By Jeremy Wagstaff
KUALA LUMPUR (Reuters) - Ahead of Malaysia's elections on Sunday, independent online media say they are being targeted in Internet attacks which filter content and throttle access to websites, threatening to deprive voters of their main source of independent reporting.
Independent online news sites have emerged in recent years to challenge the dominance of mostly government-linked traditional media. The government denies any attempts to hobble access to the Internet in the run-up to a close-fought election.
"During the 2008 election we were wiped off the Internet," said Premesh Chandran, CEO of independent online news provider Malaysiakini.
"Our concern is that we'll see a repeat of that on May 5. Can we really live without independent media on election night, given that both sides might not accept the result?"
Malaysiakini was set up in the late 1990s to test the government's push to lure technology companies to the country by promising not to censor the Internet. Other news websites have followed, including The Malaysian Insider, which set up shop down the street from Malaysiakini in 2008.
Such websites have emerged as an important source of news to counter the traditional media, most of which are owned by interests linked to the ruling Barisan Nasional or BN coalition.
The BN's dominance of media is one of its crucial advantages as it fends off an increasingly potent opposition that made impressive election gains in 2008. Sunday's election is expected to be the closest yet, though Malaysian Prime Minister Najib Razak is favored to win.
Leading opposition politicians who attract big campaign crowds in cities say they get a much cooler reception in rural areas, where access to the Internet is rarer.
Malaysia ranked 145th on a list of 179 countries in this year's World Press Freedom report released by Reporters Without Borders. It was Malaysia's lowest ever ranking.
A survey released on Friday by the University of Nottingham's Malaysia campus and Malaysia's Centre for Independent Journalism found that online media gave almost equal coverage to the opposition and government parties, while traditional media focused on the ruling BN coalition and its parties "by a significant margin".
POLICE RAIDS TO ONLINE ATTACKS
Malaysiakini, the most popular of such websites, has weathered several storms, including police raids, denied access to press conferences, accusations of being linked to foreign agents and requests to take down content, Chandran said.
But in recent years the tactics appear to have shifted towards knocking the site offline, primarily through distributed denial of service, or DDOS, attacks, where servers are deluged by thousands of requests at the same time.
Harlan Mandel, CEO of New York-based Media Development Investment Fund, which has worked with Malaysiakini for more than a decade and is a minority investor, said in an email interview that Malaysiakini had become a focus for attack after "establishing itself as the go-to site for reliable election reporting for millions of Malaysians" in 2008.
"Since then, it has come under repeated cyber attacks, generally coinciding with sensitive political events like local elections and political rallies, said Mandel.
Malaysiakini is not alone. Last month a DDOS attack brought down three related London-based radio web portals, according to Clare Rewcastle Brown, their Malaysian-born founder.
Jahabar Sadiq, CEO of Kuala Lumpur-based The Malaysian Insider, said his news service had come under heavy DDOS attack shortly after six of his staff were summoned to the regulator, the Malaysian Communications and Multimedia Commission or MCMC, a few weeks ago. They were asked, among other questions, for technical details about their service provider.
"It can't be a coincidence," he said in an interview. "They were asking questions about our architecture which weren't required."
BACKUP U.S. SERVERS
At least half a dozen news or political websites have now shifted their servers to U.S.-based CloudFlare, which offers protection against DDOS attacks for a fraction of the cost other companies charge. CloudFlare said that attacks on such sites had increased in the past week, mostly from Malaysia-based computers or IP addresses it had not previously seen involved in attacks.
Now, Malaysiakini's Chandran and others say, their attackers appear to have shifted gear again.
The Malaysian Insider's mail service, which allows users to email articles to others, was hacked two weeks ago, Sadiq said, triggering it to queue tens of thousands of emails to send to users within a couple of hours.
Malaysiakini's Chandran says the most recent wave of disruptions began late last month when users complained the site could only be accessed intermittently. One minute users could access the site, the next they couldn't.
They figured out that only those using Internet service providers who channel their traffic through state-controlled Telekom Malaysia Berhad were affected, while those accessing through smaller ISPs who use an international gateway were still able to access the site.
"It's a smarter way to do it," said Chandran. "It's a guerrilla style in that it creeps up on you and it's harder to detect."
Shortly after complaining informally to the MCMC, Chandran said, the attack stopped.
Since then, Malaysiakini discovered that some political sensitive videos it had posted on YouTube could not be viewed if accessed from some local ISPs and some Facebook pages featuring election-related content were also affected.
Such tactics appear to be using what is called deep packet inspection, where Internet traffic is monitored and filtered via specific keywords, links or digital signatures, which would require access to the ISP.
The MCMC said on Thursday that it was investigating such complaints but that "preliminary investigations indicate that there were no such restrictions by ISPs as alleged by certain quarters".
Telekom Malaysia said in a written response to questions from Reuters that it had set up a taskforce and network operating center to ensure that its network ran smoothly for its customers during the election period.
"Malaysia has a free, open and robust online media environment. The government does not censor the internet and welcomes constructive criticism as part of the democratic process," said a government spokesman told Reuters.
"We deny any involvement in cyber-attacks. The government does not condone attacks against the media in any form."
Indeed, Malaysiakini's Chandran and others are careful not to accuse the government or Telekom Malaysia directly.
"We are an Internet-based company, we don't want to pick a fight with a telco, we need them," Chandran said. "Besides we can't tell whether they're doing it on purpose."
It's almost impossible to figure out who is behind the attacks and not easy to distinguish between a deliberate assault and the technical issues of handling large and fluctuating waves of traffic. Independent security experts said the available evidence appeared to confirm Malaysiakini's conclusions.
Dhillon Andrew Kannabhiran, Malaysian founder and CEO of the Hack In The Box conferences, said that "stuff is being filtered or slowed down or otherwise being messed around with for sure" on Telekom Malaysia's network, but he said that it could have been done without the company's say-so or knowledge.
In the meantime, websites are preparing for the worst by mirroring content on other domain names and on Facebook. The Malaysian Insider has also set up a mirror outside the country at themalaysianoutsider.com.
Whatever the outcome of Sunday's election, Malaysia's increasingly sophisticated Internet battleground reflects the future of struggles to control and influence of information.
The election-related DDOS attacks in Malaysia "follows a trend we've seen elsewhere where DDOS is becoming a part of many elections", said Matthew Prince, co-founder CEO of CloudFlare.
Malaysia illustrated how political parties and the powers-that-be are starting to use the Internet, said Mikko Hipponen, chief research officer of Helsinki-based internet security company F-Secure which has large lab in Kuala Lumpur.
"They are taking a much more active role and, in some parts of the world, they are not afraid to use the more offensive technologies to get what they want," said Hipponen.
"I believe we'll be seeing much more of this."
(Editing by Michael Perry)