Jump to content

15K Cybercrime complaints lodged in under 2 months


AussieBob

Recommended Posts

This article came to my attention and I thought it was worth posting - both as a talking point, and as a warning to those Expats who may not (yet) have realised how much of a 'cowboy' situation IT systems (including, but not limited to banks) are in Thailand. 

Almost 15,000 complaints regarding cybercrimes were filed with police from March 1 to April 20, resulting in the freezing of more than 56 million baht, said deputy police spokesman Kissana Phathanacharoen yesterday. Of the complaint cases, 8,126 were instances of financial fraud, while another 5,859 were related to online shopping scams. The rest included fake news, online gambling and sexual harassment. Officers have taken action on 3,972 bank accounts worth about 806 million baht in total, and of which 56.6 million baht has been frozen, he said.

https://www.bangkokpost.com/thailand/general/2299414/15k-cybercrime-complaints-lodged-since-march

Whenever an Expat is doing any online transaction in Thailand, they need to be aware that things are not at all like in the West. There is no guarantee of security of the information you provide, nor that the transaction will be completed, nor that there is an enforcement regime constantly monitoring things and/or responding to online transaction complaints. This is merely a list of the total complaints lodged - it does not mean they will be 'fixed', nor that anything will be done to ensure the same things do not happen again. 

Those who have lived in Thailand long enough, will know that there are very very few organisations or industries that have rigourous IT systems. There are many reasons for that, including that IT 'professionals' in Thailand are usually extremely poorly trained.  I personally know a Thai that went to University and has a Degree in Information Technology. He does not have much of a clue about how IT systems work - and even less of a clue about how computers work.  I was shocked when I was asked to help him sort out a problem he was having with his computer one day - but I knew not to say anything that would cause him to 'lose face'. My wife later congratulated me on dealing with it all so 'politely'. Thais know and understand that getting a Degree in Thailand is not the same as in the West - and they really appreciate it when a 'Farang' understands their culture and makes 'allowances'. 

Thailand Pass is just one example - I believe that the information stored in that system will not be safe - especially in the future especially when that Section/Office is no longer used. Until I can apply at my local Thai Embassy for a Visa to visit Thailand (whose IT systems are designed and constructed and managed under Australian 'rules'), then we will not be applying to visit Thailand.   

Over the years there has always been stories about a data breach' in some Thailand Government or Business, and we never hear about what was done and/or if it has been fixed.  Things that 'embarrass' Thais are usually covered up, or fixed up 'on the quiet' - rather then being addressed openly and dealt with - that is just the way it is. The problem with that approach to things goes across all parts of Thailand - and it means there is a strong persuasive view that not doing things right will not be 'punished' (unless they cannot cover it up). That recent collapse of a new terminal at Don Muang airport is just a recent example of how things work in Thailand - what would be considered totally unacceptable in the West with government committees and police investigations and huge ongoing media attention, is quickly shrugged off in Thailand and will be rarely (if ever) talked about again. 

 

 

 

  • Like 1
Link to comment
Share on other sites

40 minutes ago, AussieBob said:

This article came to my attention and I thought it was worth posting - both as a talking point, and as a warning to those Expats who may not (yet) have realised how much of a 'cowboy' situation IT systems (including, but not limited to banks) are in Thailand. 

Almost 15,000 complaints regarding cybercrimes were filed with police from March 1 to April 20, resulting in the freezing of more than 56 million baht, said deputy police spokesman Kissana Phathanacharoen yesterday. Of the complaint cases, 8,126 were instances of financial fraud, while another 5,859 were related to online shopping scams. The rest included fake news, online gambling and sexual harassment. Officers have taken action on 3,972 bank accounts worth about 806 million baht in total, and of which 56.6 million baht has been frozen, he said.

https://www.bangkokpost.com/thailand/general/2299414/15k-cybercrime-complaints-lodged-since-march

Whenever an Expat is doing any online transaction in Thailand, they need to be aware that things are not at all like in the West. There is no guarantee of security of the information you provide, nor that the transaction will be completed, nor that there is an enforcement regime constantly monitoring things and/or responding to online transaction complaints. This is merely a list of the total complaints lodged - it does not mean they will be 'fixed', nor that anything will be done to ensure the same things do not happen again. 

Those who have lived in Thailand long enough, will know that there are very very few organisations or industries that have rigourous IT systems. There are many reasons for that, including that IT 'professionals' in Thailand are usually extremely poorly trained.  I personally know a Thai that went to University and has a Degree in Information Technology. He does not have much of a clue about how IT systems work - and even less of a clue about how computers work.  I was shocked when I was asked to help him sort out a problem he was having with his computer one day - but I knew not to say anything that would cause him to 'lose face'. My wife later congratulated me on dealing with it all so 'politely'. Thais know and understand that getting a Degree in Thailand is not the same as in the West - and they really appreciate it when a 'Farang' understands their culture and makes 'allowances'. 

Thailand Pass is just one example - I believe that the information stored in that system will not be safe - especially in the future especially when that Section/Office is no longer used. Until I can apply at my local Thai Embassy for a Visa to visit Thailand (whose IT systems are designed and constructed and managed under Australian 'rules'), then we will not be applying to visit Thailand.   

Over the years there has always been stories about a data breach' in some Thailand Government or Business, and we never hear about what was done and/or if it has been fixed.  Things that 'embarrass' Thais are usually covered up, or fixed up 'on the quiet' - rather then being addressed openly and dealt with - that is just the way it is. The problem with that approach to things goes across all parts of Thailand - and it means there is a strong persuasive view that not doing things right will not be 'punished' (unless they cannot cover it up). That recent collapse of a new terminal at Don Muang airport is just a recent example of how things work in Thailand - what would be considered totally unacceptable in the West with government committees and police investigations and huge ongoing media attention, is quickly shrugged off in Thailand and will be rarely (if ever) talked about again. 

The article you quoted has nothing to do with banking security. The banks involved were just conduits for money illicitly gained through fraud outside the banking system.

I don't disagree IT security is lacking and laughable here, but not necessarily with the banking system. It's the systems the govt puts up to manage vaccination registration, Thai Pass, immigration reporting as examples of several databases that have been breeched.

Link to comment
Share on other sites

11 hours ago, AussieBob said:

Thailand Pass is just one example - I believe that the information stored in that system will not be safe - especially in the future especially when that Section/Office is no longer used. Until I can apply at my local Thai Embassy for a Visa to visit Thailand (whose IT systems are designed and constructed and managed under Australian 'rules'), then we will not be applying to visit Thailand.

If Thailand Pass gets hacked they'll find out when you're coming to Thailand, who you're flying with, who you're insured with, your email address and your passport details.  Not worth hacking into for that.

Edited by KWA
Link to comment
Share on other sites

13 hours ago, AussieBob said:

Thais are usually covered up, or fixed up 'on the quiet' - rather then being addressed openly and dealt with - that is just the way it is. The problem with that approach to things goes across all parts of Thailand - and it means there is a strong persuasive view that not doing things right will not be 'punished' (unless they cannot cover it up). That recent collapse of a new terminal at Don Muang airport is just a recent example of how things work in Thailand - what would be considered totally unacceptable in the West with government committees and police investigations and huge ongoing media attention, is quickly shrugged off in Thailand and will be rarely (if ever) talked about again. 

 

 

 

What recent collapse in Don Muang ??? Was there recently impressed with how they have redeveloped it ..... not been in years.

Link to comment
Share on other sites

20 hours ago, forcebwithu said:

The article you quoted has nothing to do with banking security. The banks involved were just conduits for money illicitly gained through fraud outside the banking system.

I don't disagree IT security is lacking and laughable here, but not necessarily with the banking system. It's the systems the govt puts up to manage vaccination registration, Thai Pass, immigration reporting as examples of several databases that have been breeched.

I agree that government are far worse than some privates organisations  like banks. But you drew a conclusion I was not making.  I didnt mean to imply that the banks caused the problems in that article, but that IT systems in Thailand are extremely 'problemmatic' - including banks.  These few quick articles show that banks are by no means safe and reliable in Thailand - and that they  do 'cover up' breaches rather than publicly identify and resolve.

https://codeorange.co.th/two-major-thai-banks-hacked/

https://www.dataguidance.com/opinion/thailand-data-protection-guidelines-thai-banks

That last one deserves quoting:  

Recently, the Thai Bankers' Association has implemented its Guidelines on Personal Data Protection for Thai Banks ('the Guidelines') to support the operations of the banking sector in accordance with the Personal Data Protection Act 2019 ('PDPA'). The PDPA is the first consolidated law governing data protection in general in Thailand and was published in the Royal Thai Government Gazette on 27 May 2019, with the full enforcement expected to take place on 1 June 2022. 

The first consolidated (meaning over-ruling local laws if any) by the Central Govt about Data Protection rules and laws for banks was started in 2018 - requiring full implementation implementing by June 2022 !!

I wrote a recent Post about inter-provincial fees and transactions, and it was pointed out to me that over the last few years things have changed.  Clearly this new Act is one of the drivers behind that move by banks from local provincial to national organisations.  Say what you like, there is one good thing about the Junta - they enforce Laws better - and they have implemented some good new Laws. If they could be removed from total control (PM etc), but take over the running of the Police 'system' across all of Thailand (a new Division) that would be a good thing IMO. 

Link to comment
Share on other sites

9 hours ago, KWA said:

If Thailand Pass gets hacked they'll find out when you're coming to Thailand, who you're flying with, who you're insured with, your email address and your passport details.  Not worth hacking into for that.

I should point out that the 'personal' information you provide is extremely valuable to certain people and organisations. You do know that your Passport information includes your date and place of birth, full legal name, and other 'identifiers' - combine that with some other identifiers and those same people and organisations can things - many things.  It is not about just getting your few hundreds of dollars - there is so much more.  Did you know that several passengers on MH370 had false passports, 2 of which were 'stolen' in Thailand 2 years previously - just one example - many more including financial thefts. With regard to just the financial thefts - there are many 'players' involved from the one hit wonders who clean people out, to the 'big boys' that skim small amounts from many thousands of accounts for as long as possible (with several 'projects' running concurrently).   

It is true that the information held by Thailand Pass is given out by people here and there when they are travelling to, from and around inside Thailand (and other countries requiring Passport as ID). But this is a single repository where that information is held for many thousands of people and in a section/office that will soon be abolished in a country that is very slack about IT security - it is most definitely a target worth hacking (which takes time and effort and involves risk).  

Link to comment
Share on other sites

4 hours ago, AussieBob said:

It is true that the information held by Thailand Pass is given out by people here and there when they are travelling to, from and around inside Thailand (and other countries requiring Passport as ID). But this is a single repository where that information is held for many thousands of people and in a section/office that will soon be abolished in a country that is very slack about IT security - it is most definitely a target worth hacking (which takes time and effort and involves risk).

You forgot to add "IMO" after that.

IMO it's bollocks.

  • Haha 1
Link to comment
Share on other sites

21 hours ago, KWA said:

You forgot to add "IMO" after that.

IMO it's bollocks.

Thailand's cybersecurity negligence causes personal data breaches - Nikkei Asia

A massive database of 8 billion Thai internet records leaks | TechCrunch

Whatever you reckon - up to you if you are concerned or not.

I always wear a helmet when riding a bike, because in Thailand it is extremely dangerous, and you just never know when/if something will happen to you - and then it is too late.  Only a fool would say that it is 'all good' and that there is nothing to be concerned about, and that taking precautions is silly despite all the 'evidence' to the contrary.  Certainly this is not the same - but it is a concern.  I will come back to you when/if the Thailand Pass data is hacked and the story leaks to the media (more likely to be covered up).  Most previous data hacks in Thailand were exposed to the media by other parties. 

Link to comment
Share on other sites

1 hour ago, AussieBob said:

...
I will come back to you when/if the Thailand Pass data is hacked and the story leaks to the media (more likely to be covered up).  Most previous data hacks in Thailand were exposed to the media by other parties. 

Thai Pass has already been hacked. Report from January...

Thailand Pass Database Hacked, Beware Of Malicious Emails With Fake QR Codes

  • Thanks 1
Link to comment
Share on other sites

1 hour ago, forcebwithu said:

Thai Pass has already been hacked. Report from January...

Thailand Pass Database Hacked, Beware Of Malicious Emails With Fake QR Codes

Thanks - that website says it all:   

"The saga with Thailand’s data security and the Thailand Pass continues as the database has apparently been hacked and people are now receiving emails with QR codes and files leading to a site containing malware.  Thailand has a history of government websites being hacked due to a lack of adequate data security and plain negligence. It’s common in Thailand that official government liaisons are using plain Gmail or Hotmail accounts and even take pictures of confidential documents such as passports with their personal phones and send it to personal Line Messenger Accounts.

Most recently the following databases were compromised and the personal information of individuals available on the internet (and dark net):

Vaccination Record System
Immigration Appointment database
Immigration Entry Database of passengers who have entered Thailand

 

Link to comment
Share on other sites

I attribute the lax security around non-financial databases due to the general incompetence of Thai programmers. Quite a few Thai designed website look like crap, if they work at all, so it's no surprise the same lack of attention to detail and testing also happens behind the scenes with the code to protect the information gathered by these websites.

  • Great Info 1
Link to comment
Share on other sites

9 minutes ago, forcebwithu said:

I attribute the lax security around non-financial databases due to the general incompetence of Thai programmers. Quite a few Thai designed website look like crap, if they work at all, so it's no surprise the same lack of attention to detail and testing also happens behind the scenes with the code to protect the information gathered by these websites.

Spot on - that is exactly the reason.  And that is because the education system that 'teached' IT professionals in Thailand is totally corrupted (pay and you are passed), and there are no strict laws and harsh penalties for organisations and people who cause data breaches through incompetent IT systems. 

Link to comment
Share on other sites

The "hack" above was more likely an employee with access to the address book which he sold on, which of course is still a security breach, but not from a hack as such.  There is no indication I'm aware of (but happy to be corrected if I missed something) that anything other than email addresses was obtained, but as above, even if it was compromised it's information that is "out there" anyway.

I'm all in favour of taking precautions but they've got to be proportionate to any potential loss and boycotting Thai Pass is well OTT if you ask me.  YMMV.

Edited by KWA
  • Like 1
  • Thumbs Up 1
Link to comment
Share on other sites

15 hours ago, KWA said:

The "hack" above was more likely an employee with access to the address book which he sold on, which of course is still a security breach, but not from a hack as such.  There is no indication I'm aware of (but happy to be corrected if I missed something) that anything other than email addresses was obtained, but as above, even if it was compromised it's information that is "out there" anyway.

I'm all in favour of taking precautions but they've got to be proportionate to any potential loss and boycotting Thai Pass is well OTT if you ask me.  YMMV.

Fair enough - up to you. But to make my view clear about TPass as I said before:

Thailand Pass is just one example - I believe that the information stored in that system will not be safe - especially in the future especially when that Section/Office is no longer used. Until I can apply at my local Thai Embassy for a Visa to visit Thailand (whose IT systems are designed and constructed and managed under Australian 'rules'), then we will not be applying to visit Thailand.   

You should check out these links - it is endemic across Thailand (and much of SEAsia):

Thailand's cybersecurity negligence causes personal data breaches - Nikkei Asia

A massive database of 8 billion Thai internet records leaks | TechCrunch

 

Link to comment
Share on other sites

7 hours ago, AussieBob said:

Until I can apply at my local Thai Embassy for a Visa to visit Thailand (whose IT systems are designed and constructed and managed under Australian 'rules'), then we will not be applying to visit Thailand.

So take that one step further to when the evisa system gets further rolled out.  It's a Thai MFA program and is hosted in Thailand with the applications being channelled by them to the appropriate Embassy.  It's obvious from the site it's a typical Thai program.

It has not been "designed and constructed and managed under Australian 'rules'", so will that put an end to visa applications for you?

Link to comment
Share on other sites

Some good info. here Bob, and I will read it more extensively when I get time.

 

Without question though banks (as well as many IT transactions) are something to very wary about. 

 

Best thing someone can do is check their statements regularly (even on a daily basis), and change passwords regularly. Nip issues in the bud.

 

Because of all the scamming and shit systems we end up with hyper sensitive security bots that can lock people out and create havoc with your accessability to your cash.

 

Changing locations often, VPN's, different devices, changing phone numbers, international phone numbers, etc. etc. etc.... cause security bots to go bonkers.

Brave New World of the internet, and digital banking ain't so brave. In fact IMO it's a real mess. We can thank the Ruskies, and other cyber crime fucks for a lot of it. Cunts !

 

 

 

Edited by Glasseye
  • Thanks 1
Link to comment
Share on other sites

15 hours ago, KWA said:

So take that one step further to when the evisa system gets further rolled out.  It's a Thai MFA program and is hosted in Thailand with the applications being channelled by them to the appropriate Embassy.  It's obvious from the site it's a typical Thai program.

It has not been "designed and constructed and managed under Australian 'rules'", so will that put an end to visa applications for you?

LOL - fair cop - but you know that is not what I meant.  The Thailand Pass is a new unique system hastily setup by the Junta when they got desperate for tourist's money to buy more gear/projects/pay debts - it aint been set up with future information security in mind.  I doubt when it is dissolved that they will take enough due care with the private information they have stored.   

The Thailand Embassy is under an obligation to 'protect' the private information regarding Australian citizens provided to them through Visa applications, and they therefore have things in place to comply with those obligations. The basics of each Aust is stored in Bangkok in the Thai Ministry of Foreign Affairs (more more secure than TP) - but a lot more is kept at the Thai Embassy in Australia and in the Aust Embassy in Thailand. The Thai Immigration Bureau (Police) also stores the information of Aust citizens - also much better than TP. 

But your point is fair enough - I will be in future applying - but after TP has become a memory. I reckon (hope) that the TP and masks etc will all be cancelled sometime in May and then a few months later I will start the processes to visit Thailand.  Why wait you ask 🙂 - too effin hot for a visit and to drive all over Thailand visiting people - and most of the hotels we stay at aint open yet - plus the airport and all the other 'tourist services' will need to be ramped up - and they will screw it up here and there for a while - 2-3 months should see it sorted - and prices will come back down too.

Link to comment
Share on other sites

Thanks - and everyone who checks/uses their bank accounts in Thailand should use a VPN.  The odds it will happen to you are not great - but if it does you will regret not being a little more careful.  Sure you can keep all the money in banks/places in home country and not therefore have a lot to lose, but it can be a real pain to be locked out of your accounts, and worse to have them 'confiscated', and maybe even some charges made against you.  Someone access your account and buys online pedo stuff and you will have to explain - while locked up in a Thai holding cell. 

Here's another tip - never never never store access names and passwords in your browser - never never never. Ok - so how do I make sure you never forget the name and password as we all do. Create a pdf file with a password to open - word will do, but pdf better - give it an obscure name and file in a folder on computer not at all related to IT/computer with lots of other files - you need to give it a password you will never forget, but not any of your online ones.  In that document write out a list of names and passwords - but use a code system eg  name = MWBYYYY (mother maiden name, wife official name, brother middle name, year thai wife born (Thai calendar)) - not all of them of course but a combo of at least 3. Yeh it is a pain to setup - but once up and running - it is great. I had to access Amazon a while ago (usually use EBay) and forgot name/password combo - opened file - wallah - 30 secs.  AND - back up your computer files (not just the system) every month to an external hard drive that you use bitlocker (same password as file) or something to open - and hide it somewhere from everyone - everyone - only do it when alone in the house.   Yep a pain in the arse to setup - but once in place you can be sure you are OK. I know what can happen and how easy it is to do - it was part of my IT career for decades. As they say, an ounce of prevention is worth a tonne of cure (but maybe that is a pound).    

 

Link to comment
Share on other sites

×
×
  • Create New...