A former commander of the Technology Crime Suppression Division, Pol Maj General Pisit Pao-in uses sometimes unconventional methods to catch Internet offenders
It’s highly unlikely that Internet crime buster Pol Maj General Pisit Pao-in has ever watched an episode of “White Collar”, the American television series that sees FBI Special Agent Peter Burke using an intelligent and multi-talented con artist to catch the criminals he’s hunting down.
Yet Pisit’s tactics are really not all that different: he too has been known to set a thief to catch a thief, as the saying goes.
He does however prefer to keep mum when asked if he could be described as a white-hat hacker, the name given to computer specialists who break into supposedly secure networks to track those committing cyber-crimes, saying merely that he uses his investigative mind and technological skills to bring down those who commit illegal activities using the Internet and social networks as their portals.
A former investigator who worked his way up through the police ranks, Pisit made the news recently when he successfully tracked down Sombat Boonngamanong aka “Nuling”, a popular red-shirt activist who had been very active online organising rallies against the coup.
“Since Sombat was arrested early this month, the anti-coup movement has calmed down considerably,” Pisit says.
After retiring as the commander of the Technology Crime Suppression Division (TCSD) last October, Pisit was appointed as the adviser to the-then Information and Communications Technology (ICT) permanent secretary Surachai Srisaracam and tasked with overseeing national cyber security.
Last month, when the National Council for Peace and Order (NCPO) took charge of administering the country, the ICT Ministry was ordered to set up a committee, with Pisit as commissioner, to monitor and regulate Internet and social-network use.
The committee’s task is to curb content that violates the NCPO's 12th, 17th, and 18th announcements, which cover messages deemed as insulting the monarchy, provocative, inciting violence or critical of the military leaders as well as those causing misunderstanding among the public or disturbing peace and order.
Pisit’s team of technological experts and professional investigators monitors the use of the Internet and social media by Thais and examines if their activities or posts insult the monarchy, threaten national security or involve gambling.
Should the team find evidence of wrongdoing, they collaborate with Internet service providers (ISPs) to block the offending pages. Digital evidence is then sent to TCSD for further action.
“Investigating this kind of crime requires the collaboration and integration of resources between several related organisations,” Pisit says, adding that a cyber cop’s main job is to monitor the suspects. That monitoring is handled is different ways: by the team themselves, through tip offs from partner organisations and from information supplied by the public via both online and offline channels.
“We also get tip offs to our 1212 call centre,” he says.
The team then enlists a dedicated working group to undertake data analysis of each case to verify if it violates the NCPO’s announcements. If it does, the page in question is blocked and the people who posted the messages will be prosecuted.
Pisit refuses to reveal how he caught Sombat but says it took 12 hours to track him down from the time the first clue was received.
A user of the Internet since its beginning and a keen fan of the social networks, the tech-savvy investigator was an obvious candidate for the Royal Thai Police’s High-Tech Crime Suppression Division when it was set up in 2009. He remained there until the establishment of the TCSD under the Central Investigation Bureau and was named its commander in 2012.
He admits that social media are more difficult to monitor than websites, as they tend to be private and not so accessible to the public.
“Line is the toughest platform to monitor because the messages sent over the Line channel, both one-to-one and group chat, are compressed into such small files that we can’t examine the content even if we can get to them. To see the messages, we need to see the server and that’s located in Japan,” he explains, adding that the easiest way to access suspect messages and conversations was through applying to become a member of a Line group.
“We have methods to be where the conversations are and we use both offline and online techniques to ensure we keep in touch with the suspects,” he says.
Pisit has been involved in cyber security for both the previous Yingluck Shinawatra government as well as the NCPO and says that while the tasks are similar – online monitoring and investigating – the work is now easier because of the emphasis on national security. “That means we get support from other organisations,” he says.
He has also noticed that since the May 22 coup, the number of webpages with content insulting the monarchy has reduced considerably.
No longer an adviser to the ICT permanent secretary, Pisit is nonetheless still working for the junta. Asked about his job, he simply smiles and says he is unable to discuss the nature of his responsibilities.
“When I am working I have always set the target as my priority. The process comes second. I urge my subordinates to do the same and never lose sight of their target. Sometimes it’s necessary to adopt a criminal’s methods to catch the criminal,” he says.