Ahead of election, cyber-attacks cripple online media

Bangkok, April 19, 2011–The Committee to Protect Journalists is concerned by cyber-attacks against three news and commentary sites that preceded Saturday’s important election in Malaysia’s Sarawak state, on the island of Borneo. The country’s main news portal Malaysiakini,  Sarawak Report, and the Malay and English versions of the opposition Harakahdaily website all reported similar attacks. Nobody has taken responsibility for them.

The distributed denial of service (DDoS) attacks forced the sites to publish through alternative domain names and platforms, according to local and international news reports. DDoS attacks typically coordinate hundreds of thousands of computers to send or demand data from a single website, causing its connection to the Internet to choke up or the server to crash.

“Malaysian authorities used to tout their commitment to a censorship-free Internet, but their silence over these cyber-attacks has been deafening,” said Shawn Crispin, CPJ’s senior Southeast Asia representative. “We call upon the authorities to launch an independent investigation into these attacks.”

Malaysia’s traditional print and broadcast media are closely linked with the country’s ruling Barisan Nasional (BN) coalition. In recent years, online news sites and blogs have evolved as the alternative to the state-controlled media. (See CPJ’s Malaysia’s Risk Takers report on the country’s online situation.)

On April 10, Sarawak Report‘s website was shut by a widespread attack and remained off-line for three days until its operators were able to establish their new domain name. The news and commentary site had published several critical exposes about Sarawak Chief Minister Taib Mahmud and his family’s extensive business interests.

Taib, who has led the resource-rich state since 1981, is politically aligned with the Barisan Nasional coalition. Sarawak Report‘s London-based founder, Clare Rewcastle Brown, told Malaysian media she believed that the BN might have been responsible for the attacks.

Malaysiakini was forced shut on April 12 by DDoS attacks that the site says originated from overseas and overwhelmed its locally hosted servers, according to local and international reports. The on-line news provider continued publishing through other Internet-based platforms, including Facebook and WordPress, and was able to restore its website through the use of alternative servers on April 14. CPJ has reported more than 35 times on attacks on Malaysiakini since 1999.

Premesh Chandran, the site’s chief executive, told the Australian Broadcasting Corporation that Malaysiakini had published several reports on “corruption within Sarawak’s ruling regime” ahead of the cyber-attacks.

According to other local media, The Harakahdaily website is closely linked to the opposition Pan-Malaysian Islamic Party. It frequently reposts Malaysiakini and Sarawak Report articles.

The anonymous cyber-attacks coincide with growing official curbs on Malaysia’s Internet, including government harassment of independent bloggers and on-line commentators. Last September, police arrested and charged with sedition Malaysiakini cartoonist Zulkifli Anwar Ulhaque before the release of a collection of his political cartoons, which had previously been published on-line.

In March, a Malaysian court dropped criminal charges brought by state power company Tenaga against blogger Irwan Abdul Rahman for a satirical entry he posted on his nose4news blog. The charges were brought by the Malaysian Communications and Multimedia Commission (MCMC), the state agency created to oversee the online media industry and to uphold the government’s no-censorship policy for on-line content first announced in 1996.