• Cybercrime investigation



    TWO cybercrime incidents drew public attention in 2016: the $81million Bangladesh Central Bank heist, done electronically, with the money finding its way into the Philippine banking system, and the COMELeak incident involving the unauthorized access to the database of the Commission on Elections and the illegal copying of millions of voters’ registration records, including biometric information, passport data, and gun exemption records.

    The year 2016 was marked by a steady growth of cybercrime incidents. At the top of the rankings was electronic libel, followed by online scam, identity theft, online threat, and violations of the Anti-Photo and Video Voyeurism Act.

    The Anti-Cybercrime Group (ACG) of the Philippine National Police and the cybercrime division of the National Bureau of Investigation have been in the thick of building capacity and capability in receiving complaints, gathering electronic and physical evidence, conducting digital forensics, case buildup, and filing cases for prosecution. These law enforcement agencies (LEAs) need to keep pace with rapid developments in information and communication technologies.

    Investigation is a challenge. For one, the LEAs need the latest devices to enable them to conduct investigations. LEAs also require the cooperation of service providers–-telecommunication companies, internet service providers, banks, and companies engage in money transfer services, among others–-to succeed.

    The rise in the number of online threat complaints in 2016 stemmed from the heated social media debates during the 2016 elections, with parties using more than colorful language, some deteriorating to defamatory and threatening language.

    One case recently filed with the ACG involves threatening messages received by the aggrieved party via a mobile phone. In this particular case, the complainant has an idea who and where the sender of the threatening messages is. Unfortunately, the phone number used by the sender is a pre-paid number. The challenge here is establishing the identity of the sender (even if the victim thinks he knows the sender) and linking the sender with the pre-paid number. Anonymity is indeed the friend of malevolent actors in the electronic world.

    In the case of scams, victims are given instructions where to remit payments. With the cooperation of money remittance service providers, LEAs plan a sting operation to catch perpetrators when they claim the money transfer. Some of these sting operations have succeeded. But, in a number of cases where victims had, for example, bought airline tickets or tour packages online, the victims only find out that they have been stung on the day they are scheduled to fly—they are actually not booked for a flight. By that time, LEAs and victims face a blank wall. Money has been transferred and perpetrators disappear.

    Particularly challenging are the cases of money transfers done through “padala” services via mobile phones as the LEAs have to work with the telecommunications providers to trace the mobile phones used for the service.

    In cases of cybercrimes committed in social media, perpetrators often use fake identities or the identities of other social media users. In sextortion cases, for example, a perpetrator creates a social media profile using a fake identity or the identity of another social media user and the picture of yet another user. A connection request is sent to a likely victim. When the connection request is accepted, the victim is first lured to engage in friendly chat sessions. This could happen over time as the perpetrator tries to gain the trust of the victim. The friendly chats eventually become more personal chats. The perpetrator senses that he/she is ready to pounce on his/her victim. The perpetrator invites the victim to perform a sexual act. The victim eventually gives in thinking that they are chatting privately and that the acts they perform are just between the two of them. Unknown to the victim, the perpetrator records the victim’s performance. When done, the perpetrator reveals his/her true intentions. He/she begins to demand money from the victim or else the perpetrator will post the sexual act performed by the victim in his social media account.

    Gathering, interpreting, and analyzing electronic evidence is also challenging. LEAs follow strict procedures in collecting electronic devices used in cybercrimes to ensure that the electronic evidence that may be held in those electronic devices are preserved. Digital forensic analysts need proper tools to perform their craft. But with the numerous types of devices and software used in those devices, the task is made particularly challenging. Extracting and analyzing electronic evidence from mobile phones, for instance. LEAs might have tools for mobile phone forensics but it may happen that the tool does not include a feature for a particular mobile phone make and model.

    Public awareness of cybercrimes and security precautions against them are reaching new heights at the heels of the Bangladesh Central Bank and COMELeak incidents. Public and private sector organizations are now more aware of their responsibilities to protect data, particularly regarding personal information of citizens that they hold. The National Privacy Commission hit the ground running when it was constituted less than a year ago, promoting actions that government and private organizations have to take to ensure protection of personal information. The Department of Information and Communication Technology is also busy preparing a national cybersecurity plan that will guide organizations and individuals on how to keep themselves secure in cyberspace.

    While cyberspace has done society a lot of good, netizens need to know how to act when their security is breached.


    Please follow our commenting guidelines.

    Comments are closed.