Over 8 billion real-time Internet records of Thailand’s largest cell network, AIS, were leaked online through a database. The company later took the database offline, therefore secure all the records. The database, containing DNS queries and Netflow data, was lying on the internet without a password.
A security researcher Justin Paine alerted Thailand’s national computer emergency response team, ThaiCERT after he found a database exposing over eight billion Internet records on millions of Thai internet users.
Even though it is unclear who owns the database Paine, believes that a subsidiary of a major Thailand-based mobile network operator named Advanced Info Service (AIS), likely controlled the database. AIS is Thailand’s largest GSM mobile phone operator with 39.87 million customers as of 2016.
Justin Paine said that he found the database, containing DNS queries and Netflow data, on the internet without a password. He said, “I alerted AIS to the open database on May 13. But after not hearing back for a week, I reported the apparent security lapse to ThaiCERT, which contacted AIS about the open database.”
Paine further stated, “The database was likely controlled by AIS subsidiary, Advanced Wireless Network (AWN). It contained a combination of DNS query logs and NetFlow logs for what appears to be AWN customers. Using this data it is quite simple to paint a picture of what a person does on the Internet. I made multiple attempts to contact AIS to get the database secured without success.”
Paine said that this kind of records found in the database can only come from a person who can monitor internet traffic as it flows across the network. He also said that there isn’t an easy way to distinguish whether the database belongs to the internet provider or one of its subsidiaries or a large number of enterprise customers on the AIS network.
DNS queries are a normal side-effect of using the internet. Each time a user visits a website, the browser being used converts a web address into an IP address, which informs the user where the web page lives on the internet.
Although DNS queries don’t carry emails or sensitive information like passwords, they can identify which websites the user is accessing and which apps are being used by him. It can also identify the kind of devices the user owns, which browsers he is using, which antivirus he runs on his device, and also which social media apps and websites he frequently visits. The kind of information is a complete security breach for an individual.
This could be a major threat for high-risk individuals, like social activists, politicians, and journalists as their internet records could be used to identify their information and sources.
In the year 2017 a law allowed US internet providers to sell internet records, DNS queries, and browsing histories of their users. This data was valuable for advertisers to serve ads targeted to individuals.
This incident took place as Thailand’s internet scrutiny laws grant authorities wide access to internet user data. The country also has extremely strict censorship laws in Asia, which completely forbid any criticism against the Thai royal family, national security, and Thai political issues. In the year 2017, the Thai military junta that came to power in a 2015 coup, banned Facebook across the country after the social network giant refused to censor certain users’ posts.