BANGKOK — A 39-year-old Singaporean man known in cybercrime circles as “Desorden GhostR” was arrested yesterday in Bangkok, Thailand, ending a four-year campaign of data breaches that compromised sensitive information from at least 20 Thai companies.
The Thai Central Investigation Bureau (CIB) and the Technology Crime Suppression Division (TCSD) have jointly arrested a 39-year-old Singaporean man, identified only as “Mr. Chia,” in connection with a series of high-profile cyberattacks affecting numerous Thai businesses and individuals.
Authorities seized multiple computers, notebooks, mobile phones, storage devices, and luxury assets including high-end vehicles and designer bags valued at over 10 million baht (approximately $300,000) from his residence in the Ramkhamhaeng area of Bangkok.
The suspect faces multiple charges including unauthorized access to protected computer systems and data, attempted extortion, and illegal residence in Thailand after his permit had expired.
Global Hacking Operation Uncovered
The arrest follows complaints from victims who discovered their computer systems and personal data had been breached without authorization. Investigators identified a suspicious X (formerly Twitter) account operating under the name “0mid16B Group” with the handle @0mid16B that had been posting and exposing customers’ personal information, causing significant damage to the affected companies.
Through joint investigation with Singapore Police Force’s Technology Crime Investigation Branch (TCIB SPF), authorities determined that the activity matched the pattern of a notorious hacker known as “Desorden GhostR,” a globally recognized figure in the cybercriminal underground.
Extensive Data Theft Network
According to investigators, the hacker targeted systems across multiple countries. Upon successful infiltration, the perpetrator would sell stolen data through darkweb marketplaces frequented by illegal data traders and buyers.
The breakthrough in the case came after extensive technical investigation and collaboration between Thai and Singaporean authorities, which led to the identification of the suspect. With sufficient evidence, investigators obtained a search warrant from the Min Buri Criminal Court.
On February 26, the investigation team executed the search warrant at the suspect’s residence, where they discovered clear evidence linking the suspect to the online alias “0mid16B.” The suspect reportedly confessed to writing code specifically designed to attack the victims’ data systems and databases.
According to annual reports on unauthorized database infiltration activities, Desorden GhostR has attacked approximately 20 database systems in Thailand and more than 50 in other countries since beginning operations in 2020.
_____________
