Thailand’s junta leader and Prime Minister Prayuth Chanocha has vowed to use technology to crack down on suspected anti-royalist networks. In his policy speech to his hand-picked national legislative assembly Prayuth said, "We will use legal measures, social-psychological measures, and telecommunications and information technology to deal with those who are not mindful of their words, are arrogant at heart, or harbor ill intentions to undermine the important Institution of the nation.”
Soon afterwards, Thailand’s internet has suffered major slowdowns which hints of extra filtering installed at state-owned telco CAT Telecom’s IIG.
A network engineer at a dot com operating in Bangkok said that access to Amazon EC2 servers via CAT’s IIG was slow and intermittent while Digital Ocean remained unaffected. Reverse traceroute analysis from the various servers pinpointed the problem on the CAT network on the inbound side.
The engineer, speaking on condition of anonymity, said that it could be the rumored new censorship equipment being installed, or just another normal day of incompetent operations at the state-owned telco.
He was reluctant to pin it down on mass surveillance and noted that packets were routed differently. EC2 Singapore packets were routed from Equinix -> CAT- > True while Digital Ocean Singapore was routed SGIX -> True IIG -> True.
Amazon EC2 US servers were also affected, suggesting that the filtering is targeting EC2 hosted sites in particular.
Elsewhere, a source within one of the telcos said that governments had all been installing equipment in their gateways for the past seven years (IIG deregulation occurred in 2005). The source said that a lot of new equipment had been installed in his data center not long after the coup, but declined to elaborate further.
On Friday 12 September, Thaweeporn Kummetta, an activist at the Thai Netizen Network, published a report on news website Prachathai quoting two anonymous sources that a new era of mass surveillance in Thailand was starting on 15 September.
Earlier, TelecomAsia revealed on an ongoing man-in-the-middle encryption degradation attack aimed at port 25 SMTP traffic in Thailand. This could be used to syphon up email login credentials in certain limited scenarios or simply to make it easier to eavesdrop on any email that crosses Thailand’s national borders.