INTRO TO CYBERCRIME &

ENVIRONMENTAL LAWS & PROTECTION

CYBER SECURITY

Cybercrime

- a crime that involves a computer and a network.

-criminal activities carried out by means of

computers or the internet.

Cyber-refers to a computer or a computer network, the electronic medium in

which online communication takes place.

CYBER SECURITY

Salient Historical Events

1834-first cyberattack in the world.-A couple of robbers hack the French

Telegraph System and steal information from the stock market.

1878-Early Mobile Calls- young boys repeatedly and purposely misdirecting and

disconnecting customer calls of Bell Telephone Company two years after

Alexander Graham Bell invented the machine.

1969-RABBITS Virus-The University of Washington Data Center downloads a

program on a computer from an unknown user. The inconspicuous machine

creates copies of itself before the machine overloads and ceases running

(breeding like a rabbit). It is known to be the first virus on a computer.

1970-1995-Kevin Mitnick- penetrates some of the highest-guarded networks in the

world, including Nokia and Motorola, tricking insiders into handing codes and

passwords.

1981-First Cybercrime Conviction-lan Murphy, aka "Captain Zap," breaks into the

network of AT&T and alterations the internal clock at peak hours to charge off-
hour prices.

1982 - The Logic Bomb- The CIA blows up a Siberian gas pipeline by injecting a code

into the network and the operating system to monitor the gas pipeline without

using a bomb or a missile.

1988- The Morris Worm-Robert Morris releases what on the Internet will be

considered the first worm. To show that the author is a student there, the worm

is released from a computer at MIT.

1989-Trojan Horse Program-A diskette that appears to be an AIDS information

archive is mailed to a UK electronic journal to thousands of AIDS researchers and

subscribers.

1999- The Melissa Virus-A virus infects Microsoft Word records, transmitting itself

via email as an attachment automatically. It mails out to the first 50 names

mentioned in the Outlook email address box of an infected device.

2010 - The Stuxnet Worm-The world's first software bomb is a

destructive computer virus that can attack control systems used for

controlling manufacturing facilities.

2016 - DNC Email Leaks-Emails from the Democratic National

Committee were leaked to and released by WikiLeaks prior to the

2016 US presidential election.

I love You Virus- sometimes referred to as Love Bug or Love Letter for

you, is a computer worm that infected over ten million Windows

personal computers on and after 5 May 2000. It started spreading

as an email message with the subject line "ILOVEYOU" and the

attachment "LOVE-LETTER-FOR-YOU.TXT.vbs."

-created by Onel De Guzman

CYBER SECURITY

Four Basic Function of Computer

Input Processing Output

Function The Data Function

RAM ROM

Data

Storage

Basic Functions of a Computer

1. Input Function - the process of entering any type of

data and instructions into a computer system. Uses

the input devices such as a Keyboard, Mouse,

Scanner, Microphone, etc, in order to receive user

signals to the computer.By Using ,Output Device ,Monitor,Input Devices

keyboard ,Sp Save Cam.

2. Central Processing Unit-it processes data of the

computer. It takes data and instructions from the

input devices and performs all types of calculations

based on the instructions given. Called "the brain of

computer" as it controls operation of all parts of

computer.

3. Data Storage-records and preserves digital information.

Types of CPU Storage

Random Access Memory is a computer's short-term memory, where the data that the processor is

currently using is stored. A volatile memory, used to hold instructions and data of currently running

programs.

Read Only Memory- a non-volatile memory type. This means it receives data and permanently writes it
on

a chip, and it lasts even after you turn off your computer. The data that remains on the ROM cannot

be changed and remains forever.

Other Storage

Hard Disk Drive (HDD) are writable permanent memory

Solid State Drive (SSD)-s a new generation of storage device used in computers. It stores data using
flash-

based memory, which is much faster than the traditional hard disks they've come to replace

Pen Drives- a plug-and-play portable storage device that uses flash memory that is lightweight.

4. Output Function - means the results

generated by the computer once the

processing of CPU is completed, based on

the instruction given by the user.

-The output is in the form of documents,

videos, audio, graphs, images, etc. Results

are displayed on your computer screen.

Notes

Computers use 2 binary numbers

• Hash values- can be thought of as fingerprints for files.

The contents of a file are processed through a

cryptographic algorithm, and a unique numerical value is

produced that identifies the contents of the file.

• The word "bit" is an abbreviation for binary digit.

8 Bits

1. 1024 Bytes
2. 1,024 Kilobytes
3. 1,024 Megabytes
4. 1,024 Gigabytes
5. 1,024 Terabytes
6. 1,024 Petabytes
7. 1,024 Exabytes
8. 1,024 Zettabytes
9. 1 Byte
10. 1 Kilobyte
11. 1 Megabyte
12. 1 Gigabyte
13. 1 Terrabyte
14. 1 Petabyte
15. 1 Exabyte
 16. 1 Zettabyte
17. 1 Yottabyte

Other Components of Computer System

Computer Case-This is the part that holds all

of the parts of a computer to make up the

computer system.

• Motherboard-the main printed circuit board

within a computer, which means it's the

primary piece of circuitry that all of the other

pieces plug into to create a cohesive whole.

• Graphics card- is an output device that

processes the data from the motherboard

and sends the appropriate information to the

computer's screen for display.

Other Components of Computer System

• Power supply unit-converts the Alternating current (AC)

mains supply from the power cord from a wall socket and

supplies the correct Direct current (DC) voltages to all the

components inside the computer.

Monitor-is an output device used to visualize the graphics

data sent from the computer's graphic's card.

Keyboard-device that enables a user to input text into a

computer or any other electronic machinery.

Mouse - small device that a computer user pushes across a

desk surface in order to point to a place on a display screen

and to select one or more actions to take from that

position.

Cybercrime Offenses
Republic Act 10175-Cybercrime Prevention Act of 2012

Categories

A. Offenses against the confidentiality, integrity and availability of

computer data and systems

B. Computer-related Offenses

C. Content-related Offenses

D. Other Cybercrime Offenses

A. Offenses against the confidentiality, integrity and CYBER SURITY

availability of computer data and systems

(1) Illegal Access. - The access to the whole or any part of a computer

system without right.

(2) Illegal Interception. The interception made by technical means

without right of any non-public transmission of computer data to,

from, or within a computer system including electromagnetic

emissions from a computer system carrying such computer data.

(3) Data Interference. The intentional or reckless alteration, damaging, deletion or

deterioration of computer data, electronic document, or electronic data message,

without right, including the introduction or transmission of viruses.

(4) System Interference. The intentional alteration or reckless hindering or

interference with the functioning of a computer or computer network by inputting,

transmitting, damaging, deleting, or suppressing computer data or program,

electronic document or electronic data message, without right or authority,

including the introduction or transmission of viruses.

Note: Computer data: Any representation of facts, information, or concepts in a form

suitable for processing in a computer system; this includes electronic and digital

information and programs.

A. Offenses against the confidentiality, integrity and CYBER SECURITY

availability of computer data and systems

(5) Misuse of Devices-The use, production, sale, procurement, importation,

distribution, or otherwise making available, without right, a device, including a

computer program, designed or adapted primarily for the purpose of committing

any of the offenses under this Act; or computer password, access code, or similar

data to be used for the purpose of committing any of the offenses under this Act.

(6) Cyber-squatting. -The acquisition of a domain name over the internet in bad faith

to profit, mislead, destroy reputation, and deprive others from registering the

same, if such a domain name is similar, identical, or confusingly similar to an

existing trademark registered with the appropriate government agency.

B. Computer-related

Offenses

(1) Computer-related Forgery. -The input, alteration, or deletion of any computer

data without right resulting in inauthentic data with the intent that it be

considered or acted upon for legal purposes as if it were authentic, or the act of

knowingly using computer data which is the product of computer-related forgery

as defined herein, for the purpose of perpetuating a fraudulent or dishonest

design.

(2) Computer-related Fraud. - The unauthorized input, alteration, or deletion of

computer data or program or interference in the functioning of a computer

system, causing damage thereby with fraudulent intent.

(3) Computer-related Identity Theft. - The intentional acquisition, use,

misuse, transfer, possession, alteration or deletion of identifying

information belonging to another, whether natural or juridical,

without right.

C. Content-related Offenses

(1) Cybersex. - The willful engagement, maintenance, control, or

operation, directly or indirectly, of any lascivious exhibition of

sexual organs or sexual activity, with the aid of a computer system,

for favor or consideration.

(2) Child Pornography. - The unlawful or prohibited acts defined and

punishable by Republic Act No. 9775 or the Anti-Child Pornography

Act of 2009, committed through a computer system.

(3) Unsolicited Commercial Communications. The transmission of

commercial electronic communication with the use of computer

system which seek to advertise, sell, or offer for sale products and

services are prohibited unless. Also known as spam.

(4) Libel. - The unlawful or prohibited acts of libel as defined in Article

355 of the Revised.Penal Code, as amended, committed through a

computer system.

Other Cybercrime Offenses

(a) Aiding or Abetting in the Commission of Cybercrime. - Any

person who willfully abets or aids in the commission of any of the

offenses enumerated in this Act shall be held liable.

(b) Attempt in the Commission of Cybercrime. - Any person who

willfully attempts to commit any of the offenses enumerated in

this Act shall be held liable.

Common Types of Internet Fraud

1. Boiler Room- refers to an outbound call center selling questionable investments

by telephone. It typically refers to a room where salesmen work using unfair,

dishonest sales tactics, sometimes selling foreign currency stock, private

placements or committing outright stock fraud. The term carries a negative

connotation, and is often used to imply high-pressure sales

2. Romance Scam/catphishing-false or misleading promises of love and

companionship

3. Lottery Scam-involves email, letter or text message you receive about your

winnings will ask you to respond quickly or risk missing out.

4. Card skimming-illegal copying of information from the magnetic strip of a credit or ATM
card. The scammers later create a fake or cloned card with your details on it. The scammer

is then able to run up charges on your account.

5. Phishing-comes from the analogy that Internet scammers are using email lures to fish for

passwords and financial data from the sea of Internet users. Phishing, also called brand

spoofing is the creation of email messages and Web pages that are replicas of existing,

legitimate sites and businesses. These Web sites and emails are used to trick users into

submitting personal, financial, or password data.

6. Email spoofing- is the creation of email messages with a forged sender address. The word

"spoof" means "falsified". A spoofed email is when the sender purposely alters parts of the

email to masquerade as though it was authored by someone else.

7. Nigerian scam- also called 419 scams, are a type of fraud and one of the most common

types of confidence trick. The number "419" refers to the article of the Nigerian Criminal

Code dealing with fraud. A consumer receives a letter concerning the "request for urgent

business transaction". Typically, after receiving a letter a consumer would respond either

by phone, fax, or email. The response would be a request for further information on the

requirements and procedure for the transaction. Once contact is established, the writer of

the letter will normally ask for an upfront processing fee

8. Check overpayment scam-receiving an offer from a potential buyer which issues a check

with overpayment. The scammer will then ask you to refund the excess amount. The

scammer is hoping that you will do this before you discover that their check has bounced.

9. inheritance scam-is when a scammer contacts you out of the blue to tell you that

you've been left, or are entitled to claim, a large inheritance from a distant

relative or wealthy benefactor who has died overseas.

10. Emergency Scam-sometimes referred to as the Grandparent Scam. In the typical

scenario, a grandparent receives a phone call from a con-artist claiming to be one

of his or her grandchildren. The caller goes on to say that they are in some kind of

trouble and need money immediately. Typically they claim being in a car

accident, trouble returning from a foreign country or they need bail money.
Incident Response, Preservation and

Collection

CYBER SECURITY

When computer is off - do not turn it on

• If the computer is "ON", do not turn it "OFF"

• If transport is required, pack the components as "fragile cargo" prior

to transport

• Keep away computer evidence from magnets, transmitters, radio,

and other hostile environment

• In the investigative plan, start with identification, then acquisition,

examination/analysis, reporting, and court presentation.

• Observe BWC requirement

• Refuse offers of help/technical assistance from any unauthorized persons

• Latent prints only after e-evidence are collected. Do not use aluminium powders

to avoid damage on electronic data

• Photograph front and back of the monitor, CPU, etc.

• Label all connections for convenient of possible reassembly. Label unused for ports

that are not used

• Note computer date and time, and active programs

• Image the RAM. If done, press and hold the power button for 10 seconds.

"CYBER SSOURIT"

Note

The National Bureau of Investigation (NBI) and the Philippine

National Police (PNP) shall be responsible for the efficient

and effective law enforcement of the provisions of

Republic Act 10175.

Cybercrime Warrants

1. The Warrant to Disclose Computer Data (WDCD)-

authorizes law enforcers to disclose or submit subscriber's

information, traffic data, or relevant data in the possession

or control of a person or service provider.

What is the duty of the authorized law enforcement officer?

-Within forty-eight (48) hours from implementation or after the expiration of the

effectivity of WDCD, the law enforcement officer shall:

submit a RETURN to the court that issued it; and

• simultaneously turn over the custody of the disclosed computer data or

subscriber's information

Note: if no return was made, Judge will summon the law enforcement officer to whom

the WDCD was issued and require him to explain why no return was made.

2. The Warrant to Intercept Computer Data (WICD)-

authorizes law enforcers to listen, record, monitor, or

surveil the content of the communications through

electronic eavesdropping or tapping devices, while the

communication is occurring.

What is the duty of the authorized law enforcement officer?

Within forty-eight (48) hours from implementation or after

the expiration of the affectivity of WICD, the law

enforcement officer shall:

• submit a return to the court that issued it; and

• simultaneously turn over the custody of the intercepted

communication or computer data

3. The Warrant to Search, Seize, and Examine Computer Data

(WSSECD)- authorizes law enforcers to search the particular place for

items to be seized and/or examined.

-The Rule allows the authorized law enforcer to initially make a forensic

image of the computer on-site, as well as limit their search to the

place specified in the warrant. Otherwise, an off-site search, where

the law enforcer searches the computer outside the place to be

searched, may be conducted.

What must first be done by law enforcement authorities on site?

• Make a forensic image of the computer data

• Limit search to place specified in Warrant

Try not to seize computer items if search can be done on site

Ho

When can off site search be conducted?

• If it is not possible to do search on site

Forensic image must have been made; Image copy

• Reasons for off-site search must be given in Initial Return.

4. The Warrant to Examine Computer Data (WECD)-

authorizes law enforcers to search a computer device or

computer seized during a lawful warrantless arrest or by

any other lawful method.

Cybercrime Warrants

• The warrants shall only be effective within 10 days from its issuance.

• The court upon motion, extend its effectivity based only on justifiable

reasons for a period not exceeding 10 days from the expiration of the

original period.

• Failure to timely file the returns of warrants or to duly turn over to

the court's custody any of the items disclosed, intercepted, searched,

seized, and/or examined shall subject for contempt.

• Moreover, failure to comply with the orders from law enforcement

authorities shall be punished for obstruction of justice.