A 39-year-old hacker suspected of orchestrating a series of international data breaches was arrested in Thailand on Wednesday, February 26. The arrest follows a joint effort between the Singapore Police Force (SPF) and the Royal Thai Police (RTP), marking a significant milestone in the fight against cybercrime.
Background of the Investigation
The investigation into the hacker’s activities began in 2020 when 11 victims in Singapore reported receiving ransom demands from multiple threat actors operating under various aliases, including ALTDOS, DESORDEN, GHOSTR, and 0mid16B. However, further analysis by SPF revealed that these identities were likely linked to a single threat actor responsible for at least 75 data breaches worldwide.
Authorities suspect the hacker exploited vulnerabilities in victims’ networks, gaining unauthorized access and stealing sensitive data. In cases where ransom payments were not made, the stolen data was allegedly published for sale online.
Collaborative Efforts and Arrest
Officers from SPF’s Criminal Investigation Department’s (CID) Cybercrime Command worked closely with Thailand’s Central Investigation Bureau (CIB) to exchange intelligence and coordinate enforcement actions. The suspect was identified based on leads uncovered during the investigation, leading to his eventual arrest.
Following the operation, Thai authorities seized assets valued at over 10 million baht (approximately US$295,000), including laptops, mobile phones, luxury vehicles, and high-end branded goods.
Assistant Commissioner of Police Paul Tay, Commander of SPF’s Cybercrime Command, emphasized the importance of international collaboration in combating cybercrime. “In the cyber realm, international cooperation is crucial as cybercriminals do not respect borders. The SPF remains committed to working closely with our regional partners. We extend our gratitude to the Royal Thai Police for their invaluable collaboration in dismantling this criminal network and making our cyberspace safer.”
Notorious Cybercriminal Activities
The alias ALTDOS first emerged in late 2020 when a securities trading firm in Thailand fell victim to a data breach. Since then, businesses across Singapore, Thailand, and Bangladesh have been targeted for financial gain.
One notable case occurred in August 2021 when Singapore-based real estate agency OrangeTee & Tie received an extortion email from ALTDOS. The hacker demanded a ransom of 10 Bitcoins in exchange for the safety and non-disclosure of its databases. The email also included video footage allegedly showcasing five stolen databases. Following the breach, the Personal Data Protection Commission (PDPC) fined OrangeTee & Tie S$37,000 for security lapses that compromised the personal data of over 250,000 customers and employees.
Another emerging alias, GHOSTR, gained prominence in August 2023, targeting entities across Southeast Asia. This cybercriminal group specialized in data theft, ransom demands, and the sale of stolen confidential information.
Ongoing Investigations
The SPF has confirmed that investigations into the hacker’s activities remain ongoing. This case underscores the persistent threat posed by cybercriminals and highlights the necessity of robust cybersecurity measures to safeguard businesses and individuals from malicious attacks.
With the arrest of this high-profile hacker, authorities worldwide continue to strengthen their efforts to combat cybercrime and enhance global cybersecurity frameworks.