Agencies find clues on ‘9Near’ hacker
The Ministry of Digital Economy and Society (MDES) will ask the court to close down a website that hacked the personal information of 55 million Thais after finding more clues about the hacker.
According to media reports, a hacker named “9Near” posted on BreachForum — a website where personal data leaked from state agencies and private companies is sold and bought — that he had obtained the personal data of 55 million Thais, including names, surnames, addresses, birthdates, ID card numbers and telephone numbers.
The hacker also announced on the website 9near.org that: “If you think the information has leaked from your organisation, contact us by April 5 at 4pm, Thai time, otherwise we will reveal where the information has been leaked from and release all the information to the public.”
The website also shows a live online countdown.
The message was also sent via SMS to several well-known newscasters, including Sorrayuth Suthassanachinda, who posted on his Facebook saying he had received an SMS showing his personal data, including address, ID card number and telephone numbers.
Domestic internet service providers such as AIS, True and National Telecom have also been asked to block the website, while the Personal Data Protection Committee has been asked to check if any government agencies have reported any leaked information.
A Thai security agency source yesterday said the MDES, Cyber Crime Investigation Bureau (CCIB) and other state agencies are tracking down the hacker and found some clues from various sources, including websites and SMS messages.
Authorities are also checking the names of 55 million Thais and whether they are real or fake. However, further information cannot be disclosed as this would benefit the hacker.
In addition, the MDES is gathering evidence and seeking a court order to ask Cloudflare, a large global network of providers, to cease its services with the hacker’s website abroad.
Wetang Phuangsup, deputy permanent-secretary for the MDES, said a check has shown the domain name service provider, which is based overseas, has been asked to block the website since March 29.
It has yet to respond as it may be inspecting the website.