CDI 9: INTRODUCTION TO CYBERCRIME

“Ever since men began to modify their lives by using technology they have found themselves
in a series of technological traps”
Roger Revelle
What is Cyber Crime?
Cyber-crimes are essentially a combination of the elements of Computer and Net
Crime and can be best defined as "Offenses that are committed against individuals or
groups of individuals with a criminal motive to intentionally harm the reputation of the
victim or cause physical or mental harm to the victim directly or indirectly using modem
telecommunication networks such as the Internet and mobile phones.
In its simplest definition, Cybercrime is criminal activity that either targets or uses a
computer, a computer network or a networked device.
What is Cyber Criminology?
Cyber Criminology is the study of causation of crimes that occur in the cyberspace
and its impact in the physical space (Jaishankar 2007).
General categories of Cyber Crime:
1. Computer as a Target
2. Computer as a weapon

History of Computer and Cybercrime

 The computer as we know it today had its beginning on 19 th century. English

Mathematics Professor named Charles Babbage designed the Analytical Engine and
this design was used as basic framework of the computers of today are based on.

 The first recorded cybercrime took place in the year 1820.

 The first person to be found guilty of cybercrime was Ian Murphy, also known as
Captain Zap, and that happened in the year 1981.

 The first unsolicited bulk commercial email was sent by a Digital Equipment Corp
marketing representative to every ARPANET (Advanced Research Projects Agency
Network) address on the west coast of the United States on May 3, 1978. The
message promoted the availability of a new model of computer and was sent by Gary
Thuerk to 393 recipients.
Take Note: Advanced Research Projects Agency Network (ARPANET) was the first wide-
area packet-switching network with distributed control and one of the first networks to
implement the TCP/IP protocol suite. This technology became the technical foundation of
the Internet.
What is I Love You Virus?
 I LOVE YOU virus, also known as a love bug virus, was a type of computer virus that
attacked billions of computers with windows operating systems. It started the attack May
2000 from the Philippines. The virus spread through internet network as an email
attachment, with the subject line as “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-
YOU.txt.vbs”.
This virus was created by computer programmer student of AMA namely Onel De
Guzman.
What happened to the case of Onel De Guzman?
Absolutely nothing happened. Government prosecutors filed cases against him, but
even at the first stage, the indictment was dismissed because there was no law penalizing
the said act during the time of commission in the Philippines.
What was the effect of I Love You Virus Case on the Philippine Legislation?
In order to curb the threat posed by cybercrime, the Philippine Congress enacted
Republic Act (RA) 8792, otherwise known as the “Electronic Commerce Act of 2000”.
This was signed into law on 14 June 2000.
The salient features of the Act are as follows:
•Provides for the admissibility of electronic documents in court cases
•Penalizes limited online crime, such as hacking, introduction of viruses and copyright
violations of at least Php100,000 and a maximum commensurate to the damage incurred,
and imprisonment of six months to three years, among others;
• Promotes e-commerce in the country
•Aims to reduce graft and corruption in government

Take Note: RA 8792 is considered the landmark law in the history of the Philippines since
it has placed the Philippines among the countries penalizing cybercrime.
Likewise, the Supreme Court drafted the Rules on Electronic Evidence, which took
effect on 1 August 2000, to emphasize the admissibility of evidence in electronic form,
subject to its authenticity and reliability.

Who was the first Filipino convicted of Cybercrime?

The first Filipino to be convicted of cybercrime, was JJ Maria Giner. He was convicted
in September 2005 by Manila MTC Branch 14 Judge Rosalyn Mislos-Loja. Giner pleaded
guilty to hacking the government portal “gov.ph” and other government websites. He was
sentenced to one to two years of imprisonment and fined Php100,000. However, he
immediately applied for probation, which was eventually granted by the court.
Take Note: The conviction of Giner is considered a landmark case, as he is the first local
hacker to be convicted under section 33a of the E-Commerce Law or Republic Act 8792.
What are the Components of Computer?
A computer is made up of multiple parts and components that facilitate user
functionality. A computer has two primary categories:
1. Hardware - The physical components of a computer system
 2. Software - These are the instructions that tell the computer what to do and how to
do it.

Input devices - An input device is any hardware component that allows the user to
enter data into the computer.

 Keyboard
 Mouse
 Scanner
 Microphone
 Digital Camera
 PC Video Camera

Output Devices - An output device is any hardware component that gives

information to the user
 Monitor
 Printer
 Speaker

The two main categories of software:

 System software - The system software also called the operating system (OS)
which actually runs the computer.
 Application software - Application software is a program that allows users to a
specific task on the computer.

Four common examples of application software

 Word Processing Application
 Spreadsheet Application
 E-mail Application
 Internet Application

Storage Media
Storage keeps data, information and instructions for use in the future.

Primary storage
 RAM (Random Access Memory) - is the primary storage of a computer. When
you’re working on a file on your computer, it will temporarily store data in your
RAM. It allows you to perform everyday tasks like opening applications, loading
webpages, editing a document or playing games, and allows you to quickly
jump from one task to another without losing your progress.

Secondary Storage (Hard Disk Drives (HDD) & Solid-State Drives (SSD))
 Hard Disk Drives (HDD) - Hard disk drives are commonly used as the main
storage device in a computer. HDDs often store operating system, software
programs and other files. These are magnetic storage devices
  Solid-state drives (SSD) is a new generation of storage device used in
computers. SSDs replace traditional mechanical hard disks by using flash-
based memory, which is significantly faster. SSDs don’t rely on magnets and
disks, instead they use a type of flash memory called NAND

External storage devices

 External hard drive - is a device which is plugged into your machine to give
almost-immediate storage space, without the need to open or use your computer’s
internal storage.
 Floppy disks were the first widely-available portable, removable storage
devices. They work in the same way as hard disk drives, although at a much smaller
scale.
 CDs, DVDs, and Blu-Ray disks are used for a lot more than just playing music
and videos—they also act as storage devices, and collectively they’re known as optical
storage devices or optical disk media.
 Flash memory devices – these are small, portable storage devices that have
long been a popular choice for extra computer storage. The most recognizable type of
flash memory device is the USB flash drive
What are the typologies of Cyber Crime?
The Budapest Convention on Cyber Crime provided the four general types of
cybercrime:
 Offenses against the confidentiality, integrity and availability of computer data and
systems,
 Computer-related offenses
 Content-related offenses
 Copyright-related offenses

1. Unauthorized Access - Unauthorized access is when someone gains access to a

website, program, server, service, or other system using someone else's account.
2. Hacking - Any attempt to intrude into a computer or a network without
authorization. This involves changing of system or security features in a bid to
accomplish a goal that differs from the intended purpose of the system. It can also
refer to non-malicious activities, usually involving unusual or improvised alterations
to equipment or processes. An individual who involves themselves in hacking
activities is known as a hacker.
Take Note: Hacking can be described as gaining unauthorized access to a computer
system by improper means. Unauthorized access can be describes as gaining access to a
computer system using usual means of access but without consent.

What are the various kinds of hackers?

 White hats - also known as ethical hackers, strive to operate in the publics best
interest, rather than to create turmoil. Many white hat hackers work doing
penetration, to attempt to break into the company’s networks to find and report on
security vulnerabilities.
  Black hat hackers – this kind of hackers, hack to take control over the system for
personal gains. They destroy, steal and even prevent authorized users from accessing
the system

 Gray hat hackers - They belong to the neutral zone. They act in the middle ground
between white hat hackers, who operate on behalf of those maintaining secure
systems, and sometimes act as black hat hackers who act maliciously to exploit
vulnerabilities in systems.

3. Cracking – is breaking into a network; bypasses passwords or licenses in computer

programs; or in other ways intentionally breaches computer security. Crackers also act as
Black Hats by gaining access to the accounts of people maliciously and misusing this
information across networks. They can steal credit card information, they can destroy
important files, disclose crucial data and information or personal details and sell them for
personal gains.

Take Note: Hacking is the process of intruding computer systems without authorization
in order to gain access to them, for good or bad purposes while cracking is breaking into
the security system for criminal and illegal reasons or for personal gains only.

4. Cyber Fraud - is the crime committed via a computer and internet with the intent to
corrupt another individual’s personal and financial information stored online from people
illegally by deceiving them.
a. Spoofing or Phishing - Spoofing is a type of scam in which criminals attempt to
obtain someone's personal information by pretending to be a legitimate source. It can
be in the form of:
 Email Spoofing- Email spoofing is a technique used in spam and phishing
attacks to trick users into thinking a message came from a person or entity they
either know or can trust. In email spoofing attacks, the sender forges email
headers so that client software displays the fraudulent sender address, which
most users take at face value. 
 Text Message Spoofing - Sometimes referred to as smishing. The text message
may appear to come from a legitimate source, such as your bank. It may request
that you call a certain phone number or click on a link within the message, with
the goal of getting you to divulge personal information.
 URL Spoofing - URL spoofing happens when scammers set up a fraudulent
website to obtain information from victims or to install malware on their
computers. Virus hoax emails - Virus hoaxes are false reports about non-
existent viruses, often claiming to do impossible things like blow up the
recipient's computer and set it on fire, or less sensationally, delete everything on
the user's computer. 

b. Lottery Frauds - These are emails, which inform the recipient that he/ she has
won a prize in a lottery.

c. Credit Card Fraud -Credit card fraud is the unauthorized use of a credit or debit
card, or similar payment tool to fraudulently obtain money or property. Credit and
 debit card numbers can be stolen from unsecured websites or can be obtained in an
identity theft scheme.

Take Note: Identity theft is the scheme of obtaining the personal, financial information
or other information of another person to use their identity to commit fraud or other
illegal activities.
d. Theft of Internet Hours - Unauthorized use of Internet hours paid for by another
person.

e. Cyber Terrorism - It refers to unlawful attacks and threats of attacks against

computers, networks and the information stored therein when done to intimidate or
coerce a government or its people in furtherance of political or social objectives.

f. Cyber Pornography – is the act of using cyberspace to create, display, distribute,

import, or publish pornography or obscene materials, especially materials depicting
children engaged in sexual acts with adults.

g. Cyber-libel or cyber defamation- is a term used when someone has posted or

emailed something that is untrue and damaging about someone else on the social
media, including blogs, chat rooms, personal websites, social media, social networking
sites, or other published articles. Cyber defamation is also called as Cyber smearing.

h. Cyber Stalking - Cyber-stalking refers to the use of the Internet, e-mail, or other
electronic communications device to stalk and later on harass another person.

i. Denial of Service attacks- DoS attacks accomplish this by flooding the target with
traffic, or sending many information that triggers a crash on someone’s computer or
computer network..

j. Distributed denial-of-service attack (DDoS attack) - occurs when multiple systems

flood the bandwidth or resources of a targeted system, usually one or more web servers.

k. Salami Slicing Attack - A “salami slicing attack” is a technique by which cyber-

criminals steal money or resources a bit at a time so that it will be remain
unnoticeable.

j. Malware attack - is a common cyberattack where malware executes

unauthorized actions on the victim’s computer system. The malicious software
encompasses many specific types of attacks like infecting computers.

What are the common types of Malware?

a. Adware – (Advertising-supported software) is a type of malware that automatically

delivers advertisements.
b. Ransomware is malicious software that infects your computer and displays
messages demanding a fee to be paid in order for your system to work again.
 c. Rootkit – A rootkit is a type of malicious software designed to remotely access or
control a computer without being detected by users or security programs. Once a
rootkit has been installed it is possible for the malicious party behind the rootkit to
remotely execute files, access/steal information. Rootkit can modify system
configurations, alter software.

d. Trojan Horse - Trojan horse, commonly known as a “Trojan,” is a type of malware

that disguises itself as a normal file or program to trick users into downloading and
installing malware. A Trojan can give a malicious party remote access to an infected
computer. Once an attacker has access to an infected computer, it is possible for the
attacker to steal data.

e. Virus - Viruses are designed to damage the target computer or device by corrupting
data, reformatting your hard disk, or completely shutting down your system.

f. Worm - A computer worm is a type of malware that spreads copies of itself from

computer to computer. A worm can replicate itself without any human interaction, and
it does not need to attach itself to a software program in order to cause damage.

What are some preventive measures against cybercrimes?

1. Keep software and operating system updated
2. Use anti-virus software and keep it updated
3. Use strong passwords
4. Never open attachments in spam emails
5. Hands typing on laptop keyboard
6. Do not give out personal information unless secure
7. Contact companies directly about suspicious requests
8. Be mindful of which website URLs you visit
9. Keep an eye on your bank statements
REPUBLIC ACT 10175
Despite of RA 8792 already in place, it was found to have failed to address all forms
of cybercrime that are enumerated in the Budapest Convention on Cybercrime of 2001,
namely:
• Offences against confidentiality, integrity and availability of computer data and systems
• Computer-related offences
• Content-related offences
• Offences related to infringement of copyright and related rights.

What is RA 10175?
Republic Act No. 10175, otherwise known as the “Cybercrime Prevention Act of 2012”

What are the acts the constitute Cybercrime Offenses under RA 10175?

A. Offenses against the confidentiality, integrity and availability of computer data

and systems 
 1. Illegal Access – The access to the whole or any part of a computer system without
right.

2. Illegal Interception – The interception made by technical means and without right,
of any non-public transmission of computer data to, from, or within a computer
system, including electromagnetic emissions from a computer system carrying such
computer data: Provided, however, That it shall not be unlawful for an officer,
employee, or agent of a service provider, whose facilities are used in the transmission
of communications, to intercept, disclose or use that communication in the normal
course of employment, while engaged in any activity that is necessary to the rendition
of service or to the protection of the rights or property of the service
provider, except that the latter shall not utilize service observing or random
monitoring other than for purposes of mechanical or service control quality checks.

3. Data Interference – The intentional or reckless alteration, damaging, deletion or

deterioration of computer data, electronic document or electronic data message,
without right, including the introduction or transmission of viruses.

4. System Interference – The intentional alteration, or reckless hindering or

interference with the functioning of a computer or computer network by inputting,
transmitting, damaging, deleting, deteriorating, altering or suppressing computer
data or program, electronic document or electronic data message, without right or
authority, including the introduction or transmission of viruses.

5. Misuse of Devices
a. The use, production, sale, procurement, importation, distribution or otherwise
making available, intentionally and without right, of any of the following:
i. A device, including a computer program, designed or adapted primarily for the
purpose of committing any of the offenses under this rules; or
ii. A computer password, access code, or similar data by which the whole or any
part of a computer system is capable of being accessed with the intent that it
be used for the purpose of committing any of the offenses under this rules.
b. The possession of an item referred to in 5a(i) or(ii) above, with the intent to use
said devices for the purpose of committing any of the offenses under this
section.

B. Computer-related Offenses

1. Computer-related Forgery 
a. The input, alteration or deletion of any computer data without right, resulting in
inauthentic data, with the intent that it be considered or acted upon for legal
purposes as if it were authentic, regardless whether or not the data is directly
readable and intelligible; or

b. The act of knowingly using computer data, which is the product of computer-
related forgery as defined herein, for the purpose of perpetuating a fraudulent or
dishonest design.

2. Computer-related Fraud – The unauthorized “Input, alteration or deletion of computer

data or program, or interference in the functioning of a computer system, causing damage
thereby with fraudulent intent
3. Computer-related Identity Theft – The intentional acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying information belonging to another, whether
natural or juridical, without right

C. Content-related Offenses:

1. Any person found guilty of Child Pornography shall be punished in accordance with the
penalties set forth in Republic Act No. 9775 or the “Anti-Child Pornography Act of 2009”.

Take Note: The penalty to be imposed shall be one (1) degree higher than that provided for
in Republic Act No. 9775 if committed through a computer system.

What are the other  Cybercrime offenses punishable under RA 10175?

 The following constitute other cybercrime offenses punishable under the RA 10175:

1. Cyber-squatting – The acquisition of a domain name over the internet, in bad faith, in
order to profit, mislead, destroy reputation, and deprive others from registering the same, if
such a domain name is:

a. Similar, identical, or confusingly similar to an existing trademark registered with the

appropriate government agency at the time of the domain name registration;
b. Identical or in any way similar with the name of a person other than the registrant, in
case of a personal name; and
c. Acquired without right or with intellectual property interests in it.

2. Cybersex – The willful engagement, maintenance, control or operation, directly or

indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a
computer system, for favor or consideration.

Take Note: Cybersex involving a child shall be punished in accordance with the provision
on child pornography of the Act.

3. Libel – The unlawful or prohibited acts of libel, as defined in Article 355 of the Revised
Penal Code, as amended, committed through a computer system or any other similar
means

Take Note: This provision applies only to the original author of the post or online libel, and
not to others who simply receive the post and react to it.

Other offenses under RA 10175

A. Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully

abets, aids, or financially benefits in the commission of any of the offenses
enumerated in the Act shall be held liable, except with respect to Child Pornography
and online Libel.
B. Attempt to Commit Cybercrime. – Any person who willfully attempts to commit
any of the offenses enumerated in the Act shall be held liable, except with respect to
Child Pornography and online Libel.

What are the other salient provisions of RA 10175?

1. Law Enforcement Authorities. – The National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) shall be responsible for the efficient and effective law
enforcement of the provisions of the Act. The NBI and the PNP shall organize a
cybercrime division or unit to be manned by Special Investigators to exclusively handle
cases involving violations of this Act.

Take Note: The NBI shall create a cybercrime division to be headed by at least a Head
Agent. The PNP shall create an anti-cybercrime unit headed by at least a Police Director.

Take Note: The DOJ – Office of Cybercrime (OOC) created under the Act shall coordinate
the efforts of the NBI and the PNP in enforcing the provisions of the Act. It also provided
under this law the creation of an inter-agency body known as the Cybercrime Investigation
and Coordinating Center (CICC) under the Office of the President.

Duties of Law Enforcement Authorities. – To ensure that the technical nature of
cybercrime and its prevention is given focus, and considering the procedures involved for
international cooperation, law enforcement authorities, specifically the computer or
technology crime divisions or units responsible for the investigation of cybercrimes, are
required to submit timely and regular reports including pre-operation, post-operation and
investigation results, and such other documents as may be required to the Department of
Justice (DOJ) – Office of Cybercrime for review and monitoring.

Preservation and Retention of Computer Data. – The integrity of traffic data and
subscriber information shall be kept, retained and preserved by a service provider for a
minimum period of six (6) months from the date of the transaction. Content data shall be
similarly preserved for six (6) months from the date of receipt of the order from law
enforcement authorities requiring its preservation.

Collection of Computer Data.  Law enforcement authorities, upon the issuance of a court
warrant, shall be authorized to collect or record by technical or electronic means, and the
service providers are required to collect or record by technical or electronic means and/or
to cooperate and assist in the collection or recording of computer data that are associated
with specified communications transmitted by means of a computer system.

Disclosure of Computer Data. – Law enforcement authorities, upon securing a court

warrant, shall issue an order requiring any person or service provider to disclose or submit,
within seventy-two (72) hours from receipt of such order, subscriber’s information, traffic
data or relevant data in his/its possession or control.

Search, Seizure and Examination of Computer Data. – Where a search and seizure

warrant is properly issued, the law enforcement authorities shall likewise have the
following powers and duties:

a. Within the time period specified in the warrant, to conduct interception, as defined in
this Rules, and to:

1. Search and seize computer data;

2. Secure a computer system or a computer data storage medium;
3. Make and retain a copy of those computer data secured;
4. Maintain the integrity of the relevant stored computer data;
 5. Conduct forensic analysis or examination of the computer data storage medium; and
6. Render inaccessible or remove those computer data in the accessed computer or
computer and communications network.

b. Pursuant thereto, the law enforcement authorities may order any person, who has
knowledge about the functioning of the computer system and the measures to protect and
preserve the computer data therein, to provide, as is reasonable, the necessary information
to enable the undertaking of the search, seizure and examination.

c. Law enforcement authorities may request for an extension of time to complete the
examination of the computer data storage medium and to make a return thereon, but in no
case for a period longer than thirty (30) days from date of approval by the court.

Custody of Computer Data. – All computer data, including content and traffic data, that
are examined under a proper warrant shall, within forty-eight (48) hours after the
expiration of the period fixed therein, be deposited with the court in a sealed package, and
shall be accompanied by an affidavit of the law enforcement authority executing it, stating
the dates and times covered by the examination, and the law enforcement authority who
may have access to the deposit, among other relevant data.
Destruction of Computer Data.  – Upon expiration of the periods as provided in Sections
12 (6months) and Section 15 ( Within the time period specified in the warrant), or until the
final termination of the case and/or as ordered by the Court, as the case may be, service
providers and law enforcement authorities, as the case may be, shall immediately and
completely destroy the computer data.
Take Note: Exclusionary Rule  – Any evidence obtained without a valid warrant or
beyond the authority of the same shall be inadmissible for any proceeding before any court
or tribunal.
Take Note: Failure to comply with the provisions of stated above specifically the orders
from law enforcement authorities, shall be punished as a violation of Presidential Decree
No. 1829, entitled ‘Penalizing Obstruction Of Apprehension And Prosecution Of Criminal
Offenders.’ The criminal charge for obstruction of justice shall be filed before the designated
cybercrime court that has jurisdiction over the place where the non-compliance was
committed.
Where does Cybercrime case be filed and who have the Jurisdiction over the
Cybercrime Cases in the Philippines?

 The criminal actions for violation of RA 10175, shall be filed before the designated
special cybercrime court (RTC) of the province or city where the offense or any of its
elements is committed, or where any part of the computer system used is situated, or
where any of the damage caused to a natural or juridical person took place.

Take Note: As provided under RA 10175, There shall be designated special cybercrime
courts manned by specially trained judges to handle cybercrime cases and the Secretary of
Justice shall designate prosecutors and investigators who shall comprise the prosecution
task force or division under the DOJ-Office of Cybercrime, which will handle cybercrime
cases in violation of the said Act.
What are types of warrants in relation to Cybercrime?
(1) Warrant to Disclose Computer Data (WDCD)
The Warrant to Disclose Computer Data (WDCD) authorizes law enforcement to issue
an order to disclose or submit subscriber’s information, traffic data, or relevant data in the
possession or control of a person or service provider within seventy-two (72) hours from the
receipt of the order. Within forty-eight (48) hours from implementation or after the
expiration of the effectivity of the WDCD, the authorized law enforcement officer must
accomplish a return and to turn over the disclosed computer data or subscriber’s
information to the court.
(2) Warrant to Intercept Computer Data (WICD)
It authorizes law enforcement to listen, record, monitor, or surveil the content of the
communications through electronic eavesdropping or tapping devices, at the same time the
communication is occurring.
(3) Warrant to Search, Seize, and Examine Computer Data (WSSECD)
A WSSECD authorizes the search the particular place for items to be seized and/or
examined.
Upon the conduct of the seizure, law enforcement must file a return stating the (a)
devices that were subject of the WSSECD and (b) the hash value of the computer data
and/or the seized computer device or computer system containing such data.

(4) Warrant to Examine Computer Data (WECD)

The Warrant to Examine Computer Data (WECD) is to allow law enforcement
agencies to search a computer device or computer seized during a lawful warrantless arrest
or by any other lawful method such as valid warrantless seizure, in flagrante delicto, or by
voluntary surrender.
Take Note: The four warrants described above are only obtained by law enforcement
agencies ( PNP or the NBI) from Regional Trial Courts specially designated to handle
cybercrime cases. Thus, private complainants will need to coordinate with such agencies if
such warrants are to be obtained.