computer ethics - computer and internet crime 2016
TRANSCRIPT
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
1/130
INTRODUCTION TOINTRODUCTION TO
COMPUTER ANDCOMPUTER AND
INTERNET CRIMEINTERNET CRIME
Atty. Ramon Antonio A. RupertoAtty. Ramon Antonio A. Ruperto
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
2/130
Ethics and Criminal LawEthics and Criminal Law
When faced with a difficult ethicalWhen faced with a difficult ethicaldecision, reference to the law isdecision, reference to the law is
often a good starting point.often a good starting point. In making an ethical decision, one ofIn making an ethical decision, one of
the principle guidelines is tothe principle guidelines is todetermine whether there is a lawdetermine whether there is a law
that is applicable.that is applicable. More specifically, one should askMore specifically, one should ask
whether or not the contemplated actwhether or not the contemplated act
is a crime.is a crime.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
3/130
The FirstThe First CybercrimeCybercrime
It is said that the first recorded cyberIt is said that the first recorded cybercrime took place in the yearcrime took place in the year18201820
JosephJoseph--Marie Jacquard, a textileMarie Jacquard, a textile
manufacturer in France, produced themanufacturer in France, produced theloom. This device allowed the repetition ofloom. This device allowed the repetition ofa series of steps in the weaving of speciala series of steps in the weaving of specialfabrics. This resulted in a fear amongstfabrics. This resulted in a fear amongstJacquard's employees that their traditionalJacquard's employees that their traditionalemployment and livelihood were beingemployment and livelihood were beingthreatened. They committed acts ofthreatened. They committed acts ofsabotage to discourage Jacquard fromsabotage to discourage Jacquard fromfurther use of the new technology.further use of the new technology.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
4/130
What is a computer crime?What is a computer crime?
refers to any crime that involves arefers to any crime that involves acomputer and a network. The computercomputer and a network. The computermay have been used in the commission ofmay have been used in the commission of
a crime, or it may be the target.a crime, or it may be the target. any illegal behavior directed by means ofany illegal behavior directed by means of
electronic operations that targets theelectronic operations that targets thesecurity of computer systems and the datasecurity of computer systems and the dataprocessed by them.processed by them.
also referred to asalso referred to ascyber crimecyber crime
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
5/130
What is a computer crime?What is a computer crime?
As of now, there is absolutely NOAs of now, there is absolutely NOcomprehensive law oncomprehensive law on cybercrimecybercrimeanywhere in the worldanywhere in the world
There is NO exhaustive and uniformThere is NO exhaustive and uniformdefinition aboutdefinition about cybercrimecybercrime..However, any activity involving aHowever, any activity involving acomputer which basically offendscomputer which basically offendshuman sensibilities, can also behuman sensibilities, can also beincluded in its ambitincluded in its ambit
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
6/130
Other termsOther terms
ComputerComputer--related crimerelated crime -- any illegalany illegalbehavior committed by means of, orbehavior committed by means of, or
in relation to, a computer system orin relation to, a computer system ornetwork, however, strictly speaking,network, however, strictly speaking,this is notthis is not cybercrimecybercrime..
NetcrimeNetcrime -- refers to criminalrefers to criminalexploitation of the Internetexploitation of the Internet
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
7/130
COMPUTER CRIME
Crimes thattarget
computers
directly
Crimes
facilitated bycomputer
networks ordevices, the
primary targetof which is
independent ofthe computernetwork or
device
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
8/130
Crimes that primarily targetCrimes that primarily target
computer networks or devices:computer networks or devices:
Computer virusesComputer viruses
DenialDenial--ofof--service (DOS) attacksservice (DOS) attacks MalwareMalware
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
9/130
Crimes that use computer networksCrimes that use computer networks
or devices to advance other ends:or devices to advance other ends: CyberstalkingCyberstalking// cyberbullyingcyberbullying
Internet fraud and identity theftInternet fraud and identity theft
Information warfareInformation warfare PhishingPhishing scamsscams
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
10/130
Other ways of classifyingOther ways of classifying
CybercrimesCybercrimes:: According to the victim/offendedAccording to the victim/offended
person:person:
1.1. CybercrimesCybercrimes against personsagainst persons
2.2. CybercrimesCybercrimes against propertyagainst property
3.3. CybercrimesCybercrimes against theagainst thegovernmentgovernment
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
11/130
CybercrimesCybercrimes against personsagainst persons
include crimes like transmission ofinclude crimes like transmission ofchildchild--pornography, harassment ofpornography, harassment of
any one with the use of a computerany one with the use of a computersuch as esuch as e--mail, andmail, and cyberstalkingcyberstalking,,and trafficking, distribution,and trafficking, distribution,posting, and dissemination ofposting, and dissemination of
obscene material includingobscene material includingpornography, indecent exposure,pornography, indecent exposure,and child pornographyand child pornography
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
12/130
CybercrimesCybercrimes against propertyagainst property
include unauthorized computerinclude unauthorized computertrespassing through cyberspacetrespassing through cyberspace
(intrusion), computer vandalism,(intrusion), computer vandalism,transmission of harmful programs,transmission of harmful programs,and unauthorized possession ofand unauthorized possession ofcomputerized informationcomputerized information
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
13/130
CybercrimesCybercrimes against governmentagainst government
includeinclude cyberterrorismcyberterrorism,, cyberwarfarecyberwarfare
generally speaking, these crimesgenerally speaking, these crimes
may also refer to those againstmay also refer to those againstpersons, but this time directedpersons, but this time directedagainst the government (as aagainst the government (as ajuridical person)juridical person)
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
14/130
Other ways of classifyingOther ways of classifying
CybercrimesCybercrimes:: As categorized by the United Nations:As categorized by the United Nations:
1.1.
unauthorized accessunauthorized access
2.2. damage to computer data or programsdamage to computer data or programs
3.3. sabotage to hinder the functioning of asabotage to hinder the functioning of acomputer system or networkcomputer system or network
4.4. unauthorized interception of data to,unauthorized interception of data to,from and within a system or networkfrom and within a system or network
5.5. computer espionagecomputer espionage
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
15/130
Other ways of classifyingOther ways of classifying
CybercrimesCybercrimes:: According to the role of the computer (asAccording to the role of the computer (as
categorized by the US Department ofcategorized by the US Department ofJustice):Justice):
1.1. The computer as a targetThe computer as a target -- attacking theattacking thecomputers of others (spreading virusescomputers of others (spreading virusesis an example)is an example)
2.2. The computer as a weaponThe computer as a weapon -- using ausing a
computer to commit "traditional crime"computer to commit "traditional crime"that we see in the physical world (suchthat we see in the physical world (suchas fraud or illegal gambling)as fraud or illegal gambling)
3.3. The computer as an accessoryThe computer as an accessory -- using ausing acomputer to store illegal or stolencomputer to store illegal or stolen
informationinformation
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
16/130
CybercrimesCybercrimes
There is no exhaustive list of allThere is no exhaustive list of allcybercrimescybercrimes
New kinds ofNew kinds ofcybercrimescybercrimes arise, andarise, andit is difficult to anticipate all theit is difficult to anticipate all thepossible kinds ofpossible kinds ofcybercrimescybercrimes
Some specific acts may fall underSome specific acts may fall under
several kinds of categories or areasseveral kinds of categories or areas
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
17/130
AREAS OFCOMPUTER
CRIME
Theft: goods,Theft: goods,
information orinformation ormoneymoney
Theft ofTheft ofcomputer timecomputer time
UnauthorizedUnauthorized
accessaccess(Hacking)(Hacking)
ComputerComputer
fraudfraud
Identity theftIdentity theft
HarassmentHarassment
and sexuallyand sexually--
relatedrelated
materialmaterial
Forgery andForgery and
piracypiracy
ComputerComputer
espionageespionage
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
18/130
1. UNAUTHORIZED ACCESS1. UNAUTHORIZED ACCESS
Unauthorized access to computerUnauthorized access to computermaterial (hacking/intrusions)material (hacking/intrusions)
Unauthorized access with intent toUnauthorized access with intent tocommit further offenses (such ascommit further offenses (such asblackmail)blackmail)
Unauthorized modification ofUnauthorized modification of
computer material (for example,computer material (for example,distributing viruses)distributing viruses)
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
19/130
Hacking / IntrusionsHacking / Intrusions
ModernModern--day vandalism or graffitiday vandalism or graffiti
Unauthorized access to computer systemsUnauthorized access to computer systemsor networksor networks
Ranges from the mere defacing ofRanges from the mere defacing ofwebsites for personal notoriety, thewebsites for personal notoriety, thechallenge, or a political message, tochallenge, or a political message, tointerfering or controlling the computerinterfering or controlling the computersystem or network of anothersystem or network of another
It is unanimously agreed that any andIt is unanimously agreed that any andevery system in the world can be hackedevery system in the world can be hacked
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
20/130
IntrusionsIntrusions -- in a general sense,in a general sense,aside from hacking (the illegal entryaside from hacking (the illegal entry
into a secure database or network),into a secure database or network),these may also refer to thethese may also refer to theintroduction of various forms ofintroduction of various forms ofmalicious software, which can bemalicious software, which can be
malwaremalware, worms, viruses,, worms, viruses, trojantrojanhorses, fake antihorses, fake anti--virus software, andvirus software, andmay other covert programs,may other covert programs,
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
21/130
Virus / Worm attacksVirus / Worm attacks
VirusesViruses programs that attachprograms that attachthemselves to a computer or a file andthemselves to a computer or a file andthen circulate themselves to otherthen circulate themselves to otherfiles and to other computers on afiles and to other computers on anetwork. They usually affect the datanetwork. They usually affect the dataon a computer, either by altering oron a computer, either by altering ordeleting it.deleting it.
WormsWorms programs which makeprograms which makefunctional copies of themselves andfunctional copies of themselves and
do this repeatedly until they eat up alldo this repeatedly until they eat up allthe available space on a computer'sthe available space on a computer'smemory.memory.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
22/130
TrojansTrojans program in which maliciousprogram in which maliciousor harmful code is disguised insideor harmful code is disguised insidesome apparently harmlesssome apparently harmless
programming or data (perhaps anprogramming or data (perhaps animage or sound file, or emailimage or sound file, or emailattachment). The victim is trickedattachment). The victim is trickedinto executing the program code byinto executing the program code by
opening the file or attachment,opening the file or attachment,initiating a malicious sequence ofinitiating a malicious sequence ofevent.event.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
23/130
NameName YearYearreleasedreleased
Worldwide economicWorldwide economicimpactimpact
StormStorm 20072007 > $ 10 billion (> $ 10 billion (estest))
ILOVEYOUILOVEYOU 20002000 $ 8.75$ 8.75 10 billion10 billion
Code RedCode Red 20012001 $ 2.62 billion$ 2.62 billion
SirCamSirCam 20012001 $ 1.15 billion$ 1.15 billion
MelissaMelissa 19991999 $ 1.10 billion$ 1.10 billion
COST IMPACT OF WORMS
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
24/130
Cyber Attacks /Cyber Attacks / DoSDoSAttacksAttacks
Denial of Service (Denial of Service (DoSDoS)) -- involves flooding ainvolves flooding acomputer resource with more requests than itcomputer resource with more requests than itcan handle. This causes the resource (e.g. a webcan handle. This causes the resource (e.g. a webserver) to crash thereby denying authorizedserver) to crash thereby denying authorized
users the service offered by the resource.users the service offered by the resource.
Distributed Denial of Service (Distributed Denial of Service (DDoSDDoS)) -- thetheperpetrators are many and are geographicallyperpetrators are many and are geographicallywidespread. It is very difficult to control suchwidespread. It is very difficult to control such
attacks. The attack is initiated by sendingattacks. The attack is initiated by sendingexcessive demands to the victim'sexcessive demands to the victim's computer(scomputer(s),),exceeding the limit that the victim's servers canexceeding the limit that the victim's servers cansupport and making the servers crashsupport and making the servers crash
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
25/130
Cyber Attacks /Cyber Attacks / DoSDoSAttacksAttacks
In February 2000, these kinds of attacksIn February 2000, these kinds of attackswere able to bring Yahoo, eBay, Amazon,were able to bring Yahoo, eBay, Amazon,CNN and other popular websites to a haltCNN and other popular websites to a halt
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
26/130
SpamSpam
Unsolicited sending of bulk email forUnsolicited sending of bulk email forcommercial purposescommercial purposes
To send the same messageTo send the same messageindiscriminately toindiscriminately to
(large numbers of(large numbers of
recipients) on therecipients) on the
InternetInternet
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
27/130
EE--mail bombingmail bombing
Email bombing refers to sending aEmail bombing refers to sending alarge number of emails to the victimlarge number of emails to the victimresulting in the victim's emailresulting in the victim's emailaccount (in case of an individual) oraccount (in case of an individual) ormail servers (in case of a companymail servers (in case of a companyor an email service provider)or an email service provider)
crashingcrashing
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
28/130
2. THEFT OF GOODS,2. THEFT OF GOODS,
INFORMATION OR MONEYINFORMATION OR MONEY Diverting goods to the wrongDiverting goods to the wrong
destinationdestination
Unauthorized tapping into dataUnauthorized tapping into datatransmission lines or databasestransmission lines or databases
Using someone elseUsing someone elses credit cards credit card
Transferring payments to bogus bankTransferring payments to bogus bankaccountsaccounts
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
29/130
Salami attacksSalami attacks
Used for the commission of financialUsed for the commission of financialcrimes by altering raw data just before itcrimes by altering raw data just before itis processed by a computer and makingis processed by a computer and makingthe alteration so insignificant that in athe alteration so insignificant that in a
single case it would go completelysingle case it would go completelyunnoticed. (e.g. a bank employee insertsunnoticed. (e.g. a bank employee insertsa program, into the bank's servers, thata program, into the bank's servers, thatdeducts a small amount of money (suchdeducts a small amount of money (suchas 25 centavos a month) from the accountas 25 centavos a month) from the account
of every customer. No account holder willof every customer. No account holder willprobably notice this unauthorized debit,probably notice this unauthorized debit,but the bank employee will make a sizablebut the bank employee will make a sizableamount of money every month.amount of money every month.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
30/130
"collect"collect--thethe--roundoffroundoff"" -- In this scam,In this scam,a programmer modifies arithmetica programmer modifies arithmeticroutines, such as interestroutines, such as interestcomputations. Typically, thecomputations. Typically, thecalculations are carried out to severalcalculations are carried out to severaldecimal places beyond thedecimal places beyond the
customary two or three kept forcustomary two or three kept forfinancial records.financial records.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
31/130
3. THEFT OF COMPUTER TIME3. THEFT OF COMPUTER TIME
Involves the use of an employerInvolves the use of an employersscomputer resources for personalcomputer resources for personalworkwork
Considered a grey areaConsidered a grey area
Example: UsingExample: Using FacebookFacebook duringduringoffice hoursoffice hours
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
32/130
4. COMPUTER FRAUD4. COMPUTER FRAUD
May include preMay include pre--Internet scams suchInternet scams suchas pyramid schemes, chain letters,as pyramid schemes, chain letters,sales of counterfeit goods, and phonysales of counterfeit goods, and phonybusiness investment opportunitiesbusiness investment opportunities
Any fraudulent act with the use ofAny fraudulent act with the use ofcomputerscomputers
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
33/130
Computer FraudComputer Fraud
any dishonest misrepresentation of factany dishonest misrepresentation of factintended to let another do or refrain fromintended to let another do or refrain fromdoing something which causes lossdoing something which causes loss
may include credit fraud. Certainmay include credit fraud. Certaincomputer viruses can log keystrokes oncomputer viruses can log keystrokes onyour keyboard and send them to hackers,your keyboard and send them to hackers,who can then take your personal details,who can then take your personal details,
credit card number and home address.credit card number and home address.This information will be used by theThis information will be used by thehacker for his own meanshacker for his own means
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
34/130
PhishingPhishing
a kind of scam, especially practiceda kind of scam, especially practicedthrough ethrough e--mail, in which a cyber criminalmail, in which a cyber criminalsends a message that appears to be fromsends a message that appears to be from
the receiverthe receivers bank or business, or as bank or business, or agovernment agency, such as the BIRgovernment agency, such as the BIR
often they use these organizationsoften they use these organizationslogoslogosand design the message to appear theand design the message to appear thesame as legitimate esame as legitimate e--mail from themail from the
company. Once they have the recipientcompany. Once they have the recipientsstrust, they then ask for money, banktrust, they then ask for money, bankaccount numbers, and other personalaccount numbers, and other personalinformationinformation
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
35/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
36/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
37/130
5. CORPORATE ESPIONAGE5. CORPORATE ESPIONAGE
Theft of corporate assets or tradeTheft of corporate assets or tradesecrets from computer systems ofsecrets from computer systems ofcorporations which contain great dealcorporations which contain great dealof information such as productof information such as productdevelopment plans, customer contactdevelopment plans, customer contactlists, product specifications,lists, product specifications,
manufacturing process knowledge,manufacturing process knowledge,and strategic plans.and strategic plans.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
38/130
6. IDENTITY THEFT6. IDENTITY THEFT
Not just theft of credit card numbers,Not just theft of credit card numbers,but also social security numbers,but also social security numbers,bank account details, addresses andbank account details, addresses andany other personal data that aany other personal data that aperson might use to verify theirperson might use to verify theiridentityidentity
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
39/130
7. FORGERY AND PIRACY7. FORGERY AND PIRACY
Using desktop publishing software,Using desktop publishing software,high resolution scanners and laserhigh resolution scanners and laserprinters to assist forgery, whether itprinters to assist forgery, whether it
be money, checks, passports, visas,be money, checks, passports, visas,birth certificates, identity cards, andbirth certificates, identity cards, anddegreesdegrees
Software piracySoftware piracy distribution ofdistribution of
illegal software and other intellectualillegal software and other intellectualproductsproducts
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
40/130
Piracy / Online theftPiracy / Online theft
act of copying copyrighted material. Theact of copying copyrighted material. Thepersonal computer and the Internet bothpersonal computer and the Internet bothoffer new mediums for committing suchoffer new mediums for committing such
crimecrime include fileinclude file--sharing or distributing songs,sharing or distributing songs,
movies, video games, and so on for freemovies, video games, and so on for free
Online TheftOnline Theft -- any type of 'piracy' thatany type of 'piracy' thatinvolves the use of the Internet to marketinvolves the use of the Internet to marketor distribute creative works protected byor distribute creative works protected bycopyrightcopyright
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
41/130
Copying in the workplace,Copying in the workplace,counterfeiting and various forms ofcounterfeiting and various forms ofillegal distribution of software costillegal distribution of software costthe Asia Pacific regionthe Asia Pacific regionUS$11.6US$11.6billionbillion in 2006in 2006
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
42/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
43/130
8. HARASSMENT AND8. HARASSMENT AND
SEXUALLY RELATED MATERIALSEXUALLY RELATED MATERIAL ComputerComputer--assisted sexual crimes,assisted sexual crimes,
from distribution of childfrom distribution of childpornography, to electronic forms ofpornography, to electronic forms ofsexual harassment and cyberstalkingsexual harassment and cyberstalking(use of e(use of e--mail and other electronicmail and other electronicmedia to harass or threaten a personmedia to harass or threaten a person
repeatedly)repeatedly)
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
44/130
Obscene or offensive contentObscene or offensive content
The content of websites and otherThe content of websites and otherelectronic communications may beelectronic communications may bedistasteful, obscene or offensive for adistasteful, obscene or offensive for avariety of reasonsvariety of reasons
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
45/130
Cyber harassment / bullyingCyber harassment / bullying
Directing of obscenities and derogatoryDirecting of obscenities and derogatorycomments at specific individuals focusingcomments at specific individuals focusingfor example on gender, race, religion,for example on gender, race, religion,
nationality, sexual orientation. This oftennationality, sexual orientation. This oftenoccurs in chat rooms, throughoccurs in chat rooms, throughnewsgroups, and by sending hate enewsgroups, and by sending hate e--mailmailto interested partiesto interested parties
May also refer to cyber bullying, cyberMay also refer to cyber bullying, cyberstalking, harassment by computer, onlinestalking, harassment by computer, onlinepredation, and internet libelpredation, and internet libel
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
46/130
CyberterrorismCyberterrorism
is distinguished from other acts ofis distinguished from other acts ofcommercial crime or incidents of hackingcommercial crime or incidents of hackingby its severityby its severity
intimidation or coercion a government orintimidation or coercion a government ororganization to advance political or socialorganization to advance political or socialobjectives by launching computerobjectives by launching computer--basedbasedattack against computers, network, andattack against computers, network, andthe information stored on themthe information stored on them
an act of terrorism committed through thean act of terrorism committed through theuse of cyberspace or computer resources.use of cyberspace or computer resources.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
47/130
CyberterrorismCyberterrorism
any act of cybercrime designed to cause terror.any act of cybercrime designed to cause terror.Like conventional terrorism,Like conventional terrorism,ee--terrorismterrorismisisclassified as such if the result of such cybercrimeclassified as such if the result of such cybercrimeis to cause enough harm to generate fearis to cause enough harm to generate fear
TerrorismTerrorism -- Any person who commits theAny person who commits thefollowing acts: Piracy and Mutiny, Rebellion orfollowing acts: Piracy and Mutiny, Rebellion orInsurrection, Coup de Etat, Murder, Kidnapping,Insurrection, Coup de Etat, Murder, Kidnapping,Crimes Involving Destruction, Arson, Hijacking,Crimes Involving Destruction, Arson, Hijacking,Illegal Possession of Firearms, thereby sowingIllegal Possession of Firearms, thereby sowing
and creating a condition of widespread andand creating a condition of widespread andextraordinary fear and panic among theextraordinary fear and panic among thepopulacepopulace, in order to coerce the government to, in order to coerce the government togive in to an unlawful demand (Section 3,give in to an unlawful demand (Section 3,Republic Act No. 9372)Republic Act No. 9372)
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
48/130
CyberterrorismCyberterrorism
The medium of Cyberspace is being used byThe medium of Cyberspace is being used byindividuals and groups to threaten theindividuals and groups to threaten theinternational governments as also to terrorize theinternational governments as also to terrorize thecitizens of a country. This crime manifests itselfcitizens of a country. This crime manifests itself
into terrorism when an individual cracks into ainto terrorism when an individual cracks into agovernment or military maintained websitegovernment or military maintained website
In 2010, during the months leading to the MayIn 2010, during the months leading to the Mayautomated elections, five government websitesautomated elections, five government websites
(DOH, DOLE, DSWD, NDCC, and TESDA) were(DOH, DOLE, DSWD, NDCC, and TESDA) werehacked. There were widespread concerns that thehacked. There were widespread concerns that theautomated elections counting machines couldautomated elections counting machines couldalso be hacked.also be hacked.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
49/130
Cyber warfareCyber warfare
May be an effective form of warfareMay be an effective form of warfarein the futurein the future
In August 2008, Russia allegedlyIn August 2008, Russia allegedlyconducted cyber attacks, this time inconducted cyber attacks, this time ina coordinated and synchronizeda coordinated and synchronizedcampaign against the country ofcampaign against the country of
GeorgiaGeorgia
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
50/130
Other cybercrimesOther cybercrimes
CybersquattingCybersquatting
TyposquattingTyposquatting
Copyright/Trademark infringementCopyright/Trademark infringement Internet plagiarismInternet plagiarism
Internet libel/defamationInternet libel/defamation
Bandwidth theftBandwidth theft
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
51/130
Cybercrime in the PhilippinesCybercrime in the Philippines
There have been 667 instances ofThere have been 667 instances ofgovernment websites defacementsgovernment websites defacementsbetween 2003between 2003--20082008
87 % of Filipinos have fallen to a87 % of Filipinos have fallen to avariety of attacks, which includevariety of attacks, which includemalware (virus and Trojan horse)malware (virus and Trojan horse)invasion, online or phishing scamsinvasion, online or phishing scams
73 % do not expect cybercriminals to73 % do not expect cybercriminals tobe brought to justicebe brought to justice
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
52/130
Cybercrime in the PhilippinesCybercrime in the Philippines
34% say it is acceptable to download34% say it is acceptable to downloadmusic and movies without paying formusic and movies without paying forthemthem
22% think that using an unsecured22% think that using an unsecuredWiFi access point is legal.WiFi access point is legal.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
53/130
Cybercrime in the PhilippinesCybercrime in the Philippines
As of 2005, the number of cybercrimesAs of 2005, the number of cybercrimesrecorded were only 30recorded were only 30
CIDG has recorded 72 computerCIDG has recorded 72 computer--relatedrelated
crimes last year (2010) and 56 during thecrimes last year (2010) and 56 during thefirstfirst half of this yearhalf of this year
Effendy Ibrahim, head of Symantec AsiaEffendy Ibrahim, head of Symantec AsiassInternet Safety Advocate and ConsumerInternet Safety Advocate and ConsumerBusiness division, describes the growingBusiness division, describes the growingcybercrime problem in the Philippines as acybercrime problem in the Philippines as asilent epidemicsilent epidemic
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
54/130
Characteristics of PhilippineCharacteristics of Philippine
Criminal LawCriminal Law1.1. General ApplicationGeneral Application PhilippinePhilippine
criminal laws are binding on all personscriminal laws are binding on all personswho live or sojourn in the Philippines,who live or sojourn in the Philippines,
regardless of your nationality, religion,regardless of your nationality, religion,etc.etc.
2.2. TerritorialTerritorial our criminal lawour criminal lawundertakes to punish crimes committedundertakes to punish crimes committedonly within the Philippine territoryonly within the Philippine territory
3.3. ProspectiveProspective a criminal law cannota criminal law cannotmake an act punishable when it was notmake an act punishable when it was notpunishable when committedpunishable when committed
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
55/130
VBS_LOVELETTERVBS_LOVELETTER
better known as the Love Bug or the ILOVEYOU virusbetter known as the Love Bug or the ILOVEYOU virus Release in 2000, it caused major disruptions in emailRelease in 2000, it caused major disruptions in email
systems worldwide with costs escalating to an estimatedsystems worldwide with costs escalating to an estimated$10 billion in revenue loss.$10 billion in revenue loss.
The source came from a Filipino IT dropout,The source came from a Filipino IT dropout,Onel deOnel de
GuzmanGuzman, who created it as part of his thesis proposal with, who created it as part of his thesis proposal withfocus specifically on stealing passwords. Obviously, thefocus specifically on stealing passwords. Obviously, thethesis proposal was rejected, but the virus still found itsthesis proposal was rejected, but the virus still found itsway to the internet.way to the internet.
This incident marked the PhilippinesThis incident marked the Philippinesinfamous introduction onto the worldinfamous introduction onto the worldstage of cyber crime.stage of cyber crime.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
56/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
57/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
58/130
Philippine Laws onPhilippine Laws on CybercrimesCybercrimes
and other related actsand other related acts
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
59/130
EE--Commerce Act of 2000Commerce Act of 2000
(RA No. 8792)(RA No. 8792) Punishable acts:Punishable acts:
1.1.Hacking or crackingHacking or cracking-- unauthorized access intounauthorized access intoor interference in a computer system/server oror interference in a computer system/server or
information and communication system; or anyinformation and communication system; or anyaccess in order to corrupt, alter, steal, or destroyaccess in order to corrupt, alter, steal, or destroyusing a computer or other similar information andusing a computer or other similar information andcommunication devices, without the knowledgecommunication devices, without the knowledgeand consent of the owner of the computer orand consent of the owner of the computer orinformation and communications system,information and communications system,
including the introduction ofincluding the introduction ofco m p u t e r v i r u se s co m p u t e r v i r u s e s and the like, resulting in the corruption,and the like, resulting in the corruption,destruction, alteration, theft or loss of electronicdestruction, alteration, theft or loss of electronicdata messages or electronic documentdata messages or electronic document
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
60/130
HackerHacker
Enjoys learning details of computerEnjoys learning details of computersystems and how to stretch theirsystems and how to stretch theircapabilitiescapabilities
Programs enthusiastically rather thanPrograms enthusiastically rather thanjust theorizing about itjust theorizing about it
Malicious inquisitive meddler whoMalicious inquisitive meddler who
tries to discover information bytries to discover information bypoking aroundpoking around
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
61/130
THECOMPUTERHACKER
Public interestPublic interest RevealReveal
wrongdoingwrongdoingVandalismVandalism
(Defacement)(Defacement)
Financial gainFinancial gain As a protestAs a protest The challengeThe challenge
(fun)(fun)
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
62/130
Type ofType of
perpetratorperpetratorTypical motivesTypical motives
HackerHacker Test limits of system and/or gainTest limits of system and/or gainpublicitypublicity
CrackerCracker Cause problems, steal data, andCause problems, steal data, andcorrupt systemscorrupt systems
Malicious insiderMalicious insider Gain financially and/or disruptGain financially and/or disruptcompanycompanys information systemss information systems
Industrial spyIndustrial spy Capture trade secrets and gainCapture trade secrets and gaincompetitive advantagecompetitive advantage
CybercriminalCybercriminal Gain financiallyGain financially
HacktivistHacktivist Promote political ideologyPromote political ideology
CyberterroristCyberterrorist Destroy infrastructureDestroy infrastructurecomponents of institutionscomponents of institutions
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
63/130
HackerHackerEthicsEthics
(established by the early hackers)(established by the early hackers) Access to computers should be unlimitedAccess to computers should be unlimited
and totaland total
All information should be freeAll information should be free
Mistrust authorityMistrust authority
Hackers should be judged by theirHackers should be judged by theirhacking, not bogus criteria such ashacking, not bogus criteria such asacademic excellence, age, race or positionacademic excellence, age, race or position
You can create art and beauty on aYou can create art and beauty on acomputercomputer
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
64/130
Hackers as public watchdogsHackers as public watchdogs
Reveal information the public has a rightReveal information the public has a rightto know, and exposing the truthto know, and exposing the truth
In a sense, continues a tradition toIn a sense, continues a tradition toinvestigative journalisminvestigative journalism
Example: Chaos Computer ClubExample: Chaos Computer Club releasedreleasedmore information to the public about themore information to the public about theChernobyl disaster than the governmentChernobyl disaster than the governmentitself.itself.
In this sense, it could be argued thatIn this sense, it could be argued thathackers can be intelligent and criticalhackers can be intelligent and criticalchecks against governments who withholdchecks against governments who withholdinformation or abuse their powerinformation or abuse their power
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
65/130
Hackers as security consultantsHackers as security consultants
Breaching of systems can provide moreBreaching of systems can provide moreeffective security in the future, so that,effective security in the future, so that,presumably less wellpresumably less well--intentioned hackersintentioned hackers
are prevented from causing real harmare prevented from causing real harm In the US, convicted hackers are regularlyIn the US, convicted hackers are regularly
approached by security and intelligenceapproached by security and intelligenceagencies with offers to join them in returnagencies with offers to join them in return
for reduction of their sentencesfor reduction of their sentences Others have established own computerOthers have established own computer
security firmssecurity firms
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
66/130
In May 2006,In May 2006, a Filipino call centera Filipino call centeragent was found guilty of hackingagent was found guilty of hackinginto the company he worked for andinto the company he worked for and
stealing credit card details. He wasstealing credit card details. He wasable to make online purchases worthable to make online purchases worthmore than $2,000 through illegalmore than $2,000 through illegal
means. He served a 2means. He served a 2--year prisonyear prisonsentence and had to pay over $5,000sentence and had to pay over $5,000in fines.in fines.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
67/130
EE--Commerce Act of 2000Commerce Act of 2000
(RA No. 8792)(RA No. 8792)
Punishable acts:Punishable acts:
2.2.PiracyPiracy -- unauthorized copying, reproduction,unauthorized copying, reproduction,dissemination, distribution, importation, use,dissemination, distribution, importation, use,
removal, alteration, substitution, modification,removal, alteration, substitution, modification,storage, uploading, downloading, communication,storage, uploading, downloading, communication,making available to the public, or broadcastingmaking available to the public, or broadcastingof protected material, electronic signature orof protected material, electronic signature orcopyrighted works including legally protectedcopyrighted works including legally protectedsound recordings or phonograms or informationsound recordings or phonograms or information
material on protected works, through the use ofmaterial on protected works, through the use oftelecommunication networks, such as, but nottelecommunication networks, such as, but notlimited to, the internet, in a manner thatlimited to, the internet, in a manner thatinfringes intellectual property rightsinfringes intellectual property rights
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
68/130
AntiAnti--CamcordingCamcordingAct of 2010Act of 2010
(Republic Act No. 10088)(Republic Act No. 10088)
prohibits and penalizes unauthorized use,prohibits and penalizes unauthorized use,possession, and control, with the intent orpossession, and control, with the intent orattempt to use audiovisual recordingattempt to use audiovisual recording
devices to transmit or make a copy of anydevices to transmit or make a copy of anyperformance in an exhibition facility ofperformance in an exhibition facility ofcinematographic film or other audiovisualcinematographic film or other audiovisualwork.work.
camcordingcamcording activities declared for privateactivities declared for privateor domestic purposes is now alsoor domestic purposes is now alsopunishable by lawpunishable by law
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
69/130
Exhibition facilities are now mandated toExhibition facilities are now mandated toconspicuously display notices andconspicuously display notices and signagessignages atattheir premises including, but not limited to,their premises including, but not limited to,ticketticket--selling areas and theatre entrances to warnselling areas and theatre entrances to warn
their patrons of the consequences of illegaltheir patrons of the consequences of illegalcamcordingcamcording activities.activities.
The Law also allows authorized persons, evenThe Law also allows authorized persons, evenwithout warrant and payment of admission fee orwithout warrant and payment of admission fee orany charge, to enter and search any exhibitionany charge, to enter and search any exhibition
facility, seize any audiovisual recording device,facility, seize any audiovisual recording device,and detain any person should they haveand detain any person should they havereasonable ground to believe that a violationreasonable ground to believe that a violationunder this Act has been or is being committed.under this Act has been or is being committed.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
70/130
AntiAnti--Child Pornography Act of 2009Child Pornography Act of 2009
(Republic Act No. 9775)(Republic Act No. 9775)
This law defines child pornography asThis law defines child pornography asanyanyrepresentation, be in visual, audio orrepresentation, be in visual, audio orwritten, combination thereof, bywritten, combination thereof, byelectronic, mechanical, digital, optical,electronic, mechanical, digital, optical,
magnetic or other means, of a childmagnetic or other means, of a childengaged in real or simulated explicitengaged in real or simulated explicitsexual activities.sexual activities.
Any person who produces, distributes,Any person who produces, distributes,publishes and commits other related actspublishes and commits other related acts
would be subject to penalties. Violatorswould be subject to penalties. Violatorsmay include internet service providers andmay include internet service providers andinternet content hosts.internet content hosts.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
71/130
Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775
Section 4. Unlawful or Prohibited Acts.Section 4. Unlawful or Prohibited Acts.(a) To hire, employ, use, persuade, induce or(a) To hire, employ, use, persuade, induce orcoerce a child to perform in the creation orcoerce a child to perform in the creation orproduction of any form of child pornography;production of any form of child pornography;
( b ) To p r o d u c e , d i r e c t , m a n u f a c t u r e o r ( b ) To p r o d u c e , d i r e c t , m a n u f a c t u r e o r c r e a t e an y f o r m o f ch i l d p o r n o g r a p h y ; c r e a t e a n y f o r m o f ch i l d p o r n o g r a p h y ;
( c ) T o p u b l is h o f f e r , t r a n sm i t , s e l l ,( c ) T o p u b l i s h o f f e r , t r a n sm i t , s e l l ,d i s t r i b u t e , b r o a d c a st , a d v e r t i s e , p r o m o t e ,d i s t r i b u t e , b r o a d c a st , a d v e r t i s e , p r o m o t e ,e x p o r t o r im p o r t a n y f o r m o f ch i ld e x p o r t o r im p o r t a n y f o r m o f ch i ld p o r n o g r a p h y ; p o r n o g r a p h y ;
(d) To possess any form of child pornography(d) To possess any form of child pornographywith the intent to sell, distribute, publish, orwith the intent to sell, distribute, publish, orbroadcast: Provided. That possession of three (3)broadcast: Provided. That possession of three (3)or more articles of child pornography of the sameor more articles of child pornography of the sameform shall be prima facie evidence of the intentform shall be prima facie evidence of the intentto sell, distribute, publish or broadcast;to sell, distribute, publish or broadcast;
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
72/130
Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775
(e) To knowingly, willfully and intentionally(e) To knowingly, willfully and intentionallyprovide a venue for the commission of prohibitedprovide a venue for the commission of prohibitedacts as, but not limited to, dens, private rooms,acts as, but not limited to, dens, private rooms,cubicles, cinemas, houses or in establishmentscubicles, cinemas, houses or in establishmentspurporting to be a legitimate business;purporting to be a legitimate business;
(f) For film distributors, theaters and(f) For film distributors, theaters andtelecommunication companies, by themselves ortelecommunication companies, by themselves orin cooperation with other entities, to distributein cooperation with other entities, to distributeany form of child pornography;any form of child pornography;(g) For a parent, legal guardian or person having(g) For a parent, legal guardian or person having
custody or control of a child to knowingly permitcustody or control of a child to knowingly permitthe child to engage, participate or assist in anythe child to engage, participate or assist in anyform of child pornography;form of child pornography;
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
73/130
Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775
(h) To engage in the luring or grooming of a(h) To engage in the luring or grooming of achild;child;(i) To engage in pandering of any form of child(i) To engage in pandering of any form of childpornography;pornography;
(j) To willfully access any form of child(j) To willfully access any form of childpornography;pornography;(k) To conspire to commit any of the prohibited(k) To conspire to commit any of the prohibitedacts stated in this section. Conspiracy to commitacts stated in this section. Conspiracy to commitany form of child pornography shall be committedany form of child pornography shall be committedwhen two (2) or more persons come to anwhen two (2) or more persons come to an
agreement concerning the commission of any ofagreement concerning the commission of any ofthe said prohibited acts and decide to commit it;the said prohibited acts and decide to commit it;andand(l) To possess any form of child pornography.(l) To possess any form of child pornography.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
74/130
Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775
Internet content host refers to a person whoInternet content host refers to a person whohosts or who proposes to host internet content inhosts or who proposes to host internet content inthe Philippines.the Philippines.
Section 11. Duties of an Internet Content Host.Section 11. Duties of an Internet Content Host. --An internet content host shall:An internet content host shall:
(a) Not host any form of child pornography on its(a) Not host any form of child pornography on itsinternet address;internet address;
(b) Within seven (7) days, report the presence of(b) Within seven (7) days, report the presence ofany form of child pornography, as well as theany form of child pornography, as well as theparticulars of the person maintaining, hosting,particulars of the person maintaining, hosting,
distributing or in any manner contributing to suchdistributing or in any manner contributing to suchinternet address, to the proper authorities; andinternet address, to the proper authorities; and (c) Preserve such evidence for purposes of(c) Preserve such evidence for purposes of
investigation and prosecution by relevantinvestigation and prosecution by relevantauthorities.authorities.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
75/130
Anti Child Pornography Act of 2009Anti Child Pornography Act of 2009Republic Act No. 9775Republic Act No. 9775
An internet content host shall, upon the request of properAn internet content host shall, upon the request of properauthorities, furnish the particulars of users who gained orauthorities, furnish the particulars of users who gained orattempted to gain access to an internet address thatattempted to gain access to an internet address thatcontains any form of child pornography.contains any form of child pornography.
An internet content host who shall knowingly, willfully andAn internet content host who shall knowingly, willfully andintentionally violate this provision shall be subject to theintentionally violate this provision shall be subject to thepenalty provided under Section 15(j) of this Act: Provided,penalty provided under Section 15(j) of this Act: Provided,That the failure of the internet content host to remove anyThat the failure of the internet content host to remove anyform of child pornography within fortyform of child pornography within forty--eight (48) hourseight (48) hoursfrom receiving the notice that any form of childfrom receiving the notice that any form of childpornography is hitting its server shall be conclusivepornography is hitting its server shall be conclusiveevidence of willful and intentional violation thereof.evidence of willful and intentional violation thereof.
Section 12. Authority to Regulate Internet CafSection 12. Authority to Regulate Internet Caf or Kiosk.or Kiosk. --The local government unit (LGU) of the city or municipalityThe local government unit (LGU) of the city or municipalitywhere an internet cafwhere an internet caf or kiosk is located shall have theor kiosk is located shall have theauthority to monitor and regulate the establishment andauthority to monitor and regulate the establishment andoperation of the same or similar establishments in order tooperation of the same or similar establishments in order toprevent violation of the provisions of this Act.prevent violation of the provisions of this Act.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
76/130
CybercrimeCybercrime Prevention Act of 2012Prevention Act of 2012
ORIGIN:ORIGIN:
Senate Bill No. 2796: "AN ACT DEFININGSenate Bill No. 2796: "AN ACT DEFININGCYBERCRIME, PROVIDING FORCYBERCRIME, PROVIDING FOR
PREVENTION, INVESTIGATION ANDPREVENTION, INVESTIGATION ANDIMPOSITION OF PENALTIES THEREFORIMPOSITION OF PENALTIES THEREFORAND FOR OTHER PURPOSESAND FOR OTHER PURPOSES
Consolidation ofConsolidation ofSBNosSBNos. 14, 52, 134, 275,. 14, 52, 134, 275,665, 828, 983, 1081, 1475, 1963, 2214,665, 828, 983, 1081, 1475, 1963, 2214,2451, 2534, 2674, and 2721, Taking Into2451, 2534, 2674, and 2721, Taking IntoConsiderationConsideration SRNosSRNos. 75, 164 and 254. 75, 164 and 254
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
77/130
Republic Act No. 10175*Republic Act No. 10175*
((CybercrimeCybercrime Prevention Act of 2012)Prevention Act of 2012)
Signed into law September 12, 2012. TookSigned into law September 12, 2012. Tookeffect October 3, 2012.effect October 3, 2012.
Petitioners questioned the constitutionalityPetitioners questioned the constitutionality
of the law before the Supreme Courtof the law before the Supreme Court On October 9, the Supreme Court issued aOn October 9, the Supreme Court issued a
TRO, effective for 120 days, against itsTRO, effective for 120 days, against itsimplementation/enforcement. Beforeimplementation/enforcement. Beforeexpiry of the period, the SC extended theexpiry of the period, the SC extended the
same indefinitelysame indefinitely On February 18, 2014, the Supreme CourtOn February 18, 2014, the Supreme Court
promulgated its Decisionpromulgated its Decision
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
78/130
Republic Act No. 10175*Republic Act No. 10175*
((CybercrimeCybercrime Prevention Act of 2012)Prevention Act of 2012)
ComputerComputer-- refers to an electronic, magnetic,refers to an electronic, magnetic,optical, electrochemical, or other data processingoptical, electrochemical, or other data processingor communications device, or grouping of suchor communications device, or grouping of suchdevices, capable of performing logical, arithmetic,devices, capable of performing logical, arithmetic,
routing, or storage functions and which includesrouting, or storage functions and which includesany storage facility or equipment orany storage facility or equipment orcommunications facility or equipment directlycommunications facility or equipment directlyrelated to or operating in conjunction with suchrelated to or operating in conjunction with suchdevice. It covers any type of computer devicedevice. It covers any type of computer deviceincluding devices with data processingincluding devices with data processingcapabilities like mobile phones, smart phones,capabilities like mobile phones, smart phones,computer networks and other devices connectedcomputer networks and other devices connectedto the internet.to the internet.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
79/130
Offenses against the confidentiality, integrity andOffenses against the confidentiality, integrity and
availability of computer data and systemsavailability of computer data and systems
1.1. Illegal accessIllegal access -- intentional access to the wholeintentional access to the wholeor any part of a computer systemor any part of a computer system without rightwithout right(HACKING)(HACKING)
2.2. Illegal interceptionIllegal interception -- intentional interceptionintentional interceptionmade by technical meansmade by technical means without rightwithout rightof anyof anynonnon--public transmission of computer data to,public transmission of computer data to,from, or within a computer system includingfrom, or within a computer system includingelectromagnetic emissions from a computerelectromagnetic emissions from a computer
system carrying such computer datasystem carrying such computer data
3.3. Data interferenceData interference -- intentional or recklessintentional or recklessalteration of computer dataalteration of computer data without rightwithout right
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
80/130
Without rightWithout right-- refers to either:refers to either:
(i) conduct undertaken without or in(i) conduct undertaken without or inexcess of authority;excess of authority;
(ii) conduct not covered by(ii) conduct not covered byestablished legal defenses, excuses,established legal defenses, excuses,court orders, justifications, orcourt orders, justifications, or
relevant principles under the law.relevant principles under the law.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
81/130
Offenses against the confidentiality, integrity andOffenses against the confidentiality, integrity and
availability of computer data and systemsavailability of computer data and systems
4.4.System interferenceSystem interference -- intentionalintentionalor reckless hinderingor reckless hindering without rightwithout rightof the functioning of a computerof the functioning of a computer
system by inputting, transmitting,system by inputting, transmitting,deleting or altering computer datadeleting or altering computer dataor program.or program.
i.e. introduction of viruses,i.e. introduction of viruses, trojantrojanhorses, worms, malicious software,horses, worms, malicious software,DOS attack,DOS attack,
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
82/130
Offenses against the confidentiality, integrity andOffenses against the confidentiality, integrity and
availability of computer data and systemsavailability of computer data and systems
5.5. Misuse of deviceMisuse of device -- use, production, sale, procurement,use, production, sale, procurement,importation, distribution, or otherwise making available,importation, distribution, or otherwise making available,without right, of:without right, of:
(a) a device, including a computer program, designed(a) a device, including a computer program, designedor adapted primarily for the purpose of committing any ofor adapted primarily for the purpose of committing any ofthe offenses under this Act; orthe offenses under this Act; or
(b) a computer password, access code, or similar data(b) a computer password, access code, or similar databy which the whole or any part of a computer system isby which the whole or any part of a computer system iscapable of being accessed with intent that it be used forcapable of being accessed with intent that it be used forthe purpose of committing any of the offenses under thisthe purpose of committing any of the offenses under thisAct.Act.
-- possession of an item referred to with intent to use saidpossession of an item referred to with intent to use said
devices for the purpose of committing any of hereindevices for the purpose of committing any of hereinoffensesoffenses
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
83/130
Misuse of DeviceMisuse of Device
DeviceDevicerefers to a cracking devicerefers to a cracking deviceor tools for hackingor tools for hacking
Penalizes the creation, possession,Penalizes the creation, possession,acquisition of any computer programacquisition of any computer programdesigned to crack or disrupt systemsdesigned to crack or disrupt systemsillegallyillegally
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
84/130
Offenses against the confidentiality, integrity andOffenses against the confidentiality, integrity and
availability of computer data and systemsavailability of computer data and systems
6. Cyber6. Cyber--squattingsquatting.. The acquisition of aThe acquisition of adomain name over the internet in bad faith todomain name over the internet in bad faith toprofit, mislead, destroy reputation, and depriveprofit, mislead, destroy reputation, and depriveothers from registering the same, if such aothers from registering the same, if such a
domain name is:domain name is: (i) Similar, identical, or confusingly similar to an existing(i) Similar, identical, or confusingly similar to an existing
trademark registered with the appropriate governmenttrademark registered with the appropriate governmentagency at the time of the domain name registration:agency at the time of the domain name registration:
(ii) Identical or in any way similar with the name of a(ii) Identical or in any way similar with the name of a
person other than the registrant, in case of a personalperson other than the registrant, in case of a personalname; andname; and
(iii) Acquired(iii) Acquired without rightwithout rightor with intellectual propertyor with intellectual propertyinterests in it.interests in it.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
85/130
ComputerComputer--related Offensesrelated Offenses
1.1.ComputerComputer--related Forgeryrelated Forgery
(i) The input, alteration, or deletion of any computer data(i) The input, alteration, or deletion of any computer datawithout right resulting in inauthentic data with the intentwithout right resulting in inauthentic data with the intentthat it be considered or acted upon for legal purposes as ifthat it be considered or acted upon for legal purposes as ifit were authentic, regardless whether or not the data isit were authentic, regardless whether or not the data isdirectly readable and intelligible; ordirectly readable and intelligible; or
(ii) The act of knowingly using computer data which is the(ii) The act of knowingly using computer data which is theproduct of computerproduct of computer--related forgery as defined herein, forrelated forgery as defined herein, forthe purpose of perpetuating a fraudulent or dishonestthe purpose of perpetuating a fraudulent or dishonestdesign.design.
2.2.ComputerComputer--related Fraudrelated Fraud -- The unauthorized input,The unauthorized input,
alteration, or deletion of computer data or program oralteration, or deletion of computer data or program orinterference in the functioning of a computer system,interference in the functioning of a computer system,causing damage thereby with fraudulent intent:causing damage thereby with fraudulent intent:
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
86/130
ComputerComputer--related Offensesrelated Offenses
3. Computer3. Computer--related Identity Theftrelated Identity Theft -- TheTheintentional acquisition, use, misuse,intentional acquisition, use, misuse,transfer, possession, alteration or deletiontransfer, possession, alteration or deletionof identifying information belonging toof identifying information belonging to
another, whether natural or juridical,another, whether natural or juridical,without rightwithout right:: Provided,Provided, That if noThat if nodamage has yet been caused, the penaltydamage has yet been caused, the penaltyimposable shall be one (1) degree lower.imposable shall be one (1) degree lower.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
87/130
ContentContent--related Offensesrelated Offenses
(1)(1)CybersexCybersex.. The willful engagement,The willful engagement,maintenance, control, or operation, directly ormaintenance, control, or operation, directly orindirectly, of any lascivious exhibition of sexualindirectly, of any lascivious exhibition of sexualorgans or sexual activity, with the aid of aorgans or sexual activity, with the aid of a
computer system, for favor or consideration.computer system, for favor or consideration.
(2) Child Pornography.(2) Child Pornography. The unlawful orThe unlawful orprohibited acts defined and punishable byprohibited acts defined and punishable by
Republic Act No. 9775Republic Act No. 9775 or the Antior the Anti--ChildChildPornography Act of 2009, committed through aPornography Act of 2009, committed through acomputer system:computer system: Provided,Provided, That the penalty toThat the penalty tobe imposed shall be (1) one degree higher thanbe imposed shall be (1) one degree higher thanthat provided for in Republic Act No. 9775.that provided for in Republic Act No. 9775.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
88/130
ContentContent--related Offensesrelated Offenses
(3) Unsolicited Commercial(3) Unsolicited Commercial
Communications.Communications. TheThetransmission of commercialtransmission of commercial
electronic communication with theelectronic communication with theuse of computer system which seekuse of computer system which seekto advertise, sell, or offer for saleto advertise, sell, or offer for sale
products and services are prohibitedproducts and services are prohibited
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
89/130
EXCEPTIONS:EXCEPTIONS:
(i) There is prior affirmative consent from(i) There is prior affirmative consent fromthe recipient; orthe recipient; or
(ii) The primary intent of the(ii) The primary intent of thecommunication is for service and/orcommunication is for service and/oradministrative announcements from theadministrative announcements from thesender to its existing users, subscribers orsender to its existing users, subscribers or
customers;customers;
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
90/130
(iii) The following conditions are present:(iii) The following conditions are present:
((aaaa) The commercial electronic communication) The commercial electronic communicationcontains a simple, valid, and reliable way for thecontains a simple, valid, and reliable way for therecipient to reject. receipt of further commercialrecipient to reject. receipt of further commercial
electronic messages (optelectronic messages (opt--out) from the sameout) from the samesource;source;
(bb) The commercial electronic communication(bb) The commercial electronic communicationdoes not purposely disguise the source of thedoes not purposely disguise the source of the
electronic message; andelectronic message; and(cc) The commercial electronic communication(cc) The commercial electronic communication
does not purposely include misleading information indoes not purposely include misleading information inany part of the message in order to induce theany part of the message in order to induce therecipients to read the message.recipients to read the message.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
91/130
This provision (on making unsolicitedThis provision (on making unsolicitedcommercial communications a crime)commercial communications a crime)was declared unconstitutional by thewas declared unconstitutional by the
Supreme Court:Supreme Court:Unsolicited advertisements areUnsolicited advertisements are
legitimate forms of expression.legitimate forms of expression.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
92/130
The Government, represented by the SolicitorThe Government, represented by the SolicitorGeneral, points out that unsolicited commercialGeneral, points out that unsolicited commercialcommunications orcommunications or spamsspams are a nuisance thatare a nuisance thatwastes the storage and network capacities ofwastes the storage and network capacities of
internet service providers, reduces the efficiencyinternet service providers, reduces the efficiencyof commerce and technology, and interferes withof commerce and technology, and interferes withthe ownerthe owners peaceful enjoyment of his property.s peaceful enjoyment of his property.TransmittingTransmitting spamsspams amounts to trespass to oneamounts to trespass to onessprivacy since the person sending outprivacy since the person sending out spamsspams
enters the recipiententers the recipients domain without priors domain without priorpermission. The OSG contends that commercialpermission. The OSG contends that commercialspeech enjoys less protection in law.speech enjoys less protection in law.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
93/130
But, firstly, the government presents no basisBut, firstly, the government presents no basisfor holding that unsolicited electronic ads reducefor holding that unsolicited electronic ads reducethe "efficiency of computers." Secondly, people,the "efficiency of computers." Secondly, people,before the arrival of the age of computers, havebefore the arrival of the age of computers, have
already been receiving such unsolicited ads byalready been receiving such unsolicited ads bymail. These have never been outlawed asmail. These have never been outlawed asnuisance since people might have interest in suchnuisance since people might have interest in suchads. What matters is that the recipient has theads. What matters is that the recipient has theoption of not opening or reading these mail ads.option of not opening or reading these mail ads.
That is true withThat is true with spamsspams. Their recipients always. Their recipients alwayshave the option to delete or not to read them.have the option to delete or not to read them.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
94/130
To prohibit the transmission of unsolicited adsTo prohibit the transmission of unsolicited adswould deny a person the right to read his emails,would deny a person the right to read his emails,even unsolicited commercial ads addressed toeven unsolicited commercial ads addressed tohim. Commercial speech is a separate category ofhim. Commercial speech is a separate category of
speech which is not accorded the same level ofspeech which is not accorded the same level ofprotection as that given to other constitutionallyprotection as that given to other constitutionallyguaranteed forms of expression but isguaranteed forms of expression but isnonetheless entitled to protection. The Statenonetheless entitled to protection. The Statecannot rob him of this right without violating thecannot rob him of this right without violating the
constitutionally guaranteed freedom ofconstitutionally guaranteed freedom ofexpression. Unsolicited advertisements areexpression. Unsolicited advertisements arelegitimate forms of expression.legitimate forms of expression.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
95/130
III. ContentIII. Content--related Offensesrelated Offenses
4.4.LibelLibel.. The unlawful or prohibited actsThe unlawful or prohibited actsof libel as defined in Article 355 of theof libel as defined in Article 355 of theRevised Penal Code, as amended,Revised Penal Code, as amended,committed through a computer systemcommitted through a computer system
or any other similar means which mayor any other similar means which maybe devised in the future.be devised in the future.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
96/130
SC upheld the validity of thisprovision.
Indeed, cyberlibel is actually not a
new crime since Article 353, inrelation to Article 355 of the penalcode, already punishes it. In effect,Section 4(c)(4) above merely affirms
that online defamation constitutessimilar means for committing libel.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
97/130
Aiding or Abetting
Sec. 5. Other Offenses. Thefollowing acts shall also constitute anoffense:
(a) Aiding or Abetting in theCommission of Cybercrime. Anyperson who willfully abets or aids inthe commission of any of the
offenses enumerated in this Act shallbe held liable.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
98/130
Are online postings such as Likingan openly defamatory statement,Commenting on it, or Sharing it
with others, to be regarded asaiding or abetting?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
99/130
In libel in the physical world, if Nestorplaces on the office bulletin board a smallposter that says, Armand is a thief!, hecould certainly be charged with libel. If
Roger, seeing the poster, writes on it, Ilike this!, that could not be libel since hedid not author the poster. If Arthur,passing by and noticing the poster, writeson it,Correct!, would that be libel? No,
for he merely expresses agreement withthe statement on the poster. He still is notits author.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
100/130
But suppose Nestor posts the blog,Armand is a thief! on a social networkingsite. Would a reader and his Friends orFollowers, availing themselves of any of
the Like, Comment, and Sharereactions, be guilty of aiding or abettinglibel? And, in the complex world ofcyberspace expressions of thoughts, when
will one be liable for aiding or abettingcybercrimes? Where is the venue of thecrime?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
101/130
Except for the original author of the assailedstatement, the rest (those who pressed Like,Comment and Share) are essentially knee-jerksentiments of readers who may think little or
haphazardly of their response to the originalposting. Will they be liable for aiding or abetting?And, considering the inherent impossibility ofjoining hundreds or thousands of respondingFriends or Followers in the criminal charge tobe filed in court, who will make a choice as to
who should go to jail for the outbreak of thechallenged posting?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
102/130
The old parameters for enforcing thetraditional form of libel would be a squarepeg in a round hole when applied tocyberspace libel. Unless the legislature
crafts a cyber libel law that takes intoaccount its unique circumstances andculture, such law will tend to create achilling effect on the millions that use this
new medium of communication in violationof their constitutionally-guaranteed rightto freedom of expression.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
103/130
The terms aiding or abettingconstitute broad sweep thatgenerates chilling effect on those
who express themselves throughcyberspace posts, comments, andother messages. Hence, Section 5 ofthe cybercrime law that punishesaiding or abetting libel on thecyberspace is a nullity.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
104/130
In regard to the crime that targetschild pornography, when Googleprocures, stores, and indexes child
pornography and facilitates thecompletion of transactions involvingthe dissemination of childpornography, does this make
Google and its users aiders andabettors in the commission of childpornography crimes?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
105/130
When a person replies to a Tweetcontaining child pornography, heeffectively republishes it whether
wittingly or unwittingly. Does thismake him a willing accomplice to thedistribution of child pornography?
The legislature needs to address this
clearly to relieve users of annoyingfear of possible criminal prosecution.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
106/130
ISSUES/PROBLEM AREASISSUES/PROBLEM AREAS
Not all forms ofNot all forms ofcybercrimescybercrimes are coveredare coveredunder our existing laws, including theunder our existing laws, including theCybercrimeCybercrime Prevention Act of 2012.Prevention Act of 2012.
There will always be new types ofThere will always be new types ofcybercrimescybercrimes..
The human mind is ingenious enough toThe human mind is ingenious enough todevise new ways for perpetuating crime,devise new ways for perpetuating crime,especially when newer technologies areespecially when newer technologies aredeveloped.developed.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
107/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
108/130
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
109/130
The security of informationThe security of informationtechnology used in business istechnology used in business isutmost importance. Confidentialutmost importance. Confidential
business data and private customerbusiness data and private customerand employee information must beand employee information must besafeguarded, and systems must besafeguarded, and systems must beprotected against malicious acts ofprotected against malicious acts oftheft or disruption.theft or disruption.
Ethical decisions regarding ITEthical decisions regarding IT
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
110/130
Ethical decisions regarding ITEthical decisions regarding IT
security:security:
If their firm is a victim of a computerIf their firm is a victim of a computercrime, should they pursue prosecution ofcrime, should they pursue prosecution ofthe criminals at all costs, maintain a lowthe criminals at all costs, maintain a low
profile to avoid the negative publicity,profile to avoid the negative publicity,inform the affected customers, or takeinform the affected customers, or takesome other action?some other action?
How much effort and money should beHow much effort and money should be
spent to safeguard against computerspent to safeguard against computercrime?crime?
Ethical decisions regarding ITEthical decisions regarding IT
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
111/130
Ethical decisions regarding ITEthical decisions regarding IT
security:security:
If their firm produces software withIf their firm produces software withdefects that allow hackers to attackdefects that allow hackers to attackcustomer data and computers, whatcustomer data and computers, what
actions should they take?actions should they take? What should be done if recommendedWhat should be done if recommended
computer security safeguards make lifecomputer security safeguards make lifemore difficult for customers andmore difficult for customers and
employees, resulting in lost sales andemployees, resulting in lost sales andincreased costs?increased costs?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
112/130
Most Common Security IncidentsMost Common Security Incidents
TYPE OF SECURITY INCIDENT 2007 2008
VirusVirus 52%52% 50%50%
Insider AbuseInsider Abuse 59%59% 44%44%
Laptop theftLaptop theft 50%50% 42%42%
Unauthorized AccessUnauthorized Access 25%25% 29%29%
Denial of ServiceDenial of Service 25%25% 21%21%
Instant Messaging AbuseInstant Messaging Abuse 25%25% 21%21%
BotsBots 21%21% 20%20%
Implementing TrustworthyImplementing Trustworthy
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
113/130
Implementing TrustworthyImplementing Trustworthy
ComputingComputing
Trustworthy computingTrustworthy computing method ofmethod ofcomputing that delivers secure,computing that delivers secure,private, and reliable computingprivate, and reliable computing
experiences based on sound businessexperiences based on sound businesspracticespractices
Businesses and organizations areBusinesses and organizations are
now demanding thisnow demanding this
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
114/130
Risk AssessmentRisk Assessment
Process of assessing securityProcess of assessing security--relatedrelatedrisks to an organizationrisks to an organizations computerss computersand networks from both internal andand networks from both internal and
external threats.external threats.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
115/130
Security risk assessment processSecurity risk assessment process
1.1. Identify the set of IT assets aboutIdentify the set of IT assets aboutwhich the organization is mostwhich the organization is mostconcerned. Priority is typically givenconcerned. Priority is typically given
to those assets that support theto those assets that support theorganizationorganizations mission and thes mission and themeeting of its primary businessmeeting of its primary businessgoals.goals.
2.2. Identify the loss events or the risksIdentify the loss events or the risksor threats that could occuror threats that could occur
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
116/130
Security risk assessment processSecurity risk assessment process
3.3. Assess the frequency of events or theAssess the frequency of events or thelikelihood of each potential threat; somelikelihood of each potential threat; somethreats, such as insider fraud, are morethreats, such as insider fraud, are more
likely to occur than others.likely to occur than others.4.4. Determine the impact of each threatDetermine the impact of each threat
occurring. Would the threat have a minoroccurring. Would the threat have a minorimpact on the organization, or could itimpact on the organization, or could it
keep the organization from carrying outkeep the organization from carrying outits mission for a lengthy period of time?its mission for a lengthy period of time?
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
117/130
Security risk assessment processSecurity risk assessment process
6.6. Determine how each threat can beDetermine how each threat can bemitigated so that it becomes muchmitigated so that it becomes muchless likely to occur or if it doesless likely to occur or if it does
occur, has less of an impact on theoccur, has less of an impact on theorganization.organization.
7.7. Assess the feasibility ofAssess the feasibility of
implementing the mitigation optionsimplementing the mitigation options
S i i k
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
118/130
Security risk assessment processSecurity risk assessment process
7.7. Perform a costPerform a cost--benefit analysis to ensurebenefit analysis to ensurethat your efforts will be cost effective.that your efforts will be cost effective.
8.8. Make the decision on whether or not toMake the decision on whether or not to
implement a particular countermeasure.implement a particular countermeasure.If you decide against implementing aIf you decide against implementing aparticular countermeasure, you ned toparticular countermeasure, you ned toreassess if the threat is truly serious,reassess if the threat is truly serious,
and if so, identify a less costlyand if so, identify a less costlycountermeasure.countermeasure.
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
119/130
P tiP ti
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
120/130
PreventionPrevention
Installing a Corporate firewallInstalling a Corporate firewall
Intrusion Prevention systemsIntrusion Prevention systems
Installing Antivirus software,Installing Antivirus software,
Implementing safeguards againstImplementing safeguards againstattacks by malicious insidersattacks by malicious insiders
Conducting periodic IT Security AuditConducting periodic IT Security Audit
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
121/130
AUGMENTINGCOMPUTERSECURITY
AntiAnti--virusvirus
softwaresoftware
AuditAudit--controlcontrol
softwaresoftwarePasswordsPasswords
EncryptionEncryption
Access controlAccess control
softwaresoftware FirewallsFirewalls
BiometricsBiometrics
P dP d
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
122/130
PasswordsPasswords
One of the simplest and most widely usedOne of the simplest and most widely usedcomputer security measurescomputer security measures
Inherent weakness: can be too obvious orInherent weakness: can be too obvious oreasy to guesseasy to guess
Rigorously enforced password policiesRigorously enforced password policiesneed to be adhered to (at least 8need to be adhered to (at least 8characters, alphanumeric)characters, alphanumeric)
Changed on a regular basisChanged on a regular basis
Monitor logins (including unsuccessfulMonitor logins (including unsuccessfulones)ones)
E tiE ti
-
7/26/2019 Computer Ethics - Computer and Internet Crime 2016
123/130
EncryptionEncryption
Useful to secure information in transit betweenUseful to secure information in transit betweenthe sender and receiverthe sender and receiver
EncryptionEncryption conversion of data into a formconversion of data into a form(called a cipher) that cannot be easily understood(called a cipher) that cannot be easily understood
by unauthorized receiversby unauthorized receivers DecryptionDecryption process of converting encryptedprocess of converting encrypted
data back into its original form, so it can bedata back into its original form, so it can beunderstoodunderstood
Ciphe