Alice Guo left the Philippines and travelled to Malaysia and Singapore before her arrest in Indonesia
A former Philippine mayor who was on the run for weeks after being accused of spying for China has been arrested in Indonesia.
Philippine authorities have been pursuing Alice Guo across four countries since she disappeared in July following an investigation into her alleged criminal activities.
She has been accused of protecting online casinos, which were a front for scam centres and human trafficking syndicates in her sleepy pig farming town, Bamban.
Ms Guo denies the allegations. President Ferdinand Marcos Jr said she would be flown back to the Philippines as early as Wednesday.
She said she grew up on the family farm with her Chinese father and Filipina mother, but MPs who investigated the scam centre operations said her fingerprints matched a Chinese national named Guo Hua Ping and accused her of being a spy who provided cover for criminal gangs.
The dramatic nature of her case, which has since seen her sister arrested and questioned by the Philippine Senate, sparked fury in the country and drew international attention.
China has not commented on the allegations against her.
Authorities believe that Ms Guoslipped past border checks in Julyand took several boats, crossing neighbouring Malaysia and Singapore, on her way to Indonesia, where she was arrested on Tuesday on the western border of the capital Jakarta.
Mr Marcos said her arrest is "a warning to those who attempt to evade justice".
"Such is an exercise in futility. The arm of the law is long and it will reach you," he wrote on Facebook.
Photos showed Ms Guo wearing light pink pyjamas and a white coat when she was arrested.
A scam centre in a sleepy town
Ms Guo was thrust under the national spotlight after authorities in Marchuncovered a sprawling scam centre in Bambanthat were hiding under online casinos, known locally as Philippine Online Gaming Operations (Pogo).
Pogos cater to clients in the Chinese mainland, where gambling is illegal.
Ms Guo's case confirmed suspicions that Pogos were being used as a front for organised crime and led to Mr Marcos outlawing them in response to public anger.
Pogos flourished under his predecessor, Rodrigo Duterte, whose presidency was marked by close ties with China.
But Mr Marcos reversed the country's foreign policy direction and has cracked down on Pogo-linked crimes since assuming office in 2022.
During the raid in Ms Guo's town, police rescued close to 700 scam centre workers, including 202 Chinese nationals and 73 other foreigners who were forced to pose as online lovers.
A Senate investigation that followed centred on her inability to detect the eight-hectare scam centre despite its location near her office.
Senators also grilled her on her parentage. A relative unknown in local politics, she was elected mayor on her first run for public office, which is rare in areas ruled by political families.
Ms Guo's opaque answers on questions regarding her roots, led some senators to accuse her of being a Chinese "asset" or spy.
She gave a television interview where she attributed her low profile to being her father's illegitimate child with her mum, who is also his maid. She said this forced her to lead a sheltered life in the family farm, until she was elected mayor of Bamban.
But the controversy did not subside and after she refused to appear in subsequent hearings, senators in July ordered her arrest. By that time, however, she had fallen from public view.
Soon after, an anti-graft body removed her from office.
In August, Filipino authorities said she had fled the country undetected and passed through Singapore and Malaysia on her way to Indonesia.
One official said she could be headed for the Golden Triangle, a border region in mainland South East Asia that is a known hideout of organised crime groups.
A furious Mr Marcos then ordered her Philippine passport cancelled and warned then that "heads will roll".
He said Ms Guo's escape "laid bare the corruption that undermines our justice system and erodes the people's trust".
🤬#Fight Chinese Oppression #Viet Lives Matter 🤠 #Stop Chinese absorption of Vietnam. #Free Uyghurs #Free Austronesians in Taiwan. #free the Tibetans.
PHNOM PENH -- Hackers at a Chinese state-linked security contractor targeted government agencies across Southeast Asia for years, a major document leak shows, revealing rare details of cyberespionage in countries where Beijing has strong political and economic ties.
The hacks -- which appear to have penetrated state systems in Thailand, Vietnam, Malaysia, Indonesia, Myanmar and Cambodia, as well as private companies -- add to a long pattern of Chinese actors attacking smaller, more vulnerable neighbors to keep tabs on hot-button issues and glean information about Westerntech companiesoperating in the region, experts said.
"China is a great power and has deep interests in Southeast Asia," said Gatra Priyandita, a Southeast Asia expert at the Australian Strategic Policy Institute's (ASPI) International Cyber Policy Centre. "They want to know what's going on, and cyber tools help in supporting their efforts to win over officials. There's also an interest in sensitive information and intellectual property."
In mid-February, more than 500 files from Shanghai-based security contractor I-Soon, also known as Anxun, were anonymously posted online. The rare document dump quickly spread among media and cybersecurity experts who verified the authenticity of those files. Chinese police said they were investigating how the data were leaked.
One spreadsheet contained about 80 targets that I-Soon infiltrated, nearly one-third of them in Southeast Asia. A total of eight Thai government agencies were listed as hacking targets between 2020 and 2022, including the National Intelligence Agency and Ministry of Interior, plus two state-owned telecom companies and the country's biggest mobile operator.
A handful of Malaysian agencies also appeared in the documents, as well as government targets in Vietnam, Indonesia, Cambodia and Myanmar, and atelecommunicationsoperator in the Philippines.
Thai, Malaysian, Indonesian and Vietnamese officials did not respond to requests for comment.
The hacks varied in their timing and scope. In some cases, notes explained the access I-Soon achieved, such as "hundreds of machines in the domain" and "office network" for Cambodia's Financial Management Information System site, a World Bank-backed project that serves as the country's central budget and finance apparatus.
Ministry of Economy and Finance spokesperson Meas Soksensan told Nikkei Asia via text that he had not heard about the I-Soon hacks before deleting his message and writing, "There has never been a problem. The security system we built is strong and secure."
Experts told Nikkei it was not clear if some dates in the spreadsheet referred to when hacks began or ended and said some operations could be ongoing. U.S.-based cybersecurity company Palo Alto Networks has documented links between I-Soon's tactics and previous Chinese-state-affiliated advanced persistent threat (APT) campaigns, which are designed to remain undetected for long periods of time.
Although the spreadsheet did not name specific clients, other documents showed that I-Soon had contracts with several Chinese government entities, including the country's top police agency.
Networks in Hong Kong and self-ruled Taiwan, which China claims as its territory, also appear to have been targeted, as well as overseas Chinese dissidents.
Southeast Asia has weathered Chinese cyberespionage since at least the mid-2000s. In recent years, researchers have documented schemes thatsuccessfully targeted regional ministriesand grabbed thousands of emails from the Association of Southeast Asian Nations (ASEAN), relying on tactics such as "backdoor" malware in software updates and e-mail phishing, designed to trick users into divulging private information.
Hacks often corresponded with geopolitical developments that concern China, such asASEANmeetings or flare-ups in the South China Sea, where Beijing and its neighbors have overlapping claims.
Information from foreign affairs ministries, which I-Soon targeted in Thailand, Indonesia and Vietnam, is of particular interest, along with defense ministries, said Abdul Rahman Yaacob, a research fellow at the Lowy Institute's Southeast Asia Program.
"The main point of doing these attacks, especially in these specific government departments or ministries, is to understand and get data on their strategic assessments, their military developments, and their security," he told Nikkei.
Hacking is not limited to governments. By 2020, private entities in Southeast Asia -- including universities and companies -- made up 15.4% of worldwide APT targeting as opposed to just 3.6% in 2014, according to a 2022 report from ASPI.
That may be because Chinese hackers are interested in penetrating Western tech giants, but struggle to do so directly, said ASPI's Priyandita.
"Because it's hard to get to Microsoft, they may target a company in Thailand that's doing business with Microsoft," Priyandita said. "They may get access to potential information that will find vulnerabilities within the supply chain for Microsoft, and get to the IP (intellectual property) that way."
Yet, Southeast Asian governments and companies rarely acknowledge security breaches in public -- and sometimes deny them -- because of the technical and legal challenges in identifying and attributing them to Chinese state actors, analysts said.
Even for cyber-mature countries such as Singapore, "the pace, the magnitude, and the frequency of some of these attacks is just overwhelming," said Elina Noor, senior fellow at the Carnegie Endowment for International Peace's Asia Program. "There's also understandably a lack of political will in calling out the perpetrators, even if they're able to identify who the perpetrators are," she added.
Still, ASEAN has pushed to make cybersecurity a bigger priority. In 2018, it became the only regional association to adopt the United Nations' 11 norms of state behavior in cyberspace. More recently, it launched a center for cooperation among ASEAN defense establishments against cyberattacks.
"There will be more attacks, by state or non-state actors, to find the weak points and extract data from ASEAN countries," said Lowy Insitute's Yaacob. "The main issue now is whether ASEAN can effectively develop their capabilities to protect their digital economies and strategic interests."
🤬#Fight Chinese Oppression #Viet Lives Matter 🤠 #Stop Chinese absorption of Vietnam. #Free Uyghurs #Free Austronesians in Taiwan. #free the Tibetans.
Facebook/Mayor Alice Leal Guo
