟာ တျခားျပည္ပမီဒီယာေတြလိုပဲ DDoS နဲ႔ ဆိုဒ္ျပဳတ္က်သြားေအာင္ ပုံမွန္လိုလို အတိုက္ခံေနရခဲ့ရပါတယ္။ ျမန္မာအာဏာပိုင္ေတြဟာ ျပည္ပအေျခစိုက္ မီဒီယာေတြအေပၚ အထင္လြဲေအာင္၊ သိကၡာက်ေအာင္ အသစ္အသစ္ေသာ နည္းေတြနဲ႔ တိုက္ခဲ့ပါတယ္။

ဒီႏွစ္အေစာပိုင္းမွာေတာ့ သိၾကတဲ့အတိုင္း ဧရာဝတီရဲ႕ ကြန္ရက္စနစ္ထဲဝင္ၿပီး သက္ရွိထင္ရွားရွိေနေသးတဲ့ အဆိုေတာ္ တေယာက္ကို ေသၿပီဆိုၿပီး ခပ္တည္တည္နဲ႔ သတင္းတင္ျပပံု ေသသပ္စြာ ဝင္တင္သြားလို႔ အက်ယ္အက်ယ္ မျငင္းဖြယ္ေတြ ျဖစ္ခဲ့ရၿပီးပါၿပီ။ စာဖတ္ပရိသတ္မ်ားကလည္း ဂ႐ုဏာေဒါေသာနဲ႔ မေသခ်ာဘဲ တင္မရမလားဆိုၿပီး ျဖစ္ၾကတာမို႔ အေတာ္ ရွင္းလိုက္ရတဲ့ ကိစၥ ျဖစ္ပါတယ္။

ဧရာဝတီ အယ္ဒီတာ ကိုေအာင္ေဇာ္ကေတာ့ ကြန္ရက္စနစ္ထဲဝင္ၿပီး လွ်ိဳ႕ဝွက္တဲ့ အခ်က္အလက္ေတြ၊ ျပည္တြင္းက အခ်ိတ္အဆက္ေတြရဲ႕ အခ်က္အလက္ေတြရသြားမွာ စိုးရိမ္ေၾကာင္း ေျပာထားပါတယ္။

ဧရာဝတီက ဥေရာပကေန ကြ်မ္းက်င္သူေတြကို ေခၚယူငွားရမ္း စစ္ေဆးရတဲ့ အထိ ျဖစ္ခဲ့ၿပီး တခုေသာ ဟက္ကင္း လိပ္စာဟာ လန္ဒန္အထိ ေတြ႔ရၿပီး တ႐ုတ္ ပေရာက္ဇီ ဆာဗာေတြကို မ်က္ႏွာဖံုးစြပ္ၿပီး သံုးထားတာ ေတြ႔ရပါတယ္။

ဝင္ၿပီး ဟက္တဲ့သူေတြဟာ ဘယ္သူပဲ ျဖစ္ျဖစ္ သူတို႔က ပိုနပ္လာၿပီး ပိုအႏၲရာယ္မ်ားလာတယ္လို႔ ကိုေအာင္ေဇာ္က ေျပာထားပါတယ္။

အေသးစိတ္ကို ေအာက္မွာ ဖတ္ႏိုင္ပါတယ္။

Committee to Protect Journalists: Burmese exile news site endures hacking, DDoS attacks
By Shawn W. Crispin/CPJ Senior Southeast Asia Representative

Like other Burmese exile-run media, the Irrawaddy has been plagued by numerous denial-of-service (DDoS) attacks in recent years that have forced its website to be shut down. Now, Aung Zaw, the publication's founder and editor, believes Burma's military-backed regime has adopted a new cyber-attack strategy that aims to undermine the exile media's credibility among readers.

Earlier this year, unknown hackers penetrated the Irrawaddy's central computer system and planted false news on its website's front page claiming that a popular Burmese film star had died. The bogus report sparked a protest from the still living actress and an outcry among readers about the inaccuracy before editorial staff could delete the posting and issue an explanation.

Aung Zaw told CPJ he fears the damage from the attack may have been wider reaching, potentially jeopardizing the identity of secret in-country sources and contributors. He says the hackers first breached the Irrawaddy's central computer system using password-cracking software two weeks prior to planting the false story.

"Tons of confidential information was exposed when our site was hacked," said Aung Zaw during a recent interview with CPJ. "We assume they were reading our day-to-day messages."

After the attack, Aung Zaw said the Irrawaddy hired Internet security experts in Europe to audit the extent of the security breach. The experts were able to track one of the IP addresses of an apparent team of hackers to London. They used proxy servers in China in a circuitous bid to conceal their location.

The audit also showed that the IP address for the hacker who planted the false story had, two weeks earlier, amended for accuracy several sections on the Burmese military's Wikipedia page. Aung Zaw said the amendments demonstrated in-depth knowledge of the military's structure and symbols, including the number of stripes and other insignia on obscure military decorations.

Burma's military-backed regime has never publicly taken responsibility for the various DDoS attacks that have anonymously debilitated Burmese exile media in recent years. Nor has anyone acknowledged orchestrating the recent cyber-attack against the Irrawaddy--though Aung Zaw notes that many former soldiers and other regime allies are known to reside in the United Kingdom, Burma's former colonial ruler.

The Irrawaddy has since upgraded its computer system's security and, with help from outside experts, is actively guarding against a similar future attack. Nonetheless, hackers have attempted in recent weeks to breach an Irrawaddy database and, in another instance, posed as one of Aung Zaw's China-based contacts while messaging on Facebook.

"Whoever they are, they're getting more clever and more dangerous," said Aung Zaw.

3 comments:

  1. ေတးသံရွင္ ေမဆြိ သတင္းကဲ႕သို႕ ျဖစ္စဥ္တြင္ ဧရာ၀တီအေနျဖင့္ မိမိ web စာမ်က္ႏွာမ်ားအား အျမဲ မျပတ္ေစာင့္ၾကည့္ေနမည္ဆိုပါလ်င္ မည္သို႕ပင္ အတိုက္ခိုက္ခံရေစကာမူ ၾကီးမားေသာ ထိခိုက္မွဳ႕မရွိႏိုင္ပါ ။

    ReplyDelete
  2. Aung Zaw,

    If you do not store the data consist of internal sources in your system connected to the breached network, you do not need to worry.

    The safest security measure for you is to store your data offline; accept all email communication, read them archieve them, then delete and purge from your trash.Defacing and DDos is not very hard since the plugins and modules in the CMS your magazine is using are prone of bugs and weaknesses.

    Utilize Cisco's web content and , if you can use Webmux.

    Nothing actually is secure as long as you are connecting to internet.

    Thanks,

    ReplyDelete
  3. Yeah, Now a day, no one need to be technical genius to be a bad guy. There are so many ready made tools on the www open network.

    ReplyDelete