So far it hasn’t been a good week so far for website security here in Thailand.
Still reeling from a much publicised breach of security in its online gaming network – which might have compromised customer details including credit card numbers – and a potential loss of $170 million, Sony faced the ignominy of having its Thailand website attacked and used for phishing according to CNET.
The hack, which is not connected to Sony’s problems with its PlayStation Network, has placed a phishing Web page on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK today. F-Secure notified Sony, the company said in a blog post today.
“The phishers are looking for credit card details and log-ins,” said Hypponen.
While elsewhere on Thai webspace the Democrat Party suffered when one of its websites was knocked out by a ‘friendly’ hacker who, on assuming control of the website’s content, posted a note aimed to highlight how shoddy the security system is.
More details come from the Bangkok Post:
A website of the Democrat Party, set up to attract young people, was hacked on Sunday night.
Reports said an anonymous hacker broke into “www.youngdemocrat.org” while Prime Minister and Democrat leader Abhisit Vejjajiva was using social media for his party’s election campaign.
The hacker replaced the homepage with a black background with the message: “Don’t Worry Admin! Your Files and Database Are Safe!!! I Just Wanna Tell You that Your Security Sucks!!!”
The black background and the message were removed on Monday morning, but the website was still down.
These events are neither the first, nor (sadly most likely) the last cases of lax website security in Thailand.
In the past a range of websites including government, corporate and other important sites have found themselves victim to phishing and viruses. That part is quite normal but when you consider the huge investment – both financial and time – that the government puts into tracking breaches of the country’s lese majeste law and other speech-related violations and one can legitimately ask if the Thai government is doing enough to tackle web security issues which could impact – if personal data and credit cards details are stolen – on its people accessing Thai cyberspace?
If its any consolation, Sony had a similar issue in Japan where an affiliated website had $1,200 of virtual currency stolen by an unknown intruder, as Slashdot reveals.
UPDATE 02 June 2011: The website of Thailand’s Ministry of Foreign Affairs suffered an attack yesterday when “a Google search for the ministry turned up a number of links that appeared to lead to advertising for Propecia (a treatment for baldness), and for male sex enhancement drugs Viagra and Cialis” according to The Phuket News.