True Internet’s transparent proxy has been compromised, giving the attackers the ability to insert pop-up ads and to spy on users for months before details were made public.
Users of True fixed-line Internet across the country have been complaining of odd pop-up ads.
Jacob says that users have been complaining about the popups for months but to no avail.
However, hours after the technical details of the attack were published, the hijacking ceased. Whether it was True engineers waking up and fixing the problem or the hackers deciding to cover their tracks was not clear.
The way the attack was carried out calls into question Thailand’s censorship by proxy system that all ISPs apply. While this attack seemed to have only served compromised .js files that inserted ads, more dangerous payloads could have easily been inserted. It also would allow whoever controls the proxy to monitor the internet usage habits of users.