Cybercrime in ASEAN: Fostering Regional Cooperation
This article was published in the Home Team Journal, Issue 14. Click to see the full publication.
ABSTRACT
In today’s digital landscape, combatting cybercrime has gained global urgency. With technology’s rapid advancement, new opportunities for cybercriminals and law enforcement agencies have emerged. This article examines the complexities of cybercrime, its current state in the Southeast Asia region, and what the Association of South-East Asian Nations (ASEAN) and ASEAN Member States can do to combat cybercrime systematically. The inherently transnational nature of cybercrimes and their interconnectedness necessitates a collaborative framework in the ASEAN region. The framework should include four key pillars: promote information sharing, enhance coordination among law enforcement agencies, facilitate the development of consistent cybersecurity policies and regulations across member states, and enhance capacity building for individuals belonging to the law enforcement and prosecutorial communities. Four additional initiatives are also proposed for a more proactive approach to combatting cybercrime as a region.
THE ASEAN CYBERCRIME LANDSCAPE
In an era of rapid digital expansion, cybercrime has surpassed drug trafficking in profitability globally, becoming a significant issue for many countries. Fuelled by technological advancements, this growth in cybercrime presents a dual challenge as it creates opportunities for criminals while demanding innovative responses from law enforcement. Southeast Asia, a region experiencing significant digital growth, is not spared from the fight against cybercrime.
A fusion of human desires and technical skills exploiting security gaps, cybercrime demands a comprehensive strategy integrating cybersecurity efforts to mitigate threats. With cybercriminals leveraging new technologies such as Artificial Intelligence to enhance their methods, cybersecurity defences must also advance. In addition, tackling cybercrime requires addressing legal and regulatory challenges, laws and jurisdictional discrepancies to improve prosecution and international cooperation.
The Association of Southeast Asian Nations (ASEAN) has been grappling with a rising tide of cybercrime in recent years. One of the key factors contributing to the growth is the rapid expansion of internet connectivity and digital infrastructure. Some of these expansions were driven by the COVID-19 pandemic, while others are ramifications of ASEAN initiatives such as ASEAN Smart Cities Network, the ASEAN Declaration on Industrial Transformation to Industry 4.0 and the ASEAN Digital Masterplan 2025, all of which are aimed at harnessing digital technologies for regional development, integration, and competitiveness of the region.
As more people obtain access to technology, the attack surface for cybercriminals widens, providing ample opportunities and potential victims for them to launch attacks such as phishing, ransomware, and data breaches. The continued quest for digital transformation in the region will continue the trajectory for cybercrime as connectivity increases.
Cybercrime in Developed and Developing Countries
With ten countries of different cultures and levels of development, the type of cybercrime in each ASEAN Member State can vary. It is not uncommon for cybercrime to evolve in a manner that corresponds to a country’s level of technology use, digital infrastructure, and societal behaviour.
In countries where digital literacy and cyber infrastructure might be nascent, cybercriminals often exploit fundamental security gaps, committing crimes such as phishing, primary financial frauds, or viruses that target individuals and small businesses with limited cybersecurity awareness or resources. Due to less sophisticated digital systems and lower awareness, cybercriminals often find exploiting vulnerabilities in these environments easier.
Cybercrimes tend to be more sophisticated in more developed countries with advanced technological infrastructure and widespread internet usage. The high-level integration of digital technology in sectors such as finance and healthcare can present lucrative opportunities for cybercriminals to commit more technical crimes such as advanced persistent threats, large-scale data breaches, and even corporate espionage. Such environment also presents a more profitable target group of victims, such as international corporations and high-networth individuals, which can attract sophisticated cybercrime syndicates. This can result in a more organised cybercrime ecosystem that includes dark web marketplaces and Cybercrime-as-a-Service model, where cybercriminals provide their technical expertise to paying customers with malicious intent but who lack advanced technical skills.
Social behaviour and citizens’ ability to acquire new skills and technologies can also contribute to the spread of cybercrimes. In countries where e-commerce is highly developed and widely used, there may be a higher incidence of online fraud and identity theft. Conversely, simpler forms of online financial fraud might be more prevalent in countries where digital payment systems are just beginning to gain traction.
Types of Cybercrime across Different ASEAN States
The availability of information on common cybercrimes varies across countries. Although there is no universal definition of what constitutes a “common” cybercrime, it is generally accepted to be determined by the highest number of reported incidents. This understanding is also based on the Singapore Police Force’s Annual Scams and Cybercrime Brief, which provides a statistical breakdown of the “common” types of cybercrime in Singapore.
Table 1 is compiled from open sources, including official documents from government entities, news articles, as well as research and industry reports from the private sector. Many of the keywords have been preserved.
A Key Challenge: Inconsistent Categorisations
While information is limited, it is sufficient for a key observation to be made: inconsistencies in the naming and categorising of cybercrimes across ASEAN, which presents a notable challenge in the collective effort to combat the evolving landscape of cybercrime.
This inconsistency is particularly evident when comparing the portrayal of cybercrimes in public discourse – such as news articles and government reports – to the more detailed classifications provided by private sector entities like cybersecurity and insurance companies. Publicly released information tends to focus on cybercrimes which requires lower levels of technical expertise to execute, such as scams, phishing attacks, and other forms of digital fraud. These cybercrimes directly affect the general population, making them of immediate concern to public authorities and, consequently, more frequently reported in the media.
In contrast, industry reports often adopt a more comprehensive view, acknowledging the full spectrum of cyber threats, including those requiring sophisticated technical knowledge to perpetrate, such as ransomware attacks, hacking, and malware deployment. These incidents, while less common in the daily experiences of most internet users, represent significant risks to the integrity of critical infrastructures, corporate data security, and even national security.
One example of the difference in categorisation is the range of vocabulary and terms used across ASEAN states to refer to the same cybercrime. While the same cybercrimes are happening in different states, they are categorised and referred to differently. For example, Malaysia uses terms such as “419” to mean advance fee scams and “Macau Scam” for phone scam calls where the cybercriminal impersonates a public official. “419” is a reference to Section 419 of the Nigerian Criminal Code, which is related to charges and penalties for fraud cases with the modus operandi involving victims making advance payments before they can receive money. This same type of crime is known in Philippines as the “Nigerian scam”. This is an example of how cybercrimes are not just categorised into types, but also based on the crime’s modus operandi. Another example is “pig-butchering” scams, in which “fraudsters spend months cultivating a relationship with the victims before urging them to invest in bogus investment schemes” (Wong, 2022). Initial contact in “pig-butchering crimes” are usually made through mobile phones and social media platforms, yet Cambodia categories them specifically as “pig-butchering” scams rather than a telephone scam or fraud or deception, which is how Thailand has categorised it, while Singapore classifies it as an investment scam.
Another aspect of variation is the use of “cyber threat” in some situations related to cybercrime. The distinction between what is considered a cybercrime and cyber threat is not merely semantic; it has actual implications on how policymakers, law enforcement, and the cybersecurity community address these issues. Cyber threats encompass a broader category that includes potential risks and vulnerabilities, while cybercrimes are specific illegal activities that exploit these vulnerabilities.
The variance in categorisation can confuse the public, dilute the understanding of cybercrime and cyber risks, and complicate the work of policymakers and researchers. Developing effective countermeasures and policy recommendations becomes more daunting without a unified framework for identifying and classifying cybercrimes. This lack of clarity can hinder accurate data collection, efforts to allocate resources effectively, design targeted awareness campaigns, and implement robust cybersecurity measures.
In addition, the ambiguity in categorisation impacts the ability to identify ownership of cybersecurity issues within governments and organisations. When the boundaries between different types of cyber incidents, cyber threats and cybercrimes are blurred, determining which agency or department is responsible for responding to an incident can become problematic, leading to delays in action or gaps in defence. Recognising patterns in cybercrime helps predict and prevent future attacks, but without precise categorisation, this analytical work will be compromised. This is particularly concerning when considering the potential for cybercrimes to escalate into threats against critical infrastructure and national security. The ability to discern when a cybercrime evolves into a significant threat is crucial for prioritising responses and mobilising appropriate resources.
Cybercrime Legislation in ASEAN
Cybercrime legislation is essential to providing legal frameworks for effectively prosecuting cybercriminals because the subjects of cybercrime – such as data and system integrity – are often not accounted for in traditional criminal law. As cybercrime cases increase and become more varied, the lack of a cybercrime legislation may allow particular criminal activities to fall into legal grey zones. Establishing legal clarity and uniformity is another critical function of cybercrime laws. Legal clarity is not only essential to law enforcement agencies but also for individuals and businesses who want to understand their rights and responsibilities in the digital domain.
Singapore categorises cybercrime into two distinct categories – cyber-dependent and cyberenabled crimes. Cyber-dependent crimes are “offences under the Computer Misuse Act (CMA) in which the computer is a target” (Singapore Police Force, n.d.), while cyber-enabled crimes are “offences in which the computer is used to facilitate the commission of an offence” (Singapore Police Force, n.d.). In July 2023, the Singapore Parliament passed the Online Criminal Harms Act, which “introduces measures to enable authorities to deal more effectively with online activities that are criminal in nature” (Singapore Police Force, n.d.).
An example of a case charged under CMA concerned an individual “involved in laundering over S$30,000 from overseas fraud through his and another’s bank account in Singapore, distributing the proceeds locally” (Singapore Police Force, n.d.). The individual facilitated fraud by relinquishing control of his bank account to receive funds and accessing another individual’s bank account to use it to distribute funds to others in Singapore. The case was charged under the CMA because the individual’s actions involved unauthorised access and misuse of computer systems and bank accounts. By handing over his internet banking credentials and ATM card, he allowed unauthorised access to his bank account. Similarly, accessing another person’s bank account to withdraw money constitutes unauthorised use of computer services. CMA criminalises such acts of unauthorised access, use, or manipulation of computer systems, particularly when they lead to financial crimes including fraud.
While the lack of cybercrime legislation does not mean that ASEAN states are unable to prosecute cybercriminals successfully, there is no assurance that using the existing non-cybercrime legislation will continue to be effective in the long run. This is especially true of emerging and innovative cybercrimes that arise from new technologies or when dealing with cybercriminals who are conscientious enough to study the legislation for potential loopholes to exploit.
CURRENT ASEAN EFFORTS TO COMBAT CYBERCRIME
In 1999, ASEAN established the Senior Officials Meeting on Transnational Crime (SOMTC), and in 2014, the ASEAN Working Group on Cybercrime was started as part of the cybercrime component of the SOMTC’s work programme from 2013 to 2015. In 2017, ASEAN adopted the Declaration to Prevent and Combat Cybercrime, thus reaffirming ASEAN’s commitment to “continue working together in the fight against cybercrime through activities aimed at enhancing each member state’s national framework for cooperation and collaboration in addressing the misuse of cyberspace” (ASEAN, 2017). An ASEAN Regional Computer Emergency Response Team (CERT) was also established in 2022 to “strengthen ASEAN’s overall cybersecurity posture and operational readiness in dealing with the fast-evolving cyber landscape by enabling stronger regional cybersecurity incident response coordination and Critical Information Infrastructure (CII) protection cooperation, including for cross-border CII such as banking and finance, communications, aviation and maritime” (Cybersecurity Agency of Singapore, 2022).
In addition, the INTERPOL Global Complex for Innovation in Singapore is home to the INTERPOL Cyber Capabilities and Capacity Development Project. Funded by the United States Department of State, the project aims to “strengthen the ability of countries in [ASEAN] to combat cybercrime and to work together as a region” (INTERPOL, n.d.). In terms of capacity building which can also contribute towards tackling cybercrime, the ASEAN-Singapore Cybersecurity Centre of Excellence and the ASEANJapan Cybersecurity Capacity Building Centre were set up to build capacities on cyber governance and cyber operations.
Regional Success Stories
Despite the differences and gaps in legislation in member states, there are still success stories from the region. Both Operation Night Fury (2019- 2020) and Operation Goldfish Alpha (2019) saw close collaboration between several ASEAN states under the guidance and coordination of INTERPOL’s ASEAN Cybercrime Operations Desk. Operation Night Fury was an operation against a malware strain targeting e-commerce websites in ASEAN, stealing victims’ personal information and payment details. The Indonesian National Police had turned to the Interpol ASEAN Cybercrime Operations Desk for technical and operational support, culminating in the eventual arrest of three individuals suspected of commanding servers in Indonesia. Unlike Operation Night Fury, Operation Goldfish Alpha was not the result of a technical request from an ASEAN member state. Instead, INTERPOL noticed the rise of cryptojacking (unauthorised use of someone’s device or system to mine cryptocurrency) as a cybercrime and garnered national and law enforcement CERTs from all ten ASEAN states to deal collaboratively with existing technical vulnerabilities in the region.
Despite the two episodes of success mentioned above, it should be noted that the cybercrimes in these two operations impacted several states, it was likely due to the scale or intensity of the crimes that INTERPOL was involved. As a region, ASEAN and member states need to learn and build up their own capabilities and capacities to effectively carry out similar operations collaboratively, even if the crimes are on a smaller scale. In other words, ASEAN states cannot depend only on organisations such as INTERPOL to coordinate collaborative contributions in combating cybercrime. To this end, a regional collaborative framework might be the answer.
A REGIONAL COLLABORATIVE FRAMEWORK
Some have pitched the idea of an ASEAN cybercrime legislation for member states to effectively address legal gaps and ensure comprehensive legal measures against cybercriminals. While it is ideal for such legislation to exist, it is undoubtedly idealistic as ASEAN adheres to its principle of non-interference. Rather than assuming such a Sisyphean task is the only solution, it is more pragmatic and efficient for ASEAN to establish a regional collaborative framework on cybercrime. If drawn up strategically, the framework can serve as a roadmap to assist ASEAN states in playing a role to create an ecosystem in ASEAN that can combat and reduce cybercrimes, regardless of which ASEAN country the crime originated or took place in.
For the regional collaborative framework to be effective, it needs to address the different aspects essential to the prevention and investigation of cybercrimes and prosecution of cybercriminals, and it must be robust enough to support the transnational nature of most cybercrimes. This means that the framework should consist of at least four key pillars to promote information sharing, strengthen coordination among relevant agencies, facilitate the development of consistent cybersecurity policies and regulations across ASEAN states, as well as enhance capacity building for individuals belonging to the law enforcement and prosecutorial communities, including investigators, prosecutors and judges. Through these pillars, ASEAN states can leverage each other’s strengths to protect their domestic and regional digital ecosystems and critical infrastructures more effectively.
It has to be noted that while some aspects of the four pillars are currently already being implemented by individual states, the impact is crippled if there is no systematic regional framework to guide the process. A regional problem can only be resolved through regional coordinated efforts.
Pillar 1: Promote Information Sharing
The first pillar in the collaborative framework should be to promote information sharing and timely exchange of critical information, including threat intelligence, investigation information, and cybercrime data.
Cybercriminals often exploit gaps in information and communication among countries by strategically selecting targets in different jurisdictions. They also use anonymising technologies to conceal their identities and locations, and target victims and nations according to the varying levels of cybersecurity awareness and capabilities among nations. This makes it essential for ASEAN to establish mechanisms that promote and facilitate the sharing of cybercrime-related information.
Information sharing enables quicker threat detection and response as ASEAN states collectively identify ongoing and emerging cybercrimes, the different types of vulnerabilities facilitating these crimes, and the critical points to commence investigations. This reduces the time window for cybercriminals to operate undetected and helps to minimise the potential impact of cybercrimes. Shared information and intelligence can assist in attributing cybercrime to specific threat actors, making it easier to hold them accountable and potentially deter future crimes. Information sharing can also help ensure a constantly updated and renewed collective knowledge base on cybercrime happenings across the ASEAN states to tackle cybercrime effectively.
By fostering a culture of trust and cooperation in sharing information, ASEAN member states can also improve their ability to detect, respond to, and mitigate cyber threats.
Pillar 2: Strengthen Collaboration among Relevant Agencies
To combat the escalating challenge of cybercrime effectively, ASEAN states must strengthen coordination among organisations ranging from law enforcement to prosecutorial agencies. A factor often leading to the success rate of cybercriminals is gaps in jurisdictions. Cybercriminals often operate in a borderless digital realm, which allows them to evade law enforcement by exploiting jurisdictional complexities. This second pillar, which can take the form of Mutual Legal Assistance agreements, will help to ensure that cybercriminals do not escape justice simply by crossing national borders or when they are not acting from the same geographical boundaries as their victims.
The diverse technological infrastructures and expertise levels across states pose both a challenge and an opportunity. Collaboration among law enforcement agencies enables the pooling of resources, investigative leads, sharing of expertise, and access to advanced technology available in the different ASEAN states. This approach can enhance their collective capabilities in responding to, tracking, and apprehending cybercriminals responsible for cyberattacks, from targeting critical infrastructure to online fraud schemes and pig-butchering scams.
For prosecutorial agencies, closer collaboration can harmonise legal frameworks, making it harder for cybercriminals to exploit jurisdictional discrepancies across ASEAN states. An integral component of this collaborative effort could involve establishing specialised networks dedicated to cybercrime enforcement and prosecution. These networks can serve as platforms to facilitate rapid information exchange and coordination of crossborder legal actions.
Pillar 3: Develop Consistent Cybersecurity Policies and Regulations across ASEAN
The diversity of legal frameworks and cybersecurity policies among ASEAN member states can create vulnerabilities and challenges in addressing cyber threats effectively. The third pillar is to facilitate the development of consistent cybersecurity policies and regulations across ASEAN to establish a robust defence against cybercrime. Securing the channels where cybercrime takes place will inevitably reduce cybercrime occurrences.
Consistency in cybersecurity policies can lead to higher standards of cyber hygiene in the region. Uniform adoption of best cybersecurity practices in areas such as advanced threat detection and response capabilities can elevate the region’s overall cybersecurity posture. This alignment would also help address the disparities in cybersecurity awareness and preparedness, ensuring that more developed ASEAN states can assist their less developed counterparts, leading to a collective elevation in cyber defences in the region.
As ASEAN states adopt consistent cybersecurity standards and practices, the region will move towards closing the gaps and vulnerabilities that cybercriminals often exploit. This collective response mitigates the impact of attacks and makes it more challenging for cybercriminals to find easy targets within the region. In addition, it serves as a deterrent to cybercriminals as they become aware of the increased difficulty in breaching a united front. By strengthening the region’s cybersecurity posture, ASEAN can create a more unified, resilient, and secure digital environment that benefits economies, governments, and citizens.
Pillar 4: Enhance Capacity Building for Law Enforcement and Prosecutorial Communities
The effectiveness of combating cybercrime relies heavily on the expertise and capabilities of law enforcement officers, investigators, prosecutors, and judges. Cybercriminals continually adapt their tactics, demanding continuous learning and adaptation from those responsible for maintaining law and order. Capacity building for cybercrime should encompass comprehensive training in digital forensics, cybersecurity investigations, and the prosecution of cybercriminals.
Access to cutting-edge technology, knowledge sharing, and best practices are essential components of such capacity-building efforts. Elevating the skills and knowledge of individuals within the law enforcement and prosecutorial communities can ensure adequate response to cybercrimes, witness protection, gathering of digital evidence and the prosecution of cybercriminals. By promoting international cooperation in capacity building, the region can collectively raise its level of expertise, creating a more secure environment for all and making ASEAN a less attractive region to be targeted by cybercriminals.
Public prosecutors and judges should also be trained to understand the technicalities affecting the confidentiality, integrity, and availability of digital data submitted as forensic evidence. With the rise in cybercrime, the demand for such members of the prosecutorial team will increase. Capacity building for existing prosecutors and judges can be a quick way to ensure the necessary expertise exists in the individual ASEAN state to handle cybercrime cases effectively, resulting in successful prosecution and sentencing.
INITIATIVES FOR PROACTIVE MEASURES
The proposed collaborative framework will no doubt take time to formulate. In the meantime, ASEAN and member states should consider taking on initiatives that can lead to more proactive measures to tackle cybercrime in the region. These initiatives include determining working parameters and baselines, increasing transparency, involving multiple stakeholders, and increasing data collection related to cybercrime.
Determining Working Parameters and Baselines
ASEAN does not have a published list of what it considers to be a cybercrime. The absence of a standardised understanding of cybercrime within ASEAN presents challenges in fostering a unified approach to combatting such crimes across the region.
The United Nations Cybercrime Convention has played a pivotal role in delineating the contours of what constitutes cybercrime on the global stage. During its negotiation, although there was no agreement on a definition of cybercrime, it still successfully identified a range of cyberdependent and cyber-enabled offences. These include egregious acts such as online child sexual exploitation, solicitation, terrorism, arms trafficking, the illegal distribution of counterfeit medicines and medical products, and incitement or coercion to suicide.
Throughout the convention’s negotiation process, the possibility for ASEAN member states to align with or at least recognise their respective nonnegotiable positions in relation to the draft texts was evident. This alignment could facilitate the harmonisation of ASEAN’s cybercrime discourse, accelerating progress towards consensus on critical issues and the adoption of a unified regional stance. Establishing such a consensus is crucial for defining international norms and standards that ASEAN can adopt or adapt to enhance regional cooperation on cybercrime.
Adopting parameters in line with those identified in the convention could serve as a critical step towards achieving regional alignment on the issue of cybercrime. Establishing a shared understanding of what constitutes cybercrime is fundamental not only to developing cohesive policy and enforcement strategies but also to creating reliable mechanisms for data collection and analysis. Such metrics are indispensable for accurately assessing the scope, scale, and evolution of cybercrime within the region.
Increasing Transparency
Transparency in discussions concerning cybercrime within the ASEAN region is pivotal for several reasons, particularly as these dialogues tend to occur in Track 1 meetings – closed-door roundtables, ASEAN Senior Officials Meeting on Transnational Crime, and the ASEAN Working Group on Cybercrime – where there is often minimal to no public disclosure of the proceedings. The lack of public disclosure of the proceedings can potentially obscure critical information and hinder the collaborative efforts of ASEAN and member states.
Transparency can play a pivotal role in enhancing public awareness and understanding of cybercrime issues within the region. By providing accessible information on the nature of cyber threats and the strategies employed to combat them, ASEAN can empower individuals and organisations to take proactive measures to protect themselves online. This heightened public awareness is crucial for building a resilient digital culture that values security and privacy, further bolstering the region’s defences against cybercrime.
In addition, transparency ensures accountability by allowing for the scrutiny of decisions and actions taken by ASEAN bodies dealing with cybercrime. This scrutiny is essential for assessing the impact and efficiency of cybersecurity initiatives, pinpointing weaknesses, and determining where further resources or adjustments are necessary. By making information available on discussions and agreements, ASEAN can engage a broader range of stakeholders in its cybercrime efforts, leveraging expertise, resources, and innovation from across sectors.
Multi-Stakeholder Engagement
Involving multiple stakeholders in combating cybercrime within ASEAN offers an efficient and holistic approach that enhances understanding of the complex factors contributing to cyber threats in the region. This inclusive strategy ensures that policies and initiatives to counteract cybercrime are comprehensive and deeply rooted in an authentic understanding of the challenges and dynamics at play on the ground. By integrating perspectives from various sectors, these efforts can more effectively address cybercrime.
The value of multi-stakeholder engagement is particularly pronounced in ASEAN, a region marked by a rich tapestry of cultures, economies, and levels of digital maturity. Such diversity demands a nuanced approach to cybersecurity, capable of accommodating and respecting the unique characteristics of each member state while also harnessing domestic cultural strengths. This ensures that regional initiatives are inclusive and adaptive to local contexts and effectively leverage each country’s intrinsic capabilities and insights to combat cyber threats more effectively.
Civil society organisations play a crucial role in this ecosystem by providing a grassroots perspective that sheds light on the societal impacts of cybercrime and the common traits of vulnerable victims. Academics enrich this dialogue by offering rigorous analysis and forward-looking insights into the effectiveness of policy measures and their potential impact on cybercrime, national security, and economic stability. Through research and scholarship, they help anticipate future challenges and opportunities, guiding policy and strategy with evidence-based recommendations. Private companies, especially those in the technology and cybersecurity sectors, bring their first-hand knowledge of the latest threats and their investment in cutting-edge security solutions to the table.
Increasing data collection
The importance of data in policymaking cannot be underestimated. As illustrated earlier in this article, the lack of data on cybercrime can be an impediment to the fight against cybercrime. Clear statistics provide the evidence base for developing targeted and effective policies and guide decisions on allocating resources more efficiently. Robust collection of data and strategic use of statistics can provide a quantitative foundation to understand the scope and nature of cybercrime in the region. This involves tracking the frequency, types, and targets of cybercrimes. On top of being instrumental in identifying trends and patterns, the data and statistics collected can be used for developing predictive analysis and pre-emptive measures. For example, a surge of pig-butchering scam cases in the region can be a strong reason for countries with rising wealth to direct resources and prompt more focused investigations and cybersecurity training for the financial industry.
With data and statistics on hand, data analytics can also be used to identify patterns consistent with cybercriminal activities. Anomaly detection algorithms can be utilised to flag activities that deviate from usual behaviour, which is often indicative of cybercrime. It can also be used to predict future trends and the demographics of potential victims. Advanced data analytics can be utilised to monitor and analyse cybercrime marketplaces on the dark web.
Enhancing data collection requires a coordinated effort across ASEAN. Part of the efforts might involve developing a common framework for classifying and reporting different types of cybercrimes to ensure comparability and reliability in the standardisation of data reported. Furthermore, varying levels of technological advancement across the region might pose a challenge to uniform data collection and analysis. Despite this, member states and ASEAN need to devise an effective way of collecting data related to cybercrime to tackle cybercrime preemptively and proactively.
CONCLUSION
As ASEAN continues to evolve digitally, cybercrime will continue to be a battle the region has to fight. Effective ways to combat cybercrime will demand a collaborative and proactive response. The need for robust cybercrime legislation, enhanced regional cooperation, and increased investment in cybersecurity infrastructure has never been more critical. ASEAN member states must start prioritising digital defence mechanisms, foster a culture of cyber awareness, and engage in continuous dialogue and information sharing. The fight against cybercrime in ASEAN is not just about protecting digital assets; it’s about safeguarding the region’s future, economic stability, and the security of its citizens. As ASEAN stands at the pivotal moment of digital innovation and regional progress, its commitment to combating cybercrime will be crucial in shaping a secure, resilient, and prosperous digital landscape for all its members.
REFERENCES
ASEAN. (2017). Declaration to Prevent and Combat Cybercrime. ASEAN. Retrieved from https://asean.org
Chang, L. Y. C. (2017). Cybercrime and Cyber Security in ASEAN. In Comparative Criminology in Asia (pp. 135–148). Springer International Publishing. https://doi.org/10.1007/978-3-319-54942-2_10
Cyber Security Agency of Singapore. (2021, Oct 6). ASEAN-Singapore Cybersecurity Centre of Excellence. Cyber Security Agency of Singapore. Retrieved from https://www.csa.gov.sg
Cyber Security Agency of Singapore. (2022, Oct 20). Establishment of ASEAN Regional Computer Emergency Response Team (CERT). Cyber Security Agency of Singapore. Retrieved from https://www.csa.gov.sg Department of Justice. (n.d.). Primer on Cybercrime.
Department of Justice, Philippines. Retrieved from https://www. doj.gov.ph
Hypernet. (2023, March 11). There are 5 Types of Cybercrime in Indonesia. Hypernet. Retrieved from https://www. hypernet.co.id
Huang, Helena Yixin. (2024, Jan 16). UN Cybercrime Convention: Relevance to ASEAN. RSIS Commentaries Series. Retrieved from https://www.rsis.edu.sg
INTERPOL. (2021, n.d.) ASEAN Cyberthreat Assessment 2020: Key Insights from the ASEAN Cybercrime Operations Desk. INTERPOL. Retrieved from https://asean.org
INTERPOL. (2021, n.d.) National Cybercrime Strategy Guidebook. INTERPOL. Retrieved from https://www.interpol.int
INTERPOL. (n.d.) ASEAN Cybercrime Operations Desk. INTERPOL. Retrieved from https://www.interpol.int
Muharram, Sitti Syamsiar Binti & Suhaimi, Mohd. Zuhairizan & Marcus, Markrandy. (2022). Cybercrimes in Malaysia. Journal of Education and Social Sciences, 22(1), 34-38. MyGovernment. (n.n.). General Information. MyGovernment. Retrieved from https://www.malaysia.gov.my/
Philippine National Police. (2013). Cybercrime Threat Landscape in the Philippines. Philippine National Police, AntiCybercrime Group. Retrieved from https://acg.pnp.gov.ph
Pratama, Yoga & Sakti, Krisna Indra & Setyadi, Firmawan & Ibrahim, Nur Ahmad Azi & Nur, Ali Mukti. (2022). Cybercrime”: The Phenomenon of Crime through the Internet in Indonesia. International Conference Restructuring and Transforming Law, 1(1), 294-301.
Podkul, Cezary. (2023, Oct 5). Southeast Asian Casinos Emerge as Major Enablers of Global Cybercrime. Propublica. Retrieved from https://www.propublica.org
Serena in Insurance. (2023, July 7). Cybercrime in Thailand: Current Trends and Solutions. Pacific Prime Thailand. Retrieved from www.pacificprime.co.th
Sim, Dewey & Dhillon, Amrit & Azmi, Hadi. (2022, Jan 26). From OCBC phishing to the ‘Macau scam’, how cyber criminals from Singapore and Hong Kong to Malaysia and India stay one step ahead of the banks. South China Morning Post. Retrieved from https://www.scmp.com
Singapore Police Force. (n.d.) Introduction to OCHA. Singapore Police Force. Retrieved from https://www.police.gov.sg
Singapore Police Force. (n.d.) Cybercrime. Singapore Police Force. Retrieved from https://www.police.gov.sg
Singapore Police Force. (2024, Feb 18). Annual Scams and Cybercrime Brief 2023. Singapore Police Force. Retrieved from https://www.police.gov.sg
Singapore Police Force. (n.d.) Man to be Charged for Money Laundering and Computer Misuse Act Offences. Singapore Police Force. Retrieved from https://www.police.gov.sg
Turton, Shaun. (2021, Sep 1). Cyber slavery: Inside Cambodia’s online scam gangs. Nikkei Asia. Retrieved from https://asia.nikkei.com
United Nations. (2023, Sep 2). Draft text of convention. United Nations. Retrieved from https://www.unodc.org
Vietnam’s cyberspace: fertile land for financial crime. (2022, Oct 19). Vietnamnet Global. Retrieved from https:// vietnamnet.vn/en
Wong, Shiying. (2022, Feb 20). The pig-butchering scam: Con artists who come for your heart and wallet. The Straits Times. Retrieved from https://www.straitstimes.com
Yip, Christy & Grosse, Sara. (2023, Oct 23). Every day, half a million malware apps are created for scamming. Who’s behind them?. Channel News Asia. Retrieved from https://www.channelnewsasia.com