george Posted January 13, 2014 Share Posted January 13, 2014 Experts: Thailand’s largest internet service provider ‘compromised’BANGKOK, THAILAND (BNO NEWS) — Some customers of True Internet, Thailand’s largest internet service provider, have been served popups with advertisements for months after a hacker allegedly compromised the company’s transparent proxy, potentially allowing hackers to spy on users.Internet service providers (ISPs) in Thailand use transparent proxies to act as an intermediary when customers request access to websites, allowing censorship and the caching of frequently used objects to reduce bandwidth. The exploit is believed to have affected the transparent proxy used by True Internet since late last year, according to two computer security experts who studied the exploit.“This particular exploit is used to send unsuspecting users to a website with the goal of some of them signing up, allowing the attacker to collect affiliate commissions,” said one of the experts, speaking on the condition of anonymity. He said there was no evidence to suggest the exploit was also used for other purposes, but indicated the attacker would have been able to spy on users or manipulate their actions online.“True – and all other ISPs in Thailand – run a transparent proxy. When a user tries to access a website from outside Thailand, the ISP intercepts it, fetches the content if it is not already cached, and then serves it to the user,” the expert explained. “In this case, someone figured out how to poison the cache and put in a spoofed JavaScript file in the cache entry for a link that is used by websites to serve ads from Google.”The way the exploit works is through a spoofed JavaScript file, sending Internet users to a website that was first created on October 30 and registered with a Panama address and Peru phone number. The site has become the 905th ‘most-visited’ website in Thailand, indicating the exploit affected many web users, according to Alexa.com, which showed 98.8 percent of visitors to the website were from Thailand.The affected file has an expiry date of one year in the future, meaning users will continue seeing popups and redirects for a year unless they clear their temporary Internet files and access a valid version of the JavaScript file. Jacob Fish, who also studied the issue, said it appeared the exploit was being turned on at certain times, possibly to avoid detection.“When you have the power of loading spoofed JavaScript files for any website, you can show users popups, send them to other websites or modify a website to display other advertisements,” one of the experts said. “Although we have not seen it in this case, the attacker could have exploited the same method to monitor a user’s Internet activity, hijack a session after a user logged in to a website, and submit forms.”Postings on various Internet forums showed True users complaining about the popups as early as October, with some of them reporting the issue was resolved after deleting their temporary Internet files. True Internet did not immediately return requests for comment on this story.-- 2014-01-13 2 Link to comment Share on other sites More sharing options...
marioc Posted January 13, 2014 Share Posted January 13, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Link to comment Share on other sites More sharing options...
Sunisalom Posted January 13, 2014 Share Posted January 13, 2014 My dog is barking. bored? -m. Link to comment Share on other sites More sharing options...
Popular Post animatic Posted January 13, 2014 Popular Post Share Posted January 13, 2014 (edited) Yes indeedy... This will be the tip of the iceburg. In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information, they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through. This besides causing bottlenecks and causing concentric circles of slowness as it searches for the Verboten Thoughts,, it has also allowed hackers to access, every single internet user in Thailand, and manipulate them with relatively simple and minimal means. Brilliant work MICT. Edited January 13, 2014 by animatic 9 Link to comment Share on other sites More sharing options...
diceq Posted January 13, 2014 Share Posted January 13, 2014 Yes indeedy... This will be the tip of the iceburg. In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information, they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through. This besides causing bottlenecks and causing concentric circles of slowness as it searches for the Verboten Thoughts,, it has also allowed hackers to access, every single internet user in Thailand, and manipulate them with relatively simple and minimal means. Brilliant work MICT. All ISPs uses this technique. It reduces their bandwidth and speeds up your browsing. Link to comment Share on other sites More sharing options...
diceq Posted January 13, 2014 Share Posted January 13, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Try using an operating system that does not suck. 1 Link to comment Share on other sites More sharing options...
Popular Post DrTuner Posted January 13, 2014 Popular Post Share Posted January 13, 2014 VPN. 3 Link to comment Share on other sites More sharing options...
noitom Posted January 13, 2014 Share Posted January 13, 2014 Yes indeedy... This will be the tip of the iceburg. In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information, they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through. This besides causing bottlenecks and causing concentric circles of slowness as it searches for the Verboten Thoughts,, it has also allowed hackers to access, every single internet user in Thailand, and manipulate them with relatively simple and minimal means. Brilliant work MICT. Excellent analysis. Thailand is a very controlled state. 1 Link to comment Share on other sites More sharing options...
Popular Post NHT Posted January 14, 2014 Popular Post Share Posted January 14, 2014 and when does the rest of the world realise, communist China offers more "human rights" and protection to its folk, than this bunch of THAI biz-barons! TRUE picked the best name. it's indeed, TRUE PARODY and - they give a dam* *hit if you complain. They know you can't do a thing. TITS 'n TATS at its best. 3 Link to comment Share on other sites More sharing options...
Johnnie99 Posted January 14, 2014 Share Posted January 14, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Try using an operating system that does not suck. You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't. 1 Link to comment Share on other sites More sharing options...
Bazt Posted January 14, 2014 Share Posted January 14, 2014 Never had any problem whatsoever with True internet. Sent from my iPad using Thaivisa Connect Thailand Link to comment Share on other sites More sharing options...
SOTIRIOS Posted January 14, 2014 Share Posted January 14, 2014 ....I doubt that it was accidental....or done by 'an unknown 3rd party'.... ....Facebook...Youtube.......everywhere...all overrun with Thai ads..... Link to comment Share on other sites More sharing options...
innerspace Posted January 14, 2014 Share Posted January 14, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Try using an operating system that does not suck. You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't. Not defending that initial comment but your response is as wrong as the one you reply to. 1) Windows and Mac are not "all OS". I use neither along with a growing percentage of people. 2) Ccleaner is and always has been primarily a windows program. Windows destroys itself and needs regular cleaning whereas Mac doesn't so much, so programs like ccleaner are relatively pointless on Mac. So your "second sight" is what is commonly referred to as "common sense" or "intuition". To all the proxy bashers - if you would prefer slower internet and higher prices fine. But given the poor state of Thailand's international bandwidth capacity proxies are absolutely essential in getting the most out of the available capacity. Domestic bandwidth to and from proxies is plentiful but international is limited. This is also standard practice globally as well as in most corporate environments. That said, they should certainly be secured better than this. Link to comment Share on other sites More sharing options...
animatic Posted January 14, 2014 Share Posted January 14, 2014 Yes indeedy... This will be the tip of the iceburg. In a paranoiacs effort to protect Thais from their own desires and that dreaded freedom of information, they have put 'transparent proxies' into the chains ALL Thailand internet users are routed through. This besides causing bottlenecks and causing concentric circles of slowness as it searches for the Verboten Thoughts,, it has also allowed hackers to access, every single internet user in Thailand, and manipulate them with relatively simple and minimal means. Brilliant work MICT. All ISPs uses this technique. It reduces their bandwidth and speeds up your browsing. Yes, but not the exact same program file repeated over all the ISA's country wide by the ministry as it funnels them all through their control freak master bottle neck rather than allow free flow of all data to the web in the most efficient 360 degree fashion. Thus it's not the ISPs that have caused the hack simplification, but the government MICT, causing their one size fits all graft after/before them. That we firsat see True, comes up is because, true is generally seen as the least adept company culture to keep on top of things. But I have little doubt that this will be the case on most ISP clients country wide. Or they will hush it up after this so MICT doesn't lose face etc etc. Link to comment Share on other sites More sharing options...
Jonmarleesco Posted January 14, 2014 Share Posted January 14, 2014 Of course True hasn't replied to requests for comments. In common with all its services, whether internet, mobile or TV, its standard crosses the border of incompetence and arrogance. 1 Link to comment Share on other sites More sharing options...
kennypowers Posted January 14, 2014 Share Posted January 14, 2014 This news is only 3 months late, as reported here back in October: http://www.thethailandlife.com/thai-internet-forex-redirect-virus It has also ben discussed on ThaiVisa in a fair few threads. Next... Link to comment Share on other sites More sharing options...
diceq Posted January 14, 2014 Share Posted January 14, 2014 Not defending that initial comment but your response is as wrong as the one you reply to. What was wrong with my post? Link to comment Share on other sites More sharing options...
HerbalEd Posted January 14, 2014 Share Posted January 14, 2014 My dog is barking. bored? -m. Thanks for sharing your very interesting comment. Link to comment Share on other sites More sharing options...
NHT Posted January 14, 2014 Share Posted January 14, 2014 (edited) My dog is barking. bored? -m. Thanks for sharing your very interesting comment. If I'd be a dog, and Sunisalom as my owner, I'd not just bark, but howl. Edited January 14, 2014 by NHT Link to comment Share on other sites More sharing options...
khunken Posted January 14, 2014 Share Posted January 14, 2014 As a True internet user I haven't encountered this problem. I'm not sure if it's the same thing but in Firefox a user can decide to use or not to use True's proxy. I sometimes switch it on and off when the internet becomes the WWwait. The only annoying facet of True's service is when the odd site request results in being taken to the True landing page - a known Billion router 'service' that True has refused to fix. Link to comment Share on other sites More sharing options...
spare5 Posted January 14, 2014 Share Posted January 14, 2014 ThaiVisa included? Link to comment Share on other sites More sharing options...
wprime Posted January 14, 2014 Share Posted January 14, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Try using an operating system that does not suck. You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't. It's not difficult to find out what OS other members use. Just host an image with no-cache directive, include it in a post, then when the other person replies, check the user-agent field in your logs. Link to comment Share on other sites More sharing options...
GreenSnapper Posted January 14, 2014 Share Posted January 14, 2014 The transparent proxy is responsible for many internet problems in Thailand. They do have those in other countries too, but there they have competent engineers to run it. In Thailand they are just not capable. That's why you shall use a VPN. Technically, a VPN makes surfing slower, but it is still much better because it avoids thai ISPs incompetent server installations. Link to comment Share on other sites More sharing options...
animatic Posted January 14, 2014 Share Posted January 14, 2014 I don't have true Internet service(actually I have 3BB) but I had the same problem(and maybe still have).... sometimes I was redirected to a page of a shopping online center....now I understand why. I have used CCleaner and apparently has worked because for the time being it looks fine Try using an operating system that does not suck. You must have second sight if you can work out which operating system 'marioc' uses, from what he says. As such a brilliant person you would know that CCleaner is available for all OS. Or maybe you don't. Not defending that initial comment but your response is as wrong as the one you reply to. 1) Windows and Mac are not "all OS". I use neither along with a growing percentage of people. 2) Ccleaner is and always has been primarily a windows program. Windows destroys itself and needs regular cleaning whereas Mac doesn't so much, so programs like ccleaner are relatively pointless on Mac. So your "second sight" is what is commonly referred to as "common sense" or "intuition". To all the proxy bashers - if you would prefer slower internet and higher prices fine. But given the poor state of Thailand's international bandwidth capacity proxies are absolutely essential in getting the most out of the available capacity. Domestic bandwidth to and from proxies is plentiful but international is limited. This is also standard practice globally as well as in most corporate environments. That said, they should certainly be secured better than this. We have to use proxies to work around or disguise some content from MICTs proxies, but that doesn't prevent the government bottle neck of routing ALL traffic through their narrow post-proxy trunks so they can scan for verbotten content. This is caused by their paternalist paranoiac mind set about the internet. Our proxies don't avoid this bottleneck they just workaround their scanners triggers. Clearly this scanning for content to piggyback on is done gratis MICTS lack of foresight, resources and actual programming experience. True hackers are playing them for fools all day long. Link to comment Share on other sites More sharing options...
DrTuner Posted January 14, 2014 Share Posted January 14, 2014 Just host an image with no-cache directive, include it in a post, then when the other person replies, check the user-agent field in your logs. Cute. Although I have set the desktop chrome user-agent in my android tab browser, so you'd be wrong. And in a high traffic site such as this, your image will be getting a load of hits, so you'd probably have to get the referrer too. But yeah, pretty nifty, you'll get the IP as well so you can geo-locate the user. Provided they aren't using a VPN or some other solution to change the originating IP. Another way to get through the ISP proxy is using https, many sites work when you simply change the https to https in the address. Link to comment Share on other sites More sharing options...
Keesters Posted January 15, 2014 Share Posted January 15, 2014 Had a similar problem late last year. http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/ OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'. Link to comment Share on other sites More sharing options...
Keesters Posted January 15, 2014 Share Posted January 15, 2014 in Firefox a user can decide to use or not to use True's proxy. Please explain how you do that so others can learn. Link to comment Share on other sites More sharing options...
Cobrabiker Posted March 27, 2014 Share Posted March 27, 2014 Has this problem been resolved by true? As I am thinking of signing up for the cable internet. Link to comment Share on other sites More sharing options...
paz Posted March 27, 2014 Share Posted March 27, 2014 Had a similar problem late last year. http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/ OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'. That difference is caused from being assigned a public IP address as opposed to a private one. You can search Google to learn what that means. It has nothing to do wit transparent proxy. Link to comment Share on other sites More sharing options...
Keesters Posted March 28, 2014 Share Posted March 28, 2014 (edited) Had a similar problem late last year. http://www.thaivisa.com/forum/topic/670377-force-redirect-to-forex-pricescom-spywarevirus/ OP says all ISPs use transparent proxies. True definitely do, but when I was on 3BB premium it did not. The only difference to me in having a transparency proxy is that with private torrent sites I cannot get myself shown as 'connectable' which can cause problems in down/uploading. On 3BB I was always 'connectable'. That difference is caused from being assigned a public IP address as opposed to a private one. You can search Google to learn what that means. It has nothing to do wit transparent proxy. Problem has been solved now that they have given me a new uPnP router. I'm connectable at all sites now. Nothing to do with IP address. Edited March 28, 2014 by Keesters Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now