20-Year-Old Student Surrenders For Hacking PM Yingluck's Twitter Account

[coconutter]

who payed him to hack the acc,hes a scapegoat,feel sorry for him.............

[Buchholz]

.

Information and Communication Technology Minister Anudith Nakornthap said he preferred not to reveal how the account was hacked.

Associated Press

2011-10-05

http://www.taiwannews.com.tw/etn/news_content.php?id=1726696

Edited October 5, 2011 by Buchholz

[KRS1]

"........ that the ministry can track the wrongdoer.........."

Is this true? How would they track him if he was using an unregistered SIM, and disposed of it afterwards?

IMEI number and referencing previous locations of the cell phone via cell towers and GPS. iPhones are constantly giving out location info unless stopped, Blackberry stores info via the RIM server.

Twitter has all the other info needed, once they have the number, they can then see what other numbers were called out or received. Track those until a common denominator shows up.

But a SIM bought for the job and tossed would only give the general area, and could they work that out after the event (ie no longer active)?

Yep, the IMEI number in the phone gets registered everytime you use it. It stays the same even after you change the SIM. Then all they have to do is reference the IMEI to see what other numbers have been used in that phone and what numbers have been called or called in.

From this information they can extrapolate what other numbers have been in the vicinity of the perpetrator's IMEI and the length of time which can indicate residency if its an extended period of time after working hours. GPS is accurate to 40 feet.

Thai police have been using this method to bust, gather evidence & track people for a very long time. Only safe way as another poster suggested is to purchase a throw away phone, but even then, the phone should not be first turned on and SIM filled anywhere in the vicinity of residency.

[Insight]

He turned himself in "claiming" to be the hacker. The ministry didn't do any tracking!

The AFP report says he turned himself in after being 'contacted by investigators' which implies that they did indeed do some tracking.

When he surrendered he even said "it's a fair cop, guv!"

Presumably.

Now the massive threat to national security has been apprehended I hope to see Yingluck tweeting again.

[Buchholz]

He turned himself in "claiming" to be the hacker. The ministry didn't do any tracking!

The AFP report says he turned himself in after being 'contacted by investigators' which implies that they did indeed do some tracking.

When he surrendered he even said "it's a fair cop, guv!"

Presumably.

Now the massive threat to national security has been apprehended I hope to see Yingluck tweeting again.

She'll have to wait until the home economics student from Rajabhat gets finished with it.

.

[TallGuyJohninBKK]

I love this... The Thai government, and its PM, undone by a kid, not even a tech kid, but an architectural student.

From the way it's sounding, he won't do any serious time in custody... He's young, he's a kid, he's sorry for what he did, and he's claiming no political motivation.

And from the media reports, sounds like he might even end up with a job in the ICT... Maybe he'll even be the future minister someday...

Heck, the current minister is an F-16 pilot, I gather... So why not an architect...

Edited October 5, 2011 by TallGuyJohninBKK

[khaowong1]

Anudith on Sunday claimed the hacker had used a mobile phone application to access the PM's account and another app to hide his location.

The last part is nonsense.

This is a kid that was an opportunist. Any decent 'hacker' would have been able to cover their tracks well - first step is to not use a cell phone.

Yes, I agree, but read on, now the Thai government is going to use this kid as an expert in communications technology. Figures. Just because he's smarter than the government doesn't make him an expert. Well, maybe it does.

[simon43]

... If he simply guessed, he just took advantage of a poorly conceived password ...

Woody - I'm sure Yingluck used a very secure password by Thai standards, such as ... er ... '12345', '99999' or perhaps 'thaksin'

Simon

[MaiChai]

"........ that the ministry can track the wrongdoer.........."

Is this true? How would they track him if he was using an unregistered SIM, and disposed of it afterwards?

IMEI number and referencing previous locations of the cell phone via cell towers and GPS. iPhones are constantly giving out location info unless stopped, Blackberry stores info via the RIM server.

Twitter has all the other info needed, once they have the number, they can then see what other numbers were called out or received. Track those until a common denominator shows up.

Actually its much simpler than that. I used to work on WAP gateways for mobile phone companies (I have done work for AIS/DTAC/True in the past). The phone is allocated an IP address by something called a GGSN. On 2.5G its allocated each time the phone makes a request, while on 3G its allocated permanently when the phone registers on the network. A thing called the MSISDN (your phone number) is then mapped directly with the IP address. All these mappings are logged. Thus all they need to do is work out the source IP address, then they just need to work out who owns that IP address (in this case a mobile phone company). Then they ask the phone company who had the IP address at a certain time and date. Then the phone company can give the phone number. Since most mobile phone number in Thailand are prepaid, it would be quite hard to work out who actually owns it, since Thailand does not enforce subscribers to register their details. So I would say it would be quite hard for the government to find the culprit. Now if it was an ADSL IP address, they would have an address, and that would be much easier to trace.

I would add that it can't be worse than being a terrorist, and terrorists get let off in Thailand?

Edited October 5, 2011 by MaiChai

[volk666]

The guy probably had a regular iPhone from True registered to his real name and used 2G/3G connection to tweet thus entering all his personal info into True logs. On the other hand, first they said he used some app to hide himself when he twitted, apparently it wasn't as good as the app he used to hack the e-mail password, or maybe it was Pou's b/day, or her kid's b/day, or 1234

Either way - how would they know any of it without Twitter providing them with their logs? Tens of thousand of people are on Twitter here at all times, it's not like they have a dump of all Internet traffic in the country that they can search for offending messages, even if data itself is unencrypted.

[TAWP]

Since there is no iPhone app to 'hide ones location' in any way they suggested, it was merely a minister running his mouth again.

[bkk_mike]

...use his IT expertise to help the ICT Ministry to fight against other hackers.

I thought the problem was that the PM used a password that could be guessed from the data on her social network pages (facebook/twitter, etc.). Rule 1 in setting passwords is not to use the name of a relative or boyfriend/girfriend/pet etc. as they can be discovered. (Of course, from another story in the Bangkok Post (I think), most passwords in Thailand are apparently 123456, so they would fail rule zero of not being so bleeping stupid.)

There was no 'hacking' involved here, just educated guessing of a password.

Is the ICT ministry going to somehow use his skill at guessing people's passwords to fight other hackers?

[marinediscoking]

He does not sound so technical to me, using a couple of app's he claimed. Anyone can do this if they did some research and put time into it. Being from an IT background I hope he does a significant time in jail as all hackers should!!! You people sound like he should get metal instead!!!

[plumeria]

Anudith on Sunday claimed the hacker had used a mobile phone application to access the PM's account and another app to hide his location.

The last part is nonsense.

This is a kid that was an opportunist. Any decent 'hacker' would have been able to cover their tracks well - first step is to not use a cell phone.

He didn't get caught. He surrendered. But he also didn't get any mercy for turning himself in. Should have stayed rogue with insight rather than selling out to the man.

[moe666]

If you have one of these stupid twitter accounts you deserve to get a good hacking. What is the point and what good do they really serve other than a bunch of hair brains can be in constant touch with more hair brains.

[sfbandung]

If you have one of these stupid twitter accounts you deserve to get a good hacking. What is the point and what good do they really serve other than a bunch of hair brains can be in constant touch with more hair brains.

Yep. Couldn't agree more. 99% of stuff posted on Twitter is absolute drivel.

"I just finshed my eggs for breakfast. Yummy!"

"Off to the dentist this morning. Scared."

"Going to sleep now. Nighty night"

The fact that you "follow" someone on Twitter say it all. It's pathetic.

[Tokay]

IMEI number and referencing previous locations of the cell phone via cell towers and GPS. iPhones are constantly giving out location info unless stopped, Blackberry stores info via the RIM server.

Interesting. If you have the IMEI number changed and the SIM, then you would be clean? Or is there some internal system that would show the IMEI has been changed?

[webfact]

POUYINGLUCK

Student 'confesses' to hacking @PouYingluck

ASINA PORNWASIN

The Nation

Police say a university student has confessed to hacking into Prime Minister Yingluck Shinawatra's Twitter account and posting messages critical of the government and the ruling Pheu Thai Party.

The student was identified as Ekkawit Thongdeeworakul, 22, a resident of the southern province of Songkhla who is studying in a Bangkok university.

He was tracked down by a joint investigative team consisting of information technology experts from the Ministry of Information and Communication Technology and the police's Technology Crime Suppression Division, according to ICT Minister Anudith Nakornthap.

While being questioned by police, the student confessed to having hacked into the prime minister's Twitter account (@PouYingluck) on Sunday, the ICT minister said at yesterday's press conference held jointly with Special Branch Police commissioner Maj-General Panya Mamen.

It took the investigation team only one day to identify the Internet protocol (IP) address of the mobile phone allegedly used by the suspect to fake messages in the PM's Twitter account, according to the ICT minister. The student admitted to committing the offence without any malicious intentions. "He said that he did it alone and he felt remorse," Anudith said.

The student's alleged offence - illegal access to protected computer information - is in violation of Article 7 of the Computer Crime Act of 2007. If found guilty, he is liable to a maximum two years' imprisonment or a fine of no more than Bt40,000, or both.

Anudith said that the prime minister had assigned her representative to file a police complaint on her behalf against the hacker. He added however that the prime minister instructed the authorities to ensure fairness and justice to the suspect.

The ICT minister warned yesterday against similar hacking attempts in the future. He said the ICT Ministry and the police have expertise that would allow them to track down the perpetrators "rather accurately".

In response to criticism that the authorities appeared to act faster on the PM's case than on the cases of websites posting messages insulting the monarchy, the ICT minister said its officials were working hard on those cases but his ministry had no policy of publicising its activities.

"The ministry calls on those people who make such irresponsible remarks to stop doing so. They are insulting the ICT Ministry and many other agencies - such as the armed forces and the police - which are working together to protect the monarchy," he said.

Yingluck's Twitter account had been |suspended shortly after it was hacked on Sunday morning. The hacker posted eight messages on her account (Twitter@PouYingluck). Among them were "You can't protect even your Twitter account. How can you safeguard the country?" and "Education is most important to the country. But why is there a policy for free distribution of tablets instead of a |curriculum improvement or wage hike for teachers?"

-- The Nation 2011-10-06

[Buchholz]

He does not sound so technical to me, using a couple of app's he claimed. Anyone can do this if they did some research and put time into it. Being from an IT background I hope he does a significant time in jail as all hackers should!!! You people sound like he should get metal instead!!!

Well, perhaps not a "metal", but the honesty posed in his Tweets is refreshing. Perhaps he should consider running for MP after his current stint as Adviser to the ICT Ministry. Parliament sure could use more honest people like him.

.

Edited October 5, 2011 by Buchholz

[Ricardo]

He turned himself in "claiming" to be the hacker. The ministry didn't do any tracking!

The AFP report says he turned himself in after being 'contacted by investigators' which implies that they did indeed do some tracking.

When he surrendered he even said "it's a fair cop, guv!"

Presumably.

Now the massive threat to national security has been apprehended I hope to see Yingluck tweeting again.

And also for the dumb posts to stop ... hold on ... I think I just spotted the flaw in that idea ...

[luvU2much500THB]

I wonder if she has used password "123456" as most bargirls do

[luvU2much500THB]

If found guilty, he is liable to a maximum two years' imprisonment or a fine of no more than Bt40,000, or both.

The person who hacked into Prime Minister Yingluck Shinawatra's Twitter account broke into her email and used it to access her Twitter feed, Information and Communication Technology Minister Anudith Nakornthap says.

He yesterday said the suspect changed the passwords to the prime minister's email and Twitter accounts after obtaining access _ an offence punishable by a fine of 100,000 baht and a jail term of up to five years under the 2007 Computer Crime Act.

http://www.thailandqa.com/forum/showthread.php?39142-PM-s-Twitter-page-hacked&p=239978

Edited October 6, 2011 by luvU2much500THB

[Payboy]

I wonder if she has used password "123456" as most bargirls do

She's way smarter, I'm guessing she went up to 7.

[djlest]

like it was really HER account...

And not some office PR thinking up things to say on her behalf..

[Buchholz]

Police say a university student has confessed to hacking into Prime Minister Yingluck Shinawatra's Twitter account and posting messages critical of the government and the ruling Pheu Thai Party.

While being questioned by police, the student confessed to having hacked into the prime minister's Twitter account (@PouYingluck) on Sunday, the ICT minister said at yesterday's press conference held jointly with Special Branch Police commissioner Maj-General Panya Mamen.

Interesting development in that Ekkawit apparently did not commit the original email account hacking of Yingluck. Instead, the ICT Ministry doesn't know who did that, but whoever did, published the information in a hacker forum, where Ekkawit picked it up and hacked into her Twitter account.

Maybe the existence of this bigger gaping hole is why Yingluck's ICT Minister didn't allow Ekkawit to speak to the media during yesterday's news conference.

.

[Cayenne]

Interesting development in that Ekkawit apparently did not commit the original email account hacking of Yingluck. Instead, the ICT Ministry doesn't know who did that, but whoever did, published the information in a hacker forum, where Ekkawit picked it up and hacked into her Twitter account.

Maybe the existence of this bigger gaping hole is why Yingluck's ICT Minister didn't allow Ekkawit to speak to the media during yesterday's news conference.

.

Confusing reports by the ICT/Police, no? I thought they said that they caught the person who actually hacked into Yingluck's account but this young man just simply used the password that was available to access her account. Also, from what I read, they traced Ekkawit through his home IP address; no real hacker would be caught that easily. It's as if the real hacker posted it online to see which idiot would actually use it.

Or it could all be a setup designed to gain sympathy for the PM, as some conspiracy theorists might say

[Buchholz]

Interesting development in that Ekkawit apparently did not commit the original email account hacking of Yingluck. Instead, the ICT Ministry doesn't know who did that, but whoever did, published the information in a hacker forum, where Ekkawit picked it up and hacked into her Twitter account.

Maybe the existence of this bigger gaping hole is why Yingluck's ICT Minister didn't allow Ekkawit to speak to the media during yesterday's news conference.

.

Confusing reports by the ICT/Police, no? I thought they said that they caught the person who actually hacked into Yingluck's account but this young man just simply used the password that was available to access her account. Also, from what I read, they traced Ekkawit through his home IP address; no real hacker would be caught that easily. It's as if the real hacker posted it online to see which idiot would actually use it.

Or it could all be a setup designed to gain sympathy for the PM, as some conspiracy theorists might say

The person who hacked into "Yingluck's account" was caught. That's Ekkawit, but he only hacked into her Twitter account. He wasn't the one that hacked into her email account that produced the information that Ekkawit used to hack into Twitter.

Ekkawit is not a real hacker as he was only using information that was previously posted on a forum.

The real hacker that provided that information and then posted it is unknown and has not been caught.

.

Edited October 6, 2011 by Buchholz

[Tatsujin]

Don't underestimate what the cyber crimes boys in Bangkok can do - there is still a lot of tech sharing going on from the US - to suggest they are incompetent is very very naive.

I'll second that. I was involved in a blackmail case here last year (not me, a Thai friend being blackmailed by a farang - long story, not important). The upshot is, the cyber crimes guys tracked him down by cell phone usage, email tracking etc etc, right to his rented apartment in Rachada. Was interesting watching 30 Thai policeman raid the place all at the same time, his face was a picture. He's currently serving 4 years in a Thai jail, and on release will be deported/blacklisted.

[SAffer]

If you have one of these stupid twitter accounts you deserve to get a good hacking. What is the point and what good do they really serve other than a bunch of hair brains can be in constant touch with more hair brains.

Yep. Couldn't agree more. 99% of stuff posted on Twitter is absolute drivel.

"I just finshed my eggs for breakfast. Yummy!"

"Off to the dentist this morning. Scared."

"Going to sleep now. Nighty night"

The fact that you "follow" someone on Twitter say it all. It's pathetic.

"Reading Tv now, so exciting"

[anterian]

This kid's expertise is at such a level that he should be a valuable asset to the ICT, I'm sure they can learn from him