Cambodia’s Cyber War Room

Documents leaked to media suggest Cambodia’s Prime Minister Hun Sen, his eldest son Hun Manet and son-in-law Sok Puthyvuth and other prominent governmrnt officials, were involved in an ongoing campaign to spread Cambodian Peoples Party (CPP) rhetoric, monitor opposition supporters on social media and attack opposition Cambodia National Rescue Party (CNRP) leaders.

Two Cambodian government officials listed as senior members of a “Cyber War Room” denied the existence of the group even as five current and past members of the body confirmed its existence.

The documents and emails were forwarded to reporters recently, apparently from the hacked Gmail account of Kim Santepheap, an undersecretary of state at the Cambodian Justice Ministry and ministry spokesman, who is also listed as a deputy head of the war room, dubbed the CWR, on a leaked roster.

Mr. Santepheap denied the veracity of the leaks, suggesting that a hacker had created “illegal news” by tampering with his account. He had filed a complaint with the National Police claiming his personal email and Facebook accounts had been hacked, which was reported by the media recently.

“The hacker probably tried to create confusion in the news and if the media broadcasts it, it will make the public confused too,” he said. “As reporters know, my only duty is as undersecretary of state at the Justice Ministry.”

National Police spokesman Kirth Chatharith could not be reached for comment on Mr. Santepheap’s complaint.

Dith Tina, a spokesman for the Mines and Energy Ministry who is listed as a deputy chairman of the CWR, claimed yesterday to have never heard of the group and urged reporters to focus on more optimistic stories.

But five people listed on the leaked documents from 2013 said they were either current or former members of the CWR, even as they seemed reluctant to discuss the group’s activities.

Rin Vireak, who is listed as deputy head of the group on a 2013 CWR contact list, said he “stopped already” when asked if he was involved with the CWR before hanging up on a reporter

The CWR contact list included 40 people, with their telephone numbers and email addresses, and a second contact list included more than 100 “foot soldiers.” The five who spoke to Daily reporters confirmed their names as listed.

Takeo province governor Lay Vannak acknowledged he was an active member of the province’s CWR working group while Ieng Aunny, listed as a member of the working group, said he had left the group four years ago. Both men said they were too busy to answer more questions.

Yam Panha, who identified herself as a university student studying business, said she, too, was an active member of the CWR, but claimed to be too busy and junior in rank to elaborate on her role, which was listed on the 2013 roster as a member of the administrative team.

“I cannot tell you very much about the CWR or something because I’m just a member,” she said, demanding to know how reporters knew about the group and obtained her phone number.

Seng Kim Hong, listed as a support member, said he left the group about a year ago, and declined to answer questions about its activities, saying “because something is secret so I cannot tell you.”

A spate of Facebook and email hacks over the past six months have spilled secrets from both opposition activists and ruling party officials into the public domain, with the recipient list on the CWR leaks similar to earlier ones sent by an anonymous anti-government hacker identified only as “Champa Borey.”

The emails and documents in the latest leak, which continued yesterday, and could not be verified, paint a vivid picture of a nascent social media propaganda machine.

A five-page file from June 2013 introduces the structure and members of the group, which it says was initiated a year earlier to prepare for the national elections, and which it says is headed by Lieutenant General Manet.

Mr. Hun Sen’s eldest son, who holds a number of senior military posts and is widely seen as a possible successor to his father, did not respond to requests for comment yesterday.

Mr. Puthyvuth, CEO of the conglomerate Soma Group, who also did not respond for comment, is listed as one of nine deputy chairs of the CWR.

As laid out in the documents, Lt. Gen. Manet’s top-level group’s tasks were numerous: “monitor and control the information on social media,” “research and collect information involving attacks on the party,” assess the party’s social media strengths and weakness, coordinate with relevant “institutions or bodies,” file reports to a central committee, and “fulfill duties assigned by the party leader.”

According to the leak, these tasks appeared to be divided up among five subgroups, whose assignments include creating and distributing media favorable to the party as well as the “study, research and observation” of “any behavior which promotes the opposition party.”

The leaked emails, whose recipients include an email address with Mr. Hun Sen’s name, seem to show the group leaping into action for the election by creating anti-opposition memes and sharing recorded audio and video clips, including those involved with an alleged mistress of then-deputy opposition leader Kem Sokha whose mother claimed in 2013 that she was beaten by Mr. Sokha’s security guards.

In perhaps the most direct exchange, an email allegedly sent by Lt. Gen. Manet on July 11, 2013, describes how the CPP will spin the return from exile of then-CNRP President Sam Rainsy, referred to as “SR,” including “the release of proactive information/disinformation, analysis” as well as justification for “the arrest of SR and that he should face arrest as a person responsible for breaking the law and not as victim as he wants to be seen.”

Notes allegedly documenting an “urgent meeting” on the night of July 30, just two days after the contested election handed the CPP a near-defeat, seem to show CWR leadership assessing the damage of the vote, claiming the CNRP sought to “destroy or reject the election results by relying mainly on youth forces.”

The summary of the purported meeting pats the ruling party on the back for winning the popular vote because of its strong structure, control of the police and military police, and unspecified “help from outside,” and describes plans to counter the CNRP’s mobilisation efforts by diluting the opposition’s message on social media, and galvanising CPP supporters.

But it notes that “the influence of Facebook can topple the government through people power.”

CNRP spokesman Yim Sovann said he was unaware of the CWR but was unconcerned.

“The people have the right judgement,” he said. “We do not have to pay attention to false things like [propaganda]…. We have important things to do.”

Ein News

You Might Also Read: 

Facebook To Introduce Fake News Tools:

Is It Possible To Neutralise Fake News?:

 

« What Makes A Cyber Criminal?
How Cybercrime Affects The Healthcare Industry »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.