Cybercrime: Cybercrime-Is Criminal Activity That Either Targets or Uses A Computer, A Computer
Cybercrime: Cybercrime-Is Criminal Activity That Either Targets or Uses A Computer, A Computer
Cybercrime: Cybercrime-Is Criminal Activity That Either Targets or Uses A Computer, A Computer
This innovative type of crime was a difficult issue for law enforcement, due in part to
lack of legislation to aid in criminal prosecution, and a shortage of investigators
skilled in the technology that was being hacked. It was clear that computer systems
were open to criminal activity, and as more complex communications became
available to the consumer, more opportunities for cyber crime developed.
• Stoll’s effort paid off with the eventual arrest of Markus Hess and several
others located in West Germany, who were stealing and selling military
information, passwords and other data to the Soviet KGB.
• The Berkeley lab intrusion was soon followed by the discovery of the Morris
worm virus, created by Robert Morris, a Cornell University student. This
worm damaged more than 6,000 computers and resulted in estimated
damages of $98 million. More incidents began to follow in a continuous,
steady stream. Congress responded by passing its first hacking-related
legislation, the Federal Computer Fraud and Abuse Act, in 1986. The act
made computer tampering a felony crime punishable by significant jail time
and monetary fines.
• The first incident of such nature dates to 1990, when the Steve Jackson
Games publishing company was nearly forced out of business after being
accused of possessing an illegally copied document related to a fantasy
game that dealt with “cyberpunk.” The Secret Service believed this
document was in Jackson’s possession and confiscated the computers
used in his business, according to The New York Times.
CYBERCRIME
also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and
intellectual property, stealing identities, or violating privacy.
Cybercrime, especially through the Internet, has grown in importance as the
computer has become central to commerce, entertainment, and government.
CYBERSPACE
simply a richer version of the space where a telephone conversation takes
place, somewhere between the two people having the conversation.
As a planet-spanning network, the Internet offers criminals multiple hiding
places in the real world as well as in the network itself.
TYPES OF CYBERCRIME
Cybercrime affects both a virtual and a real body
1. Identity theft and invasion of privacy
Cybercrime affects both a virtual and a real body
2. Internet Fraud
Schemes to defraud consumers abound on the Internet
3.ATM Fraud
Intercept the card’s magnetic strip and user’s PIN
4.Wire Fraud
involves the use of some form of telecommunications or the internet
7. Child Pornography
application that drove early deployment of technical innovation in search of profit
8.Hacking
sending illegal instruction to any other computer or network.
9.Computer Viruses
deliberate release of damaging computer viruses
12. Sabotage
involves the hijacking of a government or corporation Web site
Who is a Cybercriminal?
are individuals or teams of people who use technology to commit malicious
activities on digital systems or networks with the intention of stealing
sensitive company information or personal data, and generating profit.
Cybercriminals are known to access the cybercriminal underground
markets found in the deep web to trade malicious goods and services, such
as hacking tools and stolen data.
Vulnerability of Computer
1.Easy access
Hackers can steal access codes, retina images, advanced voice recorders, etc.
2. Capacity to store data
a lot easier for the people to steal data from any other storage
3. Complex
Millions of Codes
4. Negligence
cyber-criminal can access and control over the computer system.
5. Loss of Evidence
data related to the crime can be easily destroyed.
Keep your computer current with the latest patches and updates
apply patches and other software fixes when they become available.
By regularly updating your computer, you block attackers from being able to
take advantage of software flaws (vulnerabilities) that they could otherwise
use to break into your system.
Parental Control
parents should monitor all the activities of their children online.
Giving adequate privacy to children would be problematic.
Parents need to be cautious and should keep an eye on browser history
and email accounts regularly
Dateline of Cybercrime
1834 — French Telegraph System
A pair of thieves hack the French Telegraph System and steal financial
market information, effectively conducting the world’s first cyberattack.
1870 — Switchboard Hack
A teenager hired as a switchboard operator is able to disconnect and
redirect calls and use the line for personal usage.
1878 — Early Telephone Calls
Two years after Alexander Graham Bell invents the telephone, the Bell
Telephone Company kicks a group of teenage boys off the telephone
system in New York for repeatedly and intentionally misdirecting and
disconnecting customer calls.
1903 — Wireless Telegraphy
During John Ambrose Fleming’s first public demonstration of Marconi’s
“secure” wireless telegraphy technology, Nevil Maskelyne disrupts it by
sending insulting Morse code messages discrediting the invention.
1939 — Military Codebreaking
Alan Turing and Gordon Welchman develop BOMBE, an electro-
mechanical machine, during WWII while working as codebreakers at
Bletchley Park. It helps to break the German Enigma codes.
1940 — First Ethical Hacker
Rene Carmille, a member of the Resistance in Nazi-occupied France and a
punch-card computer expert who owns the machines that the Vichy
government of France uses to process information, finds out that the Nazis
are using punch-card machines to process and track down Jews,
volunteers to let them use his, and then hacks them to thwart their plan.
1955 — Phone Hacker
David Condon whistles his “Davy Crockett Cat” and “Canary Bird Call Flute”
into his phone, testing a theory on how phone systems work. The system
recognizes the secret code, assumes he is an employee, and connects him
to a long-distance operator. She connects him to any phone number he
requests for free.
1957 — Joybubbles
Joe Engressia (Joybubbles), a blind, 7-year-old boy with perfect pitch,
hears a high-pitched tone on a phone line and begins whistling along to it at
a frequency of 2600Hz, enabling him to communicate with phone lines and
become the U.S.’s first phone hacker or “phone phreak.”
1962 — Allan Scherr
MIT sets up the first computer passwords, for student privacy and time
limits. Student Allan Scherr makes a punch card to trick the computer into
printing off all passwords and uses them to log in as other people after his
time runs out. He also shares passwords with his friends, leading to the first
computer “troll.” They hack into their teacher’s account and leave messages
making fun of him.
1969 — RABBITS Virus
An anonymous person installs a program on a computer at the University of
Washington Computer Center. The inconspicuous program makes copies of
itself (breeding like a rabbit) until the computer overloads and stops
working. It is thought to be the first computer virus.
1970-1995 — Kevin Mitnick
Beginning in 1970, Kevin Mitnick penetrates some of the most highly-
guarded networks in the world, including Nokia and Motorola, using
elaborate social engineering schemes, tricking insiders into handing over
codes and passwords, and using the codes to access internal computer
systems. He becomes the most-wanted cybercriminal of the time.
1971 — Steve Wozniak and Steve Jobs
When Steve Wozniak reads an article about Joybubbles and other phone
phreaks, he becomes acquainted with John “Captain Crunch” Draper and
learns how to hack into phone systems. He builds a blue box designed to
hack into phone systems, even pretending to be Henry Kissinger and
prank-calling the Pope. He starts mass-producing the device with friend
Steve Jobs and selling it to classmates.
1973 – Embezzlement
A teller at a local New York bank uses a computer to embezzle over $2
million dollars.
1981 – Cybercrime Conviction
Ian Murphy, aka “Captain Zap,” hacks into the AT&T network and changes
the internal clock to charge off-hour rates at peak times. The first person
convicted of a cybercrime, and the inspiration for the movie “Sneakers,” he
does 1,000 hours of community service and 2.5 years of probation.
1982 — The Logic Bomb
The CIA blows up a Siberian Gas pipeline without the use of a bomb or a
missile by inserting a code into the network and the computer system in
control of the gas pipeline. The code was embedded into equipment
purchased by the Soviet Union from a company in Canada.
1984 — US Secret Service
The U.S. Comprehensive Crime Control Act gives Secret Service
jurisdiction over computer fraud.
1988 — The Morris Worm
Robert Morris creates what would be known as the first worm on the
Internet. The worm is released from a computer at MIT to suggest that the
creator is a student there. The potentially harmless exercise quickly
became a vicious denial of service attack when a bug in the worm’s
spreading mechanism leads to computers being infected and reinfected at a
rate much faster than he anticipates.
1988-1991 — Kevin Poulsen
In 1988, an unpaid bill on a storage locker leads to the discovery of blank
birth certificates, false IDs, and a photo of hacker Kevin Poulsen, aka “Dark
Dante,” breaking into a telephone company trailer. The subject of a
nationwide manhunt, he continues hacking, including rigging the phone
lines of a Los Angeles radio station to guarantee he is the correct caller in a
giveaway contest. He is captured in 1991.
1989 — Trojan Horse Software
A diskette claiming to be a database of AIDS information is mailed to
thousands of AIDS researchers and subscribers to a UK computer
magazine. It contains a Trojan (after the Trojan Horse of Greek mythology),
or destructive program masquerading as a benign application.
1994 — Datastream Cowboy and Kuji
Administrators at the Rome Air Development Center, a U.S. Air Force
research facility, discover a password “sniffer” has been installed onto their
network, compromising more than 100 user accounts. Investigators
determined that two hackers, known as Datastream Cowboy and Kuji, are
behind the attack.
1995 — Vladmir Levin
Russian software engineer Vladimir Levin hacks into Citibank’s New York IT
system from his apartment in Saint Petersburg and authorizes a series of
fraudulent transactions, eventually wiring an estimated $10 million to
accounts worldwide.
1998-2007 — Max Butler
Max Butler hacks U.S. government websites in 1998 and is sentenced to 18
months in prison in 2001. After being released in 2003, he uses WiFi to
commit attacks, program malware and steal credit card information. In
2007, he is arrested and eventually pleads guilty to wire fraud, stealing
millions of credit card numbers and around $86 million of fraudulent
purchases.
1999 — NASA and Defense Department Hack
Jonathan James, 15, manages to penetrate U.S. Department of Defense
division computers and install a backdoor on its servers, allowing him to
intercept thousands of internal emails from different government
organizations, including ones containing usernames and passwords for
various military computers. Using the info, he steals a piece of NASA
software. Systems are shut down for three weeks.
1999 — The Melissa Virus
A virus infects Microsoft Word documents, automatically disseminating itself
as an attachment via email. It mails out to the first 50 names listed in an
infected computer’s Outlook email address box. The creator, David Smith,
says he didn’t intend for the virus, which caused $80 million in damages, to
harm computers. He is arrested and sentenced to 20 months in prison.
2000 — Lou Cipher
Barry Schlossberg, aka Lou Cipher, successfully extorts $1.4 million from
CD Universe for services rendered in attempting to catch the Russian
hacker.
2000 — Mafiaboy
15-year-old Michael Calce, aka MafiaBoy, a Canadian high school student,
unleashes a DDoS attack on several high-profile commercial websites
including Amazon, CNN, eBay and Yahoo! An industry expert estimates the
attacks resulted in $1.2 billion dollars in damages.
2002 – Internet Attack
By targeting the thirteen Domain Name System (DNS) root servers, a DDoS
attack assaults the entire Internet for an hour. Most users are unaffected
2003 — Operation CyberSweep
The U.S. Justice Department announces more than 70 indictments and 125
convictions or arrests for phishing, hacking, spamming and other Internet
fraud as part of Operation CyberSweep.
2003-2008 — Albert Gonzalez
Albert Gonzales is arrested in 2003 for being part of ShadowCrew, a group
that stole and then sold card numbers online, and works with authorities in
exchange for his freedom. Gonzales is later involved in a string of hacking
crimes, again stealing credit and debit card details, from around 2006 until
he is arresting in 2008. He stole millions of dollars, targeted companies
including TJX, Heartland Payment Systems and Citibank.
2004 — Lowe’s
Brian Salcedo is sentenced to 9 years for hacking into Lowe’s home
improvement stores and attempting to steal customer credit card
information.
2004 — ChoicePoint
A 41-year-old Nigerian citizen compromises customer data of ChoicePoint,
but the company only informs 35,000 people of the breach. Media scrutiny
eventually leads the consumer data broker, which has since been
purchased by LexisNexis, to reveal another 128,000 people had information
compromised.
2005 — PhoneBusters
PhoneBusters reports 11K+ identity theft complaints in Canada, and total
losses of $8.5M, making this the fastest growing form of consumer fraud in
North America.
2005 — Polo Ralph Lauren/HSBC
HSBC Bank sends letters to more than 180,000 credit card customers,
warning that their card information may have been stolen during a security
breach at a U.S. retailer (Polo Ralph Lauren). A DSW data breach also
exposes transaction information from 1.4 million credit cards.
2006 — TJX
A cybercriminal gang steals 45 million credit and debit card numbers from
TJX, a Massachusetts-based retailing company, and uses a number of the
stolen cards to fund an electronic shopping spree at Wal-Mart. While initial
estimates of damages came up to around $25 million, later reports add up
the total cost of damages to over $250 million.
2008 — Heartland Payment Systems
134 million credit cards are exposed through SQL injection to install
spyware on Heartland’s data systems. A federal grand jury indicts Albert
Gonzalez and two Russian accomplices in 2009. Gonzalez, alleged to have
masterminded the international operation that stole the credit and debit
cards, is later sentenced to 20 years in federal prison.
2008 – The Church of Scientology
A hacker group known as Anonymous targets the Church of Scientology
website. The DDoS attack is part of a political activist movement against the
church called “Project Chanology.” In one week, the Scientology website is
hit with 500 DDoS attacks.
2010 — The Stuxnet Worm
A malicious computer virus called the world’s first digital weapon is able to
target control systems used to monitor industrial facilities. It is discovered in
nuclear power plants in Iran, where it knocks out approximately one-fifth of
the enrichment centrifuges used in the country’s nuclear program.
2010 — Zeus Trojan Virus
An Eastern European cybercrime ring steals $70 million from U.S. banks
using the Zeus Trojan virus to crack open bank accounts and divert money
to Eastern Europe. Dozens of individuals are charged.
2011 — Sony Pictures
A hack of Sony’s data storage exposes the records of over 100 million
customers using their PlayStation’s online services. Hackers gain access to
all the credit card information of users. The breach costs Sony more than
$171 million.
2011 — Epsilon
A cyberattack on Epsilon, which provides email-handling and marketing
services to clients including Best Buy and JPMorgan Chase, results in the
compromise of millions of email addresses.
2011 — RSA SAFETY
Sophisticated hackers steal information about RSA’s SecurID authentication
tokens, used by millions of people, including government and bank
employees. This puts customers relying on them to secure their networks at
risk.
2011 — ESTsoft
Hackers expose the personal information of 35 million South
Koreans. Attackers with Chinese IP addresses accomplish this by
uploading malware to a server used to update ESTsoft’s ALZip compression
application and steal the names, user IDs, hashed passwords, birthdates,
genders, telephone numbers, and street and email addresses contained in
a database connected to the same network.
2014 — eBay
A cyberattack exposes names, addresses, dates of birth, and encrypted
passwords of all of eBay’s 145 million users.
2015 — LockerPin
LockerPin resets the pin code on Android phones and demands $500 from
victims to unlock the device.
2015 — Prepaid Debit Cards
A worldwide gang of criminals steals a total of $45 million in a matter of
hours by hacking a database of prepaid debit cards and then draining cash
machines around the globe.
2017 — Chipotle
An Eastern European criminal gang that is targeting restaurants uses
phishing to steal credit card information of millions of Chipotle customers
2017 — WannaCry
WannaCry, the first known example of ransomware operating via a worm
(viral software that replicates and distributes itself), targets a vulnerability in
older versions of Windows OS. Within days, tens of thousands of
businesses and organizations across 150 countries are locked out of their
own systems by WannaCry’s encryption. The attackers demand $300 per
computer to unlock the code.
Arithmetic and Logic Unit. This part of the CPU performs arithmetic operations.
It does basic mathematical calculations like addition, subtraction, division,
multiplication, etc
Output Unit. The third and final component of a computer system is the output
unit. After processing of data, it is converted into a format which humans can
understand. After conversion, the output units displays this data to users.
Computer hardware
It encompasses everything with a circuit board that operates within a PC or
laptop; including the motherboard, graphics card, CPU (Central Processing Unit),
ventilation fans, webcam, power supply, and so on.
Motherboard
The motherboard is at the center of what makes a PC work. It houses the
CPU and is a hub that all other hardware runs through.
The CPU
responsible for processing all information from programs run by your
computer.
Random Access Memory, or RAM
The role of RAM is to temporarily store on-the-fly information created by
programs and to do so in a way that makes this data immediately
accessible.
Hard Drive
a storage device responsible for storing permanent and temporary data.
This data comes in many different forms, but is essentially anything saved
or installed to a computer
Graphics Processing Unit (GPU).
GPU does exactly what its name suggests and processes huge batches of
graphic data. You will find that your computer’s graphics card has at least
one GPU.
Power Supply Unit (PSU).
It is the point where power enters your system from an external power
source and is then allocated by the motherboard to individual component
hardware.
S/W, software
a collection of instructions that enable the user to interact with a computer,
its hardware, or perform tasks. Without software, most computers would be
useless.
Section 1. Title. – These Rules shall be referred to as the Implementing Rules and
Regulations of Republic Act No. 10175, or the “Cybercrime Prevention Act of 2012”.
The State shall adopt sufficient powers to effectively prevent and combat such
offenses by facilitating their detection, investigation and prosecution at both the
domestic and international levels, and by providing arrangements for fast and
reliable international cooperation.
RULE 2
Punishable Acts and Penalties Cybercrimes
Section 4. Cybercrime Offenses. – The following acts constitute the offense of core
cybercrime punishable under the Act:
A. Offenses against the confidentiality, integrity and availability of computer
data and systems shall be punished with imprisonment of prision mayor or a fine of
at least Two Hundred Thousand Pesos (P200,000.00) up to a maximum amount
commensurate to the damage incurred, or both, except with respect to number 5
herein:
Illegal Access – The access to the whole or any part of a computer system without
right.
Illegal Interception – The interception made by technical means and without right,
of any non-public transmission of computer data to, from, or within a computer
system, including electromagnetic emissions from a computer system carrying such
computer data: Provided, however, That it shall not be unlawful for an officer,
employee, or agent of a service provider, whose facilities are used in the
transmission of communications, to intercept, disclose or use that communication in
the normal course of employment, while engaged in any activity that is necessary to
the rendition of service or to the protection of the rights or property of the service
provider, except that the latter shall not utilize service observing or random
monitoring other than for purposes of mechanical or service control quality checks.
Data Interference – The intentional or reckless alteration, damaging, deletion or
deterioration of computer data, electronic document or electronic data message,
without right, including the introduction or transmission of viruses.
System Interference – The intentional alteration, or reckless hindering or
interference with the functioning of a computer or computer network by inputting,
transmitting, damaging, deleting, deteriorating, altering or suppressing computer
data or program, electronic document or electronic data message, without right or
authority, including the introduction or transmission of viruses.
Misuse of Devices, which shall be punished with imprisonment of prision mayor, or
a fine of not more than Five Hundred Thousand Pesos (P500,000.00), or both, is
committed through any of the following acts:
a. The use, production, sale, procurement, importation, distribution or otherwise
making available, intentionally and without right, of any of the following:
i. A device, including a computer program, designed or adapted primarily for the
purpose of committing any of the offenses under this rules; or
ii. A computer password, access code, or similar data by which the whole or any part
of a computer system is capable of being accessed with the intent that it be used for
the purpose of committing any of the offenses under this rules.
b. The possession of an item referred to in subparagraphs 5(a)(i) or (ii) above, with
the intent to use said devices for the purpose of committing any of the offenses
under this section.
Provided, That no criminal liability shall attach when the use, production, sale,
procurement, importation, distribution, otherwise making available, or possession of
computer devices or data referred to in this section is for the authorized testing of a
computer system.
If any of the punishable acts enumerated in Section 4(A) is committed against critical
infrastructure, the penalty of reclusion temporal, or a fine of at least Five Hundred
Thousand Pesos (P500,000.00) up to maximum amount commensurate to the
damage incurred, or both shall be imposed.
Content-related Offenses:
1. Any person found guilty of Child Pornography shall be punished in accordance
with the penalties set forth in Republic Act No. 9775 or the “Anti-Child Pornography
Act of 2009”: Provided, That the penalty to be imposed shall be one (1) degree
higher than that provided for in Republic Act No. 9775 if committed through a
computer system.
Section 5. Other Cybercrimes. – The following constitute other cybercrime
offenses punishable under the Act:
1. Cyber-squatting – The acquisition of a domain name over the internet, in bad
faith, in order to profit, mislead, destroy reputation, and deprive others from
registering the same, if such a domain name is:
- Similar, identical, or confusingly similar to an existing trademark registered with the
appropriate government agency at the time of the domain name registration;
- Identical or in any way similar with the name of a person other than the registrant,
in case of a personal name; and
-Acquired without right or with intellectual property interests in it.
Cyber-squatting shall be punished with imprisonment of prision mayor, or a fine of at
least Two Hundred Thousand Pesos (P200,000.00) up to a maximum amount
commensurate to the damage incurred, or both: Provided, That if it is committed
against critical infrastructure, the penalty of reclusion temporal, or a fine of at least
Five Hundred Thousand Pesos (P500,000.00) up to maximum amount
commensurate to the damage incurred, or both shall be imposed
3. Libel – The unlawful or prohibited acts of libel, as defined in Article 355 of the
Revised Penal Code, as amended, committed through a computer system or any
other similar means which may be devised in the future shall be punished
with prision correccional in its maximum period to prision mayor in its minimum
period or a fine ranging from Six Thousand Pesos (P6,000.00) up to the maximum
amount determined by Court, or both, in addition to the civil action which may be
brought by the offended party: Provided, That this provision applies only to the
original author of the post or online libel, and not to others who simply receive the
post and react to it.
Other offenses – The following acts shall also constitute an offense which shall be
punished with imprisonment of one (1) degree lower than that of the prescribed
penalty for the offense, or a fine of at least One Hundred Thousand Pesos
(P100,000.00) but not exceeding Five Hundred Thousand Pesos (P500,000.00), or
both:
Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully
abets, aids, or financially benefits in the commission of any of the offenses
enumerated in the Act shall be held liable, except with respect to Sections 4(c)(2) on
Child Pornography and 4(c)(4) on online Libel.
Attempt to Commit Cybercrime. – Any person who willfully attempts to commit any of
the offenses enumerated in the Act shall be held liable, except with respect to
Sections 4(c)(2) on Child Pornography and 4(c)(4) on online Libel.
Section 8. Liability under Other Laws. – A prosecution under the Act shall be
without prejudice to any liability for violation of any provision of the Revised Penal
Code, as amended, or special laws: Provided, That this provision shall not apply to
the prosecution of an offender under (1) both Section 4(c)(4) of R.A. 10175 and
Article 353 of the Revised Penal Code; and (2) both Section 4(c)(2) of R.A. 10175
and R.A. 9775 or the “Anti-Child Pornography Act of 2009”.
RULE 3
Enforcement and Implementation
Develop public, private sector, and law enforcement agency relations in addressing
cybercrimes;
Maintain necessary and relevant databases for statistical and/or monitoring
purposes;
Develop capacity within their organizations in order to perform such duties necessary
for the enforcement of the Act;
Support the formulation and enforcement of the national cybersecurity plan; and
Perform other functions as may be required by the Act.
The Rules of Court shall have suppletory application in implementing the Act.
Section 19. Non-compliance. – Failure to comply with the provisions of Chapter IV
of the Act, and Rules 7 and 8 of Chapter VII hereof, specifically the orders from law
enforcement authorities, shall be punished as a violation of Presidential Order No.
1829 (entitled “Penalizing Obstruction Of Apprehension And Prosecution Of Criminal
Offenders”) with imprisonment of prision correccional in its maximum period, or a
fine of One Hundred Thousand Pesos (P100,000.00), or both for each and every
noncompliance with an order issued by law enforcement authorities.
RULE 4
Jurisdiction
Section 21. Jurisdiction. – The Regional Trial Court shall have jurisdiction over any
violation of the provisions of the Act, including any violation committed by a Filipino
national regardless of the place of commission. Jurisdiction shall lie if any of the
elements was committed within the Philippines, or committed with the use of any
computer system that is wholly or partly situated in the country, or when by such
commission any damage is caused to a natural or juridical person who, at the time
the offense was committed, was in the Philippines.
Section 22. Venue. – Criminal action for violation of the Act may be filed with the
RTC of the province or city where the cybercrime or any of its elements is
committed, or where any part of the computer system used is situated, or where any
of the damage caused to a natural or juridical person took place: Provided, That the
court where the criminal action is first filed shall acquire jurisdiction to the exclusion
of other courts.
RULE 5
International Cooperation
Section 25. International Cooperation. – All relevant international instruments on
international cooperation on criminal matters, and arrangements agreed on the basis
of uniform or reciprocal legislation and domestic laws shall be given full force and
effect, to the widest extent possible for the purposes of investigations or proceedings
concerning crimes related to computer systems and data, or for the collection of
electronic evidence of crimes.
The DOJ shall cooperate and render assistance to other contracting parties, as well
as request assistance from foreign states, for purposes of detection, investigation
and prosecution of offenses referred to in the Act and in the collection of evidence in
electronic form in relation thereto. The principles contained in Presidential Decree
No. 1069 and other pertinent laws, as well as existing extradition and mutual legal
assistance treaties, shall apply. In this regard, the central authority shall:
a. Provide assistance to a requesting State in the real-time collection of traffic data
associated with specified communications in the country transmitted by means of a
computer system, with respect to criminal offenses defined in the Act for which real-
time collection of traffic data would be available, subject to the provisions of Section
13 hereof;
b. Provide assistance to a requesting State in the real-time collection, recording or
interception of content data of specified communications transmitted by means of a
computer system, subject to the provision of Section 13 hereof;
c. Allow another State to:
Access publicly available stored computer data located in the country or
elsewhere; or
Access or receive, through a computer system located in the country,
stored computer data located in another country, if the other State obtains
the lawful and voluntary consent of the person who has the lawful authority
to disclose the data to said other State through that computer system.
2. Upon receiving the request from another State, the DOJ and law enforcement
agencies shall take all appropriate measures to expeditiously preserve the specified
data, in accordance with the Act and other pertinent laws. For the purposes of
responding to a request for preservation, dual criminality shall not be required as a
condition;
3. A request for preservation may only be refused if:
i. The request concerns an offense that the Philippine Government
considers as a political offense or an offense connected with a political
offense; or
ii. The Philippine Government considers the execution of the request to be
prejudicial to its sovereignty, security, public order or other national interest.
4. Where the Philippine Government believes that preservation will not
ensure the future availability of the data, or will threaten the confidentiality
of, or otherwise prejudice the requesting State’s investigation, it shall
promptly so inform the requesting State. The requesting State will
determine whether its request should be executed; and
2. The requesting State must maintain the confidentiality of the fact or the subject of
request for assistance and cooperation. It may only use the requested information
subject to the conditions specified in the grant.
f. Make a request to any foreign state for assistance for purposes of
detection, investigation and prosecution of offenses referred to in the Act;
g. The criminal offenses described under Chapter II of the Act shall be
deemed to be included as extraditable offenses in any extradition treaty
where the Philippines is a party: Provided, That the offense is punishable
under the laws of both Parties concerned by deprivation of liberty for a
minimum period of at least one year or by a more severe penalty.
The Secretary of Justice shall designate appropriate State Counsels to
handle all matters of international cooperation as provided in this Rule.
RULE 6
Competent Authorities
Section 26. Cybercrime Investigation and Coordinating Center;
Composition. – The inter-agency body known as the Cybercrime Investigation and
Coordinating Center (CICC), under the administrative supervision of the Office of the
President, established for policy coordination among concerned agencies and for the
formulation and enforcement of the national cyber security plan, is headed by the
Executive Director of the Information and Communications Technology Office under
the Department of Science and Technology (ICTO-DOST) as Chairperson; the
Director of the NBI as Vice-Chairperson; and the Chief of the PNP, the Head of the
DOJ Office of Cybercrime, and one (1) representative each from the private sector,
non-governmental organizations, and the academe as members.
The CICC members shall be constituted as an Executive Committee and
shall be supported by Secretariats, specifically for Cybercrime,
Administration, and Cybersecurity. The Secretariats shall be manned from
existing personnel or representatives of the participating agencies of the
CICC.
The CICC may enlist the assistance of any other agency of the government
including government-owned and -controlled corporations, and the
following:
Bureau of Immigration;
Philippine Drug Enforcement Agency;
Bureau of Customs;
National Prosecution Service;
Anti-Money Laundering Council;
Securities and Exchange Commission;
National Telecommunications Commission; and
Such other offices, agencies and/or units, as may be necessary.
The DOJ Office of Cybercrime shall serve as the Cybercrime Operations
Center of the CICC and shall submit periodic reports to the CICC.
Participation and representation in the Secretariat and/or Operations Center
does not require physical presence, but may be done through electronic
modes such as email, audio-visual conference calls, and the like.
Section 27. Powers and Functions. – The CICC shall have the following powers
and functions:
Formulate a national cybersecurity plan and extend immediate assistance
for the suppression of real-time commission of cybercrime offenses through
a computer emergency response team (CERT);
Coordinate the preparation of appropriate and effective measures to
prevent and suppress cybercrime activities as provided for in the Act;
Monitor cybercrime cases being handled by participating law enforcement
and prosecution agencies;
Facilitate international cooperation on intelligence, investigations, training
and capacity-building related to cybercrime prevention, suppression and
prosecution through the DOJ-Office of Cybercrime;
Coordinate the support and participation of the business sector, local
government units and NGOs in cybercrime prevention programs and other
related projects;
Recommend the enactment of appropriate laws, issuances, measures and
policies;
Call upon any government agency to render assistance in the
accomplishment of the CICC’s mandated tasks and functions;
Establish and perform community awareness program on cybercrime
prevention in coordination with law enforcement authorities and
stakeholders; and
Perform all other matters related to cybercrime prevention and suppression,
including capacity-building and such other functions and duties as may be
necessary for the proper implementation of the Act.
Section 28. Department of Justice (DOJ); Functions and Duties. – The DOJ-
Office of Cybercrime (OOC), designated as the central authority in all matters related
to international mutual assistance and extradition, and the Cybercrime Operations
Center of the CICC, shall have the following functions and duties:
Act as a competent authority for all requests for assistance for investigation
or proceedings concerning cybercrimes, facilitate the provisions of legal or
technical advice, preservation and production of data, collection of
evidence, giving legal information and location of suspects;
Act on complaints/referrals, and cause the investigation and prosecution of
cybercrimes and other violations of the Act;
Issue preservation orders addressed to service providers;
Administer oaths, issue subpoena and summon witnesses to appear in an
investigation or proceedings for cybercrime;
Require the submission of timely and regular reports including pre-
operation, post-operation and investigation results, and such other
documents from the PNP and NBI for monitoring and review;
Monitor the compliance of the service providers with the provisions of
Chapter IV of the Act, and Rules 7 and 8 hereof;
Facilitate international cooperation with other law enforcement agencies on
intelligence, investigations, training and capacity-building related to
cybercrime prevention, suppression and prosecution;
Issue and promulgate guidelines, advisories, and procedures in all matters
related to cybercrime investigation, forensic evidence recovery, and forensic
data analysis consistent with industry standard practices;
Prescribe forms and templates, including, but not limited to, those for
preservation orders, chain of custody, consent to search, consent to
assume account/online identity, and request for computer forensic
examination;
Undertake the specific roles and responsibilities of the DOJ related to
cybercrime under the Implementing Rules and Regulation of Republic Act
No. 9775 or the “Anti-Child Pornography Act of 2009”; and
Perform such other acts necessary for the implementation of the Act.
RULE 7
Duties of Service Providers
Section 30. Duties of a Service Provider. – The following are the duties
of a service provider:
Preserve the integrity of traffic data and subscriber information for a
minimum period of six (6) months from the date of the transaction;
Preserve the integrity of content data for six (6) months from the date of
receipt of the order from law enforcement or competent authorities requiring
its preservation;
Preserve the integrity of computer data for an extended period of six (6)
months from the date of receipt of the order from law enforcement or
competent authorities requiring extension on its preservation;
Preserve the integrity of computer data until the final termination of the case
and/or as ordered by the Court, as the case may be, upon receipt of a copy
of the transmittal document to the Office of the Prosecutor;
Ensure the confidentiality of the preservation orders and its compliance;
DIGITAL EVIDENCE
Digital or electronic evidence is any probative information stored or
transmitted in digital form that a party to court case may use at trial.
Section 79A of IT (Amendment Act, 2008 defines electronic form of evidence
as any information of probative value that is either stored or transmitted in
electronic form and includes computer evidence, digital audio, digital video,
cell phones, digital fax machines.
The main characteristic of digital evidence are it is latent as fingerprint and
DNA, can transcend national borders with ease and speed, highly fragile
and can be easily altered, damaged or destroyed and also time sensitive.
For this reason special precautions should be taken to document, collect,
preserve and examine this type of evidence.
When dealing with digital evidence the principles that should be applied are
actions taken to secure and collect digital evidence should not change that
evidence.
Persons conducting the examination of digital evidence should be trained for
this purpose and activity relating tom the seizure, examination, storage or
transfer of digital evidence should be fully documented, preserved and
available for review.
Digital evidence relating to all types of crimes can be located in many
devices including GPS, laptops, PC’s and servers.
Types of crimes where digital evidences may have been located: Cyber
Threats, Online Credit Card Fraud, Cyber- Identity Theft, Cyber-Harrasment,
Cyber stalking, Computer Forgery and many.
DIGITAL
Digital Investigative Analysts no longer limit their analysis to standard computer
systems. Analyst examine everything including:
Desktop computers
Laptops
Mobile devices
GPS navigation Devices
Vehicle computer systems
Internet of Things devices
INVESTIGATIVE
While technology progresses at lightning speed, the legal system and those
who uphold our laws are just beginning to appreciate the need for analysts to
conduct deeper “investigative” analysis on digital devices to obtain a better
understanding of issues being investigated.
Each year we are generating or replicating eight zettabytes of information.
That is equivalent to a stack of paper 1.6 trillion miles high. To manage the high
volume of data that needs to be analyzed, some organizations have employed
a raw data extraction process to digital evidence.
ANALYSIS
an analyst must “analyze” the response to each question and determine its
relevance to other digital artifacts, as well as how it relates to information
available from the non-digital investigation.
1. Autrhorization and Preparation
2. Identification
3. Documentation, Collection (Seizure), and Preservation
4. Examination and Analysis
5. Reconstruction
6. Reporting results
IDENTIFICATION
digital investigators have to recognize the hardware (e.g. computers, floppy disks,
network cables) that contains digital information.
digital investigators must be able to distinguish between irrelevant information
and the digital data that can establish that a crime has been committed or can
provide a link between a crime and its victim or a crime and its perpetrator.
1. Identifying hardware
There are many computerized products that can hold digital evidence such as:
telephones
hand held devices
laptops
desktops
larger servers
mainframes
routers
firewalls
other network devices.
DOCUMENTATION
Documentation is essential at all stages of handling and processing digital
evidence.
if digital evidence is copied onto a floppy diskette, the label should include the
current date and time, the initials of the person who made the copy, how the
copy was made, and the information believed to be contained on the diskette.
1. Filtering/ Reduction
Eliminating valid system files and other known entities that have no relevance
to the investigation.
Focusing an investigation on the most probable user-created data.
Managing redundant files, which is particularly useful when dealing with
backup tapes.
Identifying discrepancies between digital evidence examination tools, such as
missed files and MD5 calculation errors.
What’s Not????
If digital media is completely physically destroyed then recovery is impossible
If digital media is securely overwritten recovery is very complicated and practically
impossible
Sources of Evidence:
Computers:
Email
Digital images
Documents
Spreadsheets
Chat logs
Illegally copied software or other copyrighted material
Wireless telephones
Number called - Email Addresses
Incoming calls - Call forwarding numbers
Voice mail access numbers
Deletion “Fallacies”
I deleted the file, its gone
Deleted files are recoverable using digital forensic tools.
I changed the name of the file, now no one will find it
Digital forensic tools immediately identify files based on content names don’t
matter at all
I formatted the drive
This destroys almost nothing
I cut the floppy into little pieces- media mutilation
At this point its question of how important it is to recover the data, because it is
harder to recover the data
I only used web-based email
Some email fragments are still present locally
The computer forensic analysis will examine and extract the data that can be
viewed by the operating system, as well as data that is invisible to the operating
system including deleted data that has not been overwritten.
In practice, there are exceptions to blur this classification because the grouping
by the provider is dictated by staff skill sets, contractual requirements, lab space,
etc. For example:
1. Tablets or smartphones without SIM cards could be considered computers.
2. Memory cards (and other removable storage media) are often found in
smartphones and tablets, so they could be considered under mobile forensics or
computer forensics.
3. Tablets with keyboards could be considered laptops and fit under computer or
mobile forensics.
4. The science of digital forensics has a seemingly limitless future and as technology
advances, the field will continue to expand as new types of digital data are created
by new devices logging people’s activity. Although digital forensics began outside the
mainstream of forensic science, it is now fully absorbed and recognized as a branch
of forensic science.