While other cybercrime “hotspots” and their specialities may be more well-known (malware from the former Soviet Union, email scamming from Nigeria), the Indo-Pacific also hosts a number of global cybercrime hotspots and potential hotspots, including China, North Korea, South Korea, and Vietnam.
Many cybercrime threats are cross-border operations, but they are not location-less. In a response to previous policies, some experts are calling for a more focused approach from the Australian Government to regional cybersecurity, targeting current and future hubs where a high concentration of cybercrimes originate.
In a post-COVID world, we should consider how these recommendations intersect with the economic and social impacts of the pandemic. In Malaysia, Vietnam and the Philippines, the profound impact of lockdown measures and travel restrictions may have either preventative or concerning impacts on local cybercrime, which need to be understood when designing policy.
Regional Investment in Cybersecurity
The total regional spending on cybersecurity in ASEAN was estimated to be only A$2.54 billion in 2018, compared to Australia at A$3.8 billion in the same period. Overall, this relative lack of investment in cybersecurity in ASEAN is a concern.
In the Cybersecurity Strategy 2020, the Australian Government has committed to investing $1.67 billion into cybersecurity over the next ten years – the largest amount ever – and has already committed $60 million for capacity building in the Indo-Pacific. Strategic use of this international investment will be essential to tackle cybercrime in hotspot countries that may have limited resources to devote to cybersecurity.
Capacity Building in Malaysia
Malaysia has a high concentration of cybercriminals – surprisingly, mostly from Nigeria – carrying out mostly low-tech scams involving fraud. In his report for the Australian Strategic Policy Institute, Dr. Jonathan Lusthaus recommends Malaysia as a good location for investment in cybersecurity capacity building.
Lusthaus proposes that increasing concentrations of cybercriminals in Malaysia may overwhelm local law enforcement capacities, restricting them to focus resources on local rather than international cases. He suggests Australia should consider investing further in running cyber training programs to increase local law enforcement’s capabilities.
However, in response to COVID-19, Malaysia has imposed heavy travel restrictions until 31 December. This could temporarily limit the arrival of more cybercriminals, who usually establish themselves with the help of in-country contacts. At the same time, this could also drive an increase in local recruitment into scamming. Therefore, it will be worth monitoring how travel restrictions impact cybercrime rates from Malaysia.
Preventative Measures in Vietnam
Vietnam is already regionally significant as a hub for hacking and intrusion-based cybercrimes, but has the potential to become an even bigger hotspot due to relatively good computing education programs and widespread corruption.
Previously, robust job opportunities in tech and strong pipelines for Vietnamese talent to work at international companies have been positive factors to keep potential cybercriminals in “white hat” (legal) work. Vietnam’s economy has remained relatively robust in the face of COVID-19. However, Australia can still help mitigate the risk of increased cybercrime through preventative measures, such as stimulating jobs in the sector (especially to account for jobs in international companies that may disappear due to the pandemic) and conducting anti-corruption programs.
Tackling Webcam Sex Tourism in the Philippines
At the time of writing, the Philippines has the highest number of confirmed COVID-19 cases in ASEAN. A shocking 45.5% of adults in the Philippines were jobless after President Duterte imposed one of the world’s strictest and longest lockdown periods from March 15 to June 1, which was particularly devastating for poorer populations.
On a cybercrime front, the UNHCR has reported the Philippines to be the global epicentre of webcam sex tourism, particularly livestreamed sexual abuse involving children. This is driven largely by poverty (one third of Manilla’s population live in slums), an existing history of child sex tourism, and growing access to internet and cheaper devices. Resources to tackle this cybercrime are limited, and most leads come from overseas.
The economic impact of COVID-19 on poorer populations in the Philippines may drive more people to turn to pay-per-view streaming and other forms of online child sexual abuse for financial survival. As Australia is the third largest consumer of livestreamed child sexual abuse in the world, it is absolutely essential that the Australian Government considers how funding may be used to tackle this form of cybercrime in the wake of the pandemic.
Cyber incidents targeting businesses are estimated to cost A$29 billion to the Australian economy per year, and A$2.8 trillion to ASEAN by 2020. When formulating regional policy and engaging in events such as the ASEAN-Australia- Cyber Policy Dialogue, Australia’s resources and expertise in cybersecurity should be allocated strategically. By considering which specific hotspots pose high cybercrime threats within ASEAN, and how these hotspots will be impacted by COVID-19, we can work collaboratively to maintain strong regional cybersecurity, uphold human rights and protect our economies.