CYBERCRIME THREAT LANDSCAPE IN THE PHILIPPINES
(Note: This report was presented during the SecureAsia@Manila event held at the Makati, Shangri-la, Manila, Phillpines last August 8, 2013)
I. Executive Summary
The Philippines continues to face the challenge of effectively addressing the problem of illegal cyber activity and cybercrime victimization, a challenge it shares among developing countries in South East Asia and in other parts of the world.
The utilization of technology as it expands and develops in various industries and sectors in the country is expected to increase, due to the lack of necessary safeguards to prevent, and in some cases because of the lack of understanding on the risks involved regarding its misuse.
The geography of the Philippines and its present socio-economic conditions as it continuously works to strengthen political stability and national security is a perfect condition in which different kinds of illicit cyber activities flourish. The anonymity in the Internet, the legal and jurisdictional issues involved in technology-facilitated crimes, and the vast victim and recruitment source and lure of easy money, motivates a culture of cyber criminality which may later lead to more serious organized criminal underground. The threat of transnational organized criminal groups operating in the country poses a serious concern as it affects the economic and political stability of the country.
This situation, however, is slowly changing as government and international attention is increasing and the rate of cybercrime or cyber-attacks on industry and on innocent citizens also begins to rise. Victims or concerned citizens are now surfacing to report cybercrime incidents to the police.
The private industry particularly the major Internet Service Providers (ISPs), has begun to collaborate on issues of cyber security and cybercrime prevention, but much work remains to be done especially in the manner of preservation and providing evidence stored in them.
The cyber-criminal underground in the country continually evolve into a sophisticated transnational criminal activity and in some cases has links with terrorist characters. The cyber offenders have become audacious due to challenges being faced by government in their detection, apprehension and prosecution than their counterparts elsewhere.
II. The Philippines Cyber Landscape
The Philippines, just like its ASEAN neighbors, is continuously utilizing technology in almost every sector in its society and economy. The country has an estimated population of 103,775,002 as of 2012. An estimated 31.33% or 33,600,000 of its 2011 population use the Internet. As of 2011, an estimated 84.91% or 88,119,840 Filipinos are mobile phone subscribers while 25.77% or 26,752,000 have active social networking profiles. Of the Internet users in the country, 75% use personal computers while 25% use their mobile phones to access the Internet, whether for personal or business purposes.
The average age for Internet users in the country is estimated to be 23 years old and below, and most of them spend around 21.5 hours per week browsing the Internet and 51% of Internet users have active YouTube profiles. As of 2012, the Philippines ranked 6th in the total number of Internet users in Asia and 3rd in the world in the number of Facebook users where 48% are male and 52% are female.
III. Cybercrime Status
The use of technology in the commission of traditional crimes and the new found ways of committing crime in the country pose an investigative challenge to the Philippine National Police. There is a rising incidence of financially motivated cybercrime and politically motivated cyber-attacks on government by cyber actors in the Philippines.
From CY 2003 up to CY 2012, a total of 2,778 cybercrime related offenses was recorded by the PNP. While the country awaits the implementation of a comprehensive cybercrime law, cyber criminals continue to use technology both in conducting criminal activity and preventing its detection. This trend in criminal activity necessitates the need for a dedicated unit within the PNP to go after these offenders and improve its cyber security posture.
Compared to its ASEAN neighbors, the Philippines has yet to enact and implement its own comprehensive anti-cybercrime law.
From CY 2010 to CY 2012, the PNP has recorded a total of 1,184 incidents with the highest being the attacks targeting government websites where a total of 940 website defacements have been recorded.
Another recent attack perpetrated by cyber criminals is the exfiltration of usernames and passwords from the DNS Gov.Ph registration site with an estimated 2,338 records and allegedly claimed by AnonTaiwan group. These attacks increased when the Philippines had its political, security and jurisdictional issues on the Luneta Bus Hostage taking incident, Scarborough Shoal stand off, Sabah incident involving the Sultanate of Sulu, and the Taiwanese Fisherman killed in Balintang Channel. The country was also victimized by botnet infection where the Philippines is ranked 6th in the world for BotNet location.
Police intervention against cybercrime in the country resulted in the arrest of 505 foreign nationals. As with traditional crimes, the cyber-criminal actors and organizations still resemble the same criminal characters and setup, the difference lies in the way organized criminal groups are structured from a hierarchical form to a flat organization operating independently similar to the cell Terrorist concept.
The most likely cybercrimes committed in the country either through the use of technology or the target of the crime is the technology itself, falls generally on the areas of national security matter, financially motivated offenses, crime directed against a person or the property and those that involve crimes that violate public morals.
For national security concerns, the likely cybercrime threats deal on espionage activity, disruption, sabotage, politically motivated attacks and those which involve terrorism activities. Nowadays, Terrorists are using the Internet in their recruitment, propaganda, planning, teach-ins, financing, and even operational implementation. Swindling, estafa, scam or other form of computer fraud, counterfeiting and forgery are some of the financially motivated cybercrime threats. Cybercrime against a person usually involves theft or unlawful use of personal information, threat, extortion, harassment and disclosure of privacy related matters. Property related cybercrime on the other hand, such as theft, the sale of stolen or lost item, illegal use of and damage to property, maybe committed. Finally, cybercrime which involve public morals are those which likely involve obscene and indecent publication, child pornography, human trafficking and those who make use of technology like the Internet to show acts of cruelty or violence.
IV. Police Response
In order to address the increasing incidence of cybercrime, the PNP Anti Cybercrime Group was activated on March 20, 2013. The establishment of a PNP Anti-Cybercrime Group is a strong signal to criminals that the PNP is very serious in addressing cybercrime in the country.
The PNP-ACG has conceptualized and believed that to fight cybercrime and to strengthen cyber security, there must be a synergy among the following components: Competence and Capability building of the Organization and Personnel; Public and Private Partnership; strong International Cooperation; Advocacy and Public Awareness and; the implementation of strong Laws, Policies and Regulations.
To date, the PNP currently has six (6) fully functional Digital Forensic Laboratories nationwide located in Camp Crame, Legazpi City, Cebu City, Davao City, General Santos City and Zamboanga City. These PNP offices are capable of conducting computer, mobile, and audio and video forensic examinations and can respond to investigate incidence of cybercrime activities within their geographical areas of responsibility. The PNP envisions to have cyber-forensic laboratories in all its regional offices in the future.
Since 2003, the PNP has continuously received various digital forensic equipment grants because cybercrime is a technology-based crime and the PNP needs to have the technological capability to address such crimes. A cyber training facility was also commissioned through the assistance of the US Anti-Terrorism Assistance Program.
Along this line is the continuous technical training of police officers to increase competence in cybercrime investigation where a total of 90 local and international trainings were received while 31 local trainings were provided to the regional offices.
Another aspect in the fight against cybercrime is the concern on online child victimization. In response to this international priority, the PNP is strengthening its children protection program by establishing a special taskforce “Angel Net” purposely to address Internet or technology-related child abuse and exploitation.
International cooperation and partnership in strengthening cyber security and the fight against cybercrime is another activity in which the PNP actively participates. Increasing the PNP’s competence and capability, continuous Public awareness, Active Private-Public partnership, Enforcement of effective laws, and International cooperation are the PNP’s approach in strengthening cyber security and combating cybercrime.
V. Notable Anti-Cybercrime Operations
A. Terrorist Financing “Telecom Fraud Scam”
On November 24, 2011, PNP conducted search and seizure operation against suspected group of telecom hackers victimizing a US telecom company with the cooperation of FBI and US Embassy in Manila. More than $2M in lost revenues. The criminal group is allegedly connected to a foreign terrorist financing group reponsible for financing the terrorist attack in Mumbai, India in 2008.
B. Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”
On May 26, 2012 the PNP together with police from China and CIB, Taiwan, arrested 37 suspected members of an international telecom fraud ring in separate raids in Manila. Searched and seized were assorted ICT equipment that the syndicate used in their illegal operations. The suspects were charged for violation of R.A. 8484 “ Access Device Regulation Act of 1998”.
C. Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”
On August 23, 2012, PNP-CIDG, PAOCC, NISF, BID, DOJ, China and Taiwan Embassies conducted simultaneous search and seizure warrant operation in Manila and Rizal resulting to the confiscation various computer and telecom devices and 380 arrested, mostly Chinese and Taiwanese nationals. Suspects were charged for violation of R.A. 8484 “Access Device Regulation Act of 1998”.
D. ATM / Credit Card Fraud Syndicate
On April 20, 2013, three Malaysian nationals were arrested by police in Iloilo City suspected of siphoning off money from ATM card holders. A small camera and a skimming device are placed in ATM booths. Credit card information stolen is cloned using sophisticated card tools to withdraw money from the victim’s bank account. Suspects were charged for violation of R.A. 8484 “ Access Device Regulation Act of 1998”.
E. Internet Fraud/Scam “ WakaNetwork.com”
On May 15, 2013, PNP-ACG together with Mabolo Police Station conducted search and seizure warrant at Interface Techno-Phil Cebu City. The said call center was offering fraudalent waka gift vouchers to US nationals. Suspects were charged for violation of R.A. 8484 “ Access Device Regulation Act of 1998” and Article 212 of the Revised Penal Code “Corruption of Public Officials”.
F. Illegal Internet Pharmacy Operation
On July 11, 2012 ATCCD-CIDG conducted search and seizure warrant at “724 Care Call Center” located at Mandaue City, Cebu for marketing and selling alleged counterfeit Pfizer medicines to US nationals. They were suspected of violating of R.A. 8484 “Access Devices Regulation Act of 1998”.
G. Corporate Illegal System Hacking
On October 4, 2011, ATCCD-CIDG arrested SHIN UN-SUN in Batangas Province by virtue of an international warrant issued by Interpol and KNP for alleged hacking into Hyundai customer database stealing around 420,000 customer records and extorted money from Hyundai. The suspect SUN was turned over to the Immigration Bureau for deportation to South Korea.
VI. Assessment / Forecast
For the past ten years, cybercrime in the country continued to evolve both in the manner of commission and in the use of mechanisms by cyber criminals to deter police investigation. With the continuing advancement in cyber technology and the rising popularity of social networking sites over the internet, the Philippines will remain open to cybercrime operations.
In view of this, the opportunity for the commission of cybercrimes must be identified and duly addressed. Those who use the Internet, email, social media and vulnerable computers will be the likely victims. Financially-motivated cybercrimes will likely be the preferred choice for criminals due to the ease of getting money, sourcing of victims and its difficulty in detection and apprehension.
Cybercrime will persist in the country as with other parts of the world. The current environment in the Philippines attracts transnational cybercrime groups to continuously operate in the country. Espionage such as data exfiltration, sabotage or disruption and politically motivated attacks will continue to target government institutions. An effective country strategy, legal framework, awareness program, capability and capacity building programs, and local and International cooperation will mitigate and effectively address cybercrime victimization.
The PNP, as the country’s premier law enforcement institution remains unwavering in facing these challenges valiantly and has made significant gains in thwarting cyber offenders, especially the transnational organized criminal groups, from making the country a sanctuary for their criminal operations.
- Country Report On Cybercrime: The Philippines, Police Senior Superintendent Gilbert C. Sosa, PESE, EnCE, MCSE.
- Anti-Transnational and Cybercrime Division, Criminal Investigation and Detection Group, PNP Accomplishment Report from CY 2003 to CY 2012.
- Cybercrime Prevention Act of 2012.
- The Use of the Internet for Terrorist Purposes, United Nations Office on Drugs and Crime (UNODC) 2011.
- Terrorists and the Internet, Eben Kaplan, Council on Foreign Relation.
- Terrorist Use of the Internet and Related Information Technologies, by Lt Col Patrick S. Tibbetts, U.S. Air Force
- We are Social Global Statistics http://wearesocial.net.
- 2012 Norton Cybercrime Report, http://now-static.norton.com
- Norton by Symantec, http://us.norton.com/cybercrime.
- Interpol Operation Pangea, http://www.interpol.int/Crime-areas/Pharmaceutical-crime/Operations/Operation-Pange.
- Zone-H, http://www.zone-h.org
- The Council of Europe, Convention on Cybercrime, http://www.coe.int/t/DGHL/cooperation/economiccrime/cybercrime/default_en.asp
- Understanding cybercrime: phenomena, challenges and legal response has been prepared by Prof. Dr. Marco Gercke, ITU
- Understanding Cybercrime: A Guide for Developing Countries, ITU
- Cybercrime; The Global Challenge, ITU/UNODC
- Bitdefender Joins UN-Led ITU-IMPACT to Fight Cybercrime, http:// www.bitdefender.com.
- Threat Trends from Trend Micro, http:// www.trendmicro.com.