Police Inspected Telecom Firms’ Routers, Records

December 9, 2014
Police investigators in October visited the headquarters of mobile telephone and Internet service providers operating in Cambodia to examine their routers and other equipment, and to look at the companies’ billing records and data logs, according to documents obtained last month and an interview with a senior police official.
In a letter dated October 7, Mao Chakrya, the director of the Telecommunication Regulator of Cambodia (TRC), ordered all phone and Internet providers to open their doors to investigators from the Interior Ministry’s internal security department, so they could “study in detail the technical equipment of all the operators.”
The letter instructed the providers to prepare documents in advance for the police investigator to examine, including billing information and data logs. Providers were also told to make their own technicians available for questioning by the internal security department, and to provide access to key components of their networks—through which private user information could be collected.
In some cases, the letter was accompanied by a 25-page questionnaire that requested detailed information about a company’s network infrastructure.
The Files
• The TRC’s letter to mobile operators and Internet service providers (Khmer)
• The TRC’s letter to mobile operators and Internet service providers (English)
• The fixed Internet investigation form (English)
Mr. Chakrya said Monday he was out of the country and declined to comment, but Chhay Sinarith, the director of the Interior Ministry’s internal security department, confirmed last week that the inspections had taken place.
Lieutenant General Sinarith said the operation was launched to target scammers who use Voice over Internet Protocol, or VoIP, to carry out online fraud schemes. Scores of Chinese, Taiwanese and South Korean nationals have been arrested in Cambodia in recent years for running VoIP scams to defraud victims in their home countries.
“We checked VoIP because in previous instances, Internet crime was usually committed by Chinese nationals in order to extort money,” he said. “We want to know the methods these groups are using.”
Lt. Gen. Sinarith claimed the inspections were carried out to enforce a 2012 inter-ministerial directive, which notes the use of mobile phones, VoIP and the Internet by individuals “committing terrorist activities, cross-border crimes, robberies, kidnappings, murders, drug trafficking, human trafficking” and “economic offenses.”
He said the government had no intention of delving further into user data or other information that could potentially be retrieved from its inspection of company networks.
“What we do is based on the law. We cannot detect or listen to private conversations because it would violate the privacy of the individual,” he said.
Executives at two telecommunications firms, speaking on condition of anonymity, confirmed that government investigators had visited their headquarters in October to conduct the inspections, although they declined to go into detail about what equipment was examined.
The October 7 letter ordering companies to submit to inspections came just four days after Deputy Prime Minister Sok An signed into effect the Cyber War Team, a government unit tasked with monitoring the Internet and social media in order to “protect the government’s stance and prestige.”
Mark Rasch, the former head of the U.S. Department of Justice’s computer crime unit and a vice president of U.S. intelligence contractor Science Applications International Corporation, said inspecting network equipment was a legitimate way to root out VoIP syndicates, but could also give the government the information needed to monitor a network.
These inspections, he said, are like probing the locks on a door. They could help make sure the locks are secure, but could also provide information that would allow the locks to be picked in the future.
“What makes this somewhat troubling is that the law enforcement or intelligence agencies can, and likely will, collect information on their own,” he said. “What you need is assurances from the government that they’re not.”
“It’s a delicate balance in the national security arena between the telcos to be secure from adversary attacks and for them to be vulnerable to attacks—even by their own government.”