Monday, 28 March 2016

3/28/2016 03:33:00 pm
Big Brother really IS watching you

Personal details of hundreds of expats living in the southern province of Nakhon Si Thammarat were laid bare to the internet for hours last night thanks to the weak security of a police immigration website.

An interactive map showing the residences, nationalities, passport numbers and other unprotected information about foreign nationals was found freely available on an Immigration Bureau website. Image: Andrew MacGregor Marshall / Facebook
Openly available to anyone who visited the site were names, nationalities, passport numbers, professions and home addresses of foreign residents, showing where they all resided on an interactive map. The site, since taken offline, was supposed to be a test of an internal police database under development, according to an immigration police commander.

“It was a demo, we were testing it,” Maj. Gen. Thanusilpa Duangkaewngam, the officer in charge of the provincial immigration bureau, said by telephone.

An interactive map showing the residences, nationalities, passport numbers and other unprotected information about foreign nationals was found freely available on an Immigration Bureau website. Image: Thai Netizens / Facebook

The information was accessible at to any internet user without need of a password. Attention to it appears to have first come from former Thailand-based journalist Andrew MacGregor Marshall, who shared it via Facebook on Sunday night to warn foreigners living in the province.

Andrew MacGregor Marshall' pic:
“If you are a foreigner living in southern Thailand, including Phuket and Samui, you need to take urgent steps to protect yourself,” wrote Marshall, who is wanted by Thai authorities for his critical writing about the monarchy.

Further underscoring the vulnerability of the site, some internet users also correctly guessed the password to enter the website’s management system: 123456.

It was unclear how long the site had been online. The website administrator took down the site at around 2am, according to digital advocacy group Thai Netizens. It also identified the website developer as a firm called Youngcyber Digital Technology, which is headed by a man named Akram Aleeming. The website for the firm was offline Monday.

Some tweets from Andrew MacGregor Marshall Twitter account


"Freelance programmer Abram Aleeming will get the blame, but real culprits are immigration officials who gave him the data"

"Scariest part of the story is that Thai police gave sensitive data to freelance programmer to create "test" site"

"Details of 2,481 foreigners in southern Thailand were posted online"

"Many thanks to the person who used the admin log-in and password to delete the whole contents of the site"

"IF YOU’RE AFFECTED BY THAI IMMIGRATION DATA LEAK—Be sure to mask your IP address if you access the website to make changes"

"IF YOU’RE AFFECTED BY THAI IMMIGRATION DATA LEAK — Access site at , password 123456, & you can delete your details"

"Website says it was created by . Data used is clearly official immigration data"

In response to outraged comments about the site, Abram wrote in the comments section that he apologized for the poor security and said he didn’t expect anyone to find the website.

“It was an internal system but my [team] was testing the system to show them how it works, and so I unlocked the authentication system on that problematic page” Abram wrote, referring to immigration police. “But there were issues about passport numbers. I made a mistake. I didn’t think anyone would find the website.”

Abram could not be reached for comment Monday.

Who is this banned and blacklisted Andrew MacGregor Marshall

Maj. Gen. Thanusilpa, the immigration police commander, played down the “leaks” by claiming no important information was stored on the site, despite evidence suggesting otherwise.

“There’s nothing on there,” Thanusilpa said, adding that immigration police would release an official statement about the matter.

Thai bureaucracy is notorious for its lack of digital competence. Many of its websites are poorly developed and therefore vulnerable to even the crudest forms of cyberattacks, as demonstrated in late 2015 when internet-based activists managed to take down government servers by simply refreshing pages – a method known as a denial-of-service attack.

That protest was a response to the junta’s plan to construct a “single gateway”to control all internet traffic in Thailand. While junta chairman Prayuth Chan-ocha insisted the project is meant to protect Thais from online threats, critics say a single gateway is not only intrusive but technically unfeasible, as authorities do not have adequate expertise and resources to maintain the system.

0 reacties:

Post a Comment