Cross-Border Crimes Such as Terrorism and Cybercrime
International Police Cooperation Essential for Joint Response
Joint investigation team of Korean, American, and Ukrainian police conducting a search and seizure at the residence of the suspect in the 'Klop Ransomware' case. [Photo by National Police Agency]
[Asia Economy Reporter Lee Gwan-ju] #. Recently, in the Philippines, A, a former police officer and the mastermind of the original voice phishing (telephone financial fraud) organization led by 'Team Leader Kim Mi-young,' was captured by the police after nine years on the run. The biggest driving force behind A's arrest was the persistent pursuit by the police along with organic cooperation with local law enforcement agencies through the 'Korean Desk' established in the Philippines.
The Korean Desk continuously worked with local informants to gather intelligence and confirmed that the mastermind A was residing about 400 km southeast of Manila. Although A was meticulously evading capture using two aliases, the Korean Desk tracked A's movements through a two-week stakeout and, on the afternoon of the 4th (local time) at around 3:30 PM, apprehended A together with Philippine investigative agencies.
The National Police Agency has been dispatching the Korean Desk to the Philippines since 2012 to cooperate in the capture and extradition of fugitives abroad and to investigate serious crimes against Koreans. Currently, seven police officers are working at the Philippine Korean Desk.
The achievements of the Philippine Korean Desk are truly remarkable. During the Chuseok holiday last month, they succeeded in arresting the operator of 'Night War,' the largest domestic prostitution brokerage site, and the mastermind of an illegal online gambling site worth 1.3 trillion won. Continuous intelligence gathering and pursuit over more than two years ultimately led to these arrests. Furthermore, since the dispatch of the Philippine Korean Desk, the annual average number of Koreans killed locally, which was about 10 per year from 2013 to 2016, has decreased to about 2 per year from 2017 to 2020.
Team Leader Kim Mi-young's organization leader Mr. A, arrested in the Philippines. [Photo by National Police Agency]
#. The background behind the indictment of four people, including the money laundering mastermind of an international criminal organization that distributed the 'Clop ransomware,' which paralyzed computer system files by changing their extensions to 'clop' and then held them hostage for ransom, involved cooperative investigations among Korea, the United States, Ukraine, and the International Criminal Police Organization (ICPO/Interpol).
They are accused of distributing Clop ransomware to four domestic universities and companies in February 2019, encrypting 720 major systems where information assets related to academic operations, manufacturing and distribution, and facility design were stored and operated, causing disruptions, and then extorting 65 bitcoins (410 million won, approximately 4.5 billion won at current market prices) as ransom to decrypt the systems.
Immediately after the incident, the Korean police conducted over 80 international cooperation sessions with 20 countries based on analysis of the distributed malware, intrusion and remote control attack tools, and network intrusion methods, tracking clues such as emails and control/distribution servers. Notably, the joint investigation by Korea, the U.S., and Ukraine conducted over 15 days from June 11 to 25 this year in Ukraine was the highlight. More than 80 investigators from the three countries searched 21 locations, including the residences of three suspects identified by Korean police and three related persons confirmed by Ukrainian police, and conducted arrests and interrogations together. The evidence seized during the searches included about 60 items such as mobile phones, laptops, and cash.
Alongside this, the Korean police, together with Interpol, promoted 'Cyclone,' a joint operation to capture the Clop ransomware criminal organization and prevent further damage. Cyclone is a portmanteau of 'cyber' and 'clone.' This operation involved 16 countries including Interpol, Europol, Korea, the U.S., Canada, Australia, Italy, Sweden, Portugal, Belgium, Bosnia, France, the Netherlands, Spain, Germany, the U.K., Croatia, and Ukraine. Participating countries shared ransomware-related information and investigative techniques through video conferences and other means, making joint efforts for coordinated responses.
The message displayed on the site when the dark web child and adolescent sexual exploitation material site "Welcome to Video" was shut down in 2019. Flags of various countries, including South Korea, that participated in the joint investigation, along with law enforcement agencies, are listed.
'Strengthening International Cooperation' by the Police Is Now Not a Choice but a Necessity
Such international cooperation has become no longer a choice but a 'necessity.' As crime patterns globalize, crimes that cannot be addressed by the law enforcement power of a single country alone are increasing. As seen in the Clop ransomware case, cybercrime has long crossed national borders. A representative example is when the Korean police arrested operator Son Jeong-min (25) during the shutdown of the world's largest dark web child and youth sexual exploitation site 'Welcome to Video (W2V)' in 2019, which led to cooperation among 32 countries and the arrest of 310 users in total.
Moreover, cross-border cooperation is continuously required in various fields such as telephone financial fraud mainly operating overseas bases, counterterrorism threats, drug crimes, and the capture of fugitives abroad. In fact, the number of fugitives abroad has steadily increased from 528 cases in 2017 to 579 in 2018, 927 in 2019, and 943 last year.
The necessity for international cooperation is expected to grow further. The Korean police are already conducting various activities to strengthen international cooperation. These include official development assistance (ODA) in the security sector targeting major countries and cooperation with local investigative agencies through police attach?s dispatched to overseas missions. Such security cooperation does not end with simply capturing criminals but can extend to protecting overseas nationals and fostering the domestic security industry.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
