Cyber Incident Victim: Ministry of Defence
Date:
Dec 2016
Location:
Thailand
Summary
Hackers conducted DDoS attacks against Thai government websites, including the Ministry of Defence, in retaliation for a restrictive internet bill enabling surveillance and censorship without judicial oversight. The attacks disrupted the defence ministry's site and targeted other agencies, with hackers leaking stolen documents. Officials claimed minimal impact but warned of potential damage to critical infrastructure. Privacy advocates and international organizations criticized the law's broad powers, while the government defended it as necessary to address harmful online content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 16, 2016, hackers affiliated with the Anonymous collective executed distributed denial-of-service (DDoS) attacks against multiple Thai government websites in retaliation for the passage of amendments to the country’s computer crime law. The military-appointed legislature had unanimously approved the bill earlier that day, granting authorities expanded powers to monitor private communications, access online content without judicial oversight, and implement censorship. The attacks directly impacted Thailand’s Ministry of Defence, rendering its website inaccessible for an extended period. Additional targets included the Ministry of Digital Economy and Society, the Prime Minister’s Office, and the Office of the National Security Council. A participant in the Anonymous campaign publicly claimed responsibility on Twitter, posting screenshots of documents allegedly exfiltrated from compromised government systems during the incident. Thai defence officials acknowledged the attack but asserted their systems were resilient to such disruptions, though they warned that escalated attacks could inflict significant damage to critical infrastructure sectors like finance and transportation.
The Thai government condemned the hackers as "thugs" attempting to sow chaos and urged citizens to report any related activities. Concurrently, privacy advocates and human rights organizations criticized the new legislation, arguing it facilitated state overreach. Amnesty International and the Thai Netizen Network submitted a formal petition opposing the law’s broad surveillance and censorship provisions, while the United Nations Office of Human Rights raised concerns about threats to online freedoms. Prime Minister Prayuth Chan-ocha defended the amendments as essential tools to combat harmful digital content, dismissing criticisms about excessive monitoring powers. The DDoS campaign highlighted immediate operational disruptions to government services and intensified public debate over the balance between national security imperatives and civil liberties in Thailand’s cybersecurity policy framework.