Countering the emerging threat of cybercrimes


By Thameenah Razeek

Sixteen-year-old Madubhashini (not the real name), whose nude photos were leaked on social media by her 38-year-old boyfriend for splitting up with him, said she has called off her relationship once she got to know that the person she is been dating online is nearly 40. “But it is too late. He has seen me in the worse way that a girl can be seen,” she lamented. However, the 38-year-old warned that he will released the nude photographs to porn websites if she did not patch things up with him. 

While a National Cyber-security Strategy is in the offing, the Computer Crimes Investigation Department (CCID) is in a dire need of a data protection law, with cybercriminals increasingly weaponing data as a tool against national security in the recent time. 

Computer Crimes Investigation Department Director SSP Lucky Randeniya said that there is also a need of deporting Nigerian cybercriminals for a national framework to thwart cyber attacks that have been on the rise in the country.

The CCID in a time span of 24 months has collected data for 5,400 complaints but only 170 suspects have been arrested. Most of the crimes are reported in Western Province compared. The top three crimes were Phishing scams, non-payment/non-delivery scams and extortion in connection with sexual abuses. 

The CCID showed data that losses related to these crimes totalled more than Rs 10 million.

What is notable is that 75 per cent of these crimes are committed by Sri Lankans while 25 per cent is always Nigerians. 

Between 12 March 2020, and 15 May 2021, the CCID has received 670 complaints about extortion, 370 complaints about hacking social media profiles, 260 complaints about sexual harassment, 400 complaints about explicit content, 1,400 defamation cases, 20 complaints about cyber terrorism and 2,280 other cybercrime complaints.

A digital battleground 

Cybercrime can take many forms but they all have the digital environment in common. In general terms a good cybercrime definition would be: Offences committed to harm the reputation or cause physical or mental harm to the victim, using computers and/or networks such as the Internet or mobile networks.

Not just during the Covid-19 pandemic, but Sri Lankans have been increasingly falling victim to cybercriminals in the last few years. Speaking on the rise of cybercriminal activities SSP Randeniya said there are three main cybercrimes that Sri Lankans, especially middle aged females and school children, are falling victim to. 

1. Internet fraud

He said that internet fraud or scams usually ask people to send money promising a much larger sum in the short term. The most famous criminals attached to this are Nigerians who are on tourist visas in Sri Lanka. 

These scams had already widespread through fax, telephone and traditional mail, but the internet made them much easier to pull off and more widespread.

He said the victim usually is contacted by someone in need of help to move a large sum of money from a foreign country. There are plenty of variations of this scam and more are developed each day. The victim will be asked to cover a small portion of the cost of moving the money or asset, and will be promised a bigger cut of the benefits when the process is over.

“If the victim falls for it and transfers money, he/she will be told that complications have arisen and that more money will be required. Of course, the victim will not recover anything and this will go on until the scammer feels like there’s nothing to gain from this victim and jump to another one,” he said.

Speaking on how to stay safe from these internet frauds, SSP Randeniya also said that common sense is our best defence against this type of cybercrime, as with fishing scams, if an offer is too good to be true, it usually isn’t true. He noted that distrust unsolicited communications from strangers offering very attractive deals, and never pay in advance any of these.

2. Business email scams

Meanwhile, even though business email scams are not on the rise despite the fact that hackers continue to target the same person, SSP Randeniya said that these kinds of cybercrimes are very limited happening in Sri Lanka, but it cannot be disregarded because the loss occurring due to these criminal methods are huge.

He said the hackers first identify the target, where he keeps on track for some time and then once a target or targets have been identified, techniques like spear-phishing, social engineering, identity theft, email spoofing and attachments with malware are used. 

The grooming can take days or even weeks to gain the trust of the target and strike at the most opportune time in the real estate transaction.

“This can be done by forging the contact name and email address visible to the recipient, setting up a valid email address with a name of someone in your organisation or creating a new email address that looks similar to the real one,” he said. 

Finally, the target receives a legitimate-looking email confirming the wiring instructions to a new bank account or they may send the target to a spoofed banking portal to download falsified payoff statements. The cybercriminals may even call the title agent with a spoofed phone number, posing as the recipient of the funds to confirm the fake wiring instructions.

3. Deepfake porn videos

The last and most common cybercrime that the CCID is tightening the noose around is by a gang of cyber fraudsters who are blackmailing and extorting money from businessmen, professionals and students by using their images in deepfake porn videos or photographs and threatening to post them on social media. 

SSP Randeniya said that the CCID has been flooded with complaints where the fraudsters collected details about victims from their social media accounts and then contacted them using pre-recorded videos of females to engage them in conversation.

The fraudsters then used these frozen frames of the male victims and superimposed them on porn clips using deepfake technology. The fraudsters created fake profiles of females on social media networks.

After preparing pornographic videos, fraudsters seek ransom or more from victims by threatening to make their pornographic video public on social media.

Victims speak up  

Madubhashini said she never met her boyfriend at any point but only chatted with him online for about three months. Once her parents got to know about the online relationship, she has called the relationship off and then the 38-year-old man asked her to meet her in person and that is where the girl realised he is nearly 40 years old. Madhubashini’s parents sought assistance from the Police to take the photos down from internet and apprehend the suspect.  

Meanwhile, a 42-year-old accountant has filed a complaint with the CCID about a cyber fraudster who contacted the victim via Facebook.

The fraudster, on the other hand, has developed a deep friendship that quickly turns into a relationship. The majority of Nigerians in Sri Lanka on tourist visas commit these crimes, and they create phony profiles in order to appear extremely attractive.

“After a few days of chatting, numbers are exchanged. The fraudsters’ phone numbers are mostly VPN numbers obtained through one of several dozen apps/websites. The phone numbers display ISD codes, giving the impression that the caller is in Europe or America. The fraudster then claims that he/she is sending a large number of expensive gifts to the victim via courier because he/she lives outside of Sri Lanka. After a few days, the victim receives a call from someone claiming to be from the Sri Lankan Customs, saying that the gifts include a lot of foreign cash, jewellery, and so on, and that in order to claim that, the victim must pay customs charges,” the individual stated in her complaint.

She has also stated that once the victim has paid some money, they begin asking for more money under another pretext, to induce the victim to deposit as much money as possible in various bank accounts. “This fraud frequently goes on for weeks or even months at a time. During this time, they will also send the victim fake customs receipts and photographs of the so-called gifts. Once the fraud is finished, they disconnect and switch off their mobile numbers,” she observed.