Information and Communications Technology Minister Anudith Nakornthap yesterday said relevant agencies need to investigate the report about the existence in Thailand of the X-Keyscore operation - a US National Security Agency (NSA) program that allegedly
Cyber-security experts in Thailand said it was possible that this country was one of the locations for the X-Keyscore operation. The program can be located at any data centre or at the servers of any organisation that lacked security, the experts said.
Anudith said the ICT Ministry, the National Broadcasting and Telecommunications Commission (NBTC), and network operators had to ensure network security.
“The NBTC has to regulate the operators to ensure that the network is secure and meets global standards. The country’s network security is a priority,” he said.
US whistle-blower Edward Snowden has revealed that X-Keyscore analyses the “widest-reaching” collection of online data. One set of documents he unveiled reveals that the program covers “nearly everything a typical user does on the Internet”, including the content of e-mails, online activities, websites visited and searches, and their meta-data.
According to documents provided by Snowden and reported on The Guardian’s website on Wednesday (Thursday Bangkok), one revelation shows red dots on the locations from where the X-Keyscore has been operating. The slide shows some dots that may cover Thailand.
The Nation tried to reach US Ambassador Kristie Kenney for her reactions on this report via Twitter but failed to get a response by press time.
Chaiyakorn Apiwathanokul, a cyber-security expert in Thailand and the chief executive officer and founder of S Generation Company, an information-technology security firm, said that technically this could be one of many countries where an e-mail trapper of this project is located. There are many possibilities such as locating the X-Keyscore program in servers at any data centres in Thailand and at servers of any organisation that lacked security. “Cyberspace is the new war domain. Countries with lower competency and regulatory measures have high chance of becoming a victim,” Chaiyakorn said.
Another Thai cyber-security expert explained that it was most likely the e-mail-trapping program was based at an Internet gateway that accommodated huge traffic.
He said it was not clear what the exact features of X-Keyscore are but there is software with a similar concept, designed to study the relationship between people by trapping their e-mails. This software traps e-mails sent between mail servers and then the software analyses the relationships of those people in the form of an infographic. This software can be used by analysts for several purposes.
“E-mail’s default protocol, Simple Mail Transfer Protocol [SMTP], is the standard for sending e-mails across the Internet. It is not encrypted, hence it is easily trapped in between the servers. Therefore, it is possible that the trapped e-mails will be used to spy on people’s online activities as well as activities on social media,” he said.
According to Twitter’s latest report on information requests from January 1 to June 30, 35 governments made 1,157 requests for user information about 1,697 specific Twitter accounts. The Thai government was not among the 35 that had made the requests. The United States made 902 requests about 1,319 specific Twitter accounts. (https://transparency.twitter.com/informationrequests/2012/juldec)
The US leads the way with 78 per cent of all requests received. The second-largest number of requests came from Japan with a total of 8 per cent of overall requests, up from 6 per cent in July-December 2012.
In Thailand, in June, the government launched a national effort to regulate cyber-security and implement measures against possible cyber-attacks with the setting up of the National Cyber Security Committee.
Anudith said at the committee’s first meeting in June that the three key strategies being drafted would focus on integration of national cyber-security, capacity building for rapid response to cyber-attacks, and protection of computer and online infrastructure.
In a response to The Guardian report, the NSA said any allegation of widespread, unchecked access to its collection of data was simply untrue. Access to X-Keyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks and every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law, the agency said.