Nearly 100 Thai government websites were hacked and used to send malware in April, according to an online security expert.
More than 500 distinct attacks were launched from these websites, representing about 85% of all government-hosted malware in the world, Paul Mutton posted on the website of Netcraft Ltd, an internet services company based in Bath, England, on Tuesday.
Seven of the hacked sites belong to Thai police forces, such as the Narathiwat Provincial Police website at narathiwat.police.go.th, where hackers have appended a large chunk of malicious script to the page, wrote Mr Mutton.
Thai military websites were also compromised during April.
For example, the Thai Navy website at www.navy.mi.th was involved in a phishing attack which targeted Visa cardholders in late April. A page surreptitiously planted on the Navy's server was used to redirect victims to a different website hosted in Malaysia, which attempted to steal card details. The Malaysian website has since been taken down, but the redirection page on the Thai Navy website is still present today.
All of the hacked Thai government websites use the .go.th second-level domain, which is eligible to be registered only by government entities in Thailand. The .th top-level domain is administered by T.H.NIC Co Ltd (THNIC), which provides its domain registration services under a policy managed by the Thai Network Information Centre Foundation, and allows domain names to be purchased through THNIC authorised resellers.
The .th is also the fourth phishiest top-level domain. Netcraft currently blocks 310 phishing sites under this domain, which is rather significant given that there are fewer than 100,000 .th sites in total.
“Government sites typically confer a greater level of trust than other types of websites can, but in Thailand, many are evidently used to host phishing sites and conduct drive-by malware attacks. Cleaning up these attacks is unlikely to be Thailand's number one priority at the moment — the country has been in a state of paralysis since government elections were obstructed by protesters, and last month, there were concerns that the situation could escalate into civil war,” Mr Mutton wrote.
Chinese government websites (.gov.cn) hosted the second largest number of instances of malware last month, accounting for more than a tenth of all government-hosted malware. Between them, Thailand and China alone hosted 95% of all government-hosted malware during April. For comparison, during the same month, no malware attacks were reported on US or UK government websites (.gov and .gov.uk).
Source: Netcraft Ltd