May 26, 2020 10:50:00

A database containing more than 8 billion 'Internet usage logs' leaked

It was found that Thailand's largest telecommunications company Advanced Info Service (AIS) had leaked more than 8 billion Internet usage records registered in the database, totaling 4.7 TB, and urgently brought down the database. It is reported that they have made it.

Thai Database Leaks 8.3 Billion Internet Records

https://rainbowtabl.es/2020/05/25/thai-database-leaks-internet-records/

AIS plays down 8.3bn-record leak
https://www.bangkokpost.com/thailand/general/1924012/ais-plays-down-8-3bn-record-leak

A massive database of 8 billion Thai internet records leaks | TechCrunch
https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/

Security researcher Justin Payne said he noticed that the database managed by Advanced Wireless Network (AWN), a subsidiary of AIS, is open to the public. The survey revealed that the database was made public on May 1, 2020 and was accessible to the public.

As of May 21, 2020, this database contained 8,336,189,132 documents. This document recorded approximately 3.37 billion DNS query logs and approximately 5 billion NetFlow logs from 20th April 2020 to 7th May 2020. Since AWN used a tool that can visually browse these log data, it means that the information 'who is accessing when and where' was published online in a way that anyone could understand. I will.

Of course, it is impossible to identify who the person who made this communication is, but even then, the person who made the communication 'what kind of device do you have and what kind of application you use' is stored in the database. You can tell immediately from the remaining logs. In fact, Mr. Payne analyzes the communication log of a single IP as an example, 'I have an Android device / Windows device / Apple device' 'I use Google Chrome and Microsoft Office' 'Daily Facebook / YouTube・ Identified the information that 'We are accessing WeChat' and 'We are using

ESET for virus protection'. 'The DNS query log should be treated as confidential,' said Payne.

Payne noticed a database leak on May 7, 2020 and contacted AIS several times from May 13 to May 21, but reports no response. Therefore, I asked Zac Whitaker, a reporter from IT media TechCrunch, to report to Thai CERT , a national computer emergency response team in Thailand. Then, on May 22, he said that he could not access the database.

In order to avoid such a situation, Payne said, `` By making DNS communication in transit secure by using DNS over HTTPS (DoH) or DNS over TLS (DoT), the Internet service provider (ISP) makes a DNS query. It should not be confirmed, recorded, viewed, or sold. ” However, major ISPs such as AIS are opposed to the introduction of DoH and DoT because 'DoH and DoT make filtering and parental control difficult.'

What are the concerns that major ISPs have about the technology 'DoH' that makes the Internet safer? -GIGAZINE

AIS spokesman said in a TechCrunch report, 'This database leak was the result of testing to improve the network and does not compromise customer data or cause financial damage.' We attach great importance to the privacy of our customers and always adhere to the highest international privacy standards. '