The hacking collective Anonymous has breached the Thai immigration department’s network and ridiculed Thai government security for poor security practices after disclosing that over 700 official accounts leaked used “1234” as their password.
The collective has stepped up its attack to protest the government’s Single Gateway mass surveillance program and the Computer Crime Law. On Monday, the group had defaced the websites of the Ministry of Public Health, the Greenhouse Gas Organization, Ministry of Labour, army academy, army medical and aquaculture research and development, as well as at least four local government websites.
The Anonymous attacks have been going on since the new-year holiday season, to include the Thai consulate website in Los Angeles being hacked and defaced, and personal information (supposedly of people applying for Thailand visas) doxxed. The hackers also leaked personal data from a Ministry of Foreign Affairs database. Various other government and police websites were taken down or defaced.
After the first wave of attacks, the military claimed it had arrested the hacker – complete with drugs and guns and a book on network security – and have since handed three more hackers to the police for prosecution. However, while attacks continued, local media quickly forgot about the attacks.
What is different this time is that the accounts promoting the attacks are not the usual suspects, suggesting that Anonymous have upped their game and called in the big players.
The Thai government has not yet commented on the new wave of attacks at the time of going to press.
The contentious Computer Crime Act, among other things, criminalizes possession of illegal information, and greatly expands the power of the Digital Economy Ministry to evaluate otherwise legal content for immorality, and either order service providers to delete the content or delete it themselves.