CDI9
CDI9
CDI9
Email Through social media may be one of the most popular ways to use the internet
these days, email is still the most prevalent delivery method for cybercrime. Not only
that. Email fraud is the second – costliest cybercrime, according to the FBI, Email fraud
encompasses phishing attempts, malware in the form of sketchy attachments or links,
as well as some forms of digital extortion, ransomware, and exploit kits.
Dark Web – Refers to all parts of the internet (sites, e-shops, forums, etc.) that are not
accessible by a regular search engine like Google or Bling, A subset of the deep web is
the dark web, or darknet, which requires a special browse, such as Tor, to access it,
although the dark web is not itself illegal, the anonymity it affords make it a hotbed for
criminal activity.
On the dark web, cybercriminals can exchange the most dangerous and odious
commodities our society has to other: malware, drugs, weapons, child pornography, and
even contract killing. The Dark web is also where information, like stolen passwords or
credit card numbers, get bought and sold. That’s why if you’re victim of a data breach, it
can sometimes take a few days (or even longer) until someone purchases the stolen
data and tries to access your account.
Dateline Cybercrime
1834 — French Telegraph System — A pair of thieves hack the French Telegraph
System and steal financial market information, effectively conducting the world’s first
cyberattack.
1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to
disconnect and redirect calls and use the line for personal usage.
1878 — Early Telephone Calls — Two years after Alexander Graham Bell invents the
telephone, the Bell Telephone Company kicks a group of teenage boys off the
telephone system in New York for repeatedly and intentionally misdirecting and
disconnecting customer calls.
1903 — Wireless Telegraphy — During John Ambrose Fleming’s first public
demonstration of Marconi’s “secure” wireless telegraphy technology, Nevil Maskelyne
disrupts it by sending insulting Morse code messages discrediting the invention.
1939 — Military Codebreaking — Alan Turing and Gordon Welchman develop BOMBE,
an electro-mechanical machine, during WWII while working as codebreakers at
Bletchley Park. It helps to break the German Enigma codes.
1940 — First Ethical Hacker — Rene Carmille, a member of the Resistance in Nazi-
occupied France and a punch-card computer expert who owns the machines that the
Vichy government of France uses to process information, finds out that the Nazis are
using punch-card machines to process and track down Jews, volunteers to let them use
his, and then hacks them to thwart their plan.
1955 — Phone Hacker — David Condon whistles his “Davy Crockett Cat” and “Canary
Bird Call Flute” into his phone, testing a theory on how phone systems work. The
system recognizes the secret code, assumes he is an employee, and connects him to a
long-distance operator. She connects him to any phone number he requests for free.
1957 — Joybubbles — Joe Engressia (Joybubbles), a blind, 7-year-old boy with perfect
pitch, hears a high-pitched tone on a phone line and begins whistling along to it at a
frequency of 2600Hz, enabling him to communicate with phone lines and become the
U.S.’s first phone hacker or “phone phreak.”
1962 — Allan Scherr — MIT sets up the first computer passwords, for student privacy
and time limits. Student Allan Scherr makes a punch card to trick the computer into
printing off all passwords and uses them to log in as other people after his time runs out.
He also shares passwords with his friends, leading to the first computer “troll.” They
hack into their teacher’s account and leave messages making fun of him.
1994 — Datastream Cowboy and Kuji — Administrators at the Rome Air Development
Center, a U.S. Air Force research facility, discover a password “sniffer” has been
installed onto their network, compromising more than 100 user accounts. Investigators
determined that two hackers, known as Datastream Cowboy and Kuji, are behind the
attack.
1995 — Vladmir Levin — Russian software engineer Vladimir Levin hacks into
Citibank’s New York IT system from his apartment in Saint Petersburg and authorizes a
series of fraudulent transactions, eventually wiring an estimated $10 million to accounts
worldwide.
1998-2007 — Max Butler — Max Butler hacks U.S. government websites in 1998 and is
sentenced to 18 months in prison in 2001. After being released in 2003, he uses WiFi to
commit attacks, program malware and steal credit card information. In 2007, he is
arrested and eventually pleads guilty to wire fraud, stealing millions of credit card
numbers and around $86 million of fraudulent purchases.
1999 — NASA and Defense Department Hack — Jonathan James, 15, manages to
penetrate U.S. Department of Defense division computers and install a backdoor on its
servers, allowing him to intercept thousands of internal emails from different
government organizations, including ones containing usernames and passwords for
various military computers. Using the info, he steals a piece of NASA software. Systems
are shut down for three weeks.
1999 — The Melissa Virus — A virus infects Microsoft Word documents, automatically
disseminating itself as an attachment via email. It mails out to the first 50 names listed
in an infected computer’s Outlook email address box. The creator, David Smith, says he
didn’t intend for the virus, which caused $80 million in damages, to harm computers. He
is arrested and sentenced to 20 months in prison.
2000 — Lou Cipher — Barry Schlossberg, aka Lou Cipher, successfully extorts $1.4
million from CD Universe for services rendered in attempting to catch the Russian
hacker.
2000 — Mafiaboy — 15-year-old Michael Calce, aka MafiaBoy, a Canadian high school
student, unleashes a DDoS attack on several high-profile commercial websites
including Amazon, CNN, eBay and Yahoo! An industry expert estimates the attacks
resulted in $1.2 billion dollars in damages.
2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root
servers, a DDoS attack assaults the entire Internet for an hour. Most users are
unaffected.
2003 — Operation CyberSweep — The U.S. Justice Department announces more than
70 indictments and 125 convictions or arrests for phishing, hacking, spamming and
other Internet fraud as part of Operation CyberSweep.
2003-2008 — Albert Gonzalez — Albert Gonzales is arrested in 2003 for being part of
ShadowCrew, a group that stole and then sold card numbers online, and works with
authorities in exchange for his freedom. Gonzales is later involved in a string of hacking
crimes, again stealing credit and debit card details, from around 2006 until he is
arresting in 2008. He stole millions of dollars, targeted companies including TJX,
Heartland Payment Systems and Citibank.
2004 — Lowe’s — Brian Salcedo is sentenced to 9 years for hacking into Lowe’s home
improvement stores and attempting to steal customer credit card information.
2004 — ChoicePoint — A 41-year-old Nigerian citizen compromises customer data of
ChoicePoint, but the company only informs 35,000 people of the breach. Media scrutiny
eventually leads the consumer data broker, which has since been purchased by
LexisNexis, to reveal another 128,000 people had information compromised.
2005 — PhoneBusters — PhoneBusters reports 11K+ identity theft complaints in
Canada, and total losses of $8.5M, making this the fastest growing form of consumer
fraud in North America.
2005 — Polo Ralph Lauren/HSBC – HSBC Bank sends letters to more than 180,000
credit card customers, warning that their card information may have been stolen during
a security breach at a U.S. retailer (Polo Ralph Lauren). A DSW data breach also
exposes transaction information from 1.4 million credit cards.
2006 — TJX — A cybercriminal gang steals 45 million credit and debit card numbers
from TJX, a Massachusetts-based retailing company, and uses a number of the stolen
cards to fund an electronic shopping spree at Wal-Mart. While initial estimates of
damages came up to around $25 million, later reports add up the total cost of damages
to over $250 million.
2008 — Heartland Payment Systems — 134 million credit cards are exposed through
SQL injection to install spyware on Heartland’s data systems. A federal grand jury
indicts Albert Gonzalez and two Russian accomplices in 2009. Gonzalez, alleged to
have masterminded the international operation that stole the credit and debit cards, is
later sentenced to 20 years in federal prison.
2008 – The Church of Scientology — A hacker group known as Anonymous targets the
Church of Scientology website. The DDoS attack is part of a political activist movement
against the church called “Project Chanology.” In one week, the Scientology website is
hit with 500 DDoS attacks.
2010 — The Stuxnet Worm — A malicious computer virus called the world’s first digital
weapon is able to target control systems used to monitor industrial facilities. It is
discovered in nuclear power plants in Iran, where it knocks out approximately one-fifth
of the enrichment centrifuges used in the country’s nuclear program.
2010 — Zeus Trojan Virus — An Eastern European cybercrime ring steals $70 million
from U.S. banks using the Zeus Trojan virus to crack open bank accounts and divert
money to Eastern Europe. Dozens of individuals are charged.
2011 — Sony Pictures — A hack of Sony’s data storage exposes the records of over
100 million customers using their PlayStation’s online services. Hackers gain access to
all the credit card information of users. The breach costs Sony more than $171 million.
2011 — Epsilon — A cyberattack on Epsilon, which provides email-handling and
marketing services to clients including Best Buy and JPMorgan Chase, results in the
compromise of millions of email addresses.
2011 — RSA SAFETY — Sophisticated hackers steal information about RSA’s SecurID
authentication tokens, used by millions of people, including government and bank
employees. This puts customers relying on them to secure their networks at risk.
2011 — ESTsoft — Hackers expose the personal information of 35 million South
Koreans. Attackers with Chinese IP addresses accomplish this by uploading malware to
a server used to update ESTsoft’s ALZip compression application and steal the names,
user IDs, hashed passwords, birthdates, genders, telephone numbers, and street and
email addresses contained in a database connected to the same network.
2011-2012 — LulzSec — Lulz Security, or LulzSec, a break-off group from hacking
collective Anonymous, attacks Fox.com and then targets more than 250 public and
private entities, including an attack on Sony’s PlayStation Network. They then publicize
their hacks though Twitter to embarrass website owners and make fun of insufficient
security measures.
2009-2013 — Roman Seleznev — Roman Seleznev hacks into more than 500
businesses and 3,700 financial institutions in the U.S., stealing card details and selling
them online, making tens of millions of dollars. He is eventually caught and convicted for
38 charges, including hacking and wire fraud.
2013-2015 — Global Bank Hack — A group of Russian-based hackers gains access to
secure information from more than 100 institutions around the world. The hackers use
malware to infiltrate banks’ computer systems and gather personal data, stealing £650
million from global banks.
2013 — Credit Card Fraud Spree — In the biggest cybercrime case filed in U.S. history,
Federal prosecutors charge 5 men responsible for a hacking and credit card fraud spree
that cost companies more $300 million.
2014-2018 — Marriott International — A breach occurs on systems supporting
Starwood hotel brands beginning in 2014. Attackers remain in the system after Marriott
acquires Starwood in 2016 and aren’t discovered until September 2018. The thieves
steal data on approximately 500 million customers. Marriott announces it in late 2018.
2014 — eBay — A cyberattack exposes names, addresses, dates of birth, and
encrypted passwords of all of eBay’s 145 million users.
2014 — CryptoWall — CryptoWall ransomware, the predecessor of CryptoDefense, is
heavily distributed, producing an estimated revenue of $325 million.
2014 — JPMorgan — Hackers hijack one of JPMorgan Chase’s servers and steal data
about millions of bank accounts, which they use in fraud schemes yielding close to $100
million.
2015 — Anthem — Anthem reports theft of personal information on up to 78.8 million
current and former customers.
2015 — LockerPin — LockerPin resets the pin code on Android phones and demands
$500 from victims to unlock the device.
2015 — Prepaid Debit Cards — A worldwide gang of criminals steals a total of $45
million in a matter of hours by hacking a database of prepaid debit cards and then
draining cash machines around the globe.
2016 — DNC Email Leaks — Democratic National Committee emails are leaked to and
published by WikiLeaks prior to the 2016 U.S. presidential election.
2017 — Equifax — Equifax, one of the largest U.S. credit bureaus, is hacked, exposing
143 million user accounts. The sensitive leaked data includes Social Security numbers,
birth dates, addresses, driver’s license numbers, and some credit card numbers.
2017 — Chipotle — An Eastern European criminal gang that is targeting restaurants
uses phishing to steal credit card information of millions of Chipotle customers.
2017 — WannaCry — WannaCry, the first known example of ransomware operating via
a worm (viral software that replicates and distributes itself), targets a vulnerability in
older versions of Windows OS. Within days, tens of thousands of businesses and
organizations across 150 countries are locked out of their own systems by WannaCry’s
encryption. The attackers demand $300 per computer to unlock the code.
2019 — Facebook — 74 Facebook groups devoted to the sale of stolen credit card
data, identity info, spam lists, hacking tools, and other cybercrime commodities are
uncovered.
WEEK 4
CHARACTERISTIC OF CYBERCRIME
The concept of cyber crime is very different from traditional crime. Also due to the growth of
Internet Technology, this crime has gained serious and unfettered attention as compared to the
traditional crime, so it is necessary to examine the peculiar characteristics of Cybercrime.
3. Virtual World – The Act of Cyber Crime takes place in cyber space and the criminal who is
committing this act is physically outside the cyber space. Every activity of the criminal while
committing that crime is done over the virtual world.
4. Collecting of Evidence – It is very difficult to collect evidence of Cyber Crime and prove
them in court of law due to the nature of cybercrime. The Criminal in cyber crime invokes
jurisdiction of several countries while committing the cyber crime and at the same time he is
sitting somewhere safe where he is not traceable.
5. Magnitude of Crime Unimaginable – Cybercrime has the potential to cause injury loss of
life to an extent which cannot be imagined. The Offenses like Cyber Terrorism, Cyber
Pornography etc has wide reach and it can destroy the websites, steal data of the companies in no
time.
6. Classification of Cyber Crime – The Researcher in this chapter examines the acts wherein
computer or technology is a tool for an unlawful act. This kind of activity usually involves a
modification of conventional crime by using information technology, Here is the list of prevalent
cyber crimes. Some of them are widely spread and some are not prevalent on a larger scale. The
Cyber crimes are discussed below –
Cyber Pornography is in simple words defined as the act of using cyberspace to create, display,
distribute, import, or publish pornography or absence materials. With the advent of cyberspace,
traditional pornographic content has now been largely replaced by online/digital pornographic
content. Pornography has no legal or consistent definition. The Definition of Pornography
depends how the society, norms and their values are reacting to the pornographic content.
To understand the gravity and effect of pornography and obscenity on society, we need to
understand these terms in their widest possible amplitude. The Word Pornography has not been
defined as legally in any part of the world. The basic reason behind this is very simple; Neither
do we have any uniform standard of Moral Culture, Values, Ethics and Nor do we have any
uniform standard of law.
The Term Obscene means relating to materials that can regulated or criminalized because their
depiction of nudity, sex, or excretion is patiently offensive and without artistic or scientific value.
The test of obscenity was first laid down in the case of Regina V. Hicklin as the Tendency “To
deprave and corrupt those whose minds are open to such influences and into whose hands a
publication of this sort may fall”. And it was understood that this test would apply only to the
isolated passage of the work.
6.2 Cyber Stalking
Stalking in General means behavior of harassing or threatening the other person. Cyber Stalking
is an extension of the Physical form of stalking. Which is committed over the online medium
with use of information technology. In cyber stalking the internet, E- mail, Chat room etc. are
used to stalk another person. Wikipedia defines cyber stalking, where the Internet or other
electronic means to stalk or harass an individual, a group of individuals, or an organization. It
includes the making of false accusations or statements of facts (as in defamation), monitoring,
making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or
gathering information that may used to harass.
Stalking is a continuous process is not universally acceptable as it varies from place to place.
According to Professor Lamber Royakkers.
“Cyber Stalking is the repeated harassing or threatening of an individual via the internet or
electronic means of communication. A Cyber Stalker is someone with amorous and/or sexual
motives who constantly harasses some else electronically: via the bulletin board, chat box, e –
mail, spam, tax, buzzer or voice e – mail, stalking generally involves constant harassment or
threatening of someone else: following a person, appearing at someone’s house or workplace,
making harassing phone calls, leaving written messages or objects seen in their connection it is
difficult to give a precise description of stalking.”
Cyber Stalking doesn’t involve any physical contact yet stalking through the intern has found
favor among the offenders for certain advantages like, ease of communication, access to personal
information and anonymity.
1. Stalking by E-Mail - where the offender directly sends e-mail to the victim to threaten her or
to harass her. It is the most common form of stalking in the modern world. The most common is
send hate, obscene, pornographic material, and threatening mail to the victim.
2. Stalking through the Internet - This is a Global form of Cyber Stalking. In this the offender
doesn’t the Private Space of the Victim but Harasses her through the Global Medium Publicly.
The offender through the internet medium posts the phone numbers and email address of the
victim on porn sites and put morphed photos of the victim on cyber space and threaten the. This
is the serious nature of Cyber Stalking where the stalker chases all the activity of the Victim on
the net and post false information about her on the websites.
3. Stalking through Computer – In this form of the offender is technocrat and he cant take
control of the computer of the victim as soon as the computers starts operating, In this stalker
gets control of the victim’s computer address and gets control over it. this form of cyber stalking
requires a high degree of computer knowledge to get access to the target’s computer and the
option available to the victim is the disconnect the computer and abandon the current internet
address.
Malware
Computer viruses are the grandaddy of Cybercrime; probably the first kind of it you become
aware of, Viruses other devices and systems.
Viruses are actually a form of malware, which encompasses all kinds of malicious software: any
code or programs written and distributed to do damage, steal data, make money for their owner,
and generally ruin your day. This includes ransomware, which can lock up your files until you
pay a ransom to decrypt them, and adware, which spams you with ads.
Identity Theft and Other Fraud
While identity theft is not exclusively a cybercrime, these days it’s much more likely to happen
through technology. In fact, identity fraud happens every two seconds in America Today. If a
hacker wants to commit identity theft or credit card fraud, they first need to access enough of
their victim’s personal data to fuel the crime. Here are several ways they can get that access:
Phishing: Cybercrooks use “bait” in the form of fraudulent messages to lure victims to
fake sites where they unwittingly enter personal information like usernames, passwords,
or bank details.
Pharming: Taking it one step deeper than phishing. Pharming uses malware to reroute
unsuspecting internet surfers to fake version of websites, where they unknowingly enter
their personal details.
Keylogging: This type of malware (or to be more specific, spyware) secretly logs
everything you type, capturing your account information and other personal details.
While hackers have many ways to steal personal data, there are also some good ways you can
prevent identity theft. Avoid accessing your personal accounts (especially online banking) on
public WI-FI and consider setting up a monitoring service to make sure your online accounts
haven’t breached.
Cyber bullying: Refers to all kinds of online harassment, including stalking, sexual harassment,
doxing (exposing someone’s personal information, like their physical address, online without
their consent), and fraping (breaking into someone’s social media and making fake post on their
behalf).
Crypto jacking: Is when hackers break into your device and use it to mine cryptocurrency
without your knowledge or consent. Crypto miners do this by using JavaScript to inflect your
device after you visit an infected website. This can cause performance issues and high electric
bills for you – and earn big profits for the crypto jackers.
Cyber Extortion: Is just what it sounds like – a digital version of the nightmare that is extorsion.
One of the most common forms is ransomware, when hackers infect your computer with
malware that encrypts all your files until you pay them a ransom to unlock them, cyber extorsion
can also refer to blackmailing victims using their personal info, photos, and video; or threatening
businesses using methods like to botnet – driven DDoS Attacks.
Cyber Espionage: As mentioned, many cybercriminals these days are state – sponsored groups.
Whether it’s the North Koreans, The Iranians, or even the US’ s own NSA – Affiliated Equation
Group, world powers use hackers’ group as one weapon in the complicated matrix of Global
Conflicts. Stealing classified intelligence and using malware to attack nuclear plants are just two
ways which state – sponsored groups can do some frightening things on the world stage.
The US Military claimed establishment claimed to have designed the intricacies of the
internet against the threat of nuclear attack. Today, Internet access has flooded the
global landscape and continues to overflow the social market forces in disbelief.
But what is unexplained is the reason why the internet is not owned nor regulated by
any single entity. If the original concept of the internet is resistance to nuclear attack.
Can it also be used as an instrument to counter government regulations or censorship?
Cyber, Crim of the Millennium
Internet Crime – The second form of Cybercrime has now become routine. While it is
impossible to list and discuss every element of this newly emerging problem, a few of
the most important areas are described below.
A. Distributing Illegal Sexual Material – The internet is deal venue for selling and
distributing obscene material, One reason is that is difficult to identify perpetrators and
even if they can be detected, even harder to prosecute, For example, In one well known
case, Landslide Production Incorporated of Forth Worth, Texas, Operated by a highly
profitable internet based pornography ring taking in as much as 1.4million in one month.
Landslide Charge it customer 29.95per month for a gateway to child pornography
website. However, The Site originated in Russia and Indonesia and therefore was off
limits to control by US authorities; they had a fee sharing agreement with Landslide
Owners.
B. Denial of Service Attack – Some internet Criminal Threated to or actually flood an
internet site with millions of bogus messages and/or orders so that the site services will
be tied up and unable to perform as promised. Unless the site operator pays extortion,
The attackers threatened to keep up the interference until real; Consumers become
frustrated and abandon the site. The online Gambling Casino is particularly vulnerable
to attack, especially when the attacks coincide with big sporting events suck as the
Super Bowl.
G. Non-delivery of goods this involves the non-delivery of goods and services that
were purchased or contracted remotely through the internet. Online-auction sites are a
fertile ground for fraud. Goods may never be sent or if they are, they may be damaged,
counterfeit or stolen.
cyberspace a term coined by sci-fi novelist William Gibson who said in 1999
cyberspace has a nice buzz to it, it's something that an advertising man might have
thought up, and when I got it I knew that it was slick and essentially hollow and then I'd
have to fill it up with meaning. Since then the words meaning has rapidly expanded.
Generally it is used to refer to the spaces within computers ana the spaces between
computers across networks where people interact with information and with each other.
Cybercrime - it is evident around us and still very much in flux the cyber revolution has
permitted virtually every facet of our lives and fortunately that the revolution has entered
the criminal arena as well. Millions of people around the globe have incorporated the
Internet and advanced information technology into their daily and divorce so have
criminals terrorists and adversarial foreign nations. whether we like it or not cybercrime
presents the most fundamental challenge for law enforcement in the 21st century by its
very nature the cyber environment is borderless affords EC anonymity and methods of
concealment to bad actors and provided new tools to engage in criminal activities a
criminal sitting at the other side of the planet is now capable of stealing infiltrating a
computer network in this country to steal money abscond with propriety information or
shut down ecommerce sites. To deal with this problem law enforcement must retool its
workforce its equipment and its own information infrastructure for law enforcement in
the 21st century. By its very nature, the cyber environment is borderless, affords easy
anonymity and methods of concealment to bad actors, and provides new tools to
engage in criminal activity. A criminal sitting at the other side of the planet is now
capable of stealthy infiltrating a computer network in this country to still money, abscond
with proprietary information, or shut down e-commerce sites. To deal with this problem,
law enforcement must retool its workforce, its equipment's, and its own information
infrastructure.
Cyberterrorism - we must now be on guard against attacks that integrate terrorist goals
with cyber capabilities. While the term maybe difficult to define, Cyberterrorism can be
seen as an effort by covert forces to disrupt the intersection where the virtual electronic
reality of computers intersects with the physical world. Mark Pollitt, FBI expert defines
Cyberterrorism as "the premeditated, politically motivated attack against information,
computer system, computer programs, and data which results in violence against non-
combatant targets by sub national groups or clandestine agents. Terrorist organizations
are now beginning to understand the power that Cybercrime can inflict on their enemies
even though, ironically, they come from a region where computer data bases and the
internet are not widely used. Terrorist organizations are now adapting IT into their
arsenal of terror and agencies of the justice system must be ready for a sustained
attack on the nation's electronic infrastructures.
A. Viruses called "logic bombs" are implanted in an enemy's computer. They can go
undetected for years until they are instructed through the internet to overwhelm a
computer system.
B. Programs are used to allow terrorist to enter "secure" systems and destroy or
disrupts the system.
D. Computers allow terrorist to remain connected and communicate covertly with agents
around the world. Networks are a cost effective for planning and striking.
H. Terrorist can use the internet to recruit new members and disseminate information.
For example, Islamic militant organizations use the internet to broadcast anti-western
slogans and information. Organizations charter and political philosophy can be
displayed on website, which can also be used to solicit funds.
Controlling Cybercrime the investigative measures established to control
Cybercrime includes:
A. Software Piracy - Computer Fraud and Abuse Act (CFAA) criminalizes accessing
computer systems without authorization to obtain information. The Digital Millennium
Copyright Act (DMCA) makes it a crime to circumvent any piracy measures built into
most commercial software and also outlaws the manufacture, sal Page dist7bution &
code- crace deces used to illegally copy software.
B. Illegal Copyright Infringement - the United States Criminal Code provides penalties
for first-time illegal copyright offender of five years' incarceration and
a fine of $250,000. Other provisions provide for the forfeiture and destruction of
infringing copies and all equipment used to make the copies.
C. Identity Theft in the US, Congress passed the Identity Theft and Assumption
Deterrence Act of 1998 (Identity Theft Act) making it a Federal Crime to anyone: who
knowingly transfer of uses, without lawful authority, a means of identification of another
person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a
violation of Federal Law, or that constitutes a felony under any State or Local Law. In
the Philippines, the congress has still to come up with a related law.
D. Internet Pornography - in the US, the Child Online Protection Act (H.R. 3783, bans
web posting of material deemed harmful to minors. On May 2002, the supreme court
partly upheld the law when it ruled that the law's used of what it calls "community
standards" to define what is harmful to children does not by itself make the law
unconstitutional. However, there may be future challenges to COPA on the grounds that
it controls free speech.
E. Computer crime in the US, congress has treated computer related crimes as distinct
federal offenses since the passage of the Counterfeit Access Devices and Computer
Fraud and Abuse Laws in 1984. The 1984 Act protected classified United States
Defense and Foreign Relations Information, financial institution and consumer reporting
agency files, and access to computers operated for the government. The Act was
supplemented in 1996 by the National Information Infrastructure Protection Act (NIIPA),
Which significantly broadens the scope of the law.
WEEK 6: REPUBLIC ACT NO.10175 OR
CYBER PREVENTION ACT OF 2012
The Philippine Congress enacted Republic Act No. 10175 or "Cybercrime Prevention
Act of 2012" which addresses crimes committed against and through computer
systems on 12 September 2012. It includes penal substantive rules, procedural rules
and also rules on international cooperation.
• The implementation and execution of this Act yearly cost a huge cost to the
government.
WEEK 7: OTHER LAWS RELATED TO
CYBERCRIME R.A. 8792 THE E-COMMERCE
LAW
• Republic Act No. 8792 or the E-commerce Law, approved on June 14, 2000 and
was signed into law which punishes certain crimes such as computer hacking
and intrusion of viruses and worms to computer networks.
R.A. 8484
(a) Access Device - means any card, plate, code, account number, electronic serial
number, personal identification number, or other telecommunications service,
equipment, or instrumental identifier, or other means of account access that can be
used to obtain money, good, services, or any other thing of value or to initiate a transfer
of funds (other than a transfer originated solely by paper instrument)...
(f) Credit Card - means any card, plate, coupon book, or other credit device
existing for the purpose of obtaining money, goods, property, labor or services or
any thing of value on credit," [Emphasis and underscoring supplied]
Thus, the unauthorized use of any access device, which includes a credit card, is
prohibited under Section 9 of the same Act:
"Section 9. Prohibited Acts. - The following acts shall constitute access device
fraud and are hereby declared to be unlawful:
obtaining money or anything of value through the use of an access device, with
intent to defraud or with intent to gain and fleeing thereafter;
- PATENTS
- TRADEMARKS
- TRADE SECRETS
- COPYRIGHT
Under Sec. 3 of RA 9995, photo or video voyeurism means the act of taking photo or
video coverage of a person or group of persons performing sexual act or any similar
activity or of capturing an image of the private area of a person or persons without the
latter's consent, under circumstances in which such person/s has/have a reasonable
expectation of privacy. It also includes the act of selling, copying, reproducing,
broadcasting, sharing, showing or exhibiting the photo or video coverage or recordings
of such sexual act or similar activity through VCD/DVD, internet, cellular phones and
similar means or device without the written consent of the person/s involved,
notwithstanding that consent to record or take photo or video coverage of same was
given by such persons.
RA 9995 punishes the taking of a photo or video of others engaged in sexual
activity or with the image of the private area of the person without their consent.
Republic Act (RA) 10088 also known as the "Anti-Camcording Act of 2010", prohibits
and penalizes the unauthorized use, possession, and or control of audiovisual recording
devices for the unauthorized recording of cinematographic films and other audio-visual
works and or their soundtracks in an exhibition facility.
Why is there a need for an Anti-Camcording Law?
"The Anti-Camcording Law has helped to revive the film industry and improve the
confidence of local and international filmmakers and studios alike," Du said. When was
the anti-camcording Act ratified?
3529 and House Bill No. 5699 was finally passed by the Senate and the House of
Representatives on January 18, 2010 and January 27, 2010, respectively. What
Philippine law is being violated by piracy?
Under the Cybercrime Law, acquiring any digital copy of any copyrighted material is
now punishable by a fine between Php 200,000 (US$4,470) to Php 500,000
(US$11,175) and six to 20 years in prison. The Intellectual Property Code and the Anti-
Camcording Law were previously in place to combat piracy in the Philippines.
WEEK8: PNP AND NBI CYBERCRIME
DIVISION FUNCTION
Definitions of Terms:
The NBI and the PNP shall be responsible for the efficient and effective law
enforcement of the provisions of RA 10175. The NBI and the PNP shall organize
a cybercrime unit or center manned by special investigators to exclusively handle
cases involving violations of this Act.
The DOJ – Office of Cybercrime (OOC) created under the Act shall coordinate
the efforts of the NBI and the NBI and the PNP in Enforcing the provisions of the
Act.
POWERS AND FUNCTIONS OF LAW ENFORCEMENT AUTHORITIES:
The NBI and PNP cybercrime unit or division shall have the following powers and
functions:
2) Conduct data recovery and forensic analysis on computer systems and other
electronic evidence seized.
4) Provide technological support to investigating units within the PNP and NBI
including the search, seizure, evidence preservation and forensic recovery of
data from crime scenes and systems used in crimes and provide testimonies. 5)
To ensure that the technical nature of cybercrime and its prevention is given
focus and considering the procedures involved for international cooperation, law
enforcement authorities specifically the computer or technology crime divisions or
units responsible for the investigation of cybercrimes are required to submit
timely and regular reports including pre-operation, post-operation and
investigation results and such other documents as may be required to the
Department of Justice (DOJ) for review and monitoring.
Law enforcement authorities shall act in accordance with
the guidelines, advisories and procedures ISSUED and promulgated by the
competent authority in all matters related to cybercrime, and utilize the
prescribed forms and templates, including, but not limited to, preservation orders,
chain of custody, consent to search, consent to assume account/online identity
and request for computer forensic examination.
1) Act as competent authority for all request for assistance for investigation or
proceedings concerning cybercrimes, facilitate the provisions of legal or technical
advice, preservation and production of data, collection of evidence, giving legal
information and location of suspects.
9) Prescribe forms and templates, including, but not limited to, those for
preservation orders, chain of custody, consent to search, consent to assume
account/online identity, and request for computer forensic examination;
10) Undertake the specific roles and responsibilities of the DOJ related to
cybercrime under the Implementing Rules and Regulation of Republic Act No.
9775 or the "Anti-Child Pornography Act of 2009"; and
11) Perform such other acts necessary for the implementation of the Act.
COMPETENT AUTHORITIES
The CICC may enlist the assistance of any other agency of the government
including government-owned and -controlled corporations, and the following:
1) Bureau of Immigration.
2) Philippine Drug Enforcement Agency.
3) Bureau of Customs.
4) National Prosecution Service.
5) Anti-Money Laundering Council.
6) Securities and Exchange Commission.
7) National Telecommunications Commission; and
8) Such other offices, agencies and/or units, as may be necessary.
The DOJ Office of Cybercrime shall serve as the Cybercrime Operations Center
of the CICC and shall submit periodic reports to CICC.
The DOST-ICT Office shall establish and operate the Computer Emergency
Response Team (CERT) that shall serve as coordinator for cybersecurity
related activities, including but not limited to the following functions and duties:
a) Extend immediate assistance to the CICC to fulfil its mandate under the Act
with respect to matters related to cybersecurity and the national cybersecurity
plan;
Knowing the dangers of cybercrimes and the security threats pose in our
cyberspace, the
Philippine National Police (PNP) through the leadership of police Director
General Allan La Madrid Purisima Chief, PNP, pushed for the activation of the
PNP Anti-Cybercrime Group (ACG) on March 20, 2013 as strategic response to
all cyber security challenges.
1) The creation of a website designed to inform home and leisure users, small
business owners and those who have limited knowledge and skills about
cybercrime and cyber security, the dangers of unprotected internet access and
possible ways to avoid known threats. The website will contain alerts and
advisories and will be written in plain language to appeal to even the most
unaccustomed to using the internet. It will also include information on new cyber
security risks and give suggestions on how to address them.
2) The Publication of Cyber Security Bulletins will ensure the Internet community
has access to information on cyber security threats, vulnerabilities in their
systems and information on how to better protect their information technology
environment.
3) Cyber security lectures and seminars for primary and secondary schools
should be conducted. This promotes cyber security awareness, culminating in an
annual Cyber Security Awareness Week, conducted in partnership with business,
consumer groups and community organizations.