Hong Kong Customs: equipped to tackle cybercrimeBy Guy Fong, Head of Intellectual Property Investigation (Operations), Hong Kong Customs
The rapid development of the Internet in the past decade has drastically and positively changed every aspect of our lives. People, in almost all cities across the world, are today virtually connected with each 24/7. But thanks to its speed, expediency and anonymity, internet-based technology has also become one of the key facilitators for a vast range of criminal activities, many falling within the remit of Customs enforcement actions, including the trade in counterfeit products, goods subject to prohibitions and restrictions, and the smuggling of excisable goods, such as cigarettes and alcohol.
Many countries have set up specialized units to combat internet-linked crime known as e-crime or cybercrime. These teams trawl the Web for information which might be of use in preventing, detecting, investigating, and prosecuting a Customs-related offence. This article looks at the way Hong Kong Customs has equipped itself to tackle cybercrime, and more specifically infringements of intellectual property rights (IPR) on the internet.
In 2000, Hong Kong Customs faced an upsurge in cybercrime cases. Huge amounts of digital data were found stored in computers seized at crime scenes, and this data needed to be recovered and analysed.
Hong Kong Customs responded to this situation by establishing three specialized establishments: the Anti-Piracy Investigation Teams (AIPTs); the Computer Analysis and Response Team (CART); and the Computer Forensic Laboratory (CFL). These establishments prominently enhanced Customs’ enforcement capability, as well as the credibility of digital evidence presented to the courts.
In 2013, the set-up of an Electronic Crime Investigation Centre (ECIC) further strengthened Hong Kong Customs’ capacity to detect infringements on the internet, especially when it comes to IPR, by pooling its knowledge on the trends that had come to the fore in the use of the technology, by transferring skills and knowledge, and by developing automatic monitoring systems.
Officers working at the ECIC were recruited among thousands of Customs staff according to strict selection criteria. Most of them possess a university degree in information technology (IT) or computer science, and all showed a keen interest in undertaking digital forensic or cyber investigation work.
When there is a need to recruit new members for the ECIC teams, Hong Kong Customs’ human resource department will examine the profile of serving officers and shortlist suitable ones for consideration by the section heads concerned. Recruited members are given professional training by academic institutions, vendors of forensic technologies and, on occasion, other enforcement counterparts be they local or from overseas.
AIPTs are tasked to detect and crack down on infringing activities in cyber space. They are equipped with the latest investigative tools to proactively search the internet, as well as to hide their identity when carrying out covert communications online.
Upon the request of frontline officers, members of CART will be summoned to the scene of a crime to render technical assistance in preserving and collecting digital evidence. All CART members have to undergo professional training on computer forensics in local and overseas academic institutes before taking up their posts.
CFL provides professional analysis and forensic examinations on digital evidence acquired by CART and frontline investigators. It is equipped with the latest IT forensic examination software and hardware facilities, and all the forensic examiners at CFL are qualified to testify as expert witnesses in courts of law.
The ECIC focuses on conducting research on how criminals are making use of the latest technology to commit cybercrimes, and shares the research results with frontline officers. In response to internet piracy crimes in particular, the ECIC formulates new methodologies for cyber investigations and digital evidence management. In addition, the ECIC also provides training to the frontline officers on new guidelines and procedures developed to tackle latest crime modus operandi, in order to upkeep their knowledge and skills in cybercrime investigations.
Making use of technology
Manual monitoring of the internet is not effective and efficient. Hong Kong Customs adopted the approach of using technology to fight technology. The ECIC cooperated with the University of Hong Kong to develop a series of automatic monitoring systems dedicated to tackling cyber IPR crimes on different platforms.
Until 2015, three monitoring systems running round the clock had been developed: (1) to track file sharing activities through the Bit Torrent protocol; (2) to monitor activities at internet auction sites selling IPR infringing goods; and (3) to monitor infringing activities through cyberlockers (online data hosting services). Upon detecting suspicious activities, these monitoring systems trigger alerts and notify officers that follow-up actions are necessary.
In late 2014, Customs observed that online counterfeiting activities had migrated from auction sites to social networking platforms. So, in early 2015, the ECIC developed another monitoring system, known as SocNet, which automatically monitors online counterfeiting activities on major social networking platforms.
SocNet generates alerts to Customs officers for follow-up actions when certain criteria are matched on the one hand, and automatically preserves the posting as evidence on the other. The implementation of SocNet enables about 4,000 social platform accounts to be screened every day – a 20-time increase in comparison with the past. The system also enabled Customs to extend its scope of enforcement without increasing its manpower.
As explained earlier, the ECIC provides training on a wide range of aspects ranging from cyber investigation techniques, to handling and preservation of digital evidence, and to hands-on exercise of tackling different technology crime scenarios. It also offers tailor-made courses for other government departments, legal professionals, and Customs’ overseas counterparts.
In August 2013, Hong Kong Customs organized a three-day WCO Workshop on Computer Forensics for countries in the Asia/Pacific region. Thirty-four participants from 25 Customs administrations attended the event which aimed to enhance their capabilities in combatting technology crimes. The ECIC also organized about 60 various training sessions for different parties or groups in 2014 and 2015.
Hong Kong Customs has also engaged with leading overseas law enforcement agencies to share expertise and knowledge on fighting cybercrime. In March 2016, the ECIC and the Cyber Crimes Center (C3) of Homeland Security Investigations (HSI) of the United States organized a five-day workshop on cybercrime investigation in Hong Kong, to keep our investigators abreast of the latest tools and techniques in cyber investigation.