Here’s how our Gomen can block websites in Malaysia

Our version of an MCMC block that we used for our homepage on April Fool's 2015 ;)
Our version of an MCMC block that we used for our homepage on April Fool’s 2015 😉

BREAKING NEWS. Sarawak Report gets blocked by MCMC. If you want to know how, see Point 4.

Right now it seems like what people call a DNS redirect, which can be solved by setting your DNS server manually. It’s really not that hard to do. Ask a tech friend to help you. Why? Because CILISOS believes in freedom of information. We’d even help you unblock Ridhuan Tee or Alvin Tan’s site (although we probably wouldn’t invite you to weddings n stuff)

PS: Ironically, a few months ago, we ran an April Fool’s Joke where our own site got blocked (fake one!) which actually got featured by our buddies at Says.com

(This article was originally published on March 21st 2015)

When Dr. Mahathir’s popular chedet.cc blog became unavailable after a post criticizing 1MDB was published. Copies of the post was soon shared (Over 5000 shares on his fan page alone!) and republished on several websites as people wondered what Mahathir had said that caused the government to block his site.

Screenshot of chedet. Image from The Star.
Screenshot of chedet.cc’s page. Image from mStar.
Screenshot 2014-12-18 15.52.22
FYI, Redtube.com

Government censorship of websites isn’t entirely new, whether in Malaysia or in other countries. China is probably the most popular example of government control over internet use, to the extent that it’s been given the nickname The Great Firewall of China. Over here, the Malaysian Communication and Multimedia Commission (MCMC) actively blocks more than 8,700 websites – all completely transparent since you’ll get a “blocked” message with a link to more information on why that particular por…website can’t be accessed.

 

So how come Mahathir’s site didn’t get the official “block” page?

Well, the Malaysian government has been accused a number of times of blocking websites that aren’t on the MCMC’s list for political reasons (more examples later in the article), and these are done with more sneaky approaches. At least, sneaky to people who aren’t very tech savvy la. Like us. So we needed help.

We met up with the awesome, awesome people at the Sinar Project, a politically-neutral non-profit group that collects ALOT of data to improve transparency and openness within the government. Sinar Project Coordinator Khairil ran us through a “simple” explanation of how information is sent from our computers to the world wide web, and how it can be blocked. We’re gonna try to explain this… *gulp*

IMG_20150319_162025 2
“Understanding it quite well”

Accessing a website is like ordering a Laptop

malaysiakini deliver

1. Don’t think of the internet as one giant machine, but rather many smaller ones sending packets of information to you.

2. Think of each packet of information from Malaysiakini, as a Laptop you’re ordering from Dell (not CILISOS advertiser yet btw)

3. Think of the Internet as a Postal Delivery Service

4. We using orange everytime we switch to the Laptop metaphor to make it easier to read (hopefully)

Cool? Whew… okay, now check this out. This is how Malaysiakini reaches you. Don’t worry, we’ll explain as we go along.

Internet2

Now, this… is how people can prevent Malaysiakini from reaching you.

 

1. DDoS – Getting your friends to fake-order 10,000 Dell laptops

DDOS

10,000 people decide to troll Dell by placing orders for the same laptop the same time you do. This is more than what Dell has in stock, so they push the factory to make more without stopping, causing the factory workers to say “S*** this S***” and go on strike.

Result – You don’t get your laptop. Dell gets shut down temporarily.

What it is: A DDoS or Distributed Denial of Service involves the flooding of a site with requests to view it till the server where the site’s information is stored basically says “I give up!” and goes out to lunch, leaving an error message behind.

Examples: Many sites critical of the government were allegedly taken down with DDoS attacks allegedly by the government around the GE13 voting period. The Sarawak Report, Malaysiakini, and The Malaysian Insider have all reported attacks against their servers. These attacks also originated from within Malaysia, which they say lends credibility to the claim of a governmental conspiracy to silence them.

Attacks from Malaysia against sites from other countries have happened as well, with a US-based news service being taken down after publishing reports on a book that basically accused Sarawak Governor Taib Mahmud of being a very bad person. Of course, there are disagreements on whether the attacks were carried out by the government or by Taib himself. As in he paid people to do it la.

The incident with Mahathir’s blog is also suspected to be a DDoS attack.

How to find and fix it: Actually, DDoS attacks are extremely common and is one of the easiest to do (you can do it now, even). As you might tell with the examples we provided, it’s also one of the easiest to track. Sinar Project’s Khairil tells us that many of the independent news portals are using services such as Cloudflare (we used to use it too), which acts like a buffer between the site and the attacker.

 

2. Internet Exchange block – Customs raiding Warehouse and don’t let Dell import into Malaysia

MyIX

 The Malaysian Customs Department declares that Dell laptops aren’t allowed in Malaysia. They raid the warehouse, confiscating the laptops as they arrive in port. 

Result – You don’t get your laptop. 

What it is: The government starts monitoring and controlling information coming in and going out of MyIX, which is a gateway server to the world. Sites like Malaysiakini are often hosted overseas (We are too!), so they pass through a local gateway that processes all Internet requests and conveys them to other little machines around the world.

Examples: None in Malaysia, but this happens in countries like Pakistan. Imagine that banning laptops could ruin the economy.

How to find and fix it: Khairil tells us that in theory, since most of Malaysia’s internet traffic goes through the Internet Exchange, MyIX would be the best point to block access to sites. However, MyIX is a neutral party and guarantees no interference nor blocking, and that has been true so far. Phew.

 

3. ISP block – Pos Malaysia gets instructions to not deliver your laptop

ISP

The Home Ministry decides that Pos Malaysia will no longer deliver Dell laptops with immediate effect.  

Result – You don’t get your laptop

jerng eww
This is Jerng.

What it is: So if MyIX is the warehouse, then that warehouse needs a company like Pos Malaysia to send it to your home. This is your ISP, e.g. DIGI or Celcom or Maxis.  Well, this really isn’t a method, but rather the choke point where the government can monitor and restrict information that you request from the ISP. Unlike with MyIX (Warehouse), ISPs have to comply with the MCMC’s guidelines so they can just say, stop serving these websites or stop delivering these brands of laptops. To quote Jerng, someone else who’s more familiar with this IT stuff than we are, “The ISP is like a chokepoint. If you have access to this, you can restrict or allow anything.”

Examples: In the next two points

How to find and fix it: If the order is issued by MCMC, then all ISPs need to comply. However, sometimes it might be a quiet order, e.g. only one ISP blocks the site due to certain allegiances, then just try a different one (switching say ….from DiGi to Celcom or Maxis or vice versa)

However, many ISPs lease the physical infrastructure (such as fibre cables) from TM, so you’ll still be connecting to TM at the end. Using the laptop example, Pos Malaysia informs you that they can no longer deliver Dell laptops. Thinking you’re outsmarting them, you contact DHL and Fedex instead since they were not given the same instructions by the Home Ministry – only to find that they outsource their delivery vans….from Pos Malaysia. 

So the best way to get around this is to follow the suggestions in points 4 and 5.

 

4. DNS block – Your house address gets deleted from Google Maps

DNS

The delivery van leaves with your laptop, only to find that your house location has vanished from Google Maps! The van driver can’t find your house, and gives up. 

Result – You don’t get your laptop.

DNSerror
Sorry bos, kenot find page. Image from soluzione08.blogspot.com

What it is: A DNS, or Domain Name System is kinda like the Yellow Pages of the internet (in fact, an earlier version was actually called YP). All sites on the internet are actually in the form of numbers (IP address) like 69.63.176.13 (Facebook’s IP) and DNS basically assign a name and location for a site so you won’t have to remember the numbers. For example, when you type in www.cilisos.my in your browser, it will ask the ISP for the IP address. When it gets it, it looks up the site info and loads the webpage for you.

When an ISP blocks the DNS, they’re basically removing it from the directory so your browser won’t know which IP address to go to, and comes say saying “Sorry bos. Kenot find page.”

Examples: Remember what we said about the MCMC censoring websites? So instead of removing the IP address from the directory, the DNS would send your browser to the “block” page. However, these are for sites that are officially blocked. A sketchier example of blocking a site for political reasons would be the MCMC’s decision to block Malaysia Today back in 2008.

In Sarawak Report’s case, the DNS basically redirects to that blue-grey page that says it violates MCMC guidelines or something. Kinda like if someone searches for your address on Waze, it instead redirects to Bukit Aman Police Station.

How to find fix it: Like a DDoS, DNS blocking (or redirecting) is very obvious – especially if a site has been accessible the whole time. It’s about as obvious as walking out of your house one day to find your car missing.

But following on the Google Maps example, the driver can always switch to a different map application like Waze or Garmin GPS to find your location. So in this sense, all you need to do to bypass this is to use a different DNS that doesn’t have the same restrictions. There are a whole lot of guides on the web on how to do this. It’s a little too complicated to explain in this article, so here are two sites you can look at – Blogjunkie | Keith Rozario. If you use Google’s Chrome browser, you can also download a nifty extension called Hola Unblocker  😀

5. DPI block – Someone keeps removing your laptop battery before it arrives

DPI

Say if the government secretly wants to stop Dell from doing business in Malaysia, but doesn’t want anyone to know. They secretly hire someone to check every delivery package and remove the batteries from only Dell Laptops.

Your laptop arrives, but there’s no battery pack. You send it back, and a replacement arrives. Still no battery. After a few more tries, you give up and cancel your order.

Result – You technically got your laptop, but it’s incomplete and therefore useless.

Scenario 2: They send the battery 3 days later. You have already been waiting 12 days. By the 15th day you get frustrated with the delivery time and cancel your order.

Result – You don’t get your laptop. You also tell yourself to never buy stuff from Dell again. 

What it is: Each data packet that arrives at your house is made of 8 bits (simplification ya) – it’s like a laptop has several components, like battery, keyboard, trackpad – all which are required for them to work. What this is, according to Khairil, is the “most nefarious, sneakiest way you can censor the internet”. Deep Packet Inspection (DPI) basically looks closely at each packet, and removes 1 bit from selected packets – like removing batteries from only certain brands of laptops. While a DNS block prevents you from seeing the whole site, a DPI block allows the government to block only specific pages on the site by scanning keywords like say “corruption” or “1MDB” – making you think that there’s something wrong with those pages since the rest of the site works.

In the first scenario, they stop the first packet from coming in, making the other three useless. So your browser keeps retrying to load the page and eventually giving you a failure message.

In the second scenario they set a really loooooong time delay so either you give up or your browser decides “Hmm.. this is taking too long, I’m gonna give up,” and gives you a timeout message. Khairil says the delay can be up to 120 seconds, which is pretty long considering we’re used to pages loading within the first 5 seconds.

BBC News    BBCtrending  Be careful what you say about spinach
Screenshot of the BBC’s article.

Examples: After Najib’s Kangkung fiasco last year, the BBC ran a feature article on the incident which Malaysians had trouble accessing. However, the rest of the BBC’s site was noted to be working fine. The Sinar Project tested this and found that there was some sort of filtering taking place.

Sometime around GE13 (yes, again), certain political pages that weren’t favorable to the government became slow or completely inaccessible, leading to suspicion that some hanky-panky was happening. Independent tests by three different groups found that DPI blocking was happening, at least on TM Net. These guys are the LowYat forumers | Sinar Project | Keith Rozario.

In case you were wondering, some of the pages blocked were YouTube videos by Malaysiakini conducting an interview with PI Bala’s widow regarding the Altantulya case, and DAP’s Facebook page.

How to find and fix it: Doing this is quite complicated (take a look at the LowYat link) but the easier way is just to type HTTPS:// instead of HTTP:// which makes everything HTTP SECURE and prevent this sorta hanky panky.

https
Secured connection. Image from thewindowsclub.com

 

Why can’t the Gomen let us use the internet freely?

To be honest, there more are countries that censor the internet than those that don’t. Even in America, there have been multiple attempts to limit internet freedom, such as the SOPA and PIPA bills that were brought to Congress. The main argument is for the safety of internet users from what Khairil calls the Four Horsemen of the Infocalypse – Terrorists, Drug dealers, Pedophiles, and Organized crime.

The MCMC has always maintained that their purpose isn’t to censor the internet, much less political sites, but to provide guidelines to ISPs for the safety and well-being of Malaysians (especially children). But then again we might just be saying that because the current Minister of Communication and Multimedia, Shabery Cheek seems to be a pretty nice guy.

TR31_251214_SHABERY_BANJIR
Shabery helping out flood victims. Image from the Star

Oh and BTW, the government didn’t block Mahathir’s blog (and possibly some of the other examples mentioned)

Yeahhhhh… sorry ugaiz. We asked Khairil about the blog specifically and he says that it was either that there were too many people trying to view it or it was a minor DDoS attack. However, the fact that the account was suspended (in the screenshot earlier) is a pretty good clue that the site’s quota was exceeded either due to an insufficient plan or payment.

He also mentions that a problem with DDoS cases, especially for breaking news like Sarawak Report’s or the news sites during GE13, is that it’s sometimes hard to tell if the site was under attack or if there were too many people trying to access it.

Khairil also thinks that the government might not have been responsible for some of the GE13 blocks since they were all quite random. He says that they tested across multiple providers and not all were affected by the blocks, especially P1 (remember them?). The blocking of the sites were also quite erratic, like why the government would block the PI Bala video but not one by Tony Pua, or blocking a page on the DAP site but not the whole site itself.

He suspects that the blocks might have been carried out by a pro-government systems administrator kepoh-ing at TM, acting on his own without the knowledge of the ISP. He says it would be quite simple since systems administrators work alone or in small teams, and “all you need is 3 lines of code if you know what you’re doing”.

90649cbe095e479d0731ab4de4c172c4\

Thankfully tho, the HTTPS trend – more sites using HTTPS versus HTTP – makes almost all the above attacks obsolete, which is GREAT!

But here’s the real scary part…

As you might have noticed, most of the methods presented above can be bocor-ed quite easily by the right people. IF they wanted to control our access to the internet, the government either has to be open about the blocks and get us to live with it such as in the Great Firewall of China or move to what Khairil calls “hardcore NSA-level stuff”.

And it's gotta be alot better than this movie about hacking shot in Malaysia
And it’s gotta be alot better than this movie about hacking shot in Malaysia

Too far-fetched? 

Well, the Malaysian government is known to have purchased FinFisher, a very intrusive stealth surveillance softwareused by oppressive governments for a wide range of human rights abuses“. This software was apparently distributed in the form of a document listing the candidates for GE13.

There’s also the possibility of hardware hacks, such as a hacker gaining access to your computer via your internet router to see and control everything that you do. There’s also the NSA’s “undetectable hard disk hack” that allows them to access your hard disk without having to even touch your computer.

So for all you know, while you were reading terrible analogies involving Dell laptops, we might have had Finspy running on our computers so maybe…the…joke… is..on…..us?

0777

Psst. We scanned our Windows computers with Malwarebytes. We’re clean. Mac users are (supposedly) safe. 

 

NAH, BACA:
UH-OH! There's a new computer system to detect rasuah in PDRM
About UiHua 271 Articles
UiHua specializes in shaggy dog stories and facepalming puns. Ask him about the Tramp joke. No, seriously... ask him.