The widespread corruption scandals involving misappropriation, theft, and embezzlement of billions in public funds, once rampant in highway infrastructure projects in the country, now appear to have shifted towards digital communication systems the so-called “information superhighway.
The Police said there is a growing problem of cyber-enabled crimes in the country’s digital landscape. These cybercrimes, often involving foreign criminals, typically focus on making illegal money transfers from local account holders to offshore accounts. This escalating issue highlights the vulnerability of financial systems in the face of sophisticated cybercriminal networks.
According to Police Media Spokesman DIG Nihal Thalduwa, cyber criminals are not only preying on ordinary citizens but increasingly targeting professionals. “Many victims of these cyber scams are professionals,” said DIG Thalduwa, “Many victims of these cyber scams are professionals.”
Recent data misuse scandals have led many social networks to further tighten their access restrictions. It’s unclear whether these measures are primarily for user protection or a strategic response to concerns about Government surveillance. Tech giants such as Apple, Google, Microsoft, and Facebook recently positioned themselves as defenders of user privacy by publicly denying Government data requests, creating a media spectacle around their commitment to safeguarding user information.
Officials of the Criminal Investigation Department (CID) and the Sri Lankan Computer Emergency Readiness Team (CERT) Coordination Centre reported a steady rise annually in cybercrime incidents. A significant proportion of cases reported to CERT are linked to social networks, highlighting the challenges of collecting reliable evidence against suspects in these platforms.
Despite consistent warnings from banks and financial institutions through official websites and phone alerts, advising customers not to fall for scams—such as fraudulent messages claiming lottery wins that need a processing fee or instructions not to share their one-time passcode (OTP)—hackers continue to succeed in deceiving people. They use advanced technologies and sophisticated software to bypass security defences, gain access to bank accounts, and transfer funds overseas.
When the illegal transactions are completed, it becomes almost impossible to trace the criminals or the tools they used, as they disappear without a trace from their computers that have been seized, said DIG Thalduwa. These fraudulent activities involve funds amounting to millions of rupees.
Range of tactics
Cybercriminals employ a range of tactics, such as phishing messages claiming fake lottery wins or requesting sensitive information such as one-time passcodes (OTPs), to deceive victims. Using advanced technology, hackers bypass security systems and transfer money to their overseas accounts.
To address the escalating threat, the police have called for international cooperation and the rapid exchange of information. An example of such collaboration came when a team of ten Chinese law enforcement officials arrived in Sri Lanka recently to assist the Police to tackle cybercrime. Their visit followed a diplomatic request from the CID as the country grapples with cybercriminals, many of whom are particularly foreign nationals.
The CID is working to enhance the country’s legal framework to better tackle cybercrime. In a bid to strengthen its position, the CID aims to synchronise its efforts with international agencies such as Interpol, Europol, and the Council of Europe. However, significant challenges still persist.
In an ongoing crack down, the police made a significant breakthrough last Wednesday, and took in for questioning 20 Chinese nationals suspected of orchestrating online financial scams.
The suspects, who had been staying at a hotel in Panadura for a monthly rent of Rs. 2 million, were found in possession of hundreds of mobile phones, laptops, and other electronic devices linked to cyber-enabled fraud schemes. They are currently in remand pending further investigation.
Messaging platforms
As digitalisation continues to grow, cybercriminals are finding new ways to exploit vulnerabilities in the system.
They are increasingly using online services such as remote account openings, which help them to create foreign accounts and move stolen funds at near-instantaneous speeds. Social media and messaging platforms have also become tools for recruiting money mules across different countries.
An official of the TechCERT, Sri Lanka’s Computer Emergency Response Team at the Moratuwa University, reported that they receive at least one complaint a week regarding stolen IDs, PIN number thefts, or computer attacks. Cybercriminals are now targeting younger, more unsuspecting people through online ads that lead them into money laundering schemes, often without their knowledge.
Several challenges
The CID is making strides in synchronising its efforts with international law enforcement agencies such as Interpol and Europol. However, the battle against cybercrime is far from straightforward. The CID faces several challenges, including a lack of technical resources, reluctance from major tech companies such as Facebook and Google to assist in investigations, and inadequate funding for advanced cyber security equipment.
There are four main types of cybercriminals identified by the CID: black hat hackers, cyberstalkers, cyber terrorists, and scammers. Black hat hackers, in particular, pose a significant threat as they break into networks with malicious intent, often stealing sensitive information such as credit card numbers and passwords.
Cyberstalkers, on the other hand, use electronic means to harass people or organisations, while cyber terrorists threaten the nation’s critical infrastructure, including water, gas, and financial systems. Scammers operate through fraudulent emails, websites, and social media accounts, tricking victims into handing over their money.
The growing threat of cybercrime in Sri Lanka requires both national and international efforts to stay ahead of the rapidly evolving tactics of cybercriminals. Law enforcement must continue to strengthen partnerships with global agencies, while also securing the necessary resources and technology to combat these crimes effectively.
The stakes are high, as failure to do so could help cybercriminals to further exploit the country’s financial and digital systems, leaving both citizens and professionals vulnerable to significant financial losses.
As Sri Lanka navigates the complex digital age, combatting cybercrime has become a priority, with authorities urging swift and decisive action to protect the nation’s financial infrastructure from further attacks.
