IT 6202: Social Issues and Professional Practice

1
Module 8: Cyber Crime

Module 8: Cyber Crime

Course Learning Outcomes:

By the end of this module, a student is able to:
1. Define Cyber Crime and other terms connected to it.
2. Determine the categories of Cyber Crime
3. Understand the conditions and penalties of the Cyber Crime Law of
the Philippines.
4. Understand the aspects of Cyber Crime and its social consequences

Computer crime is a crime like any other crime, except that in this case the illegal act
must involve a computer system either as an object of a crime, an instrument used to commit
a crime, or a repository of evidence related to a crime.

The Computer Crime Law in the Philippines

In the Philippines it is known as Republic Act No. 10175 or the Cybercrime Prevention
Act of 2012. It was signed into law by President Aquino on Sept. 12, 2012. Its original goal
was to penalize acts like cybersex, child pornography, identity theft and unsolicited
electronic communication in the country.
RA 10175 punishes content-related offenses such as cybersex, child pornography and
libel which may be committed through a computer system. It also penalizes unsolicited
commercial communication or content that advertises or sells products or services.
Individuals found guilty of cybersex face a jail term of prision mayor (6 years and
one day to 12 years) or a fine of at least P200,000 but not exceeding P1 million.
Child pornography via computer carries a penalty one degree higher than that
provided by RA 9775, or the Anti-Child Pornography Act of 2009. Under RA 9775, those who
produce, disseminate or publish child pornography will be fined from P50,000 to P5 million,
and slapped a maximum jail term of reclusion perpetua, or 20 to 40 years.
Persons found guilty of unsolicited communication face arresto mayor
(imprisonment for 1 month and 1 day to 6 months) or a fine of at least P50,000 but not more
than P250,000, or both.
The law also penalizes offenses against the confidentiality, integrity and availability
of computer data and system, such as:
 Illegal Access – the access to the whole or any part of a computer system
without right.
 Illegal Interception – the interception made by technical means without right
of any non-public transmission of computer data to, from, or within a
computer system including electromagnetic emissions from a computer
system carrying such computer data.

Course Module
 IT 6202: Social Issues and Professional Practice
2
Module 8: Cyber Crime

 Data Interference - the intentional or reckless alteration, damaging, deletion

or deterioration of computer data, electronic document, or electronic data
message, without right, including the introduction or transmission of viruses.
 System Interference - the intentional alteration or reckless hindering or
interference with the functioning of a computer or computer network by
inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data or program, electronic document, or electronic
data message, without right or authority, including the introduction or
transmission of viruses.
 Misuse of Devices - the use, production, sale, procurement, importation,
distribution, or otherwise making available, without right.
 Cybersquatting - the acquisition of a domain name on the Internet in bad faith
or with the intent to profit, mislead, destroy one’s reputation or deprive others
from registering the same domain name.

Three Categories of Cybercrime

1. Cyberpiracy — using cybertechnology in unauthorized ways to:
a. Reproduce copies of proprietary information, or
b. Distribute proprietary information (in digital form) across a computer
network.
2. Cybertrespass—using cybertechnology to gain unauthorized access to:
a. An individual’s or an organization’s computer system, or
b. A password-protected Web site.
3. Cybervandalism—using cybertechnology to unleash one or more programs that:
a. Disrupt the transmission of electronic information across one or more
computer networks, including the Internet, or
b. Destroy data resident in a computer or damage a computer system’s
resources, or both.

Computer System Attacks

Major computer attacks fall into two categories:
1. Penetration
A penetration attack involves breaking into a computer system using
known security vulnerabilities to gain access to a cyberspace resource.
Penetration can be done in both local (using a computer on a LAN) or global
(by means of the internet). Penetration attacks originate from many sources
including:
a. Insider Threat.
Insiders are a major source of computer crimes because they do
not need a great deal of knowledge about the victim computer system.
Insiders are not necessarily employees; they can also be consultants
and contractors.

Course Module
 IT 6202: Social Issues and Professional Practice
3
Module 8: Cyber Crime

 Malicious Insiders
Companies are exposed to a wide range of fraud
risks, including diversion of company funds, theft of
assets, fraud connected with bidding processes, invoice
and payment fraud, computer fraud, and credit card
fraud. Often, frauds involve some form of collusion, or
cooperation, between an employee and an outsider.
 Industrial spies
This individuals use illegal means to obtain trade
secrets from competitors of their sponsor. It can involve
the theft of new product designs, production data,
marketing information, or new software source code.

b. Hackers
Hackers penetrate a computer system for a number of reasons
and uses a variety of techniques. Using the skills they have, they
download attack scripts and protocols from the Internet and launch
them against victim sites.
 Hackers
They test the limitations of information systems
out of intellectual curiosity. The term hacker has evolved
over the years, leading to its negative connotation today
rather than the positive one it used to have.
 Cracking is a form of hacking that is clearly criminal
activity. Crackers break into other people’s networks and
systems to cause harm.

c. Criminal Groups.
While a number of penetration attacks come from insiders and
hackers with youthful intents, there are a number of attacks that
originate from criminal groups.
 Cybercriminals are motivated by the potential for
monetary gain and hack into corporate computers to
steal, often by transferring money from one account to
another to another

d. Hacktivists and Cyberterrorists

 Hacktivism, a combination of the words hacking and
activism, is hacking to achieve a political or social goal.
 A cyberterrorist launches computer-based attacks
against other computers or networks in an attempt to
intimidate or coerce a government in order to advance
certain political or social objectives.

Course Module
 IT 6202: Social Issues and Professional Practice
4
Module 8: Cyber Crime

2. Denial of Service
Denial of service attacks, commonly known as distributed denial of
service (DDoS) attacks, are a new form of computer attacks. They are directed
at computers connected to the Internet. They are not penetration attacks, and
therefore, they do not change, alter, destroy, or modify system resources.
However, they affect the system by diminishing the system’s ability to
function; hence, they are capable of bringing a system down without
destroying its resources.
Unlike penetration attacks, DDoS attacks typically aim to exhaust the
network bandwidth, its router processing capacity, or network stack
resources, thus eventually breaking the network connectivity to the victims.

Motives of Computer Crimes

 Political Activism.
There are many causes that lead to political activism, but all these causes are
grouped under one burner — hacktivism.
 Vendetta.
Most vendetta attacks are for mundane reasons that may involve business,
social or personal issues.
 Joke/Hoax.
Hoaxes are warnings that are actually scare alerts started by one or more
malicious persons and are passed on by innocent users who think that they
are helping the community by spreading the warning.
 The Hacker’s Ethics.
This is a collection of motives that make up the hacker character. If any of these
beliefs is violated, a hacker will have a motive.
 Free access to computers and other ICT resources should be
unlimited and total.
 All information should be free.
 Mistrust authority; promote decentralization.
 Hackers should be judged by their hacking, not bogus criteria such
as degrees, age, race, or position.
 Terrorism/Extortion.
Electronic terrorism by individuals or groups are targeting enterprise
systems, institutions and governments. But cyber terrorism is not only about
obtaining information; it is also about instilling fear and doubt and
compromising the integrity of the data, which leads to extortion.
 Hate.
The growth of computer and telecommunication technology has unfortunately
created a boom in all types of hate. There is growing concern about a growing

Course Module
 IT 6202: Social Issues and Professional Practice
5
Module 8: Cyber Crime

rate of acts of violence and intimidation motivated by prejudice based on race,

religion, sexual orientation, or ethnicity.
 Personal Gain/Fame/Fun.
Personal gain motives are always driven by the selfishness of individuals who
are not satisfied with what they have and are always wanting more, mostly
financially.

Social and Ethical Consequences

1. Psychological Effects.
These depend on the attack motive and may result in long psychological effects
such as hate. Psychological effects may lead to individual reclusion and
increasing isolation.
2. Moral decay.
There is a moral imperative in all our actions. When human actions, whether
bad or good, become so frequent, they create a level of familiarity that leads to
acceptance as normal. This type of acceptance of actions formerly viewed as
immoral and bad by society is moral decay.
3. Loss of privacy.
After headline-making e-attacks that wreaked havoc on global computers
systems, there is a resurgence in the need for quick solutions to the problem.
Many businesses are responding with patches, filters, intrusion detection (ID)
tools, and a whole list of other solutions. These solutions are a direct attack
on individual privacy. The blanket branding of every Internet user as a
potential computer attacker or a criminal—until proven otherwise—is
perhaps the greatest challenge to personal freedom yet encountered by the
world’s societies.
4. Trust.
Along with privacy lost, trust is lost. Individuals once attacked lose trust in a
person, group, company, or anything else believed to be the source of the
attack or believed to be unable to stop the attack. Such customer loss of trust
in a business is disastrous for that business.

References:
1. Kizza, Joseph Migga ; 2013; Ethical and Social Issues in the Information Age (Fifth
Edition); London; Springer-Verlag;
2. Tavani, Herman T.; 2013; Ethics And Technology : Controversies, Questions, And
Strategies For Ethical Computing; New Jersey, USA; John Wiley & Sons, Inc.
3. George Reynolds (2018) Ethics in Information Technology / Edition 6
4. https://technology.inquirer.net/34360/in-the-know-the-cybercrime-
law#ixzz60zKzLYq1

Course Module