Fighting cybercrime difficult in PH – NBI
MANILA, Philippines – In the Philippines, there are only two forensic examiners in the National Bureau of Investigation (NBI) who specialize in cybercrime.
One of them is NBI Special Investigator Joey Narciso and for him, the developments in the implementation of the Cybercrime Prevention Act of 2012 come in the nick of time.
Cybercrime has already outpaced the Philippines. In 2003, the Philippine National Police recorded 30 cases of cybercrime. In the first month of 2014 alone, it recorded 47 cases. The most common types of cybercrime in the country are identify theft, hacking and online fraud.
Cybercriminals are experts, often organized into well-coordinated groups, with the luxury of time to monitor their would-be victims. They are out to get money from individuals and companies. In contrast, the general public who are potential victims have only a basic understanding of the Internet or computer systems.
In a developing country that only passed a law on cybercrime two years ago, many chinks remain in the system, crippling enforcement. Narciso said that a lack of experienced and trained personnel, equipment, awareness among the public and the nature of cybercrime are the biggest hurdles his unit faces.
Trained agents, equipment needed
The 15 investigators that make up the NBI's Cybercrime Unit are not information technology (IT) experts. Most of them are trained as CPA lawyers. That's why Narciso, who as a forensic examiner is not supposed to conduct investigations, has to assist them because they lack the expertise.
This lack of skills has severe repercussions for building up cases against cybercriminals.
One investigator was working on a violation of the Access Device Act (Republic Act 8484).
"I read the affidavit used in the inquest, it was stated there that they implemented the search warrant. They confiscated the computers, they took pictures of the computers and they presented the computers as evidence for inquest in violation for telephone fraud. I almost fell off my seat," said Narciso during a Microsoft Cybersecurity Forum on Friday, March 7.
Enforcement officers lack training and updates on cybercrime, a type of crime that is continually morphing into more malignant forms.
"We need to understand the recent trends, what's going on in the computer world, learning must be continuous," said Narciso.
Another problem is the lack of equipment sophisticated enough to detect and gather evidence to be used against suspects.
They need forensic hardware and software. A cellular phone forensic examination software alone would cost P1.6 million, said Narciso. His team also needs a vehicle to bring their equipment and personnel on the field.
A different beast
Cybercrime is a different beast that is changing crime-fighting in the country and in the world.
Criminals can come from any corner of the globe with Internet connection. They can commit the crime from their living room and their victim can be in a different continent. Most of the anomalous e-mails the NBI detected come from Nigeria, UK and China. The transnational aspect of cybercrime makes it extremely tricky for investigators and prosecutors.
"Because cybercrime is transnational, what is illegal in one country may not be illegal in another like pornography, plagiarism, prostitution and the use of marijuana. Can we file a case or make arrests in a foreign jurisdiction?" asked Narciso.
The Philippines can only extradite Filipino criminals from 9 countries, according to the Department of Foreign Affairs website.
This means that a cybercriminal need only commit a crime from a country not belonging to the 9 to be assured that the Philippine government won't be able to catch him.
Then there is the cloak of anonymity provided by the Internet. Cybercriminals can hide their Internet Protocol (IP) address. They can pretend to be someone else. Many suspects defend their innocence by saying their computer was hacked too.
Digital evidence needed to pin down suspects is also fragile and most victims of cybercrime don't know how to handle them.
Many victims don't think to get the profile name and profile ID of the Facebook account that sent them malware (software that damages computers) or defrauded them of money. A profile ID is the set of letters or numbers that come after the Facebook URL. It is unique to every Facebook account.
Victims whose computers were infected by malware don't immediately bring the computer to the NBI. Instead, they rush to reformat the computer in the hope of cleaning it and being able to use it again.
But NBI agents need the computer untouched so they can detect the malware and possibly trace the whereabouts of the suspect from the data they get.
Upgrades on the way
The Cybercrime Prevention Law helps enforcement in two critical ways. First is a provision that allows courts to issue an order for Internet Service Providers (ISPs) or private sector to give data that could help identify the criminal.
Before, judges refused to issue orders because there was no provision in the law that mandated it. But now, investigators will have a provision to cite when asking for the order.
Another helpful provision is the one that requires ISPs to preserve their traffic data for a minimum of 6 months from the date of transaction. Traffic data include the date, time and number or email address. But ISPs only retain the content data (or the message itself sent by the number or email) after being notified by enforcement agencies.
Despite the massive work still ahead of the NBI in building up its cybercrime division, Narciso is positive that change is coming.
A recently-issued Department Order directed the hiring of 15 IT-skilled agents in Manila. It also ordered the creation of units in Cebu, Baguio and Davao to be established within the next two years.
After the NBI arrested some members of Anonymous Butuan, a group of hackers working for the larger Anonymous Philippines, Senators Loren Legarda and Vicente "Tito" Sotto III pledged P39 million to upgrade the Cybercrime Division.
The unit plans to use the funds for more equipment and capacity-building for agents.
"May wishlist na kami (We have a wishlist already). By June, we can establish a very good cybercrime center." – Rappler.com
Handcuffs on keyboard image from Shutterstock