Facebook security compromised by Thai junta’s police fake “Spy Application”

Facebook is having lots of problem in Thailand, from a brief junta caused black out, to a horde of fascist Thai Facebook posting of physical violence threat on their enemies. Now the latest, is the Junta’s police creating a fake spy application to get information on Facebook users, to identify activist and help the junta capture them.

The following is from Prachathai (source)

Thai police create fake FB app to get Thai net users’ information, target users trying to open blocked sites

Fri, 20/06/2014 – 11:17 | by prachatai

Thai police have allegedly created fake applications to access Thai internet users’ personal information on Facebook if the users try to access blocked websites, the Thai Netizen Network reported on Thursday.

When users try to access a blocked website, they are sometimes redirected to a landing page called “tcsd.info.” The web page would delude the users into navigating to a suspicious application on Facebook called “Login.” If users consented to the app, the users’ accounts were compromised.

TCSD is the abbreviation of the Technology Crime Suppression Division Police. There also appear on the web page the logos of the Ministry of Information and Communication Technology, the Royal Thai Police, the TCSD and the Central Investigation Bureau.

“Sorry for the inconvenience. The information you requested is blocked by the Central Investigation Bureau, the Royal Thai Police, and the Ministry of Information and Communication Technology.” It also gives the address of the TCSD, if users have questions.

The four suspicious buttons on the web page are “close,” “sign in with Facebook,” “sign in with Google,” and “sign in with Microsoft.”

If users clicked “close” or “sign in with Facebook,” they would be sent to a Facebook page which asks the users to grant permission for an application called “Login” to access the users’ email addresses and public profiles.

If users clicked “sign in with Google,” they would be redirected to a Google page which also asks the users to grant permission for an application called “TCSD” to access same kind of information.

Image No.1 shows tcsd.info with a “Close” button on the top right and “sign in with Facebook” at the bottom. Image No.2 shows the consent page for the Facebook app “Login.” Image No.3 shows the information users provide if they grant permission for the app.

After the Thai Netizen Network, a NGO campaigning for Internet freedom, reported this on Thursday night, the “close” button disappeared on Friday morning. However, the “Sign in with Facebook” button is still on the page. If users clicked it, they would be sent to a consent page for the app called “TCSD,” which requests same kind of information.

In late May, Pol Maj Gen Pisit Paoin, head of the junta-appointed working group responsible for censoring the internet, told Thai media that the Ministry plans to spy on popular social media and chat applications in order to identify and arrest people who spread illegal content.

“We’ll send you a friend request. If you accept the friend request, we’ll see if anyone disseminates information which violates the National Council for Peace and Order (NCPO) orders,” the police said. “Be careful, we’ll soon be your friend.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s