Military pushes proposal to amend 'weak' anti-terrorism law

JC Gotinga
Published 11:42 PM, August 15, 2019

Updated 11:42 PM, August 15, 2019

The Armed Forces of the Philippines calls for more drastic powers against terror
suspects as Congress moves forward with amending the Human Security Act of 2007

TOUGHER LAW. AFP Spokeperson BGEN. Edgar Arevalo at a press briefing at Camp
Aguinaldo on Thursday, November 29, 2018. File photo by Darren Langit/Rappler

MANILA, Philippines – The military wants a tougher law against terrorism, and it
reiterated its support for a proposal to amend the Human Security Act that could allow it
to take more drastic action against terror suspects.

"We need this badly for us to be able to deter terrorism," Armed Forces of the
Philippines (AFP) spokesperson Brigadier General Edgard Arevalo told reporters on
Thursday, August 15.

Top of mind for the military is to remove a P500,000-fine for every day they detain a
terror suspect who eventually gets acquitted by a judicial court.

They want to be able to detain terror suspects without an arrest warrant for 30 days
instead of just 3, to give them more time to gather evidence and build cases to "secure
convictions."

The Human Security Act of 2007 only allows groups, not individual persons, to be
officially identified as terrorists. Arevalo said it should also be possible to tag individuals
as terrorists based on their own offenses, whether or not they are linked to known terror
groups.

"Glorifying" and "inciting" terrorism in public or on social media should also be

penalized, Arevalo said, as well as recruiting members and providing "material support"
to terrorists.

The current version of the law makes it difficult for the police and military to prosecute
terror suspects, and is "more restrictive than empowering to security forces," Arevalo
added.

The Senate on Tuesday, August 13, reopened deliberations on proposals to amend the
Human Security Act of 2017.
The provisions lawmakers look to revise are similar to what the AFP has suggested,
although Defense Secretary Delfin Lorenzana has pushed for 60 days of warrantless
detention of suspected terrorists.

Senators Panfilo Lacson, Imee Marcos, and Senate President Vicente Sotto III have
each filed a version of the amended measure, with different provisions on the length of
warrantless detention and authorized wiretapping of suspects, but all 3 do away with the
P500,000-daily fine on detaining suspects who get acquitted of terror charges.

Three instances of suicide bombings in parts of Mindanao between July 2018 and June
2019, including one carried out by a Filipino, show that terrorism is an increasingly
insidious threat to the country, Arevalo said, and it calls for a more stringent law.

"We are facing an exceptional risk to our security, that's why we require an uncommon
solution," the military spokesman said, addressing concerns that the proposed
amendments may infringe suspects' constitutional rights.

"We understand the apprehensions of our people especially on issues of human rights
but we assure our people that your Armed Forces is a professional institution that
adheres to the tenets of human rights and international law…. Trust your AFP," Arevalo
said. – Rappler.com
Terrorism
Terrorists are very likely to try to carry out attacks in the Philippines.

UK Counter Terrorism Policing has information and advice on staying safe abroad and what to
do in the event of a terrorist attack. Find out more about the global threat from terrorism.

Terrorist groups continue to plan attacks and have the capacity and the intent to carry out
attacks at any time and anywhere in the country, including in the capital Manila and in places
visited by foreigners, such as airports, shopping malls, public transport, including the metro
system and places of worship. Attacks have been carried out using improvised explosive
devices and small arms.

On 27 January 2019, at least 27 people were killed and many more injured as a result of bomb
attacks at a Roman Catholic cathedral on Jolo Island in Sulu Province.

On 31 December 2018 an IED exploded at the entrance to the South Seas shopping mall in
Cotabato City. Local authorities have confirmed at least 2 dead and many more wounded.
Another IED was found at the same shopping mall with authorities carrying out a controlled
explosion. The FCO continues to advise against all travel to Cotabato City and much of
Mindanao.

A vehicle based IED exploded at a checkpoint in Lamitan City on the island of Basilan in
Western Mindanao on 31 July 2018 causing a number of fatalities.

Explosions occurred in the Quiapo area of Manila on 28 April and 6 May 2017, resulting in
fatalities. The motive for these attacks remains unclear.

On 28 November 2016, an improvised explosive device was found close to the US embassy in
Manila. The device was made safe by police. Explosions at a boxing match in Hilongos, Leyte
(Visayas) injured over 30 people on 28 December 2016.

There are several terrorist groups operating in the Philippines that continue to pose a threat.
These groups include: New People’s Army (NPA), the Abu Sayyaf Group (ASG), Jemaah
Islamiyah (JI) and other associated groups. Elements within the two main insurgent groups, the
Moro National Liberation Front (MNLF) and the Moro Islamic Liberation Front (MILF), continue
to pose a security threat. A splinter group of the MILF, the Bangsamoro Islamic Freedom
Fighters (BIFF), has also been responsible for attacks. Some groups have pledged allegiance to
Daesh (formally referred to as ISIL) and are likely to regard westerners as legitimate targets.

Militant groups also operate in rural areas throughout the Philippines. Armed clashes between
security forces and militant groups can occur at any time without warning. Previous clashes has
resulted in tourists being injured. Before travelling to rural areas, you should research the area
thoroughly.

Commercial shipping companies have been advised to adopt heightened vigilance when
navigating the Sulu and Celebes Sea. The Regional Co-operation Agreement on Combating
Piracy and Armed Robbery against Ships in Asia (ReCAAP) advise all ships to re-route from the
area where possible. Most maritime incidents occur in the Sulu Sea in the area between
Mindanao, the Sulu archipelago, Palawan and Sabah (Malaysia). Boats travelling to and from
offshore islands and dive sites are possible targets.

Civilian targets in Mindanao have been attacked and there remains a heightened threat of
attacks throughout the Mindanao island group. A bomb attack on a market in Davao City killed
more than a dozen people on 2 September 2016. An explosion in Aleosan, North Cotabato
injured 6 people on 29 December 2016.

Terrorist groups have threatened to attack passenger ferries and other vessels, particularly
those operating from Mindanao. You should avoid using public transport throughout Mindanao.

There is considered to be a heightened threat of terrorist attack globally against UK interests

and British nationals, from groups or individuals motivated by the conflict in Iraq and Syria. You
should be vigilant at this time.

Find out more about the global threat from terrorism, how to minimise your risk and what to do
in the event of a terrorist attack.
Global Cyber Terrorism Incidents on the Rise
global-cyber-terrorism-incidents-on-the-rise
The nature of the terrorism threat facing society has changed considerably in
the last 20 years. Previously, governments and (re)insurers structured their
mitigation strategies and responses to deal with attacks that were large in
scale.

Recently, though, we have seen a spate of smaller, less sophisticated, yet no less
appalling acts of terrorism across geographies that involve mass casualties and
fear-inducing events. And the type of threat will continue to change as new
technologies and opportunities reveal themselves to terrorist organizations –
cyber terrorism is an example of a newly developing frontier within the peril.

Traditionally, most cyber-attacks have been carried out by criminal

organizations, with the majority of incidents failing to register on an enterprise
risk scale of businesses that faced significant setbacks. In 2017, this dynamic
changed with the WannaCry and NotPetya incidents. These two attacks affected
organizations in more than 150 countries, prompted business interruption and
other losses estimated at well over USD 300 million by some companies, brought
reputational damage, and resulted in loss of customer data.

In December 2017, the U.S. government took a rare step and attributed the
WannaCry attack to hackers backed by North Korea. WannaCry and NotPetya
exposed a systemic risk and affected a broad cross-section of businesses
without specific targeting, demonstrating the potential for escalation in the
threat of cyber terrorism.

Against this backdrop, a few trends are emerging:

1. The landscape for points of attack is growing.

Traditional physical processes carried out by industrial control systems —

including critical infrastructure industries such as power utilities, water treatment
services, and health and emergency systems — are coming online. Guy Carpenter
affiliate Oliver Wyman forecasts that 30 billion connected devices will be in use
by 2030, creating more assets susceptible to attack and adding more
vulnerabilities to be exploited.

2. Cyber threats are becoming more advanced.

The upsurge of highly skilled hackers, often nation-state supported, is

coinciding with the development of more sophisticated tools that are likely
seeping into the broader environment through a thriving black market.

3. The consequences are high.

Companies are now deeply dependent on their systems and data, and
interference with those assets can materially affect market capitalization and
endanger executive leadership, reputations, sales and profits. Failures in
cybersecurity have the potential to destabilize an enterprise overnight.

4. A shift has begun to take place in the nature of cyber incidents; from
affecting primarily consumers to having an impact on global political or
economic systems as a whole.

Examples of this changing trend are the recent headlines covering the banking
industry. Large scale cyber-attacks on the banking industry can result in stolen
money and personal information entrusted by consumers to these institutions
and also, in a worst-case scenario, cause a “run” on the global banking system.
Terrorist groups have ambitious goals for cyber-induced attacks. The industrial
control systems that support the electricity industry were largely sealed off from
external threats. However, the protections that came with the isolation have
weakened with the introduction of automated controls managed through
interconnected network systems. As automation grows, so does the opportunity
to manipulate an industrial control system through a cyber-attack.

For utilities and other infrastructure facilities, the potential costs of a power grid
interruption as a result of a cyber-attack can include:

 Lost revenue;
 Additional expenses to restore operations and to improve cybersecurity
defenses;
  Regulatory fines and additional scrutiny; and
 Reputational damage.

Such attacks, though rarely made public, are occurring more frequently. The
potential perpetrators of acts of cyber terrorism can be separated into five
categories: organized crime, hacktivism, non-state terror groups, lone wolves,
and nation states. Although the motivations, capabilities and priorities vary
among the groups, each can wreak havoc on a global scale; with ever-increasing
funding, these attacks can become more catastrophic.

As these factors converge, opportunity could combine with existing motives to

inflict catastrophic cyber terrorism losses for businesses. Over time, cyber
insurance policies have evolved to cover the failure of technology and the
resulting interruption or loss of revenue. Insurers are also increasingly
recognizing the interdependence of businesses, especially through technology.
Many cyber policies now contain provisions for business interruption and
contingent business interruption, including those involving disruption of an
organization’s supply chain from a data breach.

Business interruption coverage has become a more common coverage

component within cyber insurance policies over the last 24 months. Reinsurance
solutions in the cyberspace tend to follow the security and privacy coverage
offered in the insurance market. Although reinsurance contract wording varies,
cyber insurance typically covers network security incidents regardless of the
political or ideological beliefs of a non-state actor.

Guy Carpenter’s dedicated Cyber Solutions Specialty Practice and Global Cyber
Center of Excellence work with professionals around the world to provide risk
transfer solutions to help companies quantify potentially catastrophic scenarios
and identify the right way to manage, spread and transfer the associated risks.
We structure a broad range of tailored reinsurance solutions utilizing our in-
house modeling capabilities combined with our investment in third-party models
to create our own best-in-class, holistic view of cyber risk for our clients.

This article was published in conjunction with Guy Carpenter’s new report,
“Terrorism: A Maturing Market Meets an Evolving and Expanding Peril.”
Red lights flashing on cyber-terrorism

POSTSCRIPT - Federico D. Pascual Jr. (The Philippine Star) - July 22,

2018 - 12:00am

It’s not that evident yet to most Filipinos beset by the more immediate issues of rising
prices and falling real wages, of runaway crime and corruption, but intelligence
authorities in the US are again flashing warning lights on cyber-terrorism.

The alarm is reminiscent of similar intelligence advisories before the 9/11 attacks in
2001 that killed 2,996 people when terrorists hijacked airliners and crashed two of them
on the World Trade Center in New York and one on the Pentagon. A fourth jet wrested
back by passengers crash-landed on a field in Pennsylvania.

Among those sounding the alarm this time is Director of National Intelligence Dan
Coats, former ambassador and Republican senator from Indiana, who was among the
authorities who talked Thursday at the Aspen Security Forum in Colorado.

Aspen is one Pacific Ocean away from Manila, but its warning against cyber terrorism is
magnified by its proximity to the midterm US election in November and the Philippines’
senatorial and local elections in May next year.

Assuming there will be Philippine elections in 2019 despite efforts to derail them by
officials who fear losing at the polls, authorities should wake up to the danger of cyber-
hackers distorting the voice of the electorate in the next election (or plebiscite).

The new alarum in the US comes after the Russian meddling in the 2016 US election,
an attack confirmed by the filing Friday of hacking charges against 12 Russian military
cyber-operatives in the mold of Vladimir Putin, the KGB spymaster.

While US intelligence officials highlight Russian actors when they talk of cyber-
terrorism, Trump mentioned the Kremlin last as a US “foe” in a presscon in Helsinki on
Monday, where he initially said, with Putin standing beside him, that the Russians could
not have done it.
Answering a question, Trump put Russia at the end of his list of US “foes.” He
mentioned first the European Union whose leaders he chided the week before for their
disproportionate contributions to NATO funding, then China with which the US is
engaged in a tariff war.

In the context of geopolitical realities in the South China Sea, a Philippine list of its
potential adversaries naming the same three nations could come out in reverse – with
China being on top and Russia at the other end. The EU would not be on the list.

An investigative report three years ago by NBC News said that the Chinese had
attacked repeatedly US businesses and government facilities. The raids included
hacking credit data, moving funds, sifting public documents, disrupting air traffic control
systems and the power grid.

In the Philippines, there is need for a continuing review of election hardware and
software – as well as peopleware – to minimize the possibility of foreign interests
hacking into the system and manipulating the results.

Aside from direct manipulation of elections, there could be, as in the US experience,
infiltration through social media outside the automated poll system to influence the
thinking of unsuspecting voters.

The brainwashing of voters and the population in general can be done via the Internet –
as has been shown in the leakage and falsification of account information of millions
of Facebook and Twitter users to spread false information in a massive mind-
conditioning operation.

Call centers and BPO (Business Process Outsourcing) firms should be monitored to
ensure they are not used for this type of manipulation. But even beyond national
boundaries, after the infrastructure is laid out, online operations could be directed and
completed from offshore.

• ‘Cyber-attacks disrupt daily life, divide nation’

IN ASPEN, intelligence director Coats warned that cyber-attacks, aside from
manipulating elections, also disrupt everyday life and divide the nation. He said Trump
was right in pointing out that Russian interference was just one of many potential
threats.

“What we see every day,” he said, “... against our institutions, our military, our financial
services, our critical infrastructure – stretching from those who have major capabilities
of doing this, starting with Russia, including China... Add Iran into that, add ISIS.”

Coats added: “I’m concerned about a cyber-9/11. Let’s say you shut down Wall Street
for a week. What does that do to the world’s markets and people’s investments? What
about an attack on the electric grid in New England in January, that’s sophisticated to
take it out for three days. How many people will die?”
At the Hudson Institute three days before Helsinki, Coats noting the daily attacks from
Russia, China, Iran and North Korea, also said: “Here we are, nearly two decades (after
9-11), and I’m here to say the warning lights are blinking red again.”

He was harking back to the warning of former Director of Central Intelligence George
Tenet who, in the months before 9/11, noted that the “system was blinking red.”

Coats warned of an impending, potentially devastating cyber-attack on US systems,

saying the country’s digital infrastructure “is literally under attack.” Among state actors,
he said, Russia is the “worst offender.”

Coats said the targets include businesses, federal, state and local governments,
military, academic and financial institutions, and critical infrastructure. The Federal
Bureau of Investigation and Department of Homeland Security had reported having
detected Russian probing into the energy, nuclear, water, aviation and manufacturing
sectors.

In the Aspen forum later, Coats lamented that while multiple agencies have been
working on their respective assigned tasks, there was no key official designated to
coordinate the related but separate operations dealing with cyber threats.

The US Senate, meanwhile, voted 98-0 (two senators absent) in favor of a resolution
opposing the offer of Putin to exchange the Russians indicted for hacking the 2016
election with US officials, including some diplomats, for interrogation in Kremlin for
alleged crimes.
China condemns 'cyber
terrorism' as Obama
pledges North Korea
review
The statement comes after talks between Foreign Minister Wang Yi and his US
counterpart John Kerry

BEIJING, China – China condemned "cyber terrorism" on Monday, December 22, after
United States President Barack Obama pledged to consider officially labelling North
Korea, accused by Washington of hacking Sony Pictures, a state sponsor of terrorism.

The Chinese foreign ministry statement came after talks on Sunday, December 21,
between Foreign Minister Wang Yi and his counterpart John Kerry and followed calls by
Washington for China and other nations for help in deterring future attacks.

Obama, while saying that the alleged hack was not an act of war, has promised an
unspecified "proportionate" response.

South Korea's nuclear power plant operator, meanwhile, launched a two-day drill to test
its ability to thwart a cyber attack, though the exercise did not appear to be directly
linked to the US-North Korea row.

In Beijing, a foreign ministry statement on Monday said the country "opposes cyber
attacks and cyber terrorism in all of its forms," without referring directly to China's ally
North Korea.

China "opposes any country or individual using facilities in other countries to launch
cyber attacks toward a third country," it said.

Washington accuses Pyongyang of being behind the hack that led to the release of
embarrassing company emails and caused Sony executives to halt the debut of the
comedy action film "The Interview".

The film about a fictional CIA plot to kill the country's leader infuriated North Korea,
although Pyongyang has repeatedly denied it was behind the cyber assault.
Despite calls from Republican critics for a robust response to the alleged hack, Obama
told CNN in an interview: "I don't think it was an act of war. I think it was an act of cyber
vandalism that was very costly, very expensive. We take it very seriously."

He also promised to "review" whether to return North Korea to the US list of state
sponsors of terrorism, but added: "We've got very clear criteria as to what it means for a
state to sponsor terrorism. And we don't make those judgments just based on the news
of the day."

'Significant overlap'

The hermit state threatened to hit back at the White House and other US targets if it
was sanctioned over the alleged hacking.

The North's National Defense Commission, in a statement on the official news agency,
said its army and people "are fully ready to stand in confrontation with the US in all war
spaces including cyber warfare space to blow up those citadels."

According to the Federal Bureau Investigation (FBI), there is "significant overlap"

between the Sony Pictures attack and other "malicious cyber-activity" with direct links to
Pyongyang, including an attack last year on South Korean banks blamed on the North.

The South's Korea Hydro and Nuclear Power Co (KHNP) on Monday began conducting
drills at its four nuclear plant complexes after a series of online information leaks by a
suspected hacker.

The hacker, using an account entitled "president of the anti-nuclear reactor group",
published a variety of information on Twitter, including designs and manuals for two
reactors as well as personal information on some 10,000 KHNP employees.

There did not appear to be any link between the drill and the Sony Pictures hack, and
North Korea says it has never attempted or made a cyber attack on South Korea. –
Rappler.com
 CYBERCRIME THREAT LANDSCAPE IN THE PHILIPPINES

(Note: This report was presented during the SecureAsia@Manila event held at the
Makati, Shangri-la, Manila, Phillpines last August 8, 2013)

I. Executive Summary

The Philippines continues to face the challenge of effectively addressing the problem of
illegal cyber activity and cybercrime victimization, a challenge it shares among developing
countries in South East Asia and in other parts of the world.

The utilization of technology as it expands and develops in various industries and sectors
in the country is expected to increase, due to the lack of necessary safeguards to prevent,
and in some cases because of the lack of understanding on the risks involved regarding
its misuse.

The geography of the Philippines and its present socio-economic conditions as it

continuously works to strengthen political stability and national security is a perfect
condition in which different kinds of illicit cyber activities flourish. The anonymity in the
Internet, the legal and jurisdictional issues involved in technology-facilitated crimes, and
the vast victim and recruitment source and lure of easy money, motivates a culture of
cyber criminality which may later lead to more serious organized criminal underground.
The threat of transnational organized criminal groups operating in the country poses a
serious concern as it affects the economic and political stability of the country.

This situation, however, is slowly changing as government and international attention is

increasing and the rate of cybercrime or cyber-attacks on industry and on innocent
citizens also begins to rise. Victims or concerned citizens are now surfacing to report
cybercrime incidents to the police.

The private industry particularly the major Internet Service Providers (ISPs), has begun
to collaborate on issues of cyber security and cybercrime prevention, but much work
remains to be done especially in the manner of preservation and providing evidence
stored in them.

The cyber-criminal underground in the country continually evolve into a sophisticated

transnational criminal activity and in some cases has links with terrorist characters. The
cyber offenders have become audacious due to challenges being faced by government
in their detection, apprehension and prosecution than their counterparts elsewhere.

II. The Philippines Cyber Landscape

The Philippines, just like its ASEAN neighbors, is continuously utilizing technology in
almost every sector in its society and economy. The country has an estimated population
of 103,775,002 as of 2012. An estimated 31.33% or 33,600,000 of its 2011 population
use the Internet. As of 2011, an estimated 84.91% or 88,119,840 Filipinos are mobile
phone subscribers while 25.77% or 26,752,000 have active social networking profiles. Of
the Internet users in the country, 75% use personal computers while 25% use their mobile
phones to access the Internet, whether for personal or business purposes.

The average age for Internet users in the country is estimated to be 23 years old and
below, and most of them spend around 21.5 hours per week browsing the Internet and
51% of Internet users have active YouTube profiles. As of 2012, the Philippines ranked
6th in the total number of Internet users in Asia and 3rd in the world in the number of
Facebook users where 48% are male and 52% are female.

III. Cybercrime Status

The use of technology in the commission of traditional crimes and the new found ways of
committing crime in the country pose an investigative challenge to the Philippine National
Police. There is a rising incidence of financially motivated cybercrime and politically
motivated cyber-attacks on government by cyber actors in the Philippines.

From CY 2003 up to CY 2012, a total of 2,778 cybercrime related offenses was recorded
by the PNP. While the country awaits the implementation of a comprehensive cybercrime
law, cyber criminals continue to use technology both in conducting criminal activity and
preventing its detection. This trend in criminal activity necessitates the need for a
dedicated unit within the PNP to go after these offenders and improve its cyber security
posture.

Compared to its ASEAN neighbors, the Philippines has yet to enact and implement its
own comprehensive anti-cybercrime law.

From CY 2010 to CY 2012, the PNP has recorded a total of 1,184 incidents with the
highest being the attacks targeting government websites where a total of 940 website
defacements have been recorded.

Another recent attack perpetrated by cyber criminals is the exfiltration of usernames and
passwords from the DNS Gov.Ph registration site with an estimated 2,338 records and
allegedly claimed by AnonTaiwan group. These attacks increased when the Philippines
had its political, security and jurisdictional issues on the Luneta Bus Hostage taking
incident, Scarborough Shoal stand off, Sabah incident involving the Sultanate of Sulu,
and the Taiwanese Fisherman killed in Balintang Channel. The country was also
victimized by botnet infection where the Philippines is ranked 6 thin the world for BotNet
location.

Police intervention against cybercrime in the country resulted in the arrest of 505 foreign
nationals. As with traditional crimes, the cyber-criminal actors and organizations still
resemble the same criminal characters and setup, the difference lies in the way organized
criminal groups are structured from a hierarchical form to a flat organization operating
independently similar to the cell Terrorist concept.
The most likely cybercrimes committed in the country either through the use of technology
or the target of the crime is the technology itself, falls generally on the areas of national
security matter, financially motivated offenses, crime directed against a person or the
property and those that involve crimes that violate public morals.

For national security concerns, the likely cybercrime threats deal on espionage activity,
disruption, sabotage, politically motivated attacks and those which involve terrorism
activities. Nowadays, Terrorists are using the Internet in their recruitment, propaganda,
planning, teach-ins, financing, and even operational implementation. Swindling, estafa,
scam or other form of computer fraud, counterfeiting and forgery are some of the
financially motivated cybercrime threats. Cybercrime against a person usually involves
theft or unlawful use of personal information, threat, extortion, harassment and disclosure
of privacy related matters. Property related cybercrime on the other hand, such as theft,
the sale of stolen or lost item, illegal use of and damage to property, maybe committed.
Finally, cybercrime which involve public morals are those which likely involve obscene
and indecent publication, child pornography, human trafficking and those who make use
of technology like the Internet to show acts of cruelty or violence.

IV. Police Response

In order to address the increasing incidence of cybercrime, the PNP Anti Cybercrime
Group was activated on March 20, 2013. The establishment of a PNP Anti-Cybercrime
Group is a strong signal to criminals that the PNP is very serious in addressing cybercrime
in the country.

The PNP-ACG has conceptualized and believed that to fight cybercrime and to strengthen
cyber security, there must be a synergy among the following components: Competence
and Capability building of the Organization and Personnel; Public and Private
Partnership; strong International Cooperation; Advocacy and Public Awareness and; the
implementation of strong Laws, Policies and Regulations.

To date, the PNP currently has six (6) fully functional Digital Forensic Laboratories
nationwide located in Camp Crame, Legazpi City, Cebu City, Davao City, General Santos
City and Zamboanga City. These PNP offices are capable of conducting computer,
mobile, and audio and video forensic examinations and can respond to investigate
incidence of cybercrime activities within their geographical areas of responsibility. The
PNP envisions to have cyber-forensic laboratories in all its regional offices in the future.

Since 2003, the PNP has continuously received various digital forensic equipment grants
because cybercrime is a technology-based crime and the PNP needs to have the
technological capability to address such crimes. A cyber training facility was also
commissioned through the assistance of the US Anti-Terrorism Assistance Program.

Along this line is the continuous technical training of police officers to increase
competence in cybercrime investigation where a total of 90 local and international
trainings were received while 31 local trainings were provided to the regional offices.
Another aspect in the fight against cybercrime is the concern on online child victimization.
In response to this international priority, the PNP is strengthening its children protection
program by establishing a special taskforce “Angel Net” purposely to address Internet or
technology-related child abuse and exploitation.

International cooperation and partnership in strengthening cyber security and the fight
against cybercrime is another activity in which the PNP actively participates. Increasing
the PNP’s competence and capability, continuous Public awareness, Active Private-
Public partnership, Enforcement of effective laws, and International cooperation are the
PNP’s approach in strengthening cyber security and combating cybercrime.

V. Notable Anti-Cybercrime Operations

A. Terrorist Financing “Telecom Fraud Scam”

On November 24, 2011, PNP conducted search and seizure operation against suspected
group of telecom hackers victimizing a US telecom company with the cooperation of FBI
and US Embassy in Manila. More than $2M in lost revenues. The criminal group is
allegedly connected to a foreign terrorist financing group reponsible for financing the
terrorist attack in Mumbai, India in 2008.

B. Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”

On May 26, 2012 the PNP together with police from China and CIB, Taiwan, arrested 37
suspected members of an international telecom fraud ring in separate raids in Manila.
Searched and seized were assorted ICT equipment that the syndicate used in their illegal
operations. The suspects were charged for violation of R.A. 8484 “ Access Device
Regulation Act of 1998”.

C. Transnational Telecom Fraud Scam “Chinese & Taiwanese Fraud Ring”

On August 23, 2012, PNP-CIDG, PAOCC, NISF, BID, DOJ, China and Taiwan
Embassies conducted simultaneous search and seizure warrant operation in Manila and
Rizal resulting to the confiscation various computer and telecom devices and 380
arrested, mostly Chinese and Taiwanese nationals. Suspects were charged for violation
of R.A. 8484 “Access Device Regulation Act of 1998”.

D. ATM / Credit Card Fraud Syndicate

On April 20, 2013, three Malaysian nationals were arrested by police in Iloilo City
suspected of siphoning off money from ATM card holders. A small camera and a
skimming device are placed in ATM booths. Credit card information stolen is cloned using
sophisticated card tools to withdraw money from the victim’s bank account. Suspects
were charged for violation of R.A. 8484 “ Access Device Regulation Act of 1998”.

E. Internet Fraud/Scam “ WakaNetwork.com”

On May 15, 2013, PNP-ACG together with Mabolo Police Station conducted search and
seizure warrant at Interface Techno-Phil Cebu City. The said call center was offering
fraudalent waka gift vouchers to US nationals. Suspects were charged for violation of
R.A. 8484 “ Access Device Regulation Act of 1998” and Article 212 of the Revised Penal
Code “Corruption of Public Officials”.

F. Illegal Internet Pharmacy Operation

On July 11, 2012 ATCCD-CIDG conducted search and seizure warrant at “724 Care Call
Center” located at Mandaue City, Cebu for marketing and selling alleged counterfeit Pfizer
medicines to US nationals. They were suspected of violating of R.A. 8484 “Access
Devices Regulation Act of 1998”.

G. Corporate Illegal System Hacking

On October 4, 2011, ATCCD-CIDG arrested SHIN UN-SUN in Batangas Province by

virtue of an international warrant issued by Interpol and KNP for alleged hacking into
Hyundai customer database stealing around 420,000 customer records and extorted
money from Hyundai. The suspect SUN was turned over to the Immigration Bureau for
deportation to South Korea.

VI. Assessment / Forecast

For the past ten years, cybercrime in the country continued to evolve both in the manner
of commission and in the use of mechanisms by cyber criminals to deter police
investigation. With the continuing advancement in cyber technology and the rising
popularity of social networking sites over the internet, the Philippines will remain open to
cybercrime operations.

In view of this, the opportunity for the commission of cybercrimes must be identified and
duly addressed. Those who use the Internet, email, social media and vulnerable
computers will be the likely victims. Financially-motivated cybercrimes will likely be the
preferred choice for criminals due to the ease of getting money, sourcing of victims and
its difficulty in detection and apprehension.

Cybercrime will persist in the country as with other parts of the world. The current
environment in the Philippines attracts transnational cybercrime groups to continuously
operate in the country. Espionage such as data exfiltration, sabotage or disruption and
politically motivated attacks will continue to target government institutions. An effective
country strategy, legal framework, awareness program, capability and capacity building
programs, and local and International cooperation will mitigate and effectively address
cybercrime victimization.

The PNP, as the country’s premier law enforcement institution remains unwavering in
facing these challenges valiantly and has made significant gains in thwarting cyber
offenders, especially the transnational organized criminal groups, from making the
country a sanctuary for their criminal operations.

Cyber terrorism
Published July 2, 2017, 10:00 PM

Melito Salazar Jr.

By Melito Salazar Jr.

The spate of Internet hacking and cyber-attacks is a cause of worry, seeing how intertwined business, industry,
and society, locally and globally, are in the global Internet network. When computer systems are compromised,
a myriad problems and dangers are possible, ranging from one’s identity being stolen and bank accounts
depleted to companies’ strategies stolen and sold to competitors.

The much publicized alleged hacking by the Russians of the Democratic Party campaign computers in order to
secure damaging information which was then fed to the Trump campaign to be used and ultimately affect the
results of the US elections is an example of how pervasive and significant would be the result of such attacks.
The cyber-attack known as WannaCry as reported in the New York Times “ravaged computers at hospitals in
England, universities in China, rail systems in Germany, and even auto plants in Japan.” The demand for
ransom shows how cyber-attacks can be a fund-raising activity. In a seminar on Corporate Governance I
attended in Bangkok last year, the resource person in a session on Cyber Security warned us that there may
already “sleepers” in our computer systems waiting to be activated with a corresponding ransom demand. His
advice was for us to pay as there was no way we could correct the situation.

The worst case, however, is when the cyber attackers are not after money or information but decide to launch
terrorist attacks. Terrorists have realized that suicide attacks, damaging as they may be to a community and its
pattern of normalcy, have limited impact in scope and in time. The beefing up of security surveillance and the
heightened collaboration among governments is making it easier to prevent this kind of attacks. The alliance
building of ISIS also brings in adherents who may not have the same level of fanaticism to sacrifice lives and
would prefer to sow disorder by remote control. What would be the best approach if not to use cyber weapons,
two already stolen from the National Security agency (NSA), leaked online by a mysterious group of hackers
calling themselves the Shadow Brokers and inflict global destruction with a greater probability of getting away
with it?
As reported in the New York Times, the WannaCry used a “hacking tool the NSA had code-named
EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from
one server to another, so that within 24 hours, North Korea’s hackers had spread their ransomware to more
than 200,000 servers around the globe.” The attack on IDT Corporation used another stolen NSA cyber
weapon called DoublePulsar, which can penetrate computer systems without tripping security alarms. NSA
spies could use it to inject their tools into the nerve center of a target’s computer system, called the kernel,
which manages communications between a computer’s hardware and its software. The New York Times
article identifies the kernel as “at the very top of the pecking order of a computer system, allowing anyone with
secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software,
allowing attackers to do what they want and go unnoticed.”

More disturbing is that the Shadow Brokers have resurfaced, promising a fresh load of NSA attack tools, even
offering to supply them for monthly paying subscribers, as New York Times puts it –“like a wine-of-the-
month club for cyber weapon enthusiast.” One shudders imagining the North Korean government having
access to them; cyber-attacks will be more dangerous than their capability to launch nuclear missiles at the
United States, which a string of defence rockets could bring down.

Governments should recognize the potential terrorism from cyber-attacks and band together to stamp out this
danger. The United States government should ensure better security for the cyber tools that its agencies like
NSA designs and immediately share the “antidote” with them. Otherwise, the whole world will be suffering a
new and devastating type of terrorism.
The Changing Dynamics of Islamist Terrorism in Philippines
The Jolo church bombing might signal a tactical shift from the groups affiliated to the
Islamic State.
A suicide attack was conducted at the Cathedral of Our Lady of Mount Carmel at Jolo on
January 27, 2019. It was a two-stage attack – the first improvised explosive device (IED)
detonated in the middle of the church and the second at the church’s entrance. This
attack took the lives of at least 20 and wounded more than 90. The military pinned
Hatib Sawadjaan as the mastermind of the attack, a natural conclusion as the Sulu
island chain is plagued with the presence of Sawadjaan’s group, Islamic State-Sulu. This
attack raised the notoriety of Sawadjaan and successfully diverted resources away from
hunting Abu Dar – a possible candidate as emir for the Islamic State (IS) of the
Philippines after the death of Isnilon Hapilon in 2017.

Analysts are quick to highlight two trends in the Philippines based on the attack; the
influx of foreign fighters and the adoption of suicide tactics. However, these two trends
lead to a single phenomenon – the use of foreign fighters as suicide bombers. This
strategy is deadly as groups retain trained local fighters while recruiting foreigners as
suicide operatives — ultimately preserving the capability to hold an armed assault while
dispensing deadly terrorist attacks.

Foreign Suicide Bombers in Philippines

The burnt and unclaimed body parts discovered at the site suggested that the attack was
conducted by suicide bombers. Initial forensic assessments of the church attack found
traces of ammonium nitrate, which can easily be attained with fertilizers. In this attack,
the ammonium nitrate was used as the primary charge and was boosted by a high
explosive. The first explosion destroyed most of the church pews, demonstrating the
potency of their bomb-making expertise. These bomb designs are highly concealable
and destructive. The Philippines National Police (PNP) claimed that nine such bombs
were used in at least five attacks in South Mindanao since 2016.

The authorities were quick to note that the suicide attackers were Indonesians based on
intelligence reports. It is unclear if the Lamitan accidental suicide bombing may have
inspired this attack, but together these attacks might set a precedent for foreign suicide
bombers in the Philippines. Suicide attacks are highly concealable, adaptable, and can
cause mass casualties. Suicide bombings take an average of 9.7 lives per attack. This is a
highly efficient method to wage war against the government.

Filipino terrorist groups have avoided suicide bombings because the Filipino Muslim
tribes pride themselves as warriors; they prefer sustained combat to cowardly tactics.
However, things might have changed after the accidental Lamitan suicide attack on July
31, 2018 which claimed 10 lives in exchange for the sacrifice of one foreign suicide
bomber. The Lamitan suicide attack, delivered through a vehicle-borne improvised
explosive device (VBIED), proved that suicide tactics are more efficient than any tactics
used by terrorist groups in Philippines. The Jolo attack further cements the lethality of
such a tactic.
Given apparent success and attention of the two suicide attacks, there might be
deliberate efforts by groups in Philippines to recruit foreign suicide bombers for similar
attacks. This would thereby allow groups to spend little of their own human resources
and training to inflict a high number of casualties, while retaining their trained fighters
for armed combat.

Hatib Sawadjaan’s Leadership

Organizational developments in the Philippines appears to align with the deadly trend.
The Abu Sayyaf group, led by Radullan Sahiron, declined to pledge allegiance to the
Islamic State in 2014. This led to the Abu Sayyaf splintering into the Sahiron-led faction
as well as IS-Basilan and IS-Sulu, led by Isnilon Hapilon and Hatib Sawadjaan,
respectively. Furuji Indama succeeded as the leader of IS-Basilan after Hapilon was
appointed emir of IS-Philippines while Sawadjaan continued to lead IS-Sulu. The core
Islamic State did not declare another emir of IS-Philippines after the death of Hapilon in
2017. The leader of IS-Lanao, Abu Dar, is a possible candidate but tenacious pursuit
from the authorities drove him into hiding thereby rendering him unable to coordinate
efforts between groups. Sawadjaan was recently identified as the other possible
candidate for emir.

Sawadjaan’s experience is instrumental to terrorist groups in the Philippines. As the

leader of IS-Sulu, he manages the Ajang-Ajang group. This group is made up of the sons
of deceased Abu Sayyaf members. They are responsible for various non-combat
operations, which includes human smuggling. More importantly, Sawadjaan oversees
islands in the Sulu Sea, the illegal gateway from East Sabah into mainland Mindanao.
This allows IS-Sulu to dictate the flow of foreign fighters. Sawadjaan’s leadership can
heavily influence the strategic shift of IS-affiliated groups to recruit foreigners as suicide
bombers.

Links with the Islamic State (IS)

There is a disturbing link between the Abu Sayyaf splinter groups with the core Islamic
State. Shortly after the Jolo attack, Amaq News Agency – often viewed as the official IS
news channel – disseminated a notice claiming responsibility for the attack. We saw a
similar pattern after other significant incidents relating to IS-Basilan, such as the
Lamitan attack and IS-Sulu’s successful defense against the Armed Forces of Philippines
(AFP) on November 19, 2018.

Information about the Jolo attack was disseminated on various IS-affiliated Telegram
and Facebook channels. In addition to the claim of responsibility, photographic details
of the church bombing were also shared to IS sympathizers in Southeast Asia. The
prompt, detailed report on these incidents demonstrates the tight contact between IS-
Sulu and IS-Basilan with IS-Central.

Close ties between the groups might signal other forms of collaboration. IS-Sulu and IS-
Basilan might be seeking seed funding from their terrorist endeavors. Successful large-
scale attacks might be conducted to shift the Islamic State’s attention to invest in
Philippines. Such attention and investment would also attract foreign fighters to migrate
to Philippines, increasing the strength of local terrorist groups in Philippines.

Recommendations

The most effective strategy against suicide attacks in Philippines is to deny terrorists
groups access to foreign bombers. The Philippine authorities must work with Malaysia
and Indonesia to harden its national borders. The trilateral maritime cooperation at the
Sulu-Celebes Sea could be improved to incorporate shallow water patrols to increase the
detectability of smuggled fighters.

Additionally, the military defeat of Abu Sayyaf is central to addressing the Islamist
threat in Philippines. The AFP and PNP must continue their unyielding assault against
the Abu Sayyaf splinter groups. However, the excessive use of force would only be
detrimental to the social fabric of Mindanao. The Philippines must focus on appropriate
training and equipping for shallow water operations to combat the IS threat along the
Sulu Sea. The AFP and PNP can also consider coordinating their land-sea operations to
corner these militants more effectively.
Suicide Bombing: Is this the End of Filipino ‘Warrior
Culture’?
On June 28, the Philippines was hit by its third suicide bombing. Will such tactics
finally take root in the Philippines
On June 28, two suicide bombers allegedly trained by the Islamic State in Sulu (IS Sulu)
conducted the third suicide attack in the Philippines within the last year. The bombers
detonated themselves at a military base near Kajatban village in Sulu. According to the
Armed Forces of Philippines (AFP) the two suicide bombers killed six people — three
AFP soliders and three civilians — and injured 22. Will suicide bombings become the
norm for IS attacks in the Philippines?

The Adoption of Suicide Bombing in the Philippines

Despite its prominence as the terrorist tactic-of-choice since roughly 1994, when Hamas
“legitimized” suicide bombing in an attack against Israel, Filipino terrorists have often
avoided using suicide tactics. Suicide terrorism was introduced to Southeast Asia largely
by Jemaah Islamiyah, which orchestrated the Bali Bombings in October 2002. But
despite ties between the Jemaah Islamiyah and Filipino terrorist groups, Filipino
terrorists have rarely employed suicide bombings.

This resistance has largely been attributed to the “warrior culture” of Muslim tribes in
the Philippines where the honour of the battle is as important as victory. As such, the
preference is for head-on confrontation instead of tactics viewed as ‘cowardly.” This
warrior culture was reflected during the Marawi Siege in 2017 in which suicide
bombings were absent during the five-month battle led by Isnilon Hapilon.

In light of that history, two factors — serendipity and foreign influence — potentially
catalyzed the Kajatban attack.

The first suicide attack in the Philippines occurred almost a year ago on July 31, 2018.
Abu Khatir al-Maghribi, a Moroccan citizen, intended to drive a van-load of explosives
toward a graduation ceremony organized by the Philippines Department of Education.
Aimed at remotely detonating the vehicle-borne improvised explosive device (VBIED),
the attack was meant to kill 4,000 schoolchildren. However, the van was stopped by
security forces near a paramilitary base and the VBIED was believed to be detonated by
al-Maghribi to avoid arrest. That attack took 10 lives.

Months later on January 27, Hatib Sawadjaan, the emir of IS Sulu, recruited two
Indonesians to conduct a suicide attack at a church in Jolo. The recruitment of
Indonesians for the attack was probably meant to circumvent the resistance of locals to
suicide bombing. The ensuing attack marked the first intentional suicide bombing in the
Philippines, killing at least 20 people. Since the Jolo church bombing, both the
authorities and terrorists have begun to question if the utility of suicide attacks would
triumph over Filipino Muslim tribal heritage.
Ultimately, the combination of the unintentional suicide bombing and foreign fighters
may have resulted in the adoption of suicide tactics in the Philippines. Southeast Asian
Islamic State sympathizers celebrated the attack in Kajatban village on various social
media platforms. One of the suicide bombers was identified as 23-year-old Norman
Lasuca from Indanan, Sulu, branding him as the first Filipino suicide bomber.

Will suicide bombing triumph over “warrior culture”? Suicide bombs are known for
their concealability, adaptability, and target precision. Moreover, the suicide bombers’
willingness to sacrifice their lives catches the attention of the media and demonstrates a
deadly resolve to pursue their cases. Nevertheless, it is likely that tribal culture in
Mindanao will continue resisting this influence.

There are two probable ways to overcome this Filipino Muslim tribal culture; inspiration
and competition. The perceived success of such attacks might inspire other terrorists to
launch suicide bombings. The honor accorded to the suicide bombers by groups like IS
can inspire a bottom-up adoption of the tactic. Coupled with the IS narrative of a long
war or a war of attrition, individuals affiliated with terrorist groups can be influenced to
conduct suicide attacks.

An alternate mode of proliferation leverages the inter-tribal competition in Mindanao.

This initiative by the Sulu-based Tausugs might trigger a competitive response from IS
affiliated terrorists with familial connections to the Maranaw and Maguindanao tribe.
This could lead to continuous attempts at outbidding one another through spectacular
attacks.

Courting Attention

Under normal circumstances, the recent attack was unspectacular and should not
necessarily trigger inspirational or competitive responses. Based on the Global
Terrorism Database, which codified all terrorist activities between 1970 to 2017, suicide
bombings yielded an average of 9.7 kills per attack. The recent attack by two individuals
only killed six others, significantly less effective than the global average.

Nevertheless, IS media has used propaganda tools to capitalize on this attack. Amaq
News Agency, an IS affiliated media outlet, reported that the two suicide bombers
infiltrated the military base and detonated the bomb amidst AFP soldiers resulting in
the killing and injury of 100 “special anti-terror forces.” The exaggerated numbers were
likely aimed at inspiring suicide attacks in the Philippines or trigger the inter-tribe
competitive outbidding.

An alternative explanation to the exaggerated numbers is IS Sulu’s bid to increase global

awareness of the East Asia Wilayah. Based on Al Naba’s “Harvest of the Soldiers”
battlefield infographics issue 187 and 188, the East Asia Wilayah mounted two attacks
and killed seven between June 14 and 27. These numbers are unimpressive when
compared to the double digits achieved by the wilayat or provinces based in the Middle
East and Africa. The perceived scale of the attack might give the East Asia Wilayah
reason to attract IS investments and foreign fighters into the region, hence increasing
the strength of local terrorists.
The Philippines is already a destination for foreign fighters. The Sawadjaan-controlled
Sulu archipelago was identified as one of the smuggling routes for militants into the
Philippines. Besides Indonesians and Malaysians, non-regional fighters have attempted
to travel into the Philippines. During the Marawi Siege, AFP claimed that foreigners
from the Middle East, Africa, South Asia, and China participated in the battle. This
trend persists after the siege as at least seven non-regional terrorists attempted to enter
the country in 2018.

Suicide attacks in the Philippines demonstrate the impermanence of culture. While the
recent suicide attack could largely be considered a failure, data shows that suicide
bombings can be very devastating. The adoption of suicide tactics could lead to heavy
casualties in the future, thereby attracting the attention of international terrorist groups
and networks.

Foreign terrorists in
Mindanao training
suicide bombers:
Philippine security
officials
MANILA - Philippine security officials on Tuesday (July 23) confirmed
that at least seven foreign terrorists were training local militants for
suicide attacks in the country's restive south, and there could possibly be
dozens more.

"They are doing the usual. They are training bombers, grooming suicide
bombers, as manifested by the recent incident. They are also training
(Filipinos) on other terroristic actions," Lieutenant-General Cirilito
Sobejana, head of the military's Western Mindanao Command, told
reporters.

He said these foreign extremists were behind the first-ever suicide attack
carried out by a Filipino.
On June 28, Norman Lasuca, 23, set off one of two bombs that exploded
inside a temporary camp of a special army counter-terrorism unit in
Indanan town, Sulu province.

Three soldiers who were manning the camp's gate were killed, along with
three civilians nearby.

Lt-Gen Sobejana said the seven foreign terrorists were scattered across
war-torn Mindanao island, the size of South Korea.

Some of the terrorists were with the small but brutal Abu Sayyaf group in
the island provinces of Sulu and Basilan, 1,000km south of the capital
Manila. Others were with the Bangsamoro Islamic Freedom Fighters
(BIFF) in central Mindanao.

Military confirms first Filipino 'suicide

bomber' behind Sulu attack
(Philstar.com) - July 10, 2019 - 4:36pm
MANILA, Philippines — Philippine security forces confirmed Wednesday that
at least one Filipino "suicide bomber" was behind a deadly attack last month,
in a first for the Asian country.

Norman Lasuca and one other yet to be identified suspect blew themselves
up outside a military camp on the remote southern island of Jolo on June 28 in
an attack that also killed three soldiers and two civilians, the police and
military said.

"We can now confirm... the incidence of the first suicide bombing in the
Philippines, perpetrated by a Filipino in the person of Norman Lasuca,"
military spokesman Brigadier General Edgard Arevalo told a news
conference.

Read more at https://www.philstar.com/headlines/2019/07/10/1933609/military-

confirms-first-filipino-suicide-bomber-behind-sulu-
attack#GYO3KmGFHWf6rzKa.99
The Jolo bombing marks a worrying escalation of militancy driven by the influence of
the Islamic State group in Southeast Asia, security experts earlier told AFP.
A decades-old Islamist insurgency in the southern Philippines has killed tens of
thousands.

But suicide attacks have been used extremely rarely, with foreign fighters blamed for
the few that have been carried out.

National police spokesman Bernard Banac described last month's bombing as "a
locally initiated attack organised by the Abu Sayyaf group", a Jolo-based gang of
militants engaged in kidnappings and bombings.

Read more at https://www.philstar.com/headlines/2019/07/10/1933609/military-

confirms-first-filipino-suicide-bomber-behind-sulu-
attack#GYO3KmGFHWf6rzKa.99
"The report as claimed by ISIS that they are the ones responsible for this is still up to
validation and that remains to be seen," he told reporters, referring to IS by an
alternative name.

Philippine authorities said the two suspected Jolo bombers' remains were tested for
DNA, and one matched that of Lasuca's mother and brother, who are both Tausugs,
the predominant Muslim ethnic group in Jolo.

Experts are still attempting to identify the second bomber, Banac said.

"Before, we only heard of IED (improvised explosive device) attacks, remote-

controlled attacks but this time an individual blew himself up as a full-fledged suicide
bomber," Arevalo said.

"We (security forces) will have adjustments in techniques, tactics and procedures
given this development," he said.

"We consider this to be an isolated case," he added.

However, he acknowledged that "the security environment in our country has

changed" and civilians should help the security forces combat the new threat.

They must ensure prospective recruits "won't be radicalised by terrorist groups (who
are) only waiting for the right time and individual to bring to the road of extremism,"
he said.
Arevalo said Lasuca's mother described the son, in his early twenties, as a former
"battered" child who endured beatings meted out by his father.

Read more at https://www.philstar.com/headlines/2019/07/10/1933609/military-

confirms-first-filipino-suicide-bomber-behind-sulu-
attack#GYO3KmGFHWf6rzKa.99

Pinoy suicide bomber a

battered child, ran away from
home
Michael Joe Delizo, ABS-CBN News
Posted at Jul 11 2019 02:16 PM | Updated as of Jul 11 2019 02:21 PM

MANILA – Norman Lasuca was about 17 when he ran away from home in 2014.

It was a long search for his family until June 28, when twin bombings rocked Indanan town in the
restive southern Philippine province of Sulu. Eight were killed, including three soldiers and the two
bombers, while at least 12 were wounded.

Lasuca, authorities confirmed, was one of the two suicide bombers.

He was the first Filipino to have committed such an attack.

It was his mother, Vilman Alam Lasuca, who identified Lasuca through his severed head recovered
from the blast site. It was the first time she saw her son again since he ran away.

A DNA test later confirmed his identity.

“The DNA results…concluded that there is 99.99 percentage probability match on the DNA sample
taken from Vilman Lasuca and samples of [Norman Lasuca],” the Philippine National Police (PNP)
Regional Crime Laboratory Office in Davao Region stated in its report.

Investigation showed that Lasuca, 23, set off the improvised explosive device he was wearing at a
checkpoint near the Philippine Army's 1st Brigade Combat Team.

This created a distraction that enabled his still unidentified accomplice to run in front of the camp’s
gate and detonate another bomb.

Citing his mother's narration, authorities said Lasuca grew up a battered child, often beat by his ill-
tempered father, Fredericko, a mechanic. He was the 5th among 11 children.
“Siya ay biktima ng pananakit ng kaniyang ama na isang laborer na sa marahil sa pagod at liit ng
kaniyang kinikita ay napagbubuntunan ng galit itong batang Norman,” said Brig. Gen. Edgard
Arevalo, spokesperson of the Armed Forces of the Philippines.

(He was a victim of physical abuse by his father who was a laborer. Perhaps due to exhaustion and
because he had low pay, he turns his resentment to the young Norman.)

The military said terrorist organization Abu Sayyaf Group (ASG) recruited, trained, and equipped
Lasuca for the attack.

“Accordingly, Lasuca joined the group of ASG when he was 16 or 17 years old due to the influence
of his friends/neighbor, the Dela Cruz brothers. Another reason that he joined the group is to escape
his father who constantly beat him,” said Maj. Gen. Cirilito Sobejana, chief of the Armed Forces’
Western Mindanao Command.

According to Sobejana, Lasuca lived in Barangay Asturias in Jolo and studied elementary in a public
school there.

“He initially joined the group of Yasser Igasan and later joined the group of Hajan Sadjaan when
Igasan died during an encounter with government forces.”

Clinical psychologist Camille Garcia said a child who experience physical abuse or grow up in
violence could either be withdrawn or aggressive.

“Pupuwede kasing mag-develop ng sociopathic behavior eh na tinatawag. So ’pag may ganon, wala
siyang remorse, hindi makokonsensiya kung ano man ’yung puwede niyang gawin,” said Garcia.

(He could develop sociopathic behavior. So when that happens, there is no remorse, his conscience
won't bother him, whatever he does.)

“’Yung anger na ’yun pupuwedeng ma-stimulate na hindi niya man gantihan ’yung gumawa sa
kaniya, puwedeng gawin niya sa iba.”

(This anger that can be stimulated, while he could not take revenge on the one who hurt him, he can
do it to others.)

Suicide attacks have for long been a terror tactic often seen overseas. But recently, bombings carried
out by extremists ready to give up their lives to claim that of others have been recorded in the
Philippines.

Apart from the June 28 blasts, the tactic was seen in at least 2 other recent bombings: the twin blasts
at the Jolo Cathedral during Mass in January, and a van bomb at a military checkpoint in Basilan in
July 2018.

“It’s really alarming kasi first-time ever na ma-establish natin na Filipino, ‘di ba?” said Sobejana.
“We have to accept the fact na mayroon na talagang ganon.”

(It’s really alarming because this is the first time ever that we have established that [a suicide bomber
was] a Filipino, right? We have to accept the fact that we already have one.)
The Indanan blasts, according to terrorism expert Rohan Gunaratna, shows the aggressive
radicalization of Filipino jihadists by the Islamic State (ISIS), which could mean more suicide attacks
– something that Philippine security troops are unfamiliar with.

“There would be more suicide attacks by Filipinos in the South, so we can conclusively say that this
is a bombing carried out by Filipinos who have been radicalized,” he said in an interview on ANC.

He added: “This is going to change the threat picture completely, the element of [Filipino] suicide is
introduced. The government troops, police and others will have to take security measures and operate
very carefully.”

Suicide bombing finds its origins in Russia in the 19th century, and has been carried out from Japan
to the Middle East to Sri Lanka and sprouted elsewhere, according to historian Jeffrey William Lewis
in a study published by the Ohio State University.

Since the 9/11 attack on the World Trade Center in 2001, the world has become familiar with
“suicide bombers,” often portrayed as those who hold an almost lurid fascination for their willingness
to kill themselves while killing others supposedly in the name of Allah.

Prof. Julkipli Wadi of the University of the Philippines Institute of Islamic Studies cited the
phenomenon of violent extremism worldwide.

“[This is] driven by the rising ideology among so-called fundamentalists or so called Wahabi or
Salafi-oriented teachings. And this ideology has already penetrated to many parts of the world
including Southeast Asia, and the Philippines included, particularly Mindanao and Sulu area,” he
said.

The Philippines also had a share of suicide bombings during the late Spanish colonization to the
Japanese invasion in the Sulu archipelago, performed by so-called juramentados, meaning “one who
has taken an oath.”

The group of Moro men fearlessly threw themselves upon invading police and soldiers or Christian
civilians, and are expected to be killed themselves, based on the 1993 book "The Cambridge History
of Southeast Asia."

The deadly SuperFerry bombing in 2004 was originally a suicide mission, according to security
expert Rommel Banlaoi.

“The Filipino suicide bombing attack only confirms what we have been fearing for the last couple of
years, and we have seen that coming and now the time has come to have that. And I see what I called
a ‘domino effect’ because that has been the desire of the Islamic State to the Philippines: to
encourage followers to mount such kind of violent attack through suicide mission,” said Banlaoi.

Banlaoi is president of the Philippine Institute for Peace, Violence and Terrorism Research and has
been monitoring terrorist activities over the past 2 decades.

It has taken a long process of recruitment and indoctrination in the Philippines, according to Banlaoi.
“Because the level of religiosity of Filipino Muslim is not that deep compared to the Arab world or
even compared to Indonesia and Malaysia. The Muslims here are very moderate and secular that’s
why it took them time to convince young people of such kind of act,” he said.

Muslims make up a minority of the predominantly Catholic Philippine population.

PREVENTING THE RISE OF FILIPINO TERRORISTS

The Mindanao region has been placed under martial law since May 2017 following 5 months of
firefights between state troops and the ISIS-linked local terrorist group Maute in Marawi City.

Apart from focused military operations, target hardening, and intelligence gathering to quell
terrorists, the military is also preventing the growth of extremism in the country by conducting
community support programs in far-flung and conflict-affected areas.

Established since 2017, the program aims to protect people from being exploited by terrorist groups
through lectures on deceptive recruitment and disadvantages of being associated with the
underground movement.

Banlaoi said authorities have to double the efforts and outsmart the enemies who are now also using
cyberspace to attract jihadists.

“Ang labanan dito, unahan. The Philippine authorities must be 2 steps ahead,” he said.

(The fight here is about who goes first. The Philippine authorities must be 2 steps ahead.)
 What a Recent Suicide Bombing May Mean for the Philippines

Highlights

 Suicide bombings have been relatively rare in the Philippines, and Philippine authorities have
blamed those that have occurred recently on foreign militants.
 The involvement of a Filipino in a June 28 suicide bombing may indicate that local sentiment
about suicide bombings is changing and the tactic may be more readily embraced.
 Such a shift will carry implications for the security situation in the southern Philippines, and
businesses and organizations operating there must be prepared.
 Two suicide bombers struck near the front gate of a Philippine military base in
Indanan on the island of Jolo in Sulu province on June 28. The bombers appear to
have timed their attack to coincide with a change-of-command ceremony for the
incoming First Brigade Combat Team, which had been deployed to the base to
pacify jihadists belonging to a Sulu-based Abu Sayyaf faction that has pledged
allegiance to the Islamic State.
 Reports indicate that a group of soldiers had approached a man they considered
suspicious near the base's entrance when he detonated a bomb he was carrying,
killing three soldiers and two bystanders. In the chaos that followed, a second
bomber tried to slip inside the gate. Soldiers confronted and shot him, but he still
was able to set off his bomb. The explosion injured several soldiers. Photos and
videos of the scene show that the guard booth at the gate sustained damage
consistent with shrapnel that had been added to the bombs to increase their
lethality.
 The Big Picture
 Jihadists in the Middle East, Africa and South Asia are fighting a long war effort
that involves a range of military tactics, from conventional military operations to
insurgency to terrorism. Many jihadist franchise groups use suicide bombers as an
effective force multiplier. Suicide attacks not only create carnage, insecurity and
division, but they also send a potent message about the jihadists' determination and
perseverance.
 See The Jihadist Wars
 The Islamic State quickly claimed credit for the attack. While the group's claim
that the bombings had killed some 100 Philippine soldiers was widely
exaggerated, video footage of the two bombers shot before the operation leaves
little doubt that the Abu Sayyaf faction recognized as the Islamic State's regional
franchise in East Asia was responsible.
 Online news outlet Rappler reported July 2 that Philippine authorities are working
to confirm the identities of the two bombers through DNA testing and that they are
working on the theory that one of the bombers was a Moroccan and the other was
Filipino. A local woman came forward to claim the body of one of the bombers for
burial, saying it was her 23-year-old son. Authorities believe the second bomber
 was the son of the Moroccan man involved in a July 2018 suicide attack on the
nearby island of Basilan.
 Muslim militants in the southern Philippines have previously used bombs in their
decadeslong war against the government in Manila, but suicide bombings have
been relatively rare, and Philippine authorities have blamed foreign militants for
those that have occurred in the past year. The involvement of a Filipino bomber in
this latest incident could have significant implications for security in the region.
 Cultural Considerations
 Jihadists have never universally agreed on suicide bombing as a religiously
acceptable method of warfare, though some ideologues and groups have embraced
and promoted the practice more readily than others. In addition to the religious
justification, cultural factors also are involved in the willingness to employ suicide
bombers, with jihadists in some places embracing the tactic more readily than
others. For example, jihadists in Afghanistan have generally been known to be
fierce fighters, but for many years they considered suicide bombing to be less
"manly" than dying in armed combat. Until 2006, foreign militants conducted
most of the suicide bombings in Afghanistan. But once the Taliban leadership and
the rank and file embraced suicide attacks as an acceptable tactic in their warrior
ethos, they increased dramatically. Today both the Taliban and their rivals in the
Islamic State Khorasan group practice suicide bombing with deadly effectiveness.
 Jihadists in Indonesia have practiced suicide bombing for many years and have
claimed several high-profile attacks, including the 2003 JW Marriott bombing, the
2005 Bali restaurant bombings and the 2009 Jakarta hotel bombings. More
recently, Indonesia experienced a wave of suicide attacks in May 2018.
There is a lot of interconnection between jihadists in Southeast Asia. Muslim militants in
the region traditionally have been excellent sailors and have been able to freely traverse
the archipelago that stretches from the Philippines to Malaysia and Indonesia. This
mobility gives militants in Indonesia the opportunity to receive training in the Philippines
and seek refuge there. In fact, many high-profile Indonesian jihadist bombmakers have
spent time in the Philippines. However, despite this interconnectedness and the long-
running Muslim insurgency in the southern Philippines, suicide attacks have been rare in
the Philippines. Before the Basilan attack in July 2018, the last suicide attack in the
Philippines took place in August 2010 when a suicide bomber attempted to assassinate
the governor of Sulu province at the airport in Zamboanga City. The attack killed one
person in addition to the bomber and injured 23, including the governor.

There has been a spike in the number of suicide bombings in the Philippines over the past
year, similar to the increase seen in 2002 and 2003. Most of the suspects in these recent
bombings have been foreign jihadists. For example, a Moroccan operative conducted the
July 31, 2018, van bombing that killed 11 people near Lamitan City on Basilan island and
an Indonesian couple carried out the January 2019 double-tap suicide bombing of the
Cathedral of Our Lady of Mount Carmel in the city of Jolo. Cultural reasons likely
explain the lack of Philippine suicide bombers; however, the emergence of a Philippine
bomber in the June 28 attack raises the possibility that a cultural shift similar to one in
Afghanistan in 2006 may be taking place. This shift in the Philippines may be due to
anger and frustration in the wake of the 2017 Marawi siege, but whatever the root cause,
it does appear to reflect the increasing influence that the Islamic State's ideology is
having on jihadists inside the Philippines. Such a shift can also bring some serious
implications.

The Fallout for the Philippines

The Islamic State's Southeast Asia franchise expended a considerable amount of

personnel and resources in their failed bid to establish an Islamic emirate in Mindanao, in
which they seized the city of Marawi and emerged quite a bit weaker from that battle.
However, they nevertheless retain the capability to continue to conduct terrorist attacks,
which require far fewer resources than guerrilla warfare operations. Suicide bombers can
serve as a significant force multiplier to an organization waging terrorist operations.

Suicide bombers have a number of tactical advantages over operations involving bombs
that are planted and detonated by either a timer or remote control. First, the devices
themselves are quite rudimentary and are not difficult for even a novice bombmaker to
construct. All that is required is a main explosive charge, a detonator, a power source and
a switch. Judging by recent photos of arms caches in the southern Philippines, the
jihadists there appear to have no shortage of explosives or detonators, so acquiring the
material for constructing suicide bombs will not be difficult if they are able to recruit and
indoctrinate bombers.

Second, by using a person as a delivery and detonation system, terrorist planners create a
type of human "smart bomb." Suicide bombers can avoid obstacles, adapt the operation
to problems on the fly and, importantly, detonate at just the right time to cause maximum
casualties.

Suicide bombings against military personnel will likely increase as the Philippine
military ramps up its operations in the Sulu region to pursue Abu Sayyaf militants. As
demonstrated by the Solo City church bombing in January, however, these militants are
also willing to hit soft, civilian targets — especially when they believe an attack may help
to intensify sectarian tensions that could be to their advantage. The January attack
coincided with the passage of the Bangsamoro Organic Law, which began a process of
granting more autonomy to the predominantly Muslim areas of the southern Philippines
where Islamic State sympathizers thrive. The political process dealt a blow to the
argument of jihadist hard-liners that violence is the only way to self-rule, and the jihadists
are working hard to aggravate sectarian fault lines in an effort to undermine the
Bangasamoro Organic Law. This is similar to tactics Islamic State-linked jihadists have
adopted in places such as Afghanistan, North Africa, the Levant and Egypt.

Because of this, if suicide bombings become more widely embraced by Philippine

jihadists, we likely will see more attacks against soft targets, not only on islands like Jolo
and Basilan, but perhaps also even in population centers on Mindanao as the jihadists
attempt to sow chaos and discord. In addition to conducting attacks against religious
targets, an increase in attacks against businesses and organizations that are seen as
supporting the Philippine government in the region could be expected. It will be
important to watch for indications of a further embrace of suicide bombings by Philippine
militants, and businesses and organizations operating in the southern Philippines should
examine their security posture to ensure they are prepared for a potential spike in suicide
bombings.