The online hacktivist Anonymous and their Thai counterparts have hacked into the servers of country’s Ministry of Foreign Affairs (MFA), Thailand International Cooperation Agency (TICA) and Royal Thai Navy – subsequently publicly leaking a trove of personal and official data.
The cyber attack was conducted under the operation “OpSingleGateway” against the recently passed cyber-scrutiny law in the country. The Single Internet Gateway project of the military government requires scanning of the entire digital data from overseas via a junta-controlled entry point. The project has received immense criticism from civil society and internet activist groups alike.
To protest against the law, the hacktivist group is claiming to have leaked personal details including official and National ID cards of more than 3000 employees from MFA and TICA. Upon scanning the data we found 676 files containing .png files and one Pdf file with 1072 pages filled with what looks like names and ID cards numbers in the Thai language. However, due to the language barrier, it is impossible to confirm whether the Pdf file has sensitive data or not.
Anonymous is also claiming to have gotten their hands on even more sensitive data which will be leaked in the coming days. The hacktivists are also urging Thai citizens to stand against the cyber security laws that apparently is against the freedom of speech in the country.
Statement released by Anonymous:
“The conditions that are necessary for an open, tamper-free internet are systematically attacked within the kingdom of Thailand, and we will not sit idly by, and watch another nation construct a Great Firewall, as China has done to keep its citizens from experiencing the competing viewpoints and ideologies that make up a free and open discourse online. The Thai military junta wants to centralize and ultimately control the means with which the Thai people will be able to access the internet. This will enable them to monitor, censor or even disable internet communications in and out of Thailand.”
“If you are a Thai citizen, understand that your data, the records of the websites you access, or who you speak with online, and what you say to them, is not safe in the possession of your government. How do we know this? Because their data is not safe from Anonymous. Your government wants you to trust their motives in collecting information on your online activities, they want you to trust that they will be able to secure this data and will only use it for lawful means. They cannot guarantee any of this. If a single gateway for access to the internet outside of Thailand is created, with the inevitable accompanying databases that will contain details of traffic passing through the gateway, it will get hacked.”
“Imagine your entire life sitting on a single, poorly secured server. Credit card and banking details, private emails to your husbands and wives, pictures of your children, every website you have ever visited, everything that makes up the most personal and private parts of your life… All open and waiting for anyone of ill-intent to steal and use however they wish. We are not trying to scare you. We are trying to highlight the risks your government wants to create for you, for your family, for your business. Under the guise of “increased security,” and “vigilance,” they will have exposed you in the most dangerous way possible to anyone who has the ability to circumvent their poorly secured servers.”Ask yourself, is this “security” going to benefit you, or benefit the government that refuses to acknowledge the criticisms and concerns of its citizenry?”
“We are with you, we want to show you the risks to your liberty and privacy, take a stand and tell your government that this is wrong for the people of Thailand. To prove our point, we are demonstrating the inability of the Thai government to secure even their own police servers. It is pitiful and should worry all of Thailand.”
Royal Thai Navy data:
Although the Navy data is not massive, it does indicate that hackers are willing to leak anything to counter the law and achieve their target. Upon scanning the data we discovered a small portion of Navy’s database that includes names, usernames and emails of around hundred Thai navy officials.
It was just two days ago when Anonymous conducted a series of DDoS attacks on Thai government websites against the same law. During the attack, the group successfully shut down official website of ruling junta party, National Security Guard website, the web page of the Ministry of Digital Economy, Thai Police and the National Intelligence Agency.