Jump to content
Login with your Gmail HERE and start posting in seconds! ×

Experts: Thailand’s largest internet service provider ‘compromised’

george

By george
in Thailand News

 Share

Recommended Posts

george Legendary Member

george

Posted
Posted

Experts: Thailand’s largest internet service provider ‘compromised’

BANGKOK, THAILAND (BNO NEWS) — Some customers of True Internet, Thailand’s largest internet service provider, have been served popups with advertisements for months after a hacker allegedly compromised the company’s transparent proxy, potentially allowing hackers to spy on users.

Internet service providers (ISPs) in Thailand use transparent proxies to act as an intermediary when customers request access to websites, allowing censorship and the caching of frequently used objects to reduce bandwidth. The exploit is believed to have affected the transparent proxy used by True Internet since late last year, according to two computer security experts who studied the exploit.

“This particular exploit is used to send unsuspecting users to a website with the goal of some of them signing up, allowing the attacker to collect affiliate commissions,” said one of the experts, speaking on the condition of anonymity. He said there was no evidence to suggest the exploit was also used for other purposes, but indicated the attacker would have been able to spy on users or manipulate their actions online.

“True – and all other ISPs in Thailand – run a transparent proxy. When a user tries to access a website from outside Thailand, the ISP intercepts it, fetches the content if it is not already cached, and then serves it to the user,” the expert explained. “In this case, someone figured out how to poison the cache and put in a spoofed JavaScript file in the cache entry for a link that is used by websites to serve ads from Google.”

The way the exploit works is through a spoofed JavaScript file, sending Internet users to a website that was first created on October 30 and registered with a Panama address and Peru phone number. The site has become the 905th ‘most-visited’ website in Thailand, indicating the exploit affected many web users, according to Alexa.com, which showed 98.8 percent of visitors to the website were from Thailand.

The affected file has an expiry date of one year in the future, meaning users will continue seeing popups and redirects for a year unless they clear their temporary Internet files and access a valid version of the JavaScript file. Jacob Fish, who also studied the issue, said it appeared the exploit was being turned on at certain times, possibly to avoid detection.

“When you have the power of loading spoofed JavaScript files for any website, you can show users popups, send them to other websites or modify a website to display other advertisements,” one of the experts said. “Although we have not seen it in this case, the attacker could have exploited the same method to monitor a user’s Internet activity, hijack a session after a user logged in to a website, and submit forms.”

Postings on various Internet forums showed True users complaining about the popups as early as October, with some of them reporting the issue was resolved after deleting their temporary Internet files. True Internet did not immediately return requests for comment on this story.

tvn.png
-- 2014-01-13

  • Like 2
Link to comment
Share on other sites
marioc Senior Member

marioc

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Link to comment
Share on other sites
  • Popular Post
animatic Star Member

animatic

Posted
  • Popular Post
Posted (edited)

Yes indeedy... This will be the tip of the iceburg.

In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information,

they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through.

This besides causing bottlenecks and causing concentric circles of slowness

as it searches for the Verboten Thoughts,, it has also allowed hackers to access,

every single internet user in Thailand, and manipulate them with relatively simple and minimal means.

Brilliant work MICT.

Edited by animatic
  • Like 9
Link to comment
Share on other sites
diceq Advanced Member

diceq

Posted
Posted

Yes indeedy... This will be the tip of the iceburg.

In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information,

they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through.

This besides causing bottlenecks and causing concentric circles of slowness

as it searches for the Verboten Thoughts,, it has also allowed hackers to access,

every single internet user in Thailand, and manipulate them with relatively simple and minimal means.

Brilliant work MICT.

All ISPs uses this technique. It reduces their bandwidth and speeds up your browsing.

Link to comment
Share on other sites
diceq Advanced Member

diceq

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Try using an operating system that does not suck.

  • Like 1
Link to comment
Share on other sites
noitom Ruby Member

noitom

Posted
Posted

Yes indeedy... This will be the tip of the iceburg.

In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information,

they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through.

This besides causing bottlenecks and causing concentric circles of slowness

as it searches for the Verboten Thoughts,, it has also allowed hackers to access,

every single internet user in Thailand, and manipulate them with relatively simple and minimal means.

Brilliant work MICT.

Excellent analysis. Thailand is a very controlled state.

  • Like 1
Link to comment
Share on other sites
  • Popular Post
NHT Senior Member

NHT

Posted
  • Popular Post
Posted

cheesy.gif and when does the rest of the world realise, communist China offers more "human rights" and protection to its folk, than this bunch of THAI biz-barons!

TRUE picked the best name. it's indeed, TRUE PARODY and - they give a dam* *hit if you complain. They know you can't do a thing. TITS 'n TATS at its best.

  • Like 3
Link to comment
Share on other sites
Johnnie99 Gold Member

Johnnie99

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Try using an operating system that does not suck.

You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't.

  • Like 1
Link to comment
Share on other sites
innerspace Silver Member

innerspace

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Try using an operating system that does not suck.

You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't.

Not defending that initial comment but your response is as wrong as the one you reply to.

1) Windows and Mac are not "all OS". I use neither along with a growing percentage of people.

2) Ccleaner is and always has been primarily a windows program. Windows destroys itself and needs regular cleaning whereas Mac doesn't so much, so programs like ccleaner are relatively pointless on Mac.

So your "second sight" is what is commonly referred to as "common sense" or "intuition".

To all the proxy bashers - if you would prefer slower internet and higher prices fine.

But given the poor state of Thailand's international bandwidth capacity proxies are absolutely essential in getting the most out of the available capacity.

Domestic bandwidth to and from proxies is plentiful but international is limited.

This is also standard practice globally as well as in most corporate environments.

That said, they should certainly be secured better than this.

Link to comment
Share on other sites
animatic Star Member

animatic

Posted
Posted

Yes indeedy... This will be the tip of the iceburg.

In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information,

they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through.

This besides causing bottlenecks and causing concentric circles of slowness

as it searches for the Verboten Thoughts,, it has also allowed hackers to access,

every single internet user in Thailand, and manipulate them with relatively simple and minimal means.

Brilliant work MICT.

All ISPs uses this technique. It reduces their bandwidth and speeds up your browsing.

Yes, but not the exact same program file repeated over all the ISA's country wide by the ministry

as it funnels them all through their control freak master bottle neck rather than allow free flow of

all data to the web in the most efficient 360 degree fashion.

Thus it's not the ISPs that have caused the hack simplification, but the government MICT,

causing their one size fits all graft after/before them. That we firsat see True, comes up is because,

true is generally seen as the least adept company culture to keep on top of things.

But I have little doubt that this will be the case on most ISP clients country wide.

Or they will hush it up after this so MICT doesn't lose face etc etc.

Link to comment
Share on other sites
khunken Platinum Member

khunken

Posted
Posted

As a True internet user I haven't encountered this problem. I'm not sure if it's the same thing but in Firefox a user can decide to use or not to use True's proxy. I sometimes switch it on and off when the internet becomes the WWwait.

The only annoying facet of True's service is when the odd site request results in being taken to the True landing page - a known Billion router 'service' that True has refused to fix.

Link to comment
Share on other sites
wprime Gold Member

wprime

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Try using an operating system that does not suck.

You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't.

It's not difficult to find out what OS other members use. Just host an image with no-cache directive, include it in a post, then when the other person replies, check the user-agent field in your logs.

Link to comment
Share on other sites
GreenSnapper Gold Member

GreenSnapper

Posted
Posted

The transparent proxy is responsible for many internet problems in Thailand. They do have those in other countries too, but there they have competent engineers to run it. In Thailand they are just not capable.

That's why you shall use a VPN. Technically, a VPN makes surfing slower, but it is still much better because it avoids thai ISPs incompetent server installations.

Link to comment
Share on other sites
animatic Star Member

animatic

Posted
Posted

I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine

Try using an operating system that does not suck.

You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't.

Not defending that initial comment but your response is as wrong as the one you reply to.

1) Windows and Mac are not "all OS". I use neither along with a growing percentage of people.

2) Ccleaner is and always has been primarily a windows program. Windows destroys itself and needs regular cleaning whereas Mac doesn't so much, so programs like ccleaner are relatively pointless on Mac.

So your "second sight" is what is commonly referred to as "common sense" or "intuition".

To all the proxy bashers - if you would prefer slower internet and higher prices fine.

But given the poor state of Thailand's international bandwidth capacity proxies are absolutely essential in getting the most out of the available capacity.

Domestic bandwidth to and from proxies is plentiful but international is limited.

This is also standard practice globally as well as in most corporate environments.

That said, they should certainly be secured better than this.

We have to use proxies to work around or disguise some content from MICTs proxies,

but that doesn't prevent the government bottle neck of routing ALL traffic

through their narrow post-proxy trunks so they can scan for verbotten content.

This is caused by their paternalist paranoiac mind set about the internet.

Our proxies don't avoid this bottleneck they just workaround their scanners triggers.

Clearly this scanning for content to piggyback on is done gratis MICTS lack of foresight,

resources and actual programming experience. True hackers are playing them for fools all day long.

Link to comment
Share on other sites
DrTuner Diamond Member

DrTuner

Posted
Posted

Just host an image with no-cache directive, include it in a post, then when the other person replies, check the user-agent field in your logs.

Cute. Although I have set the desktop chrome user-agent in my android tab browser, so you'd be wrong. And in a high traffic site such as this, your image will be getting a load of hits, so you'd probably have to get the referrer too. But yeah, pretty nifty, you'll get the IP as well so you can geo-locate the user. Provided they aren't using a VPN or some other solution to change the originating IP.

Another way to get through the ISP proxy is using https, many sites work when you simply change the https to https in the address.

Link to comment
Share on other sites
Keesters Platinum Member

Keesters

Posted
Posted

Had a similar problem late last year.

http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/

OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'.

Link to comment
Share on other sites
  • 2 months later...
paz Ruby Member

paz

Posted
Posted

Had a similar problem late last year.

http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/

OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'.

That difference is caused from being assigned a public IP address as opposed to a private one. You can search Google to learn what that means.

It has nothing to do wit transparent proxy.

Link to comment
Share on other sites
Keesters Platinum Member

Keesters

Posted
Posted (edited)

Had a similar problem late last year.

http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/

OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'.

That difference is caused from being assigned a public IP address as opposed to a private one. You can search Google to learn what that means.

It has nothing to do wit transparent proxy.

Problem has been solved now that they have given me a new uPnP router. I'm connectable at all sites now. Nothing to do with IP address.

Edited by Keesters
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.









×
×
  • Create New...