CDI6-weeak 1-4
CDI6-weeak 1-4
CDI6-weeak 1-4
3- What is Cybercrime
Cybercrime is a criminal activity or a crime that involves the Internet, a computer
system, or the computer technology.
This includes anything from downloading illegal music files to stealing millions of dollars
from online bank accounts. Cybercrime also includes non-monetary offenses, such as
creating and distributing viruses on other computers or posting confidential business
information on the Internet.
Cybercrime is a crime in which a computer is the object (target) of the crime (like
hacking, phishing, spamming), is used as a tool to commit an offense (child
pornography, hate crimes), or both.
Cybercriminals may use computer technology to access personal information, business
trade secrets, or use the Internet for exploitive or malicious purposes. Criminals can
also use computers for communication and document or data storage. Criminals who
perform these illegal activities are often referred to as hackers.
Cybercrime may also be referred to as computer crime.
Here are presentation videos that would help you understand more the nature of
cybercrime.
2b - Cybercrime Classification
Cybercrimes are normally related to computers. But it is better to classify them on the
basis person so affected by these crimes. It may affect an individual, or an organization,
or property or society as a whole. Some time it may happen crime classified under one
category may fall under another category at the same time. It is also one of the
difficulties in classifying the cybercrimes. For example, hacking may affect both
individual and organization at the same time.
Cybercrimes are broadly categorized into three categories, namely crime against:
1. Individual
2. Property
3. Government
Each category can use a variety of methods and the methods used vary from one
criminal to another.
Cybercrime against INDIVIDUAL PERSONS:
This type of cybercrime can be in the form of cyber stalking, distributing pornography,
trafficking and “grooming”. Today, law enforcement agencies are taking this category of
cybercrime very seriously and are joining forces internationally to reach and arrest the
perpetrators.
Cybercrime against PROPERTY:
Just like in the real world where a criminal can steal and rob, even in the cyber world
criminals resort to stealing and robbing. In this case, they can steal a person’s bank
details and siphon off money; misuse the credit card to make numerous purchases
online; run a scam to get naïve people to part with their hard earned money; use
malicious software to gain access to an organization’s website or disrupt the systems of
the organization. The malicious software can also damage software and hardware, just
like vandals damage property in the offline world.
Cybercrime against the GOVERNMENT:
Although not as common as the other two categories, crimes against a government are
referred to as cyber terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals hack government
websites, military websites or circulate propaganda. The perpetrators can be terrorist
outfits or unfriendly governments of other nations.
Some websites categorize cyber-related crime in this manner:
1.
1. Fraud and financial crimes
2. Cyber-terrorism
3. Cyber-extortion
4. Cyberwarfare
5. Computer as a target
6. Computer as a tool
7. Obscene or offensive content (e;g;: cyber-bullying aka cyber-
harassment
8. Cyber drug-trafficking
Here selected video presentations that can give ideas about the nature of many forms of
cybercrimes.
B. Computer-related offenses
1. Computer-related forgery
2. Computer-related fraud
3. Computer-related identity theft
1. Cybersex
2. Child pornography
3. Unsolicited commercial communications
4. Libel
3a - Anti-cybercrime legislation in
the Philippines
The Convention on Cybercrime
The Convention on Cybercrime, also known as the Budapest Convention, is an
international treaty ratified by 42 states members and non-member of the COE. It seeks
to address computer and internet crimes by harmonizing National laws, improving
investigative techniques, and increasing cooperation among nations. Specifically, the
Convention aims to protect society against cybercrime "by providing for the
criminalization of such conduct and the adoption of powers sufficient for effectively
combating such criminal offenses, by facilitating their detection, investigation and
prosecution at both domestic and international levels and by providing arrangements
for fast and reliable international cooperation."
The Convention is divided into three principal parts. The first part identifies the
substantive cybercrime offenses which each ratifying State is obliged to adopt in its
domestic law. The second part deals with investigative procedures that States must
implement. Lastly, the third part relates to mechanisms that will enhance international
cooperation.
To monitor the compliance of parties and update observers to the said Convention, the
COE conducts a regular conference known as the Octopus Conference which is
preceded by the plenary meeting of the Cybercrime Convention Committee (T-CY).
On 31 August 2007, the DOJ through the office of former Undersecretary Ernesto
Pineda expressed the request of the Government of the Philippines to be invited for
accession to the Budapest Convention. In a letter dated 15 June 2011, the COE
Secretary General Thorbjorn Jagland formally invited the Philippines to accede to the
Budapest Convention.
She also proposed the enactment of the "E-mail User Protection Act" which seeks to
protect consumers and service providers from the misuse of computer facilities by
others sending unsolicited commercial electronic mail over such facilities.
Finally, on 17 September 2004, Senator Ramon B. Magsaysay, Jr. proposed the
enactment of the "Anti-Computer Fraud and Abuse Act of 2004." It defines computer
fraud and the offenses covered by the term "computer• related fraudulent activities"
and covers such acts as computer fraud, computer forgery, damage to computer data or
computer programs, computer sabotage, unauthorized access and unauthorized
interception. It imposes both a fine and a penalty of imprisonment for violators. It also
accords authority to the National Security Council to conduct investigations on
computer related crimes vis-a-vis its effects on national security.
These bills did not make any significant progress.
Senator Santiago's version of the anti-phishing law was met with a slightly
different version in the form of Senator Manny Villar's Senate Bill No. 2405, which
penalizes the act of phishing in the internet or instant messaging. Phishing or the act of
securing or getting of sensitive personal information for the purpose of using it in
fraud, or for participating in fraudulent business practices, or for the purpose of
identity theft and misrepresentation, was proposed to be penalized by imprisonment
for at least 2 years but not more than 10 years or payment of a fine of not less than
P50,000 but not more than P500,000 or both at the discretion of the court.
By the middle of 2008, Senator Mar Roxas introduced Senate Bill No.2412, the
"Computer Abuse Act of 2008." The bill was patterned after the United States
Computer Fraud and Abuse Act as well as Title 18, Section 3933 of the Pennsylvania
Consolidated Statues (Crimes Code). It outlaws:
1.
1. illegal access to computers, computer systems, computer networks,
computer servers, and database;
2. 2) obtaining information relative to the financial records of a customer
of a financial institution without the proper authorization;
3. obtaining, publishing, and giving out the password to another person's
account; and
4. unleashing computer viruses.
Not long after, Senator Roxas introduced Senate Bill No. 2480 or the "Anti-
Cybersquatting Act of 2008". It declaresas unlawful the acquisition of a domain name
over the internet if there is bad faith, intent to profit, mislead, destroy reputation, and
deprive others from registering,and such domain name is: (a) similar, identical, or
confusingly similar to an existing trademark registered with the appropriate
government agency at the time of the domain name registration; (b) identical or in any
way similar with the name of a person other than the registrant, in case of a personal
name; or (c) acquired with no right or intellectual property interests in it.
The successive introduction of bills aimed at criminalizing detrimental acts with the use
of a computer or through the use of the internet resulted in the first draft of a Senate
bill dubbed as a Cybercrime Prevention Act.
Introduced by Senator Juan Ponce Enrile on 21 April 2009, Senate Bill No. 3177
entitled the "Cybercrime Prevention Act of 2009" was divided into seven chapters.14
Chapter 1 defines significant terms such as computer system, computer data, computer
program, database, service provider, traffic data, among others. Chapter 2
enumerates acts punishable under the proposed law which were categorized into (a)
offenses against the confidentiality, integrity and availability of computer data and
systems, such as illegal access, illegal interception, data interference, and system
interference; (b) computer-related offenses such as computer-related forgery and
computer-related fraud; (c) content-related offenses such as cybersex, child
pornography, and unsolicited commercial communications. Chapter 3 prescribes the
penalties imposable for each violation. The same chapter introduces corporate
liability, that is, the imposition of a fine amounting to a maximum of Phpl0,000,000.00
if the crime is committed on behalf of or for the benefit of a juridical person, by a
natural person who has a leading position within said juridical person.
Chapter 4, on the other hand, gives law-enforcement authorities power to collect and
preserve computer data. Chapter 5 defines the jurisdiction of the Regional Trial Courts
and empowers them to hear and decide cases involving violations of the proposed law if
committed within the territory of the Philippines or by a Filipino national regardless of
the place of commission. Chapters 6 and 7 contain provisions on international
cooperation and final provisions such as appropriations, implementing rules and
regulations, among others.
Less than a month later, Senator Antonio Trillanes IV came up with his own version of
the CPA and introduced Senate Bill No. 3213 on 6 May 2009. The proposed bill
contained almost similar provisions as the earlier version except that Senate Bill No.
3213 sought the creation of a Computer Emergency Response Council under the
control and supervision of the Office of the President. It is primarily tasked to
formulate and implement a national plan of action to address and combat cybercrime.
It is envisioned to be composed of the Chairman of the Commission on
Information and Communications Technology (CICT) as Chairman; the Director of
NBI as Vice-Chairman, and other officials of the government as members including the
Directorate- General of PNP, the Chief of the National Prosecution Service, the Head
of the National Computer Center (NCC), the head of the Philippine Center for
Transnational Crime (PCTC), three representatives from the private sector, among
others.
These two versions of the CPA were later merged forming Senate Bill No. 3553 which
was prepared jointly by the Committees on Science and Technology, Constitutional
Amendments, Revision of Codes and Laws, Justice and Human Rights, and Finance.
Senate Bill No. 3553 maintained most of the provisions contained in Senator Enrile's
version of the CPA such as the categorization of the punishable acts and the law
enforcement authorities' power to collect and preserve computer data. It incorporated
Senator Trillanes' proposal to create a body tasked to formulate and implement the
national cyber security plan, however, this time, it was referred to as the Cybercrime
Investigation and Coordinating Center composed of a smaller number of people,
namely: (a) the Chairman of the Commission on Information and Communications
Technology as the Chairman with (b) the Director of the NBI as Vice- Chairman, (c) the
Chief of the PNP, (d) the Chief of the National Prosecution Service and (e) the Head of
the National Computer Center as members. More importantly, Senate Bill No. 3553
proposed the creation of the Office of Cybercrime (OOC) in the Department of Justice,
which would be responsible for extending immediate assistance in the investigation
and prosecution of criminal offenses related to computer systems and data, and ensure
that the provisions of the proposed law are duly complied with.
In the meantime, House Bill No. 6794, which is the counterpart bill of Senate Bill No.
3553 in the House of Representatives, was approved on third reading on 18 January
2010. This was transmitted to and received by the Senate on 20 January 2010.
The CPA of 2009 was not enacted into law at this stage.
If you are still interested to know what transpired next after the 13th Congress and
thereafter, you can continue by browsing this file: RA 10175 legislation history
Download RA 10175 legislation history
1. The State recognizes the vital role of information and communications industries,
such as content production, telecommunications, broadcasting, electronic commerce
and data processing, in the State’s overall social and economic development.
2. The State recognizes the importance of providing an environment conducive to the
development, acceleration, and rational application and exploitation of information
and communications technology to attain free, easy, and intelligible access to
exchange and/or delivery of information; and the need to protect and safeguard the
integrity of computer, computer and communications systems, networks and
databases, and the confidentiality, integrity, and availability of information and data
stored therein from all forms of misuse, abuse and illegal access by making punishable
under the law such conduct or conducts.
3. The State adopts sufficient powers to effectively prevent and combat such offenses
by facilitating their detection, investigation and prosecution at both the domestic and
international levels, and by providing arrangements for fast and reliable international
cooperation.
Why are these government policies necessary? If these policies were formalized in 2012
when RA 10175 was enacted, take a look at the cybercrime threat landscape in the
Philippines in 2013. By reading the PNP-ACG report published on August 8, 2013, you
will understand the need for these policies.
III. Cybercrime Status
The use of technology in the commission of traditional crimes and the new found ways
of committing crime in the country pose an investigative challenge to the Philippine
National Police. There is a rising incidence of financially motivated cybercrime and
politically motivated cyber-attacks on government by cyber actors in the Philippines.
From CY 2003 up to CY 2012, a total of 2,778 cybercrime related offenses was recorded
by the PNP. While the country awaits the implementation of a comprehensive
cybercrime law, cyber criminals continue to use technology both in conducting criminal
activity and preventing its detection. This trend in criminal activity necessitates the need
for a dedicated unit within the PNP to go after these offenders and improve its cyber
security posture.
Compared to its ASEAN neighbors, the Philippines has yet to enact and implement its
own comprehensive anti-cybercrime law.
From CY 2010 to CY 2012, the PNP has recorded a total of 1,184 incidents with the
highest being the attacks targeting government websites where a total of 940 website
defacements have been recorded.
Another recent attack perpetrated by cyber criminals is the exfiltration of usernames and
passwords from the DNS Gov.Ph registration site with an estimated 2,338 records and
allegedly claimed by AnonTaiwan group. These attacks increased when the Philippines
had its political, security and jurisdictional issues on the Luneta Bus Hostage taking
incident, Scarborough Shoal stand off, Sabah incident involving the Sultanate of Sulu,
and the Taiwanese Fisherman killed in Balintang Channel. The country was also
victimized by botnet infection where the Philippines is ranked 6 th in the world for BotNet
location.
Police intervention against cybercrime in the country resulted in the arrest of 505
foreign nationals. As with traditional crimes, the cyber-criminal actors and organizations
still resemble the same criminal characters and setup, the difference lies in the way
organized criminal groups are structured from a hierarchical form to a flat organization
operating independently similar to the cell Terrorist concept.
The most likely cybercrimes committed in the country either through the use of
technology or the target of the crime is the technology itself, falls generally on the areas
of national security matter, financially motivated offenses, crime directed against a
person or the property and those that involve crimes that violate public morals.
For national security concerns, the likely cybercrime threats deal on espionage activity,
disruption, sabotage, politically motivated attacks and those which involve terrorism
activities. Nowadays, Terrorists are using the Internet in their recruitment, propaganda,
planning, teach-ins, financing, and even operational implementation. Swindling, estafa,
scam or other form of computer fraud, counterfeiting and forgery are some of the
financially motivated cybercrime threats. Cybercrime against a person usually involves
theft or unlawful use of personal information, threat, extortion, harassment and
disclosure of privacy related matters. Property related cybercrime on the other hand,
such as theft, the sale of stolen or lost item, illegal use of and damage to property, maybe
committed. Finally, cybercrime which involve public morals are those which likely involve
obscene and indecent publication, child pornography, human trafficking and those who
make use of technology like the Internet to show acts of cruelty or violence.
IV. Police Response
In order to address the increasing incidence of cybercrime, the PNP Anti Cybercrime
Group was activated on March 20, 2013. The establishment of a PNP Anti-Cybercrime
Group is a strong signal to criminals that the PNP is very serious in addressing
cybercrime in the country.
The PNP-ACG has conceptualized and believed that to fight cybercrime and to
strengthen cyber security, there must be a synergy among the following components:
Competence and Capability building of the Organization and Personnel; Public and
Private Partnership; strong International Cooperation; Advocacy and Public Awareness
and; the implementation of strong Laws, Policies and Regulations.
To date, the PNP currently has six (6) fully functional Digital Forensic Laboratories
nationwide located in Camp Crame, Legazpi City, Cebu City, Davao City, General Santos
City and Zamboanga City. These PNP offices are capable of conducting computer,
mobile, and audio and video forensic examinations and can respond to investigate
incidence of cybercrime activities within their geographical areas of responsibility. The
PNP envisions to have cyber-forensic laboratories in all its regional offices in the future.
Since 2003, the PNP has continuously received various digital forensic equipment grants
because cybercrime is a technology-based crime and the PNP needs to have the
technological capability to address such crimes. A cyber training facility was also
commissioned through the assistance of the US Anti-Terrorism Assistance Program.
Along this line is the continuous technical training of police officers to increase
competence in cybercrime investigation where a total of 90 local and international
trainings were received while 31 local trainings were provided to the regional offices.
Another aspect in the fight against cybercrime is the concern on online child
victimization. In response to this international priority, the PNP is strengthening its
children protection program by establishing a special taskforce “Angel Net” purposely to
address Internet or technology-related child abuse and exploitation.
International cooperation and partnership in strengthening cyber security and the fight
against cybercrime is another activity in which the PNP actively participates. Increasing
the PNP’s competence and capability, continuous Public awareness, Active Private-
Public partnership, Enforcement of effective laws, and International cooperation are the
PNP’s approach in strengthening cyber security and combating cybercrime.
VI. Assessment / Forecast
For the past ten years, cybercrime in the country continued to evolve both in the
manner of commission and in the use of mechanisms by cyber criminals to deter police
investigation. With the continuing advancement in cyber technology and the rising
popularity of social networking sites over the internet, the Philippines will remain open
to cybercrime operations.
In view of this, the opportunity for the commission of cybercrimes must be identified
and duly addressed. Those who use the Internet, email, social media and vulnerable
computers will be the likely victims. Financially-motivated cybercrimes will likely be the
preferred choice for criminals due to the ease of getting money, sourcing of victims and
its difficulty in detection and apprehension.
Cybercrime will persist in the country as with other parts of the world. The current
environment in the Philippines attracts transnational cybercrime groups to continuously
operate in the country. Espionage such as data exfiltration, sabotage or disruption and
politically motivated attacks will continue to target government institutions. An
effective country strategy, legal framework, awareness program, capability and capacity
building programs, and local and International cooperation will mitigate and effectively
address cybercrime victimization.
The PNP, as the country’s premier law enforcement institution remains unwavering in
facing these challenges valiantly and has made significant gains in thwarting cyber
offenders, especially the transnational organized criminal groups, from making the
country a sanctuary for their criminal operations.
3c - Anti-cybercrime laws
Other than RA 10175, there are other laws that were enacted as an effort to combat
cybercrimes. Prior to RA 10175, there were to earlier laws that came into being as
attempt to prohibit the early forms of cybercrimes. These are:
After RA 10175 was enacted, there are other national laws that followed to prohibit
cyber-related offenses that were not covered in the Cybercrime Prevention Act of
2012. These include RA 10627 or the "Anti-Bullying Act of 2013".
Click on the links provided below to open/download copy of these related laws.
RA 8484
RA 8792
RA 9995
RA 10173
RA 10627
Browse/read these laws so that you will be able to accomplish what is required in the
learning task on our next meetings.