Controversial US infosec firm Cloudflare is providing potentially sanctions-busting services to Myanmar’s military junta
Controversial US infosec firm Cloudflare is providing potentially sanctions-busting services to Myanmar’s military junta
Following a cyberattack on the Myanmar Investment Commission website leading to the release of thousands of confidential documents on the whistleblowing website Distributed Denial of Secrets, the illegitimate military-controlled Myanmar Government is planning to shut down MyCo and other e-government initiatives, in a belated attempt to stop more data leaks and hacks, Bofa on Insecurity can reveal.
MyCo, an online company registry, was an initiative supported by the World Bank, Asian Development Bank, the Japan Fund for Poverty Reduction and the Deutsche Gesellschaft für Internationale Zusammenarbeit to enable more financial transparency in Myanmar.
In what is a likely violation of current US Treasury sanctions, the terrorist Junta also appears to be using the services of controversial US security company Cloudflare to protect themselves from more leaks, with at least five government websites geo-blocked to make them inaccessible outside Myanmar to keep international financial scrutiny and hacktivists out:
cbm.gov.mm - Central Bank of Myanmar
commerce.gov.mm - Ministry of Commerce
tourism.gov.mm - Ministry of Hotels and Tourism
mrtv.gov.mm - “state” (military) operated TV station
fda.gov.mm - Food and Drug Administration
What is the criminal Junta trying to hide? And why is Matthew Prince’s company known for courting other controversial clients, including neo-nazi website Daily Stormer, social networking site Gab and the 8chan message board helping them do it?
In a statement provided to Bofa on Insecurity, the activist group Justice for Myanmar has said:
It is indefensible that Cloudflare is not only profiting from the Myanmar military, who are responsible for atrocities and grand corruption, but are now assisting the military to cover up their crimes. We are appalled that Cloudflare tools are being used to hide information essential to hold the Myanmar military to account and dismantle the military cartel. For instance, Cloudflare tools are now blocking access to the Central Bank of Myanmar site, while the military brazenly tries to consolidate control over the banking system through arrests and intimidation. Billions in foreign reserves that belong to the people of Myanmar remain unaccounted for, yet Cloudflare is providing security for the war criminals leading the illegal junta? It is time that Cloudflare finally cut all ties with the Myanmar military and stand with the people of Myanmar.
When asked for comment, hacktivist @donk_enby who has previously released a complete scrape of MyCo as part of the Distributed Denial of Secrets Myanmar Financials release said:
Activists and journalists in Myanmar wishing to scrutinize the Junta's activities by visiting those websites can no longer do so while protecting their anonymity using a VPN or a service like Tor. Without being able to conceal their real IP address and location, any visitor to the website flagged for suspicious activity can be tracked down, arrested, or worse. With more than 50 people killed, and thousands arrested since the start of the coup, this is putting people's lives at risk.
We have not bothered reaching out for a comment from Cloudflare. Ethical hackers do not talk to unethical infosec companies that do business with genocidal war criminals and nazis. Also, Matthew Prince already blocked me on Twitter. :(
Bofa Deez Nutz (she/her), Cyber Jihad Operative, Anonymous (we/us)
