Professional Documents
Culture Documents
Ethical Hacking and Cybercrimes
Ethical Hacking and Cybercrimes
How to Become a
Pro Ethical Hacker and
Save the Digital World
In the era of artificial intelligence, hackers are leveraging AI-
driven techniques to breach even the most robust cyber
protection programs. These AI-driven cyberattacks are
reshaping the cybersecurity landscape, and it's crucial to adopt
a comprehensive cyber protection program that onboards
holistic defense. The connectors include common security
concerns, ransomware, phishing or even privacy, and AI invokes
some differences since it's being learned and revolutionized.
1. High Demand for Cybersecurity Experts: With the increasing number of cyber threats, organizations are actively seeking
skilled professionals to identify and mitigate vulnerabilities, leading to a high demand for ethical hackers.
2. Attractive Salary Packages: Due to the specialized skill set and high demand, ethical hackers often command competitive
salaries, with opportunities for rapid advancement and salary increases based on experience and certifications.
3. Positive Impact: Ethical hackers contribute significantly to the digital safety of individuals, companies, and governments,
protecting sensitive data from malicious attacks and preventing potential financial and reputational damage.
4. Continuous Learning and Growth: The cybersecurity field is always evolving, with new technologies and threats emerging
regularly. This constant change requires ethical hackers to continually learn and adapt, ensuring ongoing professional growth.
5. Diverse Industries: Virtually every industry requires cybersecurity expertise, from finance and healthcare to government
and tech. Ethical hackers can find opportunities in various sectors, allowing for diverse career paths and experiences.
Why is Ethical Hacking a Great Career Path?
6. Global Opportunities: Cybersecurity is a global concern, offering ethical hackers the chance to work in different countries
and cultures, either by relocating or through remote work opportunities.
7. Recognition and Respect: As guardians of digital security, ethical hackers gain respect and recognition for their specialized
knowledge and contributions to safeguarding online spaces.
8. Creative and Analytical Work: Ethical hacking involves a blend of creativity and analytical thinking, as professionals must
think like attackers to identify vulnerabilities and devise countermeasures.
9. Certifications and Specializations: The field offers numerous certifications (e.g., CEH, OSCP) that validate skills and
knowledge, allowing for specialization in areas like penetration testing, network security, or forensics.
10. Community and Collaboration: Ethical hackers belong to a global community of cybersecurity professionals, sharing
knowledge, tools, and techniques. This collaborative environment enriches the profession and enhances individual learning.
Choosing a career in ethical hacking not only opens doors to exciting challenges and substantial rewards but also contributes
to a safer digital world, making it a fulfilling path for those passionate about technology and security.
Phishing for Compliments:
Cybercrimes Tools, Tales,
and Legal Trails
The primary law governing cybercrime in the Philippines
is the Cybercrime Prevention Act of 2012, formally known
as Republic Act No. 10175. It was signed into law on
September 12, 2012, and took effect on October 3, 2012.
Key Provisions
Legal Recognition of Electronic Data: The Act gives
electronic data legal recognition, which can be
used as evidence in court.
Jurisdiction: The law has provisions that extend to
acts committed outside the Philippines if they
involve Filipino citizens or harm the country's
interests.
Law Enforcement and Regulatory Provisions: It
mandates the creation of a Cybercrime
Investigation and Coordination Center (CICC) and
outlines the powers and duties of law
enforcement authorities concerning cybercrime.
Crimes Covered by the Act
The Cybercrime Prevention Act categorizes offenses under three main groups:
1. Offenses against the confidentiality, integrity and availability of computer data and systems:
▪ System Interference: Interfering with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering, or suppressing
computer data or programs, without right or authority.
▪ Misuse of Devices: The use, production, sale, procurement, importation, distribution, or otherwise making available of devices or programs, designed
or adapted for the purpose of committing any of the offenses listed in the act.
▪ Illegal Access: Unauthorized access to a computer system or application.
▪ Illegal Interception: Unauthorized interception of any non-public transmission of computer data.
▪ Data Interference: Unauthorized alteration, damaging, deletion or deterioration of data.
2. Computer-related Offenses:
▪ Computer-related Forgery: Inputting, altering, or deleting computer data resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if
it were authentic.
▪ Computer-related Fraud: Unauthorized alteration, or deletion of computer data or interference in the functioning of a computer system, causing loss to another person.
▪ Computer-related Identity Theft: Unauthorized acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another, whether
natural or juridical.
3. Content-related Offenses:
▪ Cybersex: The control or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity,
with the aid of a computer system, for favor or consideration.
▪ Child Pornography: The unlawful or prohibited acts defined and punishable by Republic Act No. 9775
or the Anti-Child Pornography Act of 2009, done through a computer system.
▪ Unsolicited Commercial Communications: The transmission of commercial electronic communication with the use of
computer systems which seek to advertise, sell, or offer for sale products and services are prohibited
▪ Libel: The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended,
committed through a computer system or any other similar means which may be devised in the future.
ILLEGAL ACCESS
Bangko Sentral ng Pilipinas (2016): The website of the Philippine Central Bank was subjected to a brute force
attack in March 2016 during a wave of cyber-attacks on government websites. This was part of larger online
activism but highlighted the vulnerability of even high-security websites.
Philippine Commission on Elections (COMELEC) (2016): In a separate incident, hackers used a SQL injection
(which is akin to brute-force techniques in terms of unauthorized access), to penetrate the COMELEC's voter
database, exposing millions of voters' personal data. The incident, known as "Comeleak," is one of the largest
breaches in history.
ILLEGAL ACCESS
Phishing
1. Craft fraudulent emails or websites mimicking legitimate ones.
2. Design and send/host via compromised networks.
3. Utilize phishing kits with templates and hosting services.
4. Victims access from personal or work devices, anywhere with internet
Credit Score company Equifax (2017): Equifax removed its apps from
Google and Apple after a breach resulted in the leak of personal data. A
researcher found that the app did not consistently use HTTPS, allowing
attackers to intercept data as users accessed their accounts.
ILLEGAL INTERCEPTION
Email Snooping
1. Gain unauthorized access to email accounts or servers.
2. Exploit network vulnerabilities or use malware.
3. Use tools like network sniffers or credential logging malware.
4. Perform snooping remotely from any internet-connected location.
Ransomware Attacks
1. Deliver ransomware via phishing or network exploits.
2. Encrypt victim’s data and demand ransom.
3. Use ransomware kits for malware customization.
4. Target connected devices like PCs or servers.
Database Poisoning
1. Insert corrupt/malicious data into databases.
2. Exploit SQL injection vulnerabilities.
3. Use automated tools like SQLmap.
4. Attack web applications or databases online.
DDoS Attacks
1. Use multiple compromised systems to flood target with traffic.
2. Employ botnets and tools like LOIC.
3. Overwhelm target's IP address, denying service.
4. Coordinate attacks globally.
Top Philippine News Sites (2018): Major news websites in the Philippines
were brought down by DDoS attacks, believed to be politically motivated
due to the critical nature of the articles being published.
SYSTEM INTERFERENCE
Botnets
1. Infect devices with malware to form a botnet.
2. Control infected devices remotely for attacks or spam.
3. Begin with phishing emails or malware-laden websites.
4. Use command-and-control software from remote locations.
Keyloggers
1. Install keylogging software or hardware on victim's device.
2. Capture every keystroke to gather sensitive information.
3. Retrieve recorded data remotely or directly.
4. Distribute software keyloggers via downloads or emails.
Operation Phish Phry (2009): One of the largest cyber fraud phishing
operations, where U.S. and Egyptian defendants used phishing emails to
collect personal bank account information and then created fake
documents to withdraw funds
COMPUTER-RELATED OFFENSE
Computer-related Fraud
1. Manipulation of Input Data: Fraudulent data is input into computer
systems to alter financial records or other significant data.
2. Exploitation of System Vulnerabilities: Security weaknesses are
exploited to unauthorizedly modify system functions or data.
3. Execution of Unauthorized Transactions: Transactions are carried out
without the knowledge or consent of the rightful owner.
4. Tools Used: Malware designed to intercept or manipulate data, and
exploitation tools for vulnerabilities in software.
Impact: Thousands of people across the U.S. were defrauded, with losses
totaling millions of dollars. This incident serves as one of the most
infamous examples of vishing, prompting widespread awareness and
warnings from the IRS.
OTHER CYBERCRIMES
Pharming
Pharming is a cyberattack aiming to redirect a website's traffic to another,
fraudulent website without the user's knowledge or consent. It can be
done by exploiting vulnerabilities to alter DNS settings or by infecting a
user’s computer with malware that changes local DNS entries. The intent
is often to steal personal information or credentials.
Bank of the West (2007):
Who/What: Customers of Bank of the West were redirected from the
bank's legitimate website to a fraudulent one that looked nearly identical.
When: 2007
When: 2010
When: 2010
Impact: The leaked emails had a significant impact on the 2016 U.S.
presidential election, showing how spear phishing can influence major
political outcomes.
OTHER CYBERCRIMES
Advanced Persistent Threats (APT)
Advanced Persistent Threats (APT) are prolonged and targeted
cyberattacks wherein attackers infiltrate a network to steal data or
monitor activity over an extended period without being detected. These
attacks are complex, involving a high degree of covertness and are
typically aimed at high-value targets like governments, enterprises, and
critical infrastructure.
Operation Aurora (2010):
Google and at least 20 other companies were targeted by an APT
originating from China, known as "Operation Aurora.“
When: 2010
How: The incident was caught by a player who was recording the live
session, showing the dealer’s actions clearly.
How: This deepfake was created by BuzzFeed and director Jordan Peele
using AI and machine learning technologies to manipulate video content.
How: Russian operatives used fake accounts to post and amplify divisive
content, spreading misinformation and inflaming political tensions.
▪ Vigilance is Key: Always exercise caution when handling emails, clicking on links, or sharing personal
information online. Cybercriminals often exploit simple human errors.
▪ Stay Informed: Keeping up-to-date with the latest cyber threats and security measures can significantly
reduce vulnerability to cyber attacks. Awareness training and regular updates can prevent many common
cybercrimes.
▪ Use Strong Security Measures: Employ robust cybersecurity tools and practices, such as using strong, unique
passwords, enabling two-factor authentication, and regularly updating software to protect against
vulnerabilities.
▪ Legal Recourse Exists: Be aware of the legal protections and recourses available against cybercrimes.
Understanding your rights can help navigate the aftermath of an attack and minimize damage.
▪ Collaborate and Report: Encourage openness about cyber threats within your organization and report
incidents to relevant authorities. Sharing information about threats can help improve security protocols and
prevent future attacks.