Bangkok (Thailand), 20 December 2019 - 35 officials from nine ASEAN Member States completed a four-day Regional Exercise on Cyber Threat Intelligence Sharing to Respond to Terrorists and Foreign Terrorist Fighters (FTFs). The exercise was developed by UNODC's Global Programme on Cybercrime in collaboration with UNODC's Regional Office for Southeast Asia and the Pacific Terrorism Prevention Programme, and made possible with funding from the governments of Canada and Japan. The regional exercise marked an important milestone in regional collaboration in technical cyber operations to support investigation and prosecution of returning, relocating or transiting FTFs in Southeast Asia. As a result of the exercise skills of the officials were enhanced to gather and share intelligence, convert intelligence into evidence, collect evidence, and how to use secure and specialized cyber techniques to preserve the integrity and ensure admissibility of the digital evidence.
The participants also gained knowledge on how to request for digital evidence and the preservation thereof through mutual legal assistance and other international cooperation channels. Apart from learning, the officials from various countries in Southeast Asia also worked together in multi-disciplinary and multi-country teams, which helped them build networks with their counterparts from across the region. The participants can draw on these new partnerships to continue their cooperation well beyond this exercise to further counter terrorism and other serious crimes that take place on the Internet and the Dark Web.
The regional exercise was opened by Mr. Stuart Shaw, First Secretary of the Embassy of Canada in Thailand and Mr. Alexandru Caciuloiu, UNODC's Cybercrime and Cryptocurrency Advisor and Programme Coordinator for Southeast Asia and the Pacific.
Mr. Caciuloiu pointed out in his opening remarks that "the cyber environment in Southeast Asia is characterized by rapid growth, increasing levels of cyber-attacks, and challenges to information security. There is a growing trend of hacktivism in this region, including web site defacement and distributed denial-of-service (DDoS) attacks operating with the support of the terrorist groups". He also emphasized that "limiting the ability of terrorists to carry out transnational attacks and being able to respond effectively to terrorists and foreign terrorist fighters requires continued and strong counterterrorism cooperation and information sharing across law enforcement authorities and the countries in the region.".
The convergence of cyber and terrorism has brought about unprecedented elements in the exploitation of the Internet for terrorist purposes. Terrorist groups are often early adopters of new technologies, exploiting emerging platforms for distribution strategies and their online communication. The Internet is utilized to promote and support acts of terrorism, including acts of recruitment, incitement, planning, financing, organizing and even to conduct cyberattacks against critical infrastructures or government institutions for purposes of terrorism. In addition, an often overlooked issue is that operating within the Internet and the Dark Web brings about many associated threats for investigators, intelligence officers, including their families, friends and colleagues, and therefor they require enhanced security and operational capabilities and awareness to mitigate these issues.
To respond to these threats, the two in-house-expert departments at the UNODC: Global Programme on Cybercrime and Terrorism Prevention, came together and by leveraging their in-house expertise, seized opportunities offered by the Internet and state-of-the-art technologies to train practitioners to prevent, detect, and deter acts of terrorism by way of learning-by-doing in this regional exercise.
Through the regional multi-agency and multi-disciplinary setting that the event offered, officials from cybercrime agencies and computer emergency response teams (CERTs) successfully combined their technical skills to identify terrorist identities to anticipate and detect FTF returnees and investigate terrorist activities using a wide range of information sources and search tools; whereas officials from counter-terrorism agencies, police departments and prosecutors ensured that the investigation work was in line with counter-terrorism laws and strategies and ensured evidence collected will be admissible in court and meets burden of proof requirements to achieve successful prosecutions. The teaming up of officials from different ASEAN Member States' cyber intelligence, investigation and prosecution departments turned the meeting room into a live regional 'fusion' center to investigate cyber terrorist cross-border threats on the Internet and in the Dark Web.