- By Shin Min
The Myanmar Police Force now investigates cases of stolen Facebook accounts used to extort money and discredit the original owners. The following is an interview with Police Colonel Nyunt Wai, head of the Cyber Crime Department, on this new service.
Q: Can you tell us how the Myanmar Police Force addresses Facebook identity theft? And how many reports have there been so far?
A: There are two types of extortion through Facebook. The first type is where they hack your account and asks your friends for money. They may say they are short on cash or their car broke down while posing as you. They’ll ask your friends to transfer money and promise to repay later. It’s hard to find the perpetrator in this scenario.
The other kind is where they befriend you through Facebook’s Messenger and ask you to save up money after gaining your trust. They will eventually swindle that savings. The victim and culprit usually know each other pretty well in this scenario.
You can file a complaint at the nearest police station for this type of swindling. It falls under Section 420 of the Penal Code. But the Cyber Crime Department needs to provide their remarks to the court in order for evidence to be considered valid.
However, if we’re talking about the hacker scenario, then we can’t know who the culprit is. We try to recover the accounts with all the personal data we can get.
If we can’t get enough we have to take down the account because the hackers are ceaselessly borrowing money from the friends in that account. Your friends need to tag you in a post saying hackers are swindling them while masquerading as you.
Sometimes we can’t take down the account so we have to contact the Facebook Team and request them to shut down that account. The team cooperates if the situation is true and gets it done in one or two days.
As to how many reports we receive, they don’t open cases for hackers asking for money through Messenger. The case is important but we don’t know who the culprits are and we police can’t handle it effectively given the circumstances. So, we post updates on the Ministry of Home Affairs’ websites and on the Ye Zarni Page.
What you should do is call 199 and ask to be put forward to the Criminal Investigation Department (CID). Now, swindling online savings began around 2018 and we have handled about 80 cases to date.
Q: There have also been cases of the Facebook accounts of famous being held for ransom. How do you handle that?
A: This is blackmailing. It’s hard to open a case at the police station since the culprit’s identity is hidden. The best way we can help is to guide them in setting up preventive measures. There have been instances of people having their personal accounts on Facebook stolen between 2018 to 2019.
We’ve found that this has less to do with the expertise of the hacker and more due to carelessness on the part of the owners. For example, some people set up passwords that are very easy to guess like their birthdates, having the same word for their username and password, their hometown, or just a string of 12345. This is very easy for hackers to exploit.
People also fall prey to accounts on sale that have generated more than a hundred thousand likes or so. They buy these accounts at cheap prices but may neglect to change the passwords. This leads to them being exploited.
Another instance is where the hackers get close to famous artists and monks and offer technological assistance and open up accounts for them. They wait for the user to make a mistake and then sell the password to another hacker.
Some abbots misplaced their trust in their disciples who open up accounts for them and use the abbot’s image to ask for money from people in his friend list, most of who may be donors or laymen.
And then there are mobile phone stores where the employees open accounts for the buyers but write down the password and steal pictures, videos and other information from the buyer later.
Some people open new accounts and forget about the old one. But they should remember their old accounts still has their friends in the list. Hackers will try every means to get into those old accounts and contact your friends through Messenger.
Unfortunately, this happens often so people must learn to open Facebook accounts by themselves and how to change passwords. The passwords must also have a combination of letters, numbers and symbols to make it harder to decrypt.
Remember to put in two factor authentication codes and monitor login activities regularly. Also, keep your private information to the ‘only me’ setting and turn on notifications for login attempts. Keep your passwords to yourself too. This will make your account safer.
Only tell your password to someone you trust the most and it’s a good idea to change your password once every three months. Some people change passwords once a month. Also make sure to properly deactivate your account if you don’t plan to use it anymore.
We want the people to know that we are offering assistance for identity theft. The victims rarely come report a case themselves. It’s usually someone close to them that comes reports to us.
Q: To what extent can the Myanmar Police Force assist people who have been disgraced or humiliated on social media? What do people need to provide when reporting a case?
A: Police stations and investigators ask CID for remarks. We scrutinize the case to see if it’s a cybercrime. In some cases, the culprit doesn’t hand over the evidence but signs a confession instead. This is sent to court. Some culprits hand over a different phone, one that doesn’t have the information we need. We try our best to resolve cases like this. If necessary, we send it paired with the handphone from the witness with our remarks.
After all that, the verdict is for the judge to make. Some people may delete evidence from their accounts so, we track down the material on YouTube and in accounts that were shared to.
If you want to open a case to us, you need take screenshots of the post, video, photo or comment that is damaging you and submit it to us as evidence.
It can be difficult to get the handphones of the culprit. Some destroy it by dropping it in water or smashing it apart. What you can do in this case is submit the handphone of someone the court can trust and contains the same evidence.
Q: How does the Facebook Team help with this?
A: They have their 22 Community Standards. If the reported content falls into one of those standards then then take down that account. If sexual abuse is involved, then they may give the location of the scene of the incident if you request with sufficient proof.
Q: Do you have anything else you want to say to the readers?
A: I wish to inform the public to learn how to properly use social media, the apps and manage their own passwords and security. We would like to request government organizations and financial services, like Ok Dollar and Wave, NGOs and tech agencies in Myanmar to cooperate with us when we need their assistance.
(Translated by Pen Dali)