While the protests might be over, no one can guarantee our safety in cyber space.
With anonymous proxy applications, viewers can access blocked websites such as www.norporchorusa.com through the browser.
Digital technology has become the weapon of choice in times of conflict. During the recent political unrest in Thailand, an intense war of information has been waged between the government and its opponents, the United Front for Democracy Against Dictatorship (UDD), in cyberspace.
Both have the knowhow, but it is believed that the UDD has adopted more advanced technology than even the government.
While the government has been attempting to block controversial websites via the traditional URL filtering approach with co-operation from ISPs, the UDD responded by developing a browser toolbar to enable less tech-savvy users to circumnavigate the usual typed URL approach and facilitate access to the movement's Internet radio and TV broadcasts and chat rooms.
Furthermore, connectivity for the UDD's applications do not utilise the same general ports commonly used by Internet browsers, namely TCB 80 (http) or TCP443 (SSL/https). This renders the traditional URL-filtering blocking mechanism ineffective since it only works well when blocking web pages, not Internet multimedia streaming.
The URL filtering technology has further drawbacks still. For example, the top-level http://www.xyz.com can be blocked, yet subsequent pages inside the website, such as http://www.xyz.com/abc, are still accessible. That's why websites such as http://www.prachathai.com/xxx cannot be blocked, because the whole address does not match with any flagged string. The current system employed by the ICT Ministry in conjunction with ISPs can do nothing to resolve this case.
The UDD has effectively employed the Internet as tool to spread its ideology and increase the psychological impact of the information it distributes. The group has trained its followers to access its broadcasts and media across several channels, such as Internet, GSM, 3G, VoIP, Wi-Fi, terrestrial television, satellite TV, cable TV, IPTV, analogue radio and Internet radio.
Viewers can download and install the UDD's Norporchor toolbar to access dedicated websites, or the UDD Thailand Player to view IPTV broadcasts.
When the government's expert team analysed the network with the aim of identifying the source and thereby blocking access to, and broadcasting from, the UDD Thailand Player, they found that the Red Shirts had intelligently applied Cloud Computing technology by running Google Appspot and Microsoft Horizon from two locations of servers in the US - Mountain View, California; and Redmond, Washington.
The UDD also has identified how to access blocked web sites via anonymous proxies. Viewers simply download the proxy application, which will run through the browser and enable users to access any banned content.
"With this software, users can prevent the government from identifying their IP address," said the source.
Based on in-depth correlation technical analysis of the UDD network, it was found that Norporchor IPTV transmissions have been made via different Prachathai domains registered with the GTLD (general top-level domain), including prachatai.com, prachatai.net, prachatai1.com, prachatai.org, prachatai board.com, prachathai webboard.com and sameskyboard.com.
Security experts analysed the correlation betweeb the web servers of the Prachathai domain and other domains and found four IP groups that have no association with each other. So they further explored the correlation between the DNS server and the mail relay server.
Based on the intelligent data gathering with correlation technical analysis at the DNS server, they found that the four IP groups comprised of one big group and two small groups.
At mail relay server level, they found the UDD technical team had applied Web 2.0 technology via Google applications, with only one big group and one small group, and they identified the webmaster of Prachatai and finally the correlation with the Norporchor network.
To tackle the matter, the government's security team suggested using a new technique called "In-depth intelligence information gathering" and the established in-depth IP package analysis technique. It has been suggested to the government that it considers setting up a cyber security intelligence team to support in-depth correlation analysis and also implement Common Lawful Interception Architecture (CALEA) at Thailand Internet Core to facilitate in-depth analysis of malicious Internet communications. This would be carried out under the umbrella of the national-level cyber security council.