Royal Thai Police Website Hacked

[george]

Police deny hackers took secrets

Website hacked from kingdom, overseas

BANGKOK: -- The Royal Thai Police Office's website has been attacked by hackers both inside and outside the kingdom, but police said no classified information has been put at risk.

Some of the website's pages are currently inaccessible, including those of the traffic police division.

An announcement has been placed on the damaged website stating that the server has been ``intruded upon by ill-intentioned people''.

A police computer expert, who requested anonymity, said up to 1,000 hackers had intruded into the Royal Thai Police Office's Internet network. About 750 intrusions had been detected this year.

The hackers penetrated the security system and made changes to web pages and texts. They left a message on the websites to let people know what they had done, the officer said.

``Intruding into police websites is a challenge,'' he added. ``The hackers are mostly teenagers. They take great pride in having accessed them, believing they are well protected with a security system.

``In fact, the police Internet network has not been carefully set up. It has been run with a limited budget and supervised by limited personnel.''

The officer added that many websites of police divisions and smaller units such as provincial police offices had been hacked into and had information destroyed. Some of the hackers left `trojan' programmes which make future intrusions easier.

He said the Royal Thai Police Office's security for its Internet network was under-developed and no new security software has been installed.

However, he said the main website of the national police office (www. police.go.th), was well-protected.

The Royal Thai Police Office's computer network has two servers, one for the main website and the other for secondary websites. It was the second server that had been hacked into. The officer said loss of secrets was not of concern because classified information was stored in the Intranet network used internally.

The second server is used for the Office's Internet network. It contains mainly general information for public relations and no classified information.

Currently, there is no specific law to deal with hackers, which frustrates the police.

The officer said he hoped that when a law on computer crime is passed, police would be able to take action against the hackers.

``Without proper prevention and suppression, these hackers could become dangerous, especially through Internet terrorism _ such as by spreading computer viruses or destroying mass transit systems by changing train schedules or routes,'' he said.

He also expressed concern about the possibility of people hacking into airlines' information systems, which he said could lead to chaos and accidents.

And he said various agencies including the Information and Communication Technology Ministry, the Thai Computer Emergency Response Team and the Royal Thai Police Office had not taken any action to improve their preventive measures. When there was a problem, such as a computer virus being detected, the only action they took was to issue a warning.

``Money is probably not the problem. The most important problem is lack of personnel,'' the officer said.

``The national police office now has only one officer of a deputy inspector level supervising its websites. He has to monitor all of them 24 hours a day.''

Pol Lt-Col Chadchai Liamsa-nguan, who supervises the computer system of the Crime Suppression Division (CSD), said hackers had tried to access CSD information. However, the CSD website was always monitored and updated. The website, he said, did not contain any classified information.

--Bangkok Post 2005-06-26

[penzman]

Police deny hackers took secrets

Website hacked from kingdom, overseas

A police computer expert, who requested anonymity, said up to 1,000 hackers had intruded into the Royal Thai Police Office's Internet network. About 750 intrusions had been detected this year.

--Bangkok Post 2005-06-26

<{POST_SNAPBACK}>

While the IT staff was busy playing Ragnarok?

I'll bet the same IT guys are still working there.

Probably one of those servers where the user name is still the default "admin" and password "password"