Cyber Crime Wave
The Indo-Asia-Pacific is a global hub of digital crime, which has become one of the fastest-growing illicit activities on the planet
The luxurious mansion was supposed to be vacant. When Indonesian police investigators burst inside at 6 a.m. in late July 2015, however, they uncovered a bustling cell of an international cyber crime network.
A syndicate believed to be organized by a Chinese citizen living in Hong Kong recruited the 31 young Chinese and Taiwan nationals found inside. They had been operating for a month in the upscale residence in the Indonesian port city of Medan before the raid, according to an account in The Jakarta Post newspaper.
“They suddenly moved quickly to burn the evidence as we entered the house,” North Sumatra Police special crimes director Ahmad Haydar told the newspaper. Nevertheless, authorities seized 65 cellphones as well as laptops, routers, walkie-talkies and banknotes in five currencies.
Just a month later, in August 2015, a team of Jakarta, Taipei City and Chinese police broke up another cyber crime nexus of more than 90 Chinese and Taiwan nationals operating out of low-key offices around Jakarta. The scammers posed as public officials when they contacted businesspeople in China, promising to allocate projects to them in exchange for payment, Jakarta Police crime directorate head Krishna Murti told The Jakarta Post.
“The victims are mostly from China and Taiwan. The network itself was protected by big [criminal] organizations in Japan such as the Yakuza,” Krishna said. “The crime involves four countries.”That’s a leading challenge posed by digital crime: It often involves many countries. Hackers operate in a borderless Internet where geographic and political boundaries have little meaning.
This is an especially acute problem for the Indo-Asia-Pacific region, which has become a global hub of cyber crime for a number of reasons, including the rapid pace of the region’s economic and technological advancement and its ready adoption of the Internet.
“As one of the fastest-growing criminal activities on the planet, cyber crime is moving higher up the agenda of countries around the globe,” the United Nations Office on Drugs and Crime (UNODC) reported during a 2011 conference in Seoul that brought together cyber security experts from more than 20 Indo-Asia-Pacific nations.
“The easy access and widespread use of the Internet has attracted a range of criminal activities,” UNODC affirmed. “From computer data theft and fraud-like phishing to content-related offenses, including copyright issues and online child pornography, the Internet offers criminals an increasingly lucrative sphere in which to operate.”
Investigating across multiple jurisdictions makes dealing with digital crime a complicated task. The borderless nature of such crimes has prompted increasing calls for more transnational cooperation and regulation of cyberspace.
“Cyber borders are blurring with cyber criminals located worldwide, making it increasingly challenging for any one organization to fight cyber crime alone,” Microsoft said in a statement in 2015 as it launched its new Cybercrime Satellite Center in Singapore. “Rising sophistication in cyber crime and its devastating impact on governments, industry and individuals has also made the sharing of cyber threat intelligence key to an effective cyber security ecosystem.”
The Indo-Asia-Pacific region’s governments and various cyber crime-fighting authorities are addressing the problem:
Interpol, a network of police forces from 190 countries all over the world, opened a state-of-the-art cyber crime center in 2015 in Singapore. The Interpol Global Complex for Innovation (IGCI) provides high-tech assistance and training to member countries’ law enforcement agencies on digital security, capacity building and training, and operational and investigation support.
In 2015, Microsoft opened its fifth Cybercrime Satellite Center in the financial hub of Singapore. It serves as a regional command post for the software giant to undertake cyber security initiatives throughout Southeast Asia. Microsoft’s other cyber crime satellite facilities are located in Beijing, Tokyo, Washington and Berlin.
Senior diplomats from China, Japan and South Korea met for cyber security conferences in 2014 in Beijing and in 2015 in Seoul — the first meetings of their kind, according to China’s Xinhua News Agency. They discussed possibilities for trilateral cooperation in fighting cyber crime and terrorism. They established a cyber crime directors workshop involving the three nations and Hong Kong.
The U.S. Justice Department in late 2015 stationed a new “cyber prosecutor” — a legal advisor — in Malaysia to help Southeast Asian nations establish the laws and tools needed to fight hackers, according to The Associated Press. “The position is intended to shore up international partnerships against a type of crime that’s without geographic borders and is often carried out by overseas hackers,” The Associated Press reported.
In response to a growing number of cyber offenses in Indonesia, the Australian Federal Police and Indonesian National Police combined forces to open a pair of joint cyber crime offices in 2014 and 2015 — one at the Indonesian National Police headquarters and the other at the Jakarta Police headquarters, according to the Jakarta Globe newspaper. “We will also expand partnerships with other countries, not just Australia,” Cmdr. Gen. Nanan Sukarna, a (former) National Police deputy chief, told the newspaper.
Mystique, secrecy shroud enforcement
What is digital crime? The definition is continually evolving with the technology.
“Cyber crime is increasingly conducted by a highly specialized chain of software break-in experts, underground market-makers and fraudsters who convert stolen passwords and identities into financial gains,” said a 2014 Reuters report on the issue. “Criminals can keep data for months or even years before using it to defraud victims.”
Hackers can target corporations, individuals and governments, experts say.
It’s a booming business. A 2014 study by market research firm International Data Corp. and the National University of Singapore found that businesses worldwide were spending about U.S. $500 billion per year to deal with malware — software designed to disrupt or gain access to their computer systems. The study called malware “a lucrative vector for cyber crime.” Businesses in the Indo-Asia-Pacific region were spending U.S. $230 billion, nearly half of the total amount.
A July 2015 Bloomberg Business article asserted that a “veil of secrecy” was helping to feed a surge of cyber attacks in the region. Cyber security analysts lamented that, in most cases, Indo-Asia-Pacific companies that get hacked are rarely required to report it to the authorities.
“In an era where more and more data is stored online and attacks are discovered with alarming regularity, the lack of reporting mechanisms means there’s no telling how often or how much personal information is taken from databases in Asia,” Bloomberg Business reported. It further noted that companies in the Indo-Asia-Pacific get targeted by hackers up to 40 percent more frequently than the global average.
If security breaches aren’t made public, then hackers are given the leeway to simply use the same strategies over and over again. “The culture of silence regarding cyberattacks in Asia serves as fuel to the guild of thieves who operate with impunity in the region,” Tom Kellermann, chief cyber security officer at software developer Trend Micro Inc., told Bloomberg Business.
This dynamic is what’s leading to calls for more cross-border collaboration in the fight against digital crime.“In order to effectively address issues related to multijurisdictional cooperation in cyber crime investigations, there is a need for countries to have bilateral, regional and international agreements specifically tailored to meet the requirements of the cyber domain,” Noboru Nakatani, executive director of the Interpol Global Complex for Innovation (IGCI) in Singapore, told FORUM. (See “Key Leader Profile” on Page 58.)
The gleaming new Interpol complex, equipped with a digital forensics laboratory, assists law enforcement throughout the region with cyber crime investigations.
Bradley Marden, the IGCI’s coordinator for digital crime investigative support, told the technology news website ZDNet in September 2015 that criminal hackers were broadening their targets beyond banks. “Now they’re being more creative in monetizing the compromise and not limiting themselves to banks and financial institutions, where previously they would target just bank accounts and credit card information,” he told ZDNet.
Eric Chan, regional technical director for Southeast Asia and Hong Kong for the network security company Fortinet, told ZDNet that hackers routinely use email to intrude into computer systems. About 30 percent of cyber attacks are launched via email, with recipients clicking on roughly 25 percent of the illicit emails, Chan added.
Governments also remain at risk from cyber attacks. In January 2016, for example, the international hacking network called Anonymous targeted Thai police and government websites. Hackers temporarily shut down the sites to protest the death sentences that two Burmese migrant workers received in connection with the 2014 slayings of two British tourists, Reuters reported.
Which countries in the region are most at risk from cyber crime? The answer depends on which experts you ask.
“Computer security experts say developed, technology-rich Asian countries like Japan, South Korea and Taiwan are particularly vulnerable to attacks,” Reuters reported.
Microsoft, however, came to a somewhat different conclusion. The software giant noted that its most recent Security Intelligence Report found that emerging economies in the Indo-Asia-Pacific region were particularly vulnerable to malware: “The study revealed that out of the top five locations across the globe most at risk of infection, a total of four are from the Asia Pacific — Pakistan, Indonesia, Bangladesh and Nepal, topping the rankings at first, second, fourth and fifth places respectively in terms of computers encountering malware.”
The Australian Strategic Policy Institute and the International Cyber Policy Centre analyzed the so-called “cyber maturity” of 20 countries that make up a wide geographical and economic cross section of the region in a study titled “Cyber Maturity in the Asia Pacific Region 2015.” Analysts reviewed the implementation and operation of cyber-related structures, policies, legislation and organizations.
“South Korea, Singapore and Japan are noteworthy for the breadth of their cyber policy governance frameworks and the effectiveness of their implementation,” the study said. “In contrast, other states are still working to develop the necessary telecommunications infrastructure to increase digital access for their citizens. These states, including Laos, Cambodia, Papua New Guinea and Fiji, tend to place responsibility for cyber policy and security in the hands of their telecommunications-related agencies.”
Cyber crime will almost certainly persist as a significant problem in the Indo-Asia-Pacific, where more than 1 billion people are on the Internet and where the World Wide Web is inextricably linked with global business, experts say.
“Asian societies have been enthusiastic adopters of the Internet,” noted a study titled “Hidden Arena: Cyber Competition and Conflict in Indo-Pacific Asia,” published by the Lowy Institute for International Policy, a nonpartisan think tank in Australia.
The study asserted that the level of cyber crime is only likely to rise in the region.
“Cyber criminals go where there is money,” the report concluded. “As Asian countries become wealthier, fraud and extortion committed over the Internet will increase.”
Governments and cyber security experts in the Indo-Asia-Pacific will need to increase transregional cooperation as well as development, regulation and enforcement of cyber laws to keep pace with these burgeoning criminal enterprises that increasingly operate online as nefarious predators of the digital realm.