A massive database of 8 billion Thai internet records leaks

[webfact]

A massive database of 8 billion Thai internet records leaks

Zack Whittaker

 

Thailand’s largest cell network AIS has pulled a database offline that was spilling billions of real-time internet records on millions of Thai internet users.

 

Security researcher Justin Paine said in a blog post that he found the database, containing DNS queries and Netflow data, on the internet without a password. With access to this database, Paine said that anyone could “quickly paint a picture” about what an internet user (or their household) does in real-time.

 

Paine alerted AIS to the open database on May 13. But after not hearing back for a week, Paine reported the apparent security lapse to Thailand’s national computer emergency response team, known as ThaiCERT, which contacted AIS about the open database.

 

Full story: https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/

 

-- TECH CRUNCH 2020 05-25

[bluesofa]

Doesn't surprise me at all.

 

A while ago I had a problem with AIS Fibre not working.

I phoned the contact number and the irritating voice system encouraged me to report it online (really!)

It even automatically sent me an SMS with a link to click on.

 

Fortunately I have mobile data usage on my phone, but not everyone does.

Looking at the link I could see there was a syntax error - a full stop (a period) immediately after the link, preventing it going to the correct page, but showing an error page (404) instead.

I corrected it on my mobile browser, and later called AIS to let them know. That was months ago.

 

Last week I had a problem with AIS Fibre again. I was SMS'ed the same faulty link.

<sigh>

 

[DrTuner]

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

[Nice Boyd]

34 minutes ago, DrTuner said:

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

I was just there, not a word uttered or SMS , Geezus 

[SkyFax]

53 minutes ago, DrTuner said:

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

Wow it seems like a whole lot of extra work to go through 8 billion records when all they wanted was YOUR personal data.

Edited May 25, 2020 by SkyFax

[bluesofa]

50 minutes ago, DrTuner said:

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

Hey who's hacked my account and stolen my SMS? I haven't had one so far.

 

[DrTuner]

37 minutes ago, SkyFax said:

Wow it seems like a whole lot of extra work to go through 8 billion records when all they wanted was YOUR personal data.

Almost like stalking in the internet, it takes a lot of effort, eh?

[DrTuner]

33 minutes ago, bluesofa said:

Hey who's hacked my account and stolen my SMS? I haven't had one so far.

Here's one for you:

[SkyFax]

13 minutes ago, DrTuner said:

Almost like stalking in the internet, it takes a lot of effort, eh?

Hey the #1 scourge of the usurper class -- you should be honored.

[DrTuner]

4 minutes ago, SkyFax said:

Hey the #1 scourge of the usurper class -- you should be honored.

Why yes, I remember some one saying you're nobody unless you got your own stalker.

[samsensam]

21 minutes ago, DrTuner said:

Here's one for you:

 

to quote a bob dylan lyric; i say it so it must be true

[SkyFax]

10 minutes ago, DrTuner said:

Why yes, I remember some one saying you're nobody unless you got your own stalker.

No need to stalk -- just punch in the Thailand News section and there you are.

[rasmus5150]

41 minutes ago, DrTuner said:

Almost like stalking in the internet, it takes a lot of effort, eh?

Not in Thailand.

80% traffic linked to YouTube cats videos, series with hysterical females and men with too much make-up and last game shows with sound effects that would make Benny Hill jealous.

[Cake Monster]

2 hours ago, DrTuner said:

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

And Thailand wants a cashless Society.

Dream on

[bluesofa]

1 hour ago, DrTuner said:

Here's one for you:

Following the link, this is one of the questions they answer:

 

"Q: I’ve been contacted/received SMS from other companies/shops. Did they get my personal data
from AIS?

A: They could get your personal data from any other channels, where you might have left personal data for contact when receiving services, buying products, signing up membership, as well as phishing from various channels, for example. If you do not want to be contacted, please contact the company/the shop who gives you the service directly. "

 

Interesting nothing about the possibility of someone having got it from AIS themselves, as per the OP.

 

 

This is the SMS I mentioned earlier in post #2, with the full-stop/period included in the link:

 

To inform us about unable to connect to the Internet just clicking this link https://newfibre.ais.co.th/ReportProblem/Login.

 

[ukrules]

Why do they have a system that logs your every move?

 

They're an ISP, not a part of the state surveillance apparatus.

 

An explanation is required here as to why this database exists, it would take a considerable amount of work, infrastructure and resources to create and maintain such a system for all of their customers so there must be a very good reason to have it.

 

 

[connda]

Just wait for a few billion QR tracking records to get 'accidentally' leaked. 
"Ohhh, that never will happen. Nope, nope nope." 

[bodga]

And  many don't  mind  giving out there personal info for the covid  nonsense, perfectly  safe, wont be abused, huh. I don't set  foot inside any shops asking for the info.

[snoop1130]

Leaked data contained no personal info, insists AIS

By THE NATION

 

 

Telecom operator Advanced Info Service (AIS) issued a statement on Monday (May 25) to confirm that no personal data of its customers had been leaked.

 

The company was responding to a report posted on the US-based TechCrunch websitethat security researcher Justin Paine had found real-time internet records of billions of Thai internet users earlier this month that AIS had leaked.

 

“We are aware of report alleging an incident regarding AIS customers’ data. We confirm that a small amount of non-personal, non-critical information was exposed for a limited period in May during a scheduled test,” said Saichon Submakudom, chief of the AIS public relations department.

 

She added that the data released only had to do with Internet usage patterns and did not contain personal information that could be used to identify any customer or harm them financially or in any other way.

 

“We are pleased that this incident was contained quickly, and no customers were adversely impacted. AIS cares deeply about protecting customers’ personal information,” she said.

 

“We are continually reviewing our security procedures to ensure global best practices. However, on this occasion, we acknowledge that our procedures fell short and for that, we sincerely apologise.

 

“Since this is the first incident of its kind, AIS has thoroughly investigated the cause and already taken steps to improve our procedures. We continually strive to maintain the highest standards in ensuring the safety of our customers and their personal data,” she added.

 

According to TechCrunch, Paine had said in a blog post that he found the database – containing DNS queries and Netflow data – on the internet unguarded by a password.

 

With access to this database, Paine claimed that anybody could see in real time what an internet user or their household was browsing, enabling them to build a picture of the target’s internet usage. Paine discovered the database on May 7, with 8.3 billion documents, 4.7 terabytes of data and about 200 million rows of new data added daily.

 

Paine said he alerted AIS to the exposed database several times since May 13 but received no response. A week later he reported the apparent security lapse to Thailand’s national computer emergency response team (ThaiCERT), which contacted AIS about the exposed database.

 

Shortly after, AIS closed access to the database on May 22.

 

Source: https://www.nationthailand.com/news/30388483?utm_source=category&utm_medium=internal_referral

 

-- © Copyright The Nation Thailand 2020-05-25

 

- Whatever you're going through, the Samaritans are here for you

- Follow Thaivisa on LINE for breaking COVID-19 updates

[YetAnother]

12 minutes ago, snoop1130 said:

She added that the data released only had to do with Internet usage patterns and did not contain personal information

uh huh; she of tiny intellect OR Big Liar; budding politician....

[Susco]

3 hours ago, ukrules said:

Why do they have a system that logs your every move?

 

They're an ISP, not a part of the state surveillance apparatus.

 

An explanation is required here as to why this database exists, it would take a considerable amount of work, infrastructure and resources to create and maintain such a system for all of their customers so there must be a very good reason to have it.

 

 

All ISP's, and not only in Thailand, are required by law to keep the traffic data.

 

Some countries like Australia for example have to keep it 2 years, others maybe less, but I think it is at least 365 days

[TallGuyJohninBKK]

8 hours ago, DrTuner said:

So that's what the SMS just hours ago from AIS was about. "Your personal data is safe". Yeah right.

 

I've had AIS postpaid for years, among others. Haven't received any communication from them as yet, SMS or otherwise, on their DNS database fiasco.

 

Despite having AIS mobile data service, I don't actually use AIS for my internet activity. But even if I did, I think I would have been protected in this case because:

--pretty much all my web browsing is done via https:/ format, and

--all of my web browsing is done via a non-Thai, non U.S. and friends-based VPN that uses its own secured DNS servers.

 

From the OP news report:

Quote

One such technology, DNS over HTTPS — or DoH — encrypts DNS requests, making it far more difficult for internet or network providers to know which websites a customer is visiting or which apps they use.

 

Edited May 25, 2020 by TallGuyJohninBKK

[Susco]

2 minutes ago, TallGuyJohninBKK said:

 

I've had AIS postpaid for years, among others. Haven't received any communication from them as yet, SMS or otherwise, on their DNS database fiasco.

 

Why would they have to communicate with you if no personal data was leaked.

 

NSA in the US have your data as well, as they store the metadata of the whole planet for 1 year.

 

https://en.wikipedia.org/wiki/Data_retention

United States

The National Security Agency (NSA) commonly records Internet metadata for the whole planet for up to a year in its MARINA database, where it is used for pattern-of-life analysis. U.S. persons are not exempt because metadata are not considered data under US law (section 702 of the FISA Amendments Act).^[69] Its equivalent for phone records is MAINWAY.^[70] The NSA records SMS and similar text messages worldwide through DISHFIRE.^[71]

[TallGuyJohninBKK]

15 minutes ago, Susco said:

Why would they have to communicate with you if no personal data was leaked.

 

NSA in the US have your data as well, as they store the metadata of the whole planet for 1 year.

 

https://en.wikipedia.org/wiki/Data_retention

United States

The National Security Agency (NSA) commonly records Internet metadata for the whole planet for up to a year in its MARINA database, where it is used for pattern-of-life analysis. U.S. persons are not exempt because metadata are not considered data under US law (section 702 of the FISA Amendments Act).^[69] Its equivalent for phone records is MAINWAY.^[70] The NSA records SMS and similar text messages worldwide through DISHFIRE.^[71]

 It's an interesting question. I never underestimate the ability of the U.S. government to snoop on people's communications/online activity around the world.

 

But if a person is using an encrypted, shared IP VPN connection not based in a country that shares data with the U.S., and all of that person's internet activity is encrypted and using the https:// protocol, I wonder just how much of that the U.S. can untangle.

 

Edited May 25, 2020 by TallGuyJohninBKK

[smedly]

BS

[DrTuner]

10 hours ago, TallGuyJohninBKK said:

 

I've had AIS postpaid for years, among others. Haven't received any communication from them as yet, SMS or otherwise, on their DNS database fiasco.

 

Despite having AIS mobile data service, I don't actually use AIS for my internet activity. But even if I did, I think I would have been protected in this case because:

--pretty much all my web browsing is done via https:/ format, and

--all of my web browsing is done via a non-Thai, non U.S. and friends-based VPN that uses its own secured DNS servers.

 

From the OP news report:

 

https won't help 100% as most browsers use SNI (Server Name Indication), which sends the hostname in cleartext. VPN works but there's no guarantee the VPN provider won't log traffic. 

 

Tor is the way to go if wanting to stay completely incognito.

[Burma Bill]

14 hours ago, YetAnother said:

uh huh; she of tiny intellect OR Big Liar; budding politician....

"saving face"!!

[Caldera]

I got a pretty cryptic SMS from them a few weeks ago and didn't think much about it at the time. Now their denial does have me worried!

 

[bodga]

On 5/25/2020 at 5:40 PM, ukrules said:

Why do they have a system that logs your every move?

 

They're an ISP, not a part of the state surveillance apparatus.

 

An explanation is required here as to why this database exists, it would take a considerable amount of work, infrastructure and resources to create and maintain such a system for all of their customers so there must be a very good reason to have it.

 

 

the  be  all and end  all terrorism or take  your  pic national security or covid 19.. <deleted>  to the lot of them

[Eddy Ozark]

Time to say goodbye to AIS a service that spies on their customers.