here are the keywords and an outline.
timely story in progress.
Cyber-attacks from Thai Homeland Security
The Thai equivalent of our DHS didn't exist until 2004, and got a tremendous boost on January 1, 2007.
Their domain registration helps document their history:
Domain Name: CDPM3.COM|
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: MYNA.CAT.NET.TH
Name Server: TEAL.CAT.NET.TH
Updated Date: 11-dec-2007
Creation Date: 08-dec-2004
Expiration Date: 08-dec-2008
I wasn't able to connect the dots until today when I witnessed a series of attacks against a server which hosts stories of genocide in Myanmar, and amphetamine distribution in Thailand produced under the direct protection of the military junta. Our own DEA has documented this drug trade (in addition to vast opium exports), and I have also found some translations of first hand accounts from Thailand.
The "Friendship Bridge" is important for a number of reasons. It is a conduit for illicit cargo. Some of the cargo is human. These are the victims of an oligarchy that has manipulated both nations for the past decade, an oligarchy that will use the disaster today to accomplish a goal they have long sought. And the oligarchy has fought on every front, including the frontiers of cyberspace.
Spam, phishing, and cyber-attacks of every type seem to be the full time occupation of most servers with asian addresses - but it is at least odd find "hacking tools" on the server of a nation's Homeland Security Department. And here are some more details from Bangkok:
Department of Disaster Prevention and Mitigation
3/12 Utongnok Road
Dusit, Bangkok 10300
Domain name: CDPM3.COMAdministrative Contact:
3/12 Utongnok Road
Dusit, Bangkok 10300
Registration Service Provider:
Registrar of Record: TUCOWS, INC.
Domain servers in listed order:
cdpm3.com IN SOA myna.cat.net.th cdpm3.com IN NS myna.cat.net.th cdpm3.com IN A 184.108.40.206 10.100.19.61.in-addr.arpa IN PTR www.cdpm1.com
The incriminating URL, where evidence exists right now:
You won't want to enter it with a "?" at the end, or the command in the text file may be launched. That's how it is used by hackers at remote locations, such as the folks at IP 220.127.116.11
And here is an example that I witnessed in real time, and blocked via htaccess:
The hackers have named their server:
air176.startdedicated.com.1976 was the last year that Air America would fly, thanks to the investigations led by Frank Church.
Wikipedia has some good background for the current intrigue. Please read:
Air America was an American passenger and cargo airline covertly owned and operated by the Central Intelligence Agency (CIA) from 1950 to 1976. It supplied and supported covert operations in Southeast Asia during the Second Indochina War. Air America2 important figures are Vang Pao and Eli Popovich. The role Popovich played has been kept secret until recently. The accounts by Alfred W. McCoy are authoritative. The "historian" Leary, of the Univerisity of Georgia, remained in the pocket of the CIA, and thus was spared the threats to his life that McCoy endured.
You won't easily find out who is really operating the server on North Tucker Road in St. Louis, MO where the subdomain
air176.startdedicated.com.is hosted.Try the abuse contact at
http://server4you.netif you want to waste your time. It is a subdomain delegated from 18.104.22.168, hosted in Germany by "PlusServer" at intergenia.de
Role of Burma (Myanmar) and Thailand in the economy of South Asiakeywords and notes:
"Alfred McCoy" opium, burma, namebase, "golden triangle", warlords, afghanistan, WA Amphetamine empire, engagement with unocal
When I originally published "New Years Bombing in Bangkok" from wire stories and tourist reports on New Year 2007, I couldn't figure out why it was so popular. Now I am beginning to understand.
The great game continues in Myanmar (world's top opium producer in 1999), but I have not yet had breakfast. Enter the keywords above into google, and you'll have the background for my story.David Roknich,