EXCLUSIVE – Collaboration between multiple stakeholders to tackle cybercrimes in the ASEAN region
Above photo: Mr. Noboru Nakatani speaks at the INTERPOL World pre-media roundtable held at the INTERPOL Global Complex for Innovation in Singapore on June 8 2017. Photo by Dean Koh/OpenGov Asia.
Cybercrimes and cyber-related attacks have been on the rise, resulting in the crippling of operations of both public and private sector entities; particularly those that are ill prepared or lack the proper cybersecurity protection measures. INTERPOL, the world’s largest international police organisation with 190 member countries, plays a vital role in preparing for and tackling cybercrimes and cyber-related attacks around the world through information-sharing and cooperation with national level police organisations. In 2015, the INTERPOL Global Complex for Innovation (IGCI) was established in Singapore, as a cutting-edge research and development facility for the identification of crimes and criminals, innovative training, operational support and partnerships. Through an email interview, OpenGov had the privilege to learn from Mr. Noboru Nakatani, Executive Director, IGCI, about some of the recent operations carried out by IGCI, his thoughts on the cyberthreat landscape in Southeast Asia, challenges of working across different jurisdictions in tackling cybercrime and more. (OpenGov had previously spoken to Mr. Noboru Nakatani in February 2016.)
What are some trends or patterns observed in cybercrimes and cyber-related attacks in Southeast Asia?
By its very nature, cybercrime is transnational and not limited by geographic or national borders. In this respect, cybercrimes and attacks are not limited to just one region. However, as countries in Southeast Asia see increasing access to the Internet and it becomes an integral part of everyday life, there has been a corresponding increase in exposure to cybercrime. We have seen a range of cybercrimes affecting Southeast Asia more and more in recent years, from online frauds to sophisticated cyberattacks. This is similar to what is seen in other regions where Internet access and use is widespread.
In one example, INTERPOL coordinated Operation First Light in December 2016 which targeted multi-million euro telephone and e-mail scams across Asia. During raids of suspicious call centres, police arrested some 1,300 Chinese nationals working in a single location as part of a massive criminal operation in the Philippines targeting victims in China.
Can you tell us about the current landscape of information sharing by governments in the region? Do you see adequate cooperation between the public and private sectors?
As these types of crimes become more common across the region, countries in Southeast Asia are increasingly coming together to share information in order to more effectively tackle the shared threats posed by cybercrime.
In early 2017, INTERPOL led an operation out of the IGCI in Singapore targeting cybercrime across the ASEAN region, which brought together investigators from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam to share information on specific cybercrime situations in each country. This operation is a good example of how such information exchange amongst countries can lead to tangible positive results – leading to the identification of nearly 9,000 malicious servers and hundreds of compromised websites, including government portals.
Cooperation between the public and private sectors against cybercrime is also growing, as this is a key element necessary to effectively identify and counter cybercrime. The recent cybercrime operation was also a good example of this type of cooperation, as experts from seven private sector companies – Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks – also took part in pre-operational meetings in order to develop actionable information packages.
Information provided by the private sector combined with cyber issues flagged by the participating countries enabled specialists from INTERPOL’s Cyber Fusion Centre to produce 23 Cyber Activity Reports which highlighted the various threats and types of criminal activity which had been identified and outlined the recommended action to be taken by the national authorities.
Cybercrimes are more often than not international in nature. What are the challenges posed by the involvement of different jurisdictions? What role does the INTERPOL play?
Cybercrime, as well as cyber-enabled crime, are by their very nature borderless. No single country can tackle cybercrime alone; all countries in all parts of the world must work together to share vital police information and expertise in order to identify and prevent cybercrime. Different countries currently have different levels of knowledge and skills relating to the identification, investigation and prosecution of cyber-related crimes such as digital evidence collection, digital forensic examination or crime scene management.
As the world’s largest international police organization, INTERPOL provides assistance to its 190 member countries in tackling cybercrime in several areas:
- Operational and investigative support – INTERPOL helps coordinate transnational investigations and operations, onsite or from the IGCI, and assists member countries in sharing and consolidating information on known cyber incidents to support ongoing investigations;
- Cyber intelligence and analysis – the Cyber Fusion Centre (CFC) brings together cyber experts from law enforcement and industry to gather and analyse all available information on criminal activities in cyberspace to provide countries with coherent, usable intelligence;
- Digital forensics – INTERPOL’s Digital Forensics Laboratory helps countries learn the skills to detect and use digital evidence in their everyday police work. This support includes malware analysis, assistance in examining digital devices, testing new digital forensics tools, and on-site assistance during investigations;
- Innovation and research – INTERPOL works to develop new cutting-edge policing tools in consultation with partners in the cyber industry, and tests new technologies with a view to their use by law enforcement;
- Capacity building – we provide a range of training courses covering topics such as emerging trends in cybercrime, investigation techniques and digital forensics, to ensure that police have the required expertise and skills to deal with evolving digital crime.
INTERPOL recently led a cybercrime operation across the ASEAN region, which resulted in the identification of nearly 9,000 malicious servers and included the involvement of both public and private sectors. Could you share with us some of the key insights and challenges from this multi-party operation?
This was the first operation of its kind for INTERPOL. Law enforcement practitioners from eight member countries and private industry experts came together to identify and suppress cybercrime actors and infrastructure focused in the ASEAN region.
Successful outcomes of the operation included:
- Enhanced awareness within our member countries of regional and global cybercrime threats;
- Offered member countries an opportunity to work together collaboratively on real-life cross-border cybercrime incidents;
- Introduced countries to the types of data and cooperation that can be achieved by working with the private sector.
The main challenge encountered during the operation was that many member countries were unable to move forward with some of their investigations, usually due to outdated or non-existent legislation requiring a victim to report a crime before an investigation can begin. When it comes to cybercrime, it is often the case that people are unaware they have been a victim. This is a challenge faced by police worldwide, not only in Southeast Asia.
There’s a lot of talk about ‘security by design’ of digital platforms and services by both public and private sectors. Do you see it happening enough in the region and what are the associated implications/challenges when it comes to investigative work?
The issue with security by design, especially in IoT or electronic devices, is that there is no single global security standard which manufacturers must adhere to when making such devices.
Due to cost and manufacturing issues, they tend to employ the simplest security measures, usually a username and password that is the same across the whole product line. This will eventually change in time as hackers are targeting such devices to spy or eavesdrop on people or even use devices in a form of a DDoS attack or intrusion.
Some challenges for security by design include:
- Critical functionality
- Security assumptions
- Not easily patched
- Long life cycle
- Proprietary/industry-specific protocols
- Deployed outside security perimeter.
For security by design to be a success, each device should consider the following robust set of security features:
- Secure boot
- Secure code updates
- Secure communication
- Embedded firewalls
- Intrusion monitoring
- Embedded security management
- Device tampering protection.
Having an agreed security framework followed by all manufactures which allows devices to be monitored, protected and updated in a timely manner would be beneficial moving forward.
In terms of law enforcement investigations, as the scope of IoT devices encompasses such a vast range of products it is difficult for security experts and investigators to target any one particular area. Instead, they are obliged to take a wider view and target the most common hardware and software platforms being used to run these devices, so when the need arises they can recover the required data in a timely manner. The other main challenge is identifying and recovering the devices that may form part of an investigation, especially if one device is embedded within another.
Could you please provide your views on how governments can protect their citizens in the cyber as well as physical world, while respecting their privacy?
The physical world and the cyber world are becoming more closely connected every day. This is particularly true is where sensitive personal information is concerned. Attacks on personal data in the cyber world cause serious damage to all aspects of our daily lives. As society comes to rely more and more on cyberspace for everyday interactions, this brings with it more security risks. With this in mind, governments should acknowledge the interconnectedness of physical and cybersecurity and develop proactive plans protection plans taking both aspects into consideration.
Close collaboration between national governments and the cybersecurity community is also important for sharing expertise. Governments must also make a concerted effort to strengthen the capacity of their law enforcement agencies to identify and combat cybercrimes, and to ensure their police are active in international cooperation frameworks such as that of INTERPOL. In this way, countries can share and have access to crucial police information from around the world and actively work together to enhance national cybersecurity.
There’s a lot of development in cutting edge technologies such as AI and blockchain in recent years. How does INTERPOL stay on top of such technologies while being able to pre-empt the illegal use of such technologies by sophisticated criminals?
Technological advancements such as AI and blockchain serve many positive purposes for society, but unfortunately they can also be exploited by cybercriminals for their illicit intentions. Ensuring that new technologies are as protected from criminal misuse as possible requires constant monitoring and a deep understanding of emerging cybercrime trends within the law enforcement realm.
To stay ahead of emerging threats, INTERPOL is in the process of developing several specialized units to conduct in-depth research into areas of cybercrime such as Blockchain analytics and Darknet markets. We also collaborate with private cybersecurity companies and academia worldwide to develop innovative new cybersecurity tools for use by law enforcement in the fight against cybercrime.
Training is another important area where INTERPOL works with member countries to ensure they have the knowledge and skills to safeguard new technologies from misuse. Such training is developed and delivered in consultation with subject matter experts to gather the widest possible expertise.The INTERPOL World Congress will be held in Singapore from July 4 to 6.