This article was published 4 yearsago

Over 8 billion Internet records of Thai users on country’s largest network AIS were reportedly being leaked through a database that has now been secured. The data contained real time records of users that could provide a track of their overall internet activity through their DNS query logs.

The leak of this valuable data was first spotted by security researcher Justin Paine who alerted AIS back on May 13th. The cavil however hit a dead end and the network didn’t respond. After a week, Paine alerted Thai National CERT Team, who act as the data watchdog of the nation. Following a questioning of the company by the body, the database was taken down.

The compromised data is an ElasticSearch database which Paine found when browsing BinaryEdge and Shodan. Based on data available in BinaryEdge this database was first observed as exposed and publicly accessible on May 1, 2020. Paine discovered this database roughly 6 days later on May 7, 2020, with the database largely relating to the DNS logs.

DNS logs are a regular aspect of internet usage. When we access websites, the browser converts the web address into an IP address. Due to this, these records could conveniently trace the list of websites accessed. The records basically form a skeleton of a person’s internet usage. This could prove to be valuable information for personalities such as journalists and activists as the logs would reveal their sources. Hackers could also use such records to target specific users, based on their browsing history.

For regular users of the internet, the risks still run high. In his blog post, Paine reveals how in addition to the sites accessed, these records could reveal information regarding the user’s type of device, the antivirus installed, the browsers used. Private messages, e-mails etc. cannot however be accessed through this information.

For now, the ownership of the data base has not been traced back to any individual or organisation. According to Paine, the logs can only be obtained by someone enabled to monitor internet traffic across the network. It is difficult to identify whether the database belongs to the internet provider or one of AIS’s large enterprise customers. Paine however believes, that the database was likely controlled by AIS subsidiary Advanced Wireless Network (AWN).

Due to various heated instances in its political history, Thai authorities themselves have significant access to internet records. The country’s internet laws exert high censorship to control criticism against the monarch and his institution and policies in general.