INTRODUCTION TO CYBERCRIME

CYBERCRIME

- A crime that involves a computer and a network

- Criminal activities carried out by means of computers or the internet.

CYBER- refers to a computer or a computer network, the electronic medium in which

online communication takes place.

Salient historical events

1834- first cyberattack in the world. A couple of robbers hack the French telegraph
system and steal information from the stock market.

1878- Early mobile calls – young boys repeatedly and purposely misdirecting and
disconnecting customer calls of bell Telephone Company two years after ALEXANDER
GRAHAM BELL invented the machine.

1969- RABBIT VIRUS- The university of Washington data center downloads a program on
a computer from an unknown user. The inconspicuous machine creates copies of it before
the machine overloads and ceases running (breeding like a rabbit). It is known to be the
first virus on a computer.

1970-1995 – Kevin Mitnick – He penetrates some of the highest-guarded networks in the

world, including Nokia and Motorola, tricking insiders into handing codes and passwords.

-He is also known as the No.1 hacker in the world.

- He hacked into 40 major corporations just for the challenge, Mitnick is now a trusted
security consultant to the Fortune 500 and governments worldwide.

(Who was the first hacker in history? John Draper, also known as Captain Crunch.)

1981 – First Cybercrime Conviction – Ian Murphy, aka “Captain Zap”, became the first
person ever to be convicted for committing a cybercrime after successfully hacking into
AT&T's internal systems and changing their computers' clocks, causing havoc

1982 – The Logic Bomb – The CIA (Central Intelligence Agency) blow up a Siberian gas
pipeline by injecting a code into the network and the operation system to monitor the gas
pipeline without using a bomb or a missile.
1988 – The Morris Worm – Robert Morris release on the Internet the first worm in the
history. It is also one of the oldest computer worms distributed via Internet.

1989 – Trojan Horse Program(virus) – Trojan Horse Program(virus) – Place on a

diskette(USB) that appears to be an AIDS (Aids Info Disk) information archive is mailed to a
UK electronic journal to thousands of AIDS researchers and subscribers infected.

1999 – The Melissa Virus – A virus infects Microsoft Word records, transmitting itself via
email as an attachment automatically. It mails out to the first 50 names mentioned in the
Outlook email address box of an infected device.

2000 – I love You Virus (Created by Onel De Guzman)

– sometimes referred to as Love Bug or Love Letter for you, is a computer worm that
infected over ten million Windows personal computers on and after May 5, 2000. It started
spreading as an email message with the subject line "ILOVEYOU" and the attachment
"LOVE-LETTER-FOR-YOU.TXT.vbs.“

R.A 8792 - The first 'cybercrime' law in the Philippines – “signed into law in June 14, 2000.
Online fraud and scammers are punished with a minimum fine of one hundred thousand
pesos (PHP 100,000) and mandatory imprisonment of six (6) months to three (3) years.

JJ Maria Giner – The first Filipino to be convicted of cybercrime, particularly hacking. He

was convicted in September 2005 by Manila MTC. Giner pleaded guilty to hacking the
government portal “gov.ph” and other government websites.

2010 – The Stuxnet Worm – The world's first software bomb is a destructive computer
virus that can attack control systems and used for controlling manufacturing facilities.

2016 – DNC Email Leaks – Emails from the Democratic National Committee were leaked
to and released by WikiLeaks. prior to the 2016 US presidential election.

Basic functions of a computer

1. input function- the process of entering any type of data and instructions into a computer
system. Uses the input devices such as a keyboard, mouse scanner, microphone, etc. in
order to receive signals to the computer.

2. Cental processing unit- it processes data of the computer. It takes data and instructions
from the input devices and performs all types of calculations based on the instructions
given. Called ‘ the brain of computer’ as it controls operation of all parts of computer.

3. data Storage- records and preserves digital information

Types of CPU storage

  Random Access Memory- is a computer’s short term memory, where the data that
the processor is currently using is stored. A volatile memory used to hold
instructions and data of currently running programs. General rule: the higher the
ram, the greater probability that the operation of a computer will speed up.
 Read only memory- a non- volatile memory type. This means it receives data and
permanently writes it on a chip, and it lasts even after you turn off your computer.
The data that remains on the ROM cannot be changed and remains forever. Ex.
BIOS/ REFORMAT
Other storage
 Hard disk drive- a re-writable permanent memory
 Solid state drive- a new generation of storage device used in computers. It stores
data using flashbased memory, which is much faster than the traditional hard
disks they’ve come to replace.
 Pen Drives- a plug-and-play portable storage device that uses flash memory that
is lightweight.

4. Output function- means the result generated by the computer once the processing of CPU
is completed, based on the instruction given by the user.

- the output is in the form of documents, videos, audio, graphs, images, etc. results
are displayed on your computer screen.

NOTES

 COMPUTERS USE A 2 BINARY NUMBERS- It means 1 and 0

 HASH VALUES- can be thought of as fingerprints for files- The contents of a file are
processed through a cryptographic algorithm, and a unique numerical value is
produced that identifies the contents of the file.
 the word “bit” is an abbreviation for binary digit

Other components of computer system

 computer case- this is part that holds all of the parts of a computer to make up the
computer,.
 Motherboard- the main printed circuit board within a computer, which means it’s
the primary piece of circuitry that all of the other pieces plug into to create a
cohesive whole.
 Graphics card- is an output device that processes the data from the motherboard
and sends the appropriate information to the computer’s screen for display.
  Power supply unit – converts the Alternating current (AC) mains supply from the
power cord from a wall socket and supplies the correct Direct current (DC) voltages
to all the components inside the computer.
 Monitor – is an output device used to visualize the graphics data sent from the
computer's graphic's card.
 Keyboard – a device that enables a user to input text into a computer or any other
electronic machinery.
 Mouse – small device that a computer user pushes across a desk surface in order to
point to a place on a display screen and to select one or more actions to take from
that position.

1 Byte 8 Bits

1 Kilobyte 1,024 bytes

1 Megabyte 1,024 Kilobytes
1 Gigabyte 1,024 Megabytes
1 Terabyte 1,024 Gigabytes
1 Petabyte 1,024 Terabytes
1 Exabyte 1,024 Petabytes
1 Zettabyte 1,024 Exabytes
1 Yottabyte 1,024 Zettabytes

Cyber Crime Offenses

Republic Act 10175 – “Cybercrime Prevention Act of 2012”

Categories

a. Offenses against the confidentiality, integrity and availability of the computer data
and systems.

b. Computer-related Offenses

c. Content-related Offenses
d. Other Cybercrime Offenses

a.) Offenses against the confidentiality, integrity and availability of computer

data and systems

(1) Illegal Access - The access to the whole or any part of a computer system
without right. Ex. Hacking

(2) Illegal Interception - The interception made by technical means without right
of any non-public transmission of computer data to, from, or within a computer
system including electromagnetic emissions from a computer system carrying such
computer data.

(3) Data Interference – The intentional or reckless alteration, damaging, deletion

or deterioration of computer data, electronic document, or electronic data message,
without right, including the introduction or transmission of viruses.
(4) System Interference – The intentional alteration or reckless hindering or
interference with the functioning of a computer or computer network by
inputting,transmitting, damaging, deleting, or suppressing computer data or
program, electronic document or electronic data message, without right or
authority, including the introduction or transmission of viruses.
Note: Computer data: Any representation of facts, information, or concepts in a form
suitable for processing in a computer system; this includes electronic and digital
information and programs.
5) Misuse of Devices – The use, production, sale, procurement, importation,
distribution, or otherwise making available, without right, a device, including a
computer program, designed or adapted primarily for the purpose of committing
any of the offenses under this Act; or computer password, access code, or similar
data to be used for the purpose of committing any of the offenses under this Act.
(6) Cyber-squatting – The acquisition of a domain name over the internet in bad
faith to profit, mislead, destroy reputation, and deprive others from registering the
same, if such a domain name is similar, identical, or confusingly similar to an
existing trademark registered with the appropriate government agency.

b.) Computer-related Offenses

1) Computer-related Forgery. – The input, alteration, or deletion of any computer

data without right resulting in inauthentic data with the intent that it be considered
or acted upon for legal purposes as if it were authentic, or the act of knowingly using
computer data which is the product of computer-related forgery as defined herein,
for the purpose of perpetuating a fraudulent or dishonest design
 (2) Computer-related Fraud. – The unauthorized input, alteration, or deletion of
computer data or program or interference in the functioning of a computer system,
causing damage thereby with fraudulent intent.
3) Computer-related Identity Theft. - The intentional acquisition, use, misuse,
transfer, possession, alteration or deletion of identifying information belonging to
another, whether natural or juridical, without right.

c. Content-related Offenses

(1) Cybersex. – The willful engagement, maintenance, control, or operation, directly or

indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the
aid of a computer system, for favor or consideration.
(2) Child Pornography. – The unlawful or prohibited acts defined and punishable
by Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed
through a computer system
(3) Unsolicited Commercial Communications – The transmission of commercial
electronic communication with the use of computer system which seek to advertise,
sell, or offer for sale products and services are prohibited unless. Also known as
spam.
(4) Libel – The unlawful or prohibited acts of libel as defined in Article 355 of the
Revised Penal Code, as amended, committed through a computer system.
Other Cybercrime Offenses
Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully
abets or aids in the commission of any of the offenses enumerated in this Act shall
be held liable.
Attempt in the Commission of Cybercrime. – Any person who willfully attempts
to commit any of the offenses enumerated in this Act shall be held liable.

Common Types of Internet Fraud

1. Boiler Room – refers to an outbound call center selling questionable investments
by telephone. It typically refers to a room where salesmen work using unfair,
dishonest sales tactics, sometimes selling foreign currency stock, private placements
or committing outright stock fraud. The term carries a negative connotation, and is
often used to imply high-pressure sales.
2. Romance Scam/Catphishing – false or misleading promises of love and
companionship. 3. 3, 3.Lottery Scam – involves email, letter or text message you
receive about your winnings will ask you to respond quickly or risk missing out.
4. Card skimming – illegal copying of information from the magnetic strip of a
credit or ATM card. The scammers later create a fake or cloned card with your
details on it. The scammer is then able to run up charges on your account.
 5. Phishing – comes from the analogy that Internet scammers are using email lures
to fish for passwords and financial data from the sea of Internet users. Phishing, also
called brand spoofing is the creation of email messages and Web pages that are
replicas of existing, legitimate sites and businesses. These Web sites and emails are
used to trick users into submitting personal, financial, or password data.
6. Email spoofing – is the creation of email messages with a forged sender address.
The word "spoof" means "falsified". A spoofed email is when the sender purposely
alters parts of the email to masquerade as though it was authored by someone else.
7. Nigerian scam – also called 419 scams, are a type of fraud and one of the most
common types of confidence trick. The number "419" refers to the article of the
Nigerian Criminal Code dealing with fraud. A consumer receives a letter concerning
the "request for urgent business transaction". Typically, after receiving a letter a
consumer would respond either by phone, fax, or email. The response would be a
request for further information on there requirements and procedure for the
transaction. Once contact is established, the writer of the letter will normally ask for
an upfront processing fee.
8. Check overpayment scam – receiving an offer from a potential buyer which
issues a check with overpayment. The scammer will then ask you to refund the
excess amount. The scammer is hoping that you will do this before you discover that
their check has bounced.
9. inheritance scam – is when a scammer contacts you out of the blue to tell you
that you've been left, or are entitled to claim, a large inheritance from a distant
relative or wealthy benefactor who has died overseas.
10. Emergency Scam – sometimes referred to as the Grandparent Scam. In the
typical scenario, a grandparent receives a phone call from a con-artist claiming to be
one of his or her grandchildren. The caller goes on to say that they are in some kind
of trouble and need money immediately. Typically they claim being in a car accident,
trouble returning from a foreign country or they need bail money.

Incident Response, Preservation and Collection

 When computer is off – do not turn it on
 If the computer is "ON", do not turn it "OFF"
 If transport is required, pack the components as "fragile cargo" prior
to transport
 Keep away computer evidence from magnets, transmitters, radio,
and other hostile environment
 In the investigative plan, start with identification, then acquisition,
examination/analysis, reporting, and court presentation.
 Observe BWC requirement
 Refuse offers of help/technical assistance from any unauthorized persons
 Latent prints only after e-evidence are collected. Do not use aluminum
powders to avoid damage on electronic data
 Photograph front and back of the monitor, CPU, etc.
 Label all connections for convenient of possible reassembly. Label unused for
ports that are not used
 Note computer date and time, and active programs
 Image the RAM. If done, press and hold the power button for 10 seconds.

NOTE!
- The National Bureau of Investigation (NBI) and the Philippine National Police
(PNP) shall be responsible for the efficient and effective law enforcement of
the provisions of Republic Act 10175.

Cybercrime Warrants

1. The Warrant to Disclose Computer Data (WDCD) – authorizes law enforcers to

disclose or submit subscriber's information, traffic data, or relevant data in the
possession or control of a person or service provider.

What is the duty of the authorized law enforcement officer?

– Within forty-eight (48) hours from implementation or after the expiration of the
affectivity of WDCD, the law enforcement officer shall:
 submit a RETURN to the court that issued it; and
 simultaneously turn over the custody of the disclosed computer data or
subscriber's information
Note: if no return was made, Judge will summon the law enforcement officer to
whom the WDCD was issued and require him to explain why no return was made.
2. The Warrant to Intercept Computer Data (WICD) – authorizes law enforcers to
listen, record, monitor, or surveil the content of the communications through
electronic eavesdropping or tapping devices, while the communication is occurring
What is the duty of the authorized law enforcement officer?
– Within forty-eight (48) hours from implementation or after the expiration of the
affectivity of WICD, the law enforcement officer shall:
 submit a return to the court that issued it; and
 simultaneously turn over the custody of the intercepted communication or
computer data.
3. The Warrant to Search, Seize, and Examine Computer Data (WSSECD) –
authorizes law enforcers to search the particular place for items to be seized and/or
examined.
 -The Rule allows the authorized law enforcer to initially make a forensic image of
the computer on-site, as well as limit their search to the place specified in the
warrant. Otherwise, an off-site search, where the law enforcer searches the
computer outside the place to be searched, may be conducted.
What must first be done by law enforcement authorities on site?
 Make a forensic image of the computer data
 Limit search to place specified in Warrant
 Try not to seize computer items if search can be done on site
When can off site search be conducted?
 If it is not possible to do search on site
 Forensic image must have been made; Image copy
 Reasons for off-site search must be given in Initial Return
 4. The Warrant to Examine Computer Data (WECD) – authorizes law enforcers to
search a computer device or computer seized during a lawful warrantless arrest or
by any other lawful method.
Cybercrime Warrants
 The warrants shall only be effective within 10 days from its issuance.
 The court upon motion, extend its effectivity based only on justifiable reasons for a
period not exceeding 10 days from the expiration of the original period.
 Failure to timely file the returns of warrants or to duly turn over to the court's
custody any of the items disclosed, intercepted, searched, seized, and/or examined
shall subject for contempt.
 Moreover, failure to comply with the orders from law enforcement authorities shall
be punished for obstruction of justice.