Sarawak Report website blocked by government

Malaysian government has ordered ISPs to block access to a whistle-blowing website run by a British journalist which has reported allegations that money linked to a state investment fund ended up in Prime Minister Najib Razak’s bank accounts.

Timeline

 

  • 2016-10-16 mirror site at domain http://ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com added to MCMC block list

    On TMNet Unifi DNS servers at ttime of testing does not always return blocked IP address. So blocked site report may vary between users on this network. It is always redirected at this time on Digi sites.

    $ dig ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com @1.9.1.9

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com @1.9.1.9
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33257
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com. IN A

    ;; ANSWER SECTION:
    ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com. 111819 IN A 52.76.110.27

    ;; Query time: 10 msec
    ;; SERVER: 1.9.1.9#53(1.9.1.9)
    ;; WHEN: Tue Oct 11 16:37:20 MYT 2016
    ;; MSG SIZE rcvd: 98

    $ dig ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com @1.9.1.9

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com @1.9.1.9
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50951
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com. IN A

    ;; ANSWER SECTION:
    ec2-52-76-110-27.ap-southeast-1.compute.amazonaws.com. 3600 IN A 175.139.142.25

    ;; Query time: 10 msec
    ;; SERVER: 1.9.1.9#53(1.9.1.9)
    ;; WHEN: Tue Oct 11 16:37:21 MYT 2016
    ;; MSG SIZE rcvd: 98
  • 2016-08-16 mirror site at domain http://ec2-52-220-49-121.ap-southeast-1.compute.amazonaws.com added to MCMC block list

    $ dig ec2-52-220-49-121.ap-southeast-1.compute.amazonaws.com @1.9.1.9

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> ec2-52-220-49-121.ap-southeast-1.compute.amazonaws.com @1.9.1.9

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21168

    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:

    ; EDNS: version: 0, flags:; udp: 4096

    ;; QUESTION SECTION:

    ;ec2-52-220-49-121.ap-southeast-1.compute.amazonaws.com. IN A

    ;; ANSWER SECTION:

    ec2-52-220-49-121.ap-southeast-1.compute.amazonaws.com. 3600 IN A 175.139.142.25

    ;; Query time: 3 msec

    ;; SERVER: 1.9.1.9#53(1.9.1.9)

    ;; WHEN: Tue Aug 16 18:52:13 MYT 2016

    ;; MSG SIZE rcvd: 99
  • 2016-07-29 mirror site http://ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com added to MCMC block list

    dig @1.9.1.9 ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.9.1.9 ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36362
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com. IN A

    ;; ANSWER SECTION:
    ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com. 5 IN A 175.139.142.25

    ;; Query time: 9 msec
    ;; SERVER: 1.9.1.9#53(1.9.1.9)
    ;; WHEN: Fri Jul 29 15:16:53 MYT 2016
    ;; MSG SIZE rcvd: 100
  • 2016-05-19 mirror site https://swk.global.ssl.fastly.net domain now looks to be added to MCMC block list

    DNS answer to Unifi server returns IP address of server that serves MCMC block notice, but with no notice up for the domain yet. DiGi Mobile similarly times out or returns 404.

    dig swk.global.ssl.fastly.net @1.9.1.9

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> swk.global.ssl.fastly.net @1.9.1.9
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21489
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;swk.global.ssl.fastly.net. IN A

    ;; ANSWER SECTION:
    swk.global.ssl.fastly.net. 3600 IN A 175.139.142.25

    ;; Query time: 10 msec
    ;; SERVER: 1.9.1.9#53(1.9.1.9)
    ;; WHEN: Thu May 19 12:19:32 MYT 2016
    ;; MSG SIZE rcvd: 70
 

Impact

All Malaysians using DNS provided by ISPs, especially mobile data will be redirected to MCMC censorship block and will not be able to access the website.

 

Solution

Affected users should consider the following workarounds:

References

Sarawak Report whistleblowing website blocked by Malaysia after PM allegations 
MCMC blocks access to Sarawak Report website

Credit

Sarawak Report - initial report and update on swk.global.ssl.fastly.net  ec2-54-251-147-140.ap-southeast-1.compute.amazonaws.com inaccessible

 

 

19/07/2015
Censorship
Article
National Security
Communications and Multimedia Act
Malaysian Communications And Multimedia Commission
Media
Contents

Document Actions