Professional Documents
Culture Documents
Introduction To Cybercrime
Introduction To Cybercrime
CYBERCRIME
—SYNONYMOUS
2
What is RA 10175 or
Cybercrime Prevention Act
of 2012?
3
DIFFERENCE BETWEEN TRADITIONAL
CRIMES AND CYBERCRIMES
5
WHEN DID CYBERCRIME
BEGIN?
Steve Jobs and Steve Wozniak by selling and
manufacturing “blue box” at $170 each in 1972 prior to
founding Apple computer in 1976.
“Blue Box” was dubbed as the world’s first digital
hacking tool
It can make free phone calls anywhere in the world and a
host of other illegal practices
6
WHEN DID CYBERCRIME BEGIN?
REPUBLIC ACT
10175
AN ACT DEFINING CYBERCRIME,
PROVIDING FOR THE
PREVENTION, INVESTIGATION,
SUPPRESSION AND THE
IMPOSITION OF PENALTIES
THEREFOR AND FOR OTHER
PURPOSES
HISTORY OF
CYBERCRIME IN THE ILOVEYOU, referred to as Love Bug, is
PHILIPPINES a computer worm that infected over 10
million Windows personal computers on
and after May 5, 2000 that started
spreading as an email with the subject
“ILOVEYOU” and an attachment
Onel de Guzman, a 24-yr old Manileño,
created the malware to steal other
users’ passwords which he could use to
log in to their Internet accounts
The worm used the same principles he
described in his undergraduate thesis
at AMA Computer College
HISTORY OF
CYBERCRIME IN THE
PHILIPPINES It spread worldwide first in Hong Kong,
then to Europe, and finally to the US.
The outbreak was estimated to have
caused US$10-15 billion to remove the
worm.
The Pentagon, CIA, British Parliament
and most large corporations decided to
completely shutdown their mail systems
to protect themselves
It was one of the world’s most destructive
computer-related disasters.
Introduction and
Signed into law on September 12,
Rationale of the
2012
Law
COMPUTER SYSTEM
Any device or group of interconnected or
related devices, or more of which,
pursuant to a program, performs
automated processing of data; also
includes mobile and smart phones.
12
FIGHTING CYBERCRIMES IN THE
PHILIPPINES
LEGAL
LEGAL SYSTEM PROCESSES CYBERCRIMES
14
LEGAL SYSTEM
1 2 3 4 5
LAW
PROSECUTION COURTS CORRECTION COMMUNITY
ENFORCEMENT
15
Cybercrime Investigation and
LEGAL SYSTEM Coordinating Center (CICC)
under supervision of the Office
of the President
Duties and Functions
6TH – COORDINATING 1. Policy coordination and
AGENCIES national cyber security planning
2. Monitor Cybercrimes
3. Facilitates International
cooperation thru DOJ OCC
4. Call upon other agencies and
community stakeholders to render
assistance
16
Department of Justice – Office of
Cyber Crime or DOJ-OCC
LEGAL SYSTEM Operational Center of the CICC
Central Authority in all matters
related to international and mutual
assistance and extradition
6TH – COORDINATING Duties and Functions
AGENCIES 1. Coordinates NBI CCD, PNP ACG and
the National Prosecution Service
(NPS)
2. Coordinate with foreign
counterparts
3. Assist in investigation
4. Acts on complaints and cause
investigation and prosecution
17
1. LAW -Organization of Cybercrime
ENFORCEMENT Division or Unit to be manned by
Special Investigators
Sec 22 - VENUE
Filed with the RTC of
the Province or City
where the
cybercrime or any of
its elements is
committed, etc.
22
4.
CORRECTIO
N
Bureau of Jail
Management and
Penology; Bureau of
Corrections; and
Provincial and City Jails
23
5.
COMMUNITY
Service Providers
National Computer
Emergency Response Team
(NCERT)
Other governmental units
or LGUs
Community in general
24
WHAT ARE SERVICE
PROVIDERS
?
any public or private entity that provides
users of its service with the ability to
communicate by means of a computer system
(e.g. Viber and Facebook); and
any other entity that processes or stores
computer data on behalf of such
communication service or users of such
service.
WHAT IS NCERT
?
NCERT means NATIONAL COMPUTER
EMERGENCY RESPONSE TEAM
Under the Information and Communications
Technology – Department of Science and
Technology (ICT – DOST)
Serves as coordinator for cybersecurity –related
activities focused in incident response and proactive
service
NCERT
28
HOW IS A CYBERCRIME CASE
INSTITUTED?
33
1. Offenses against
the confidentiality, 2.
integrity and Computer-
availability of Related
computer data and
Offenses
systems
34
(1) ILLEGAL ACCESS - The access to the whole or any
SECTION 4 (a)
part of a computer system without right.
Other
Difference between ‘Aiding’ and ‘Abetting’
Offenses Aiding – helping someone commit a crime
Abetting – encourage or incite a criminal act;
though does not necessarily mean that you help or
facilitate its execution
Sec 4 (a) – If committed against critical Reclusion Temporal (12 years and At least PhP500,000.00 up
infrastructure (e.g. transportation systems, 1 day to 20 years) to Max Amount
energy sectors, airports, Commensurate to the
telecommunication companies and Damage Incurred
manufacturing industries)
Sec 4 (c) (2) – Child Pornography One degree higher than the
penalties imposed in RA 9775
Sec 5 – Other Offenses One degree lower than the At least PhP100,000 but
prescribed penalty for the offense
not exceeding PhP500,000
41
RULE ON
CYBERCRIME
WARRANTS
42
RULE ON CYBERCRIME
WARRANTS
(AM No. 17-11-03 SC)
Took effect on August 15, 2018;
Drafted by the Sub-Committee on
Commercial Courts as directed by the SC
Click icon to add picture Scope: procedure for the application and
grant of warrants and related orders
involving the preservation, disclosure,
interception, search, seizure, and/or
examination, and destruction of
computer data as provided in RA 10175.
Rule is Supplementary or Suppletory in
nature.
43
Where to file an application for a Warrant?
46
Q: When can a law enforcer be subjected for Contempt?
A: (Sec. 2.6 Contempt) Failure to timely file the returns for any of the
issued warrants under the Rule or to duly turn-over to the court’s
custody any of the items disclosed, intercepted, searched, seized,
and/or examined, shall subject the responsible law enforcer to an
action for contempt.
47
Q: Where to file the criminal charge for Obstruction of Justice?
A: The criminal charge for Obstruction of Justice shall be filed
before the designated cybercrime court that has jurisdiction over
the place where the non-compliance was committed.
48
Sec 4 -
DISCLOSURE Sec 3 -
OF COMPUTER PRESERVATIO
DATA N OF
COMPUTER
Sec 5 - DATA
INTERCEPTION
POWERS OF LAW
OF COMPUTER ENFORCEMENT
DATA AUTHORITIES IN RELATION
TO CYBERCRIME
WARRANTS Sec 6 – SEARCH, SEIZURE
Sec 6.9 – EXAMINE AND EXAMINATION OF
COMPUTER DATA COMPUTER DATA
Sec. 3 PRESERVATION OF
COMPUTER DATA
The integrity of traffic data and
subscriber’s information shall be
LEA may order a one-time extension kept, retained and preserved by a
for another 6 months. Provided, once service provider for a minimum
computer data that is preserved, of six (6) months from the date
Click icon to add picture
transmitted or stored by a service of transaction.
provider (SP) is used as evidence in a
case, the receipt by the SP of a copy of Content data shall be preserved
the transmittal document to the Office for 6 months from the date of
of the Prosecutor shall be deemed a receipt of the order from LEA
notification to preserve the computer requiring its preservation.
data until the final termination of the Shall be preserved with
case and/or ordered by the court. confidentiality. 50
Q: What is Traffic Data?
A: Refers only to the communication’s origin, destination, route,
time, date, size, duration, or type of underlying service, but not
content or identities
51
Q: What is a Service Provider?
A: Refers to (a) any public or private entity that provides users of
its service the ability to communicate by means of a computer
system; and (b) any other entity that processes or stores
computer data on behalf of such communication service or users
of such service;
52
Sec. 4 DISCLOSURE OF
COMPUTER DATA
54
(1) WARRANT TO DISCLOSE COMPUTER
DATA (WDCD)
56
Q: What does a LEA do upon securing a WDCD?
A: The LEA shall issue an order requiring any person or SP to disclose or
submit SI, traffic data or relevant data in his/her possession or control
within 72 hours from receipt of the order in relation to a valid complaint
docketed and assigned for investigation and disclosure is necessary and
relevant for the purpose of investigation.
Q: What is NOTICE?
A: It is the duty of the LEO to notify the person whose communication or
computer data have been intercepted of the activities conducted
pursuant to the WICD within 30 days from filing of return, or if no return,
from the lapse of 48 hr period to file return
Q: What does a Notice contain?
A: Details of the interception activities including the contents of the
intercepted communication or computer data
Q: Can the subject person challenge the legality of the interception?
A: Yes, within 10 days from notice by motion
60
(3) WARRANT TO SEARCH, SEIZURE AND EXAMINATION OF
COMPUTER DATA (WSSECD)
62
Q: What is Off-Site Search?
A: refers to the process whereby LEA, by virtue of WSSECD, are
allowed to bring the computer device and/or parts of the computer
system outside the place to be searched in order to conduct the
forensic examination of the CD subject of the warrant; provided, there
is justifiable cause and must be explained in the initial return for
resorting to such mode
63
Q: What is the INITIAL RETURN required in the enforcement of
WSSECD?
A: An initial return must be filed within 10 days from the issuance of
the WSSECD stating all the actions of the law enforcement . The court,
through an order, will set the period to conclude the examination of
all the items seized, which may not exceed 30 days, upon motion, for
justifiable reasons.
64
Q: What is Forensic Image?
A: also known as forensic copy, refers to an exact bit-by-bit copy of a
data carrier, including slack, unallocated space and unused space
Q: What is Forensics?
A: refers to the application of investigative and analytical techniques
that conform to evidentiary standards for use in court
65
(4) WARRANT TO EXAMINE COMPUTER DATA (WECD)
Q: What are the other acts that may be conducted during the
implementation of WECD?
A: Interception of communications and computer data may be likewise
conducted
66
CUSTODY AND
DESTRUCTION OF
COMPUTER DATA
67
Q: Where shall the seized computer data be deposited?
A: All computer data subject to cybercrime warrants shall be
simultaneously deposited in a sealed package with the same court
that issued the warrant upon the filing of the return for a WDCD or
WICD or final return for a WSSECD or WECD, accompanied by a
complete and verified inventory of all the other items seized and by
the affidavit of the LEO containing: date and time of operation,
particulars of the subject computer data, manner, detailed
identification of all items seized, names and positions of LEOs who
have access to the computer data from the time of its seizure until the
termination of the examination, name of LEO who may be allowed to
access the deposited data and certification that no duplicates or
copies of the whole or any part thereof have been made.
68
Q: What is the duty of the Prosecutor when a criminal action is instituted?
A: Prosecutor should move for the transmittal of the records as the
transfer of the intercepted, disclosed, searched, seized and/or examined
computer data and items including the inventory thereof, to the court
that subsequently acquired jurisdiction over the criminal action. The
motion shall be filed before the court that issued the warrant within 10
days from the time the criminal action is instituted and shall be acted
upon by the court within a period of 5 days.
Q: How is the turned-over computer data accessed and used?
A: By a motion duly granted by the court, which shall state the relevance
of the computer data and the names of persons who will be allowed to
have access thereto. The motion shall include proof of service of copies to
the person whose CD is the subject of the motion, the latter shall be
given 10 days to file a comment which the court shall rule on the motion.
69
Q: How is destruction or return of computer data made in the custody
of the court when a criminal action is instituted?
A: Upon motion and due hearing, the court may, for justifiable
reasons, order the complete or partial destruction, or return to its
lawful owner or possessor, of the computer data or any of the related
items turned over to its custody.
70
Q: How is destruction or return of computer data made when there is no
criminal action instituted or no preliminary investigation is made?
A: The court may, motu proprio, and upon written notice to all of the
parties concerned, order the complete and partial destruction, or return
to its lawful owner or possessor, the computer data turned-over to its
custody after 31 days from their deposit, or if PI has been instituted
within the period, upon finality of the prosecutor’s resolution finding lack
of probable cause. The destruction shall be witnessed by the Branch
Clerk-of-Court. Said COC shall issue a sworn certification as to the fact of
destruction and file said certificate with the same court.
71
GOOD LUCK!
THANK YOU
Neal Creative ©