Introduction To Cybercrime

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

INTRODUCTION TO CYBERCRIME

What is Cybercrime?
 is criminal activity that either targets or uses a computer, a computer network or a networked
device.
What are the types of cybercrime?
 There are various types and kinds of cybercrimes. The 2001 Budapest Convention on Cybercrime
categorizes cybercrime offenses into four: (1) offences against the confidentiality, integrity and
availability of computer data and systems; (2) computer-related offences; (3) content-related
offences; and (4) offences related to infringements of copyright and related rights.
What and when was the first recorded cybercrime in the Philippines?
 In 2000, Onel de Guzman released the “I Love You” virus. The case filed against De Guzman was
dismissed at the first stage because there was no law punishing the deed as of that time in May
2000, in the Philippines.
When was a law penalizing computer crimes or cybercrimes passed?
 On 14 June 2000, RA 8792 or the Electronic Commerce Act was signed into law. RA 8792
positioned the Philippines as the third country to enact an e-commerce law, next to Singapore
and Malaysia. The E-Commerce Act placed the Philippines on the list countries which penalize
cybercrime.
Cybercrime Offenses
Republic Act 10175- Cybercrime Prevention Act of 2012
Categories
A. Offenses against the confidentiality, integrity, and availability of computer data and systems.
B. Computer-related offenses
C. Content-related offenses
D. Other Cybercrime offenses

A. Offenses against the confidentiality, integrity, and availability of computer data and systems.

(1) Illegal Access. – The access to the whole or any part of a computer system without right.

(2) Illegal Interception. – The interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including electromagnetic
emissions from a computer system carrying such computer data.

(3) Data Interference. — The intentional or reckless alteration, damaging, deletion or


deterioration of computer data, electronic document, or electronic data message, without right,
including the introduction or transmission of viruses.

(4) System Interference. — The intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program, electronic document, or electronic
data message, without right or authority, including the introduction or transmission of viruses.

1|Page Compiled by: Sean Solver


(5) Misuse of Devices.
(i) The use, production, sale, procurement, importation, distribution, or otherwise making available,
without right, of:
(aa) A device, including a computer program, designed or adapted primarily for the purpose of
committing any of the offenses under this Act; or
(bb) A computer password, access code, or similar data by which the whole or any part of a computer
system is capable of being accessed with intent that it be used for the purpose of committing any of the
offenses under this Act.
(ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent to use said
devices for the purpose of committing any of the offenses under this section.

(6) Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit, mislead,
destroy reputation, and deprive others from registering the same, if such a domain name is:
(i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate
government agency at the time of the domain name registration:
(ii) Identical or in any way similar with the name of a person other than the registrant, in case of a
personal name; and
(iii) Acquired without right or with intellectual property interests in it.

B. Computer-related offenses

(1) Computer-related Forgery. —


(i) The input, alteration, or deletion of any computer data without right resulting in inauthentic data
with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless
whether or not the data is directly readable and intelligible; or
(ii) The act of knowingly using computer data which is the product of computer-related forgery as
defined herein, for the purpose of perpetuating a fraudulent or dishonest design.

(2) Computer-related Fraud. — The unauthorized input, alteration, or deletion of computer data or
program or interference in the functioning of a computer system, causing damage thereby with
fraudulent intent: Provided, that if no damage has yet been caused, the penalty imposable shall be one
(1) degree lower.

(3) Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer, possession,
alteration or deletion of identifying information belonging to another, whether natural or juridical,
without right: Provided, that if no damage has yet been caused, the penalty imposable shall be one (1)
degree lower.
C. Content-related offenses
(1) Cybersex. — The willful engagement, maintenance, control, or operation, directly or indirectly, of
any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor
or consideration.

2|Page Compiled by: Sean Solver


(2) Child Pornography. — The unlawful or prohibited acts defined and punishable by Republic Act No.
9775 or the Anti-Child Pornography Act of 2009, committed through a computer system: Provided, That
the penalty to be imposed shall be (1) one degree higher than that provided for in Republic Act No.
9775.

(3) Unsolicited Commercial Communications. — The transmission of commercial electronic


communication with the use of computer system which seek to advertise, sell, or offer for sale products
and services are prohibited unless:
(i) There is prior affirmative consent from the recipient; or
(ii) The primary intent of the communication is for service and/or administrative announcements from
the sender to its existing users, subscribers or customers; or
(iii) The following conditions are present:
(aa) The commercial electronic communication contains a simple, valid, and reliable way for the
recipient to reject. receipt of further commercial electronic messages (opt-out) from the same source;
(bb) The commercial electronic communication does not purposely disguise the source of the electronic
message; and
(cc) The commercial electronic communication does not purposely include misleading information in any
part of the message in order to induce the recipients to read the message.

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code,
as amended, committed through a computer system or any other similar means which may be devised
in the future.
D. Other Cybercrime offenses

(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets or aids in the
commission of any of the offenses enumerated in this Act shall be held liable.

(b) Attempt in the Commission of Cybercrime. — Any person who willfully attempts to commit any of
the offenses enumerated in this Act shall be held liable.

THE INVESTIGATION, PROSECUTION AND ADJUDICATION OF CYBERCRIME

A. Initial Information Gathering


1. Cyber patrol
 The Cybercrime Division of the National Bureau of Investigation (NBI) and the Anti-Cybercrime
Group of the Philippine National Police (PNP) are the law enforcement agencies (LEA) responsible
for the investigation and prevention of cybercrime in the Philippines. They are also required, under
the law, to submit regular reports, including pre-operation, post-operation and investigation
results and other documents, which may be required by the Department of Justice – Office of
Cybercrime (DOJ-OOC) for review and monitoring.
2. Reporting System
 The Department of Justice of Justice – Office of Cybercrime (DOJ-OOC) is the central authority in
the monitoring of all matters relating to cybercrime. Its functions also include receiving regular
reports from the LEA.
3|Page Compiled by: Sean Solver
B. Tracing and Identifying Criminals, Preserving and Collecting Evidence

1. Tracing and Identifying by IP Address and other Measures


 The first step in prosecuting cybercrime cases is for the responsible LEA to identify who the
criminal is by determining his/her Internet Protocol Address (IP Address). The challenge online is
that there are innumerable measures to hide one’s identity, such as the use of services that will
mask a user’s IP Address by routing traffic through various servers.
 When the ISP is identified, a Preservation Order is then sent to the ISP requiring it to preserve the
integrity and content of the data in their custody for a minimum period of six (6) months from the
date of receipt of the said order. The law provides that the Service Provider shall keep confidential
the order and its compliance.

2. Real-Time Collection of Traffic Data and Interception of Content Data


 It is recommended that the LEA conduct a thorough investigation before executing a search
warrant of the scene of computer-related crime to avoid delays since they will know in advance
what to expect at the crime scene and will be able to determine whether there is a need for
experts for purposes of collecting data.
 The LEA may conduct either technical surveillance or physical surveillance in their investigation.
Technical surveillance, if applicable, is done by visiting the website concerned with the intention of
downloading resource materials therefrom and establishing communication with the subject
through email.
 On the other hand, physical surveillance entails verifying the existence of the addresses provided
by the ISP by going to the indicated address and comparing the results to the information received.

3. Fair and Timely Search, Seizure and Preservation of Digital Evidence


 Using the resource materials and valuable information obtained from the surveillance, the LEA will
then secure a search warrant from the court. Thereafter, pursuant to the said warrant, it shall
order the ISP to disclose or submit the subscriber’s information, traffic data or relevant data in its
possession or control within seventy-two (72) hours.
 The execution of the warrant be documented either through writing, sketching, photographs
and/or video.
 Always secure and take control of the scene bearing in mind the team’s safety.
 As soon as the area has been secured, the forensic investigator may now run the incident response
(IR) tools and save volatile data.
 The LEA should not access computer files in the search area. If the computer is off, it should be left
off. If it is on, they should refrain from searching the computer. Instead, photograph the screen, if
something is displayed on the monitor, and consult with the on-site forensic investigator.
 When executing the search warrant, the LEA should keep individuals, especially the suspect, away
from computer equipment to avoid corruption of the data. However, if the computer appears to
be destroying the evidence, they should immediately shut it down by pulling the power cord
 The LEA should secure the seized evidence by properly bagging and tagging them and placing them
in non-magnetic containers to be examined by a certified forensic media analyst.

4|Page Compiled by: Sean Solver


 The LEA should properly transport electronic evidence obtained from the crime scene. The
computer evidence should not be exposed to heat and radio transmission. Radio transmitters can
damage the hard drive and destroy the evidence.
 The evidence should be stored in an area inaccessible to unauthorized persons. Cool and dry
storage facilities away from generators and magnets are ideal.

4. Technical Analysis of Digital Data


 Evidence should be evaluated with the assistance of experts on digital forensics. This is because
computer evidence requires knowledge in a wide array of programming systems, such as d-base III,
Lotus 1-2-3 and other word processing languages, which are not known even to the best trained
investigators.
 Since digital evidence can be easily altered, its analysis should be done by experts to preserve its
integrity and authenticity.
 Digital forensics determines the cause of the cybercrime, the manner in which it was committed,
leads on the cybercriminal and existence of contraband by analyzing not only digital data but also
its relation to the pieces of documentary evidence recovered from the area of search.

C. Prosecution

1. Appropriate Evaluation of Digital Evidence


 A simple misstep in the collection of digital evidence can affect the integrity of the data content.
Improper handling and storage of digital evidence can easily corrupt it, and evidence haphazardly
gathered by untrained investigators may be excluded by the court for incompetence.
 Apropos, digital evidence should be properly evaluated before it is presented in court.
 To avert issues on the integrity and authenticity of digital evidence, it is recommended that LEA
apply for search warrants when seizing digital evidence. This will ensure that the evidence is
properly documented, gathered, identified, examined and preserved.
 In drafting the affidavit application of the warrant, the LEA will indicate therein the facts established
through an Internet Protocol (IP) Address, subscriber account, or mobile phone number, call logs for
a specific period or duration, describe with particularity the data or information to be disclosed and
the specific violation of the law.
 As regards the evaluation of digital documents, such as computer print-outs and e-mails, the law
provides that they are considered admissible provided they comply with rules of admissibility under
the Rules and that they are properly authenticated.
 It is also necessary that the chain of custody of digital evidence is observed when evaluating the said
evidence. It is always the burden of the prosecution to convince the court that the digital evidence
being offered has not been modified or replicated.

5|Page Compiled by: Sean Solver


RULE ON CYBERCRIME WARRANTS

Cyber Warrants
1. Warrant to Disclose Computer Data (WDCD)
 An order to disclose and accordingly, require any person or service provider to disclose or submit
subscriber’s information, traffic data, or relevant data in his/her controversial or is possession or
control

2. Warrant to Intercept Computer Data (WICD)


 An order authorizing law enforcement authorities to carry out any or all of the following activities:
(a) listening to, (b) recording, (c) monitoring, or (d) surveillance of the content of communications,
including procuring of the content of computer data, either directly, through access and use of a
computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at
the same time that the communication is occurring.

3. Warrant to Search, Seize and Examine Computer Data (WSSECD)


 An order authorizing law enforcement authorities to search a particular place for items to be seized
and/or examined.

4. Warrant to Examine Computer Data (WECD)


 Upon acquiring possession of a computer divide or computer system via a lawful warrantless arrest,
or by any other lawful method, law enforcement authorities shall first apply for a WECD before
searching the said computer device or computer system for the purpose of obtaining forensic
examination the computer data contained therein.

Validity of Cybercrime Warrants


 Effective Period of Warrants for the length of time as determined by the court, which shall not
exceed 10 days from its issuance. Extendible, based on justifiable, for not more than 10 days from
the expiration of the original period.

Preservation Order
An order requiring a service provider to keep, retain and preserve:
 The integrity of traffic data and subscriber’s information for a minimum period of 6 months from the
date of transaction
 Content data for 6 months from the date of receipt of the order

Destruction Order or Return Order


 An order requiring the complete or partial destruction, or the return to its lawful owner or
possessor, of the computer data or any related items turned over to the court’s custody.

Where to file an application for a warrant?


 Before any of the designated cybercrime courts of the province or the city where the offense or any
of its elements has been committed, is being committed, or is about to be committed, or where any
part of the computer system used is situated, or where any of the damage caused to a natural or
juridical person took place.
6|Page Compiled by: Sean Solver
 Cybercrime courts in Quezon City, the City of Manila, Makati City, Pasig City, Cebu City, Iloilo City,
Davao City and Cagayan de Oro City shall have the special authority to act on applications and issue
warrants which shall be enforceable nationwide and outside the Philippines.

Preservation of Computer Data


 Section 3.1. Preservation of Computer Data. - Pursuant to Section 13, Chapter IV of RA 10175, the
integrity of traffic data and subscriber's information shall be kept, retained, and preserved by a
service provider for a minimum period of six (6) months from the date of the transaction. On the
other hand, content data shall be preserved for six (6) months from the date of receipt of the order
from law enforcement authorities requiring its preservation.
 Law enforcement authorities may order a one-time extension for another six (6) months: Provided,
that once computer data that is preserved, transmitted or stored by a service provider is used as
evidence in a case, the receipt by the service provider of a copy of the transmittal document to the
Office of the Prosecutor shall be deemed a notification to preserve the computer data until the final
termination of the case and/or as ordered by the court, as the case maybe. The service provider
ordered to preserve computer data shall keep the order and its compliance therewith confidential.

Admissibility of Electronic/Digital Evidence Obtained


 Section 18. Exclusionary Rule. – Any evidence obtained without a valid warrant or beyond the
authority of the same shall be inadmissible for any proceeding before any court or tribunal.
 Digital evidence refers to digital information that may be used as evidence in a case. The gathering
of the digital information may be carried out by confiscation of the storage media (data carrier), the
tapping or monitoring of network traffic, or the making of digital copies (e.g., forensic images, file
copies, etc.), of the data held;
 Electronic evidence refers to evidence, the use of which is sanctioned by existing rules of evidence,
in ascertaining in a judicial proceeding, the truth respecting a matter of fact, which evidence is
received, recorded, transmitted, stored, processed, retrieved or produced electronically;

REPORTING OF CYBERCRIME CASES

I. Who may file a complaint for Cybercrime cases?


A. Private Individuals
1. Minors
2. Of legal age
B. Juridical Entities
1. Private Institutions (any person duly authorized by the board thru resolution)
2. Government
a. Government agencies and instrumentalities
b. Government owned corporation (GOCC)
c. Public corporations
3. Quasi-public
C. Enforcement Authorities initiated/intelligence reports

7|Page Compiled by: Sean Solver


1. Philippine National Police (PNP) 3. Office of the Cybercrime (OOC)
2. National Bureau of Investigation (NBI)
II. Cybercrime Incidents/Offenses
A. Offenses against the confidentiality, integrity, and availability of computer data and systems.
1. Illegal Access 3. Data Interference 5. Misuse of Devices
2. Illegal Interception 4. System Interference 6. Cybersquatting
B. Computer-related offenses
1. Computer-Related 2. Computer-Related 3. Computer-Related
Forgery Fraud Identity Theft
C. Content-related offenses
1. Cybersex 2. Child Pornography 3. Libel
D. Other Cybercrime offenses
1. Aiding or Abetting in the Commission 2. Attempt in the Commission of
of Cybercrime. Cybercrime

III. Documentary Requirements


A. Complaint Affidavit/Sworn Statement
NOTE: For complainant outside the Philippines, affidavit duly subscribed and sworn before a
Philippine Consular Officer, unless for public offenses. If complainant is minor, he/she shall be
assisted by parents or guardian, and registered social worker.
B. Attachments/evidence to support their claims (screenshots, receipts, etc.)

DEFINITION OF TERMS
 Access refers to the instruction, communication with, storing data in, retrieving data from, or
otherwise making use of any resources of a computer system or communication network.
 Alteration refers to the modification or change, in form or substance, of an existing computer
data or program.
 Communication refers to the transmission of information through ICT media, including voice,
video and other forms of data.
 Computer refers to an electronic, magnetic, optical, electrochemical, or other data processing or
communications device, or grouping of such devices, capable of performing logical, arithmetic,
routing, or storage functions and which includes any storage facility or equipment or
communications facility or equipment directly related to or operating in conjunction with such
device. It covers any type of computer device including devices with data processing capabilities
like mobile phones, smart phones, computer networks and other devices connected to the
internet.
 Computer data refers to any representation of facts, information, or concepts in a form suitable
for processing in a computer system including a program suitable to cause a computer system to
perform a function and includes electronic documents and/or electronic data messages whether
stored in local computer systems or online.
 Computer program refers to a set of instructions executed by the computer to achieve intended
results.
 Computer system refers to any device or group of interconnected or related devices, one or
more of which, pursuant to a program, performs automated processing of data. It covers any

8|Page Compiled by: Sean Solver


type of device with data processing capabilities including, but not limited to, computers and
mobile phones. The device consisting of hardware and software may include input, output and
storage components which may stand alone or be connected in a network or other similar
devices. It also includes computer data storage devices or media.
 Critical infrastructure refers to the computer systems, and/or networks, whether physical or
virtual, and/or the computer programs, computer data and/or traffic data so vital to this country
that the incapacity or destruction of or interference with such system and assets would have a
debilitating impact on security, national or economic security, national public health and safety,
or any combination of those matters.
 Cybersecurity refers to the collection of tools, policies, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to protect the cyber
environment and organization and user’s assets.
 Database refers to a representation of information, knowledge, facts, concepts, or instructions
which are being prepared, processed or stored or have been prepared, processed or stored in a
formalized manner and which are intended for use in a computer system.
 Interception refers to listening to, recording, monitoring or surveillance of the content of
communications, including procuring of the content of data, either directly, through access and
use of a computer system or indirectly, through the use of electronic eavesdropping or tapping
devices, at the same time that the communication is occurring.
 Traffic data or non-content data refers to any computer data other than the content of the
communication including, but not limited to, the communication’s origin, destination, route,
time, date, size, duration, or type of underlying service.

SOURCE/S:
 REPUBLIC ACT NO. 10175
 Combating Cybercrime in the Philippines by Karla T. Cabel
 Primer on Cybercrime
 Rule on Cybercrime Warrants (A.M. No.17-11-03-S)

9|Page Compiled by: Sean Solver

You might also like