Political repression unabated

Cyber-snooping, lawfare, and locking up opponents without bail seem to be the regime’s main means of repressing opponents, including monarchy reform activists. But, as Thai Lawyers for Human Rights reports, so is heavy-handed harassment.

TLHR refers to the regime’s “abuse of authority,” saying that the harassment “of citizens and activists at their homes, offices, and education institutions without any warrants regularly occur, thereby normalising the situation.”

TLHR calculates that, “since the beginning of 2022, citizens and activists have been harassed at home or summoned to talk – 83 between January and February (including 9 youths), 66 between March and April (including 8 youths), and 42 between May and June (including 4 youths).” In addition, “between January and June 2022, there are at least 191 individuals being followed/harassed. Among this number, there are 19 youths under the age of 18 (two of which are only 13 years old).”

They suggest that these data are under-estimates. The scale of regime harassment of political opponents is widespread.

Regime cyber-spying

In commenting on the regime’s Pegasus hacking of his phone, Prajak Kongkirati, an academic at Thammasat University, told VOA News: “It’s very scary…. It’s like the 1984 novel,” referring Orwell’s dystopian novel about the surveillance state. He added: “But this is in real life, it’s really happening.”

The team that outed the spies is “continuing to search for more targets…”.

Yingcheep Atchanont, iLaw’s program manager, stated: “So far we have only some names in our heads that we think they should be checked, but I know there are more people who can be targets…. We believe that if the government possesses this weapon, the victims will be much more.”

In fact, Prachatai has already reported that Phicharn Chaowapatanawong “a Move Forward Party MP has claimed 5 more victims of state-sponsored spyware attacks using Pegasus. 3 are his party colleagues and 2 are core figures in the Progressive Movement, a splinter group from the dissolved Future Forward Party. Most attacks were timed to coincide with bold speeches in parliament.” They are:

• Bencha Saengchantra, MFP MP, attacked three times,
• Chaithawat Tulathon, MFP Secretary-General and MP, attacked once
• Pakorn Areekul, former activist and former MFP MP candidate, attacked twice,
• Pannika Wanich, Progressive Movement spokesperson, attacked twice,
• Piyabutr Saengkanokkul, Progressive Movement Secretary-General, attacked eight times.

 

Updated: Cyber-snooping

A few days ago we posted on agreements between the military-backed government and the cyber agencies of China and Israel.

On the agreement with Israel, a new revelation of cyber-snooping in Thailand aimed at political and monarchy reform activists, shows the use of the Pegasus spyware developed by Israeli security firm NSO.

Clipped from Popular Mechanics

The report states:

At least 30 Thai activists involved in pro-democracy protests were victims of Pegasus spyware during a government crackdown on dissent, according to an investigation by a group of internet watchdog organisations.

The individuals – who include academics, activists and civil society leaders – were monitored by an unnamed entity using the Israeli-made software during the past two years, according to the results of a forensic investigation released on Monday.

The results of the investigation came out yesterday in a seminar in Bangkok. See more here, including links to the report and the list of those who, so far, have been identified as victims.

Canada’s Citizen Lab and Thai NGOs iLaw and DigitalReach investigated “after six Thai activists received notifications from Apple in November 2021 advising that they had been the victims of ‘state-sponsored attacks’ intent on distributing malware.”

Citizen Lab “could not definitively tie the spyware attack to the Thai government but its investigators concluded there is at least one known Pegasus operator currently in Thailand.” NSO says it only sells the spyware to governments:

Emilie Pradichit, founder of the Manushya Foundation, a Bangkok-based human rights non-profit, said it would be “no surprise” for the Thai government to target its critics with spyware.

“The government’s goal is to truly put an end to the pro-democracy movement by exhausting activists physically and mentally in order to maintain the establishment in power,” Pradichit told Al Jazeera.

“Now, more than ever, we must mobilize and join forces to resist Thailand’s digital dictatorship and ensure pro-democracy activists remain strong and brave and can care for themselves as a priority.”

Update: After initial denials, the regime has admitted it uses Pegasus. In a surprise, Minister of Digital Economy and Society, Chaiwut Thanakamanusorn, “said in parliament late on Tuesday that he is aware of authorities using spyware in “limited” cases but did not specify which government agency used such software, which programme was used or which individuals targeted.” We all know who is being targeted -the regime/monarchy’s opponents. Chaiwat admitted this when he said the program was used in matters regarding national security. That’s now code for the monarchy.

And we can guess that the users are the military/ISOC/palace associated units.

National security and cybersecurity

We had a couple of posts on “national security” recently and feel the need to continue on that theme following two recent agreements signed by the regime. Both articles are deeply disturbing when it is considered that both partners have long records of human rights abuses.

One article in the Bangkok Post reports that Thailand’s National Cyber Security Agency has signed an MOU with the National Cyberspace Administration of the People’s Republic of China…”. When authoritarians come together on something like this, it should be deeply troubling.

According to the report, the “purpose of the MOU is to develop cooperation in the field of cybersecurity between the the NCSA and CAC through exchanges of information, skills and experiences. This in turn will support technological innovation, economic growth and social development. In Chinese-style officialese, it is said that promoting cooperation in cyber affairs “will help achieve peace and stability in cyber dimensions, reduce the risk of cybercrimes and increase opportunities for economic growth and prosperity through digital commerce.”

Such notions, pasted onto Thailand’s national security infrastructure that is unusually focused on the monarchy and political opponents, the impression is of deeper cooperation between authoritarian regimes on cyber-snooping and political repression. We have posted plenty on Thailand’s cybersecurity. Tech site The Register has this recent news on China’s.

Another article at the Bangkok Post reports an MOU with the Israeli National Cyber Directorate, “to enhance cyber security collaboration and protect the public from cyber threats.” The Israeli ambassador to Thailand said: “Israel has been fighting in wars for so many years, and when we are fighting a war, we know who the enemies are. We know where the borders are. But cyber attacks don’t have locations or borders and this isn’t something we can deal with alone. If we want to deal with it effectively, we have to collaborate and learn from each other…”. On Israel’s cyber-snooping, see an example here.

Thailand’s National Cyber Security Agency secretary-general, Gen Prachya Chalermwa (of course he’s a general!), said “his organisation was established to prevent, cope with and mitigate any risk from cyber threats, especially in protecting the country’s critical information and infrastructure.” That is all well and good as there’s plenty of reason to deal with cybercrime. But, Thailand doesn’t fight external wars; it goes in for domestic political repression.

Regime work: rigging elections, more security, spying on kids, and economic sabotage

It has been quite a week. Below we link to some of the regime’s most recent machinations.

Perhaps the biggest story was the remarkable about face by government parties on party lists for the next election (if we get that far).

As Thai Newsroom reports, “lawmakers faithful to Prime Minister [Gen] Prayut Chan-o-cha today (July 6) dumped the mixed-member-majority system and instead endorsed the mixed-member-proportional system for use in the next general election, fueling the criticism that the executive branch has unduly interfered in the business of the legislative branch.” As the Bangkok Post explained it via a headline, “Parliament chooses MP calculation method favouring small parties.” This is little more than vote-rigging in the manner of the period before the 2019 election. More than that, even the deputy secretary-general of the Election Commission “said the calculation formula of dividing 500 would be problematic because it would result in the number of list MPs exceeding the official number of list MPs set by the constitution.” Constitutionalism seldom bothers the regime. Why is this being done, especially as the government parties had to backflip on their earlier position? The Bangkok Post is succinct: “The move came after the use of 500 received the green light from Prime Minister [Gen] Prayut…, in what is seen as a bid to prevent Pheu Thai from winning a landslide in the next poll, sources said.”

On “national security,” it is reported in The Nation that “Cabinet on Tuesday approved a draft royal decree to exempt enforcement of the Personal Data Protection Act (PDPA) on agencies related to national security, public safety, tax collection, international cooperation and legal procedures.” That means that “national security” agencies can continue to abuse the population. Added to this, the Royal Thai Air Force is expanding its capacity for cyber snooping. While this is said to be a move that “aims to enhance the RTAF’s non-combat operations, which include disaster mitigation, as well as search and rescue efforts,” in Thailand it can be expected that the cyber unit will target regime opponents and those it considers anti-monarchist.

While on “national security,” Thai Enquirer reports on police (and, PPT would add, military) surveillance of students. It refers to a recent event:

1. No Coup 2. Liberty 3. Democracy

On Monday, a uniformed officer was spotted inside Ramkhamhaeng University telling university students to change the questions on their survey.

The question that disturbed the officer was, ‘should Prayut continue to run the country?’

The answers were overwhelmingly, NO.

The police saw it as their duty to prevent this.

It got worse when some royalist regime supporting university “administrator” wander out “to ask the university students to conduct another activity that is more ‘creative’ than this.” And, worse still, “on Tuesday when two uniformed officers were spotted inside Triam Udom Suksa School.” In this instance, the police were there to support the royalist regime supporting administration in its increased repression of teenagers: “The officers were there to monitor a protest against uniform and hairstyle regulations.

It seems that all students are now threats to “national security.”

Did anyone mention independent central banks? Not in Thailand. Thai Enquirer reports that Finance Minister Arkhom Termpittayapaisith “on Wednesday told the Bank of Thailand (BoT) to prepare to address the weakening of the Thai baht, which has fallen against the US dollar to its lowest level since December 2015.” Dutifully, the Bank of Thailand immediately announced it “will hold a media briefing on the policy interest rate and the baht on Friday at 10.30am, as the local currency trades at its weakest level in more than six years against the United States dollar.” If the regime is controlling the Bank of Thailand, the country’s in trouble.

Holidaying elsewhere

An example of the regime’s economic “capacity” was provided with the quite bizarre Tourism and Sports Ministry thought bubble to introduce dual tariffs for hotels. In a situation where the regime is now desperate to get tourists back to Thailand, the ministry “plans to ask hotel operators to implement a dual-tariff structure under which foreign visitors may be charged rates similar to pre-pandemic days while locals may continue to enjoy discounted rates…”. A government spokesperson reckoned this would “maintain our standards of rates and services for foreign tourists, which affects the perception of country’s tourism brand…”.

We’d guess that if this addled idea goes ahead it would likely prove a disincentive for some tourists. We’d also guess that hotels are better at price-setting than the regime.

State-sponsored attackers

Prachatai reports that “[s]everal pro-democracy activists and academics have reported receiving an email from Apple warning them that ‘state-sponsored attackers’ are [or may be] targeting their devices.”

The activists have “received an email from Apple saying that it believes that he is being targeted by state-sponsored attackers who are ‘trying to remotely compromise the iPhone associated with [his] Apple ID’ and that, if the device is compromised, these attackers may have access to ‘sensitive data, communications, or even the camera and microphone’.”

Most of those who received the message are anti-regime activists but also included were several academics, including Puangthong Pawakapan, a lecturer at the Faculty of Political Science at Chulalongkorn University, Prajak Kongkirati, a lecturer at the Faculty of Political Science at Thammasat University, and independent researcher Sarinee Achavanuntakul.

Worryingly, those targeted included Yingcheep Atchanont from the legal monitor group, iLaw. It seems clear that the regime is now angling to destroy or limit one of the few groups monitoring the regime’s lawfare.

The spyware used is probably Pegasus, made by the Israeli NSO Group and mostly used by governments, armed forces, and intelligence agencies. Last week, Apple issued a press release “stating that it has filed a lawsuit against the NSO Group and its parent company ‘to hold it accountable for the surveillance and targeting of Apple users’ and is seeking a permanent injunction to ban NSO Group from using Apple products.” The press release also stated “that Apple is notifying the targeted users and that it will continue to do so whenever it discovers activities likely to be state-sponsored attacks.” Apple had also updated its operating system to limit these attacks.

Thai Enquirer reports that opposition parties, including Puea Thai and Move Forward had made the reasonable accusation that the regime is “behind the latest wave of cyber-attacks targeting activists and critics.”

The regime confirmed this by declaring “that there is no evidence to back their allegations.” It doubled down on this confirmation through a blatant lie, with a spokesperson declaring: ““We insist this is untrue, the government respects individual liberties…”. Everyone knows this is buffalo poo.

Move Forward logically concluded that it is “the military’s secret budget [that] was used to fund such attacks.”

Meanwhile, the Bangkok Post reports that Dechathorn “Hockhacker” Bamrungmuang, from Rap Against Dictatorship, “vowed not to be silenced … after he and at least five other government critics received messages from Apple warning that state-sponsored hackers could be targeting their phones.”

Ominously, he added: “I think the state won’t stop at this.”

Army trolls

Thai Enquirer reports that Twitter has revealed that the Royal Thai Army has at least 926 accounts used in “information operations” against anti-government figures and opposition politicians.

Since the 2006 military coup and more intensively since the 2014 coup, huge budgets have gone to “cyber security,” including the use of cyber vigilantes. State agents have long targeted “opponents,” disrupted and trolled.

Twitter’s report on state-backed “Information Operations” is about “attempts to manipulate Twitter to influence elections and other civic conversations by foreign or domestic state-backed entities.”

The most recent Twitter report disclosed “five distinct networks of accounts … of state-linked information operations.” The accounts were “attributed to Iran, Saudi Arabia, Cuba, Thailand and Russia.” Twitter states that it has “permanently suspended all 1,594 accounts associated with the five networks, for various violations of our platform manipulation policies.”

On Thailand it states:

Our investigation uncovered a network of accounts partaking in information operations that we can reliably link to the Royal Thai Army (RTA). These accounts were engaging in amplifying pro-RTA and pro-government content, as well as engaging in behavior targeting prominent political opposition figures.

We are disclosing 926 accounts today and continue to enforce against small-scale activity associated with this network, as we identify it.

At the Twitter pages the data on Thailand can be downloaded.

Meanwhile, a report on the operations associated with the 926 accounts has been released by the Stanford Internet Observatory. This report provides some “relief” as it found the Army was not very good at this information operation:

Of the 926 accounts, only 455 actively tweeted, producing a total of 21,385 tweets in the takedown. The network was used primarily to promote pro-government and pro-military positions and accounts on Twitter and to attack political opposition, particularly the Future Forward Party and Move Forward Party (FFP and MFP, respectively). This was a coordinated but low-impact operation: most accounts had no followers and the majority of tweets received no engagement (calculated as the sum of likes, replies, retweets, and quote retweets). This might be due in part to the operation’s limited duration: most of the accounts were created in January 2020 and the network largely stopped tweeting by March 2, 2020. Activity was heavily concentrated in February 2020 with notable spikes around the Korat shooting, a mass shooting in which a soldier killed 30 people, and the dissolution of the FFP.

Digital security

A reader who is far more literate about these things than us, sends some advice. As always, we urge readers to be critical and careful in using digital material (including suggestions from others):

Many of these activists have security literacy, but I expect that most do not and this knowledge will help to protect them as they exercise their rights.  This is really important at this stage and I am certain I am not the first to flag this.

One useful approach is the idea of a live OS that can be installed onto a USB drive and will mask the host system information from both the ISPs and the websites.  These are systems that you can plug into any computer and boot as if it is an alternative operating system without damaging or changing the machine.  Most importantly, none of the activity will be logged on the machine because it will bypass everything except for RAM.  This means that students can insert them onto school machines secretly without being tracked, but also at home without risking their family security or incurring punishment.  The challenge is that forcing the machine to boot the USB will require pressing a special key as the machine turns on, usually Esc or one of the F# keys, and this depends on the machine itself.  If someone can figure out how to install these (unetbootin is the best tool: http://unetbootin.github.io) then they will be savvy enough to google their computer.

Lastly, people should go through their settings and update privacy, such as on web browsers to delete personal data (cookies, history, passwords) on exit.  They should consider not using Google anymore and opt for privacy ones like DuckDuckGo (not strong on Thai language support though).  Also to check out various browser extensions and tools from Electronic Frontier Foundation (EFF) (https://www.eff.org/pages/tools).  People should be compartmentalizing their online activity and start getting used to using private windows by default.

The suggestions are endless, so I’ll stop here and highlight some that I’ve worked with:

TAILS OS – a USB-based system that is fully encrypted and can be moved from physical systems without wiping the installation.  It will force all web traffic through a TOR network.  It is useful for standard work, such as document production, media editing and other basic tools a user needs because you can save your work and resume at a later time.  Those of you who are journalists might be familiar with this because it was promoted by Edward Snowden.  (https://tails.boum.org/install/index.en.html)

Kali Linux (Live) – a standard Linux installation but it is a “live” version that you can boot without affecting the rest of the machine.  Each boot session will be fresh and all work will be wiped when you exit, but the usb itself won’t be encrypted so it will be clear what it is to anyone who checks it.  Kali is meant for hackers so it is full of technical tools to do a range of good and bad activities, but this means that it is designed for anonymity.  (https://www.kali.org/downloads/)

Any Linux Live – Linux is pretty useful because it is free and most distributions offer live versions that can be burned to an optical disc or USB that will let you boot into any machine (more challenging for Mac).  These are not designed for privacy per se, so users will need to do some preliminary work to protect the machine.  (https://distrowatch.com)

Other tools:

Web Browsers:

TOR Browser – easy to use, but there is a security vulnerability for Mac and Linux users that has been floating around lately and may or may not be fixed.  Also looks very suspect if installed.  Many sites don’t work well with TOR enabled, though, and sometimes setting up the connection can be challenging.  Not sure the level of integration with EFF tools in latest releases.  (Windows, OSX, Android, iOS, Linux) (https://www.torproject.org/)

Brave Browser – a common browser that incorporates EFF tools by default and doesn’t arouse suspicion.  Value is that it has a native TOR feature on desktop versions that is very easy to use.  Same problem with sites when using TOR.  (Windows, OSX, Linux)(https://brave.com/)

Opera Browser – a more common browser that has a native free VPN for desktop versions, which is useful for some limited privacy.  Should install EFF tools as extensions. (Windows, OSX, Linux) (https://www.opera.com/)

Virtual Machine:

VMWare Workstation Player – a virtual machine inside an existing machine and can be any OS on any kind of host machine, including OSX on a windows machine etc, so it’s fully private for the individual user. But setting one up is time consuming, especially with creating a bridge for internet while the host system only uses Wifi.  It’s useful for testing whether an attachment has a virus or malware, but it is very resource intensive on RAM and CPU, so machines will overheat.  If accomplished, though, you can carry around a full system of any sort and move it between a few machines without leaving a trace on the host, other than the fact that VMWare is installed. (https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html)

Seeking safety in cyberspace

At Quartz, there’s discussion of efforts to find safety on line. By “safety” is meant avoiding visits from the police and military for what one reads and writes online.

It begins by quoting Sarinee Achavanuntakul, an independent commentator and associated with the Thai Netizen Network, who discarded Twitter: “Say goodbye to Twitter and meet at Minds.”

Many are now “wary and distrustful of Twitter over a recent string of developments on the platform that sparked privacy concerns.”

After Facebook became unsafe, patrolled by state and reporting to authorities, with several arrested and charged with lese majeste, Thais turned to Twitter.

Now, they worry about Twitter:

The most proximate cause was an update to the platform’s privacy policy on May 19, set to take effect globally next month, allowing Twitter to share device-level data like a user’s IP address with business partners. The policy update came just days after Twitter launched an official Twitter Thailand account, with an accompanying blog post noting that Twitter has partnered with local NGOs and the government. To Thai Twitter users, that was a huge red flag, sparking fears that incriminating user information could be shared with the government.

Sarinee said the “newly set up official Twitter Thailand account was ‘very tone deaf, boring… using official language’…”. For many, when a Twitter spokesperson said the company is “committed to serving an open and public conversation in Thailand and will continue to be transparent” it sounded something like an admission that it is now working with the repressive state.

The, in February, “a Thai Twitter user was arrested for allegedly posting a tweet that insulted the monarchy. It was the first arrest directly linked to a tweet…”. Other users, some of them critical of the monarchy, began to get “visits” from the authorities.

Some users have turned to Minds. It is described this way:

Minds has become popular for its commitment to privacy, decentralization, optional anonymity, radical transparency, free speech, and user rewards in contrast to the surveillance, secrecy, censorship, and algorithm manipulation occurring on many proprietary social networks.

Calling on the military

It is well understood, almost everywhere, that the current regime is born of and remains a military regime. Sure, that it created a military-backed party has confused some world leaders or allowed them to ignore the martial nature of contemporary Thailand, but Gen Prayuth Chan-ocha’s regime relies on the military, perhaps as much as it did before it entered this civilian charade.

Turning from being a self-appointed prime minister to one voted on largely by minions the junta appointed to the senate, Gen Prayuth moved to cement his relationship with the military by making himself Minister of Defense. Chairing his first Defense Assembly session, Gen Prayuth:

… urged leaders of the armed forces and related departments to work in unison to support the government’s policies, especially on cooperation with the Ministry of a Digital Economy and Society, the National Security Council, and other agencies, on the enactment of cybersecurity related bills. He called on them to come up with suitable responses to cybersecurity threats in the future.

Clipped from Philosophers for Change

He also urged the defense agencies and the Internal Security Operations Command to ensure safety, apparently giving ISOC a tourism role. Perhaps this can be considered in line with increased efforts to increase the surveillance of foreigners in the country that ranges from tracking location and SIMs and monitoring the use of funds.

The message is clear: the military and Prayuth’s regime are joined at the hip. That connection means Thailand’s government is looking rather like a surveillance state.