The Philippine Cyberspace Landscape

THE PHILIPPINE CYBERSPACE

101,833,938 M
(est. 2014 population)
Source: NATIONAL STATISTICS
ONLINE OFFICE

PENETRATION
Roughly 44M or 41%
internet users in the
Philippines in 2014
Source:
FACTBROWSER
 THE PHILIPPINE CYBERSPACE

MOBILE PENETRATION
5.21 M
93.2 Million
Twitter users Mobile Subscribers
Ranked # 8 SMS Capital of
Globally the World
Source: http://www.countryranker.com/ Source: MVFGLOBAL

30.66 Million
Facebook AVERAGE TIME SPENT ONLINE
users 18.6 HOURS on
Ranked # 8 Globally; # 3 in Asia internet usage
Source: http://www.countryranker.com/ Source: INFOEVOLVE.PH
Top 5 PHILIPPINE ONLINE BEHAVIOR

92% 80% 69% 67% 65%

Goes to Search Use Visit Goes
Social the Web Instant Websites to
Networking Messaging Public
Sites Chat
Rooms
Source: Yahoo Nielsen Index Digital
Philippines
 vs
Traditional Crime Paradigm Cybercrime
Burglary Shift Hacking
Deceptive E-mail Phishing
Callers Sex Extortion
Robbery Online Scam
Extortion Cyber Bullying
Estafa Web Defacement
Bullying
Vandalism
Introduction to
Cyber Crimes
 Why learn about
CYBER CRIME ?

Because –
- Everybody is using COMPUTERS.
- From white collar criminals to terrorist
organizations And from Teenagers to Adults.
- Conventional crimes like Forgery, extortion, kidnapping
etc. are being committed with the help of computers
- New generation is growing up with computers.
- Monetary transactions are moving on to the
INTERNET.
 What makes Cyber Crime
Different?

• Cyberspace provides a target rich environment

for criminals
• It is easy to carry out an attack, has lower risks
associated with it, is hard to trace technically,
and hard to prosecute.
• Sophisticated tools are readily available on the
Internet publicly.
• Access and attack can be from anywhere and
anonymous.
 What is Cyber Crime?

All crimes that is performed or resorted to by abuse of

electronic media or otherwise, with the purpose of
influencing the functioning of computer or computer
system.

IN SHORT

CYBER CRIME is any crime where –

Computer is a target.
Computer is a tool of crime
Computer is incidental to crime
 Profile of Cyber Criminals

• Disgruntled employees.
• Teenagers.
• Political Hacktivist.
• Professional Hackers.
• Business Rival.
• Ex-Boy Friend.
• Separated Husband. etc
 Victims

• Gullible
• Desperados and greedy people
• Unskilled & Inexperienced
• Unlucky people
 Types of Cyber Crime
(This is not exhaustive list of cyber crime)

• HACKING • SOFTWARE PIRACY

• DENIAL OF SERVICE • NET EXTORION
ATTACK • PORNOGRAPHY
• MALWARE • CYBERSTALKING
DISSEMINATION • CYBER DEFAMATION
• PHISHING • THREATENING
• CREDIT CARD FRAUD • SALE OF NARCOTICS
• SALAMI ATTACK • NET SCAM
 Hacking

Hacking is simple terms means illegal

intrusion into a computer system without
the permission of the computer
owner/user.
Hacking
 Website Defacement

Website defacement is an attack on a website that

changes the visual appearance of the site or a
webpage. These are typically the work of system
crackers, who break into a web server and replace
the hosted website with one of their own.
 Denial of Service Attack
(DoS)

This is an act by the criminal, who floods

the bandwidth of the victim’s network or
fills his e-mail box with spam/unsolicited
mail depriving him of the services he is
entitled to access or provide.
Denial of Service Attack
(DoS)

Zombie - In computer
science, a zombie is
a computer
connected to the
Internet that has
been compromised
by a hacker,
computer virus or
trojan horse program
and can be used to
perform malicious
tasks of one sort or
another under remote
direction.
 Malware Dissemination

• Malicious software that attaches itself

to other software .
Virus - a piece of code that is capable of copying itself and
typically has a detrimental(tending to cause harm) effect, such as
corrupting the system or destroying data. ( It should be triggered
by an application or user)

Worms - a self replicating program able to propagate itself

across a network, typically having a detrimental effect.

Trojan Horse- – Is design to breach a security of a

computer system while ostensibly(seeming to be true/genuine)
performing some innocuous (harmless)functions.
 LOVE BUG

• ILOVEYOU was a computer VIRUS that hit numerous

computers in 2000, when it was sent as an attachment to
an email message with the text "ILOVEYOU" in the
subject line.

• The VIRUS arrived in e-mail boxes on May 4, 2000, with

the simple subject of "ILOVEYOU" and an attachment
"LOVE-LETTER-FOR-YOU.TXT.vbs".

• Upon opening the attachment, the VIRUS sent a copy of

itself to everyone in the user's address list, posing as the
user. It also made a number of malicious changes to the
user's system.
LOVE BUG
 Phishing

Its is technique of pulling out

confidential information from the
bank/financial institutional account
holders by deceptive means
Phishing
Actual web page
Actual login page
 Phishing email

From : *****Bank[mailto:support@****Bank.com]
Sent :08 June 2004 03:35
To : India
Subject: Official information from ***** Bank

Dear valued ***** Bank Customer!

For security purposes your account has been randomly chosen for
verification. To verify your account information we are asking you to
provide us with all the data we are requesting. Otherwise we will not be
able to verify your identify and access to your account will be denied.
Please click on the link below to get to the bank secure page and verify
your account details. Thank you.
https://infinity.*****bank.co.in/Verify.isp

****** Bank Limited

Deceptive login page
 Credit Card Fraud

You simply have to type credit card

number into www page of the vendor for
online transaction

If electronic transactions are not

secured the credit card numbers can be
stolen by the hackers who can misuse this
card by impersonation the credit card
owner
Credit Card Skimmer
Credit Card Skimmer
How the credit card skimmer
is used
Credit Card Writer
1 – ATM machine as usual?
2 – Is there an additional
slot?
3 – A monitor and pamphlet holder at
the side …nothing wrong
5 – False pamphlet box affixed to the
ATM
cubicle side
6 – Inside the “pamphlet box”
 Salami Attack

In such crime criminal makes insignificant

changes in such a manner that such changes
would go unnoticed.

Criminal makes such program that deducts

small amount like P 2.50 per month from the
account of all the customer of the Bank and
deposit the same in his account. In this case no
account holder will approach the bank for such
small amount but criminal gains huge amount.
 Software Piracy

• Theft of software through the illegal copying of

genuine programs or the counterfeiting and
distribution of products intended to pass for the
original.
• Retail revenue losses worldwide are ever
increasing due to this crime
• Can be done in various ways –
– End user copying, Hard disk loading, Counterfeiting,
Illegal downloads from the internet etc.
 Pornography/Child
Pornography

• Pornography is the first consistently successful

e-commerce product.
• Deceptive marketing tactics and mouse trapping
technologies Pornography encourage
customers to access their websites.
• Anybody including children can log on to the
internet and access websites with pornographic
contents with a click of a mouse.
 Net Extortion

• Copying the company’s confidential data

in order to extort said company for huge
amount.
 Sextortion

“SEXTORTION” means extortion where the

extorter obtains nude pictures or videos from
his victim, then blackmails them for money
to avoid the publication of the nude material.
MODUS OPERANDI
MODUS OPERANDI
 Ransomware

• What is Ransomware?!
– Malware that can hold your computer and/or its
data hostage
– Your computer and/or data is “freed” in exchange
for money
• Premium SMS
• Bitcoin
• Western Union
• Two general types:
– Lock screen
– Encrypting ransomware
 How did this happen?!

• Popular Ransomware Attack Vectors

– Spam
– Email phishing attacks
– Infected shared external drives
– Malicious websites
– Downloading files from untrusted sources
– Installing pirated software
 Cyber Stalking

The Criminal follows the victim by

sending emails, entering the chat rooms
frequently.
 Cyber Defamation/Online
Libel

The Criminal sends emails containing

defamatory matters to all concerned of the
victim or post the defamatory matters on a
website or social media.

(disgruntled employee may do this against boss,

ex-boys friend against girl, divorced husband
against wife etc)
 Online Threat

The Criminal sends threatening

email/texts/messages or comes in contact
in chat rooms with victim.

(Any one disgruntled may do this against boss,

friend or official)
 Sale of Narcotics

• Sale & Purchase through net.

• There are web site which offer sale and
shipment of contrabands drugs.
• They may use the techniques of
steganography for hiding the message.
 Nigerian 4-1-9 Scam

• This scam starts with a bulk

mailing or bulk faxing of a
bunch of identical letters to
businessmen, professionals,
and other persons who tend to
be of greater-than-average
wealth.
• This scam is often referred to
as the 4-1-9 scam, ironically
after section 4-1-9 of the
Nigerian Penal Code which
relates to fraudulent schemes.
Anatomy of Nigerian Letter
 Romance Scam

A romance scam is a confidence trick involving

feigned romantic intentions towards a victim,
gaining their affection, and then using that
goodwill to commit fraud. Fraudulent acts may
involve access to the victims' money, bank
accounts, credit cards, passports, e-mail
accounts, or national identification numbers or by
getting the victims to commit financial fraud on
their behalf.
 Business Email Compromise

Business Email Compromise (BEC) is defined as a

sophisticated scam targeting businesses working
with foreign suppliers and businesses that
regularly perform wire transfer payments.
Formerly known as Man-in-the-Email scams,
these schemes compromise official business
email accounts to conduct unauthorized fund
transfers.
 Business Email Compromise

This version, which has also been referred to as “The

Bogus Invoice Scheme”, “The Supplier Swindle”, and
“Invoice Modification Scheme”, usually involves a
business that has an established relationship with a
supplier. The fraudster asks to wire funds for invoice
payment to an alternate, fraudulent account via spoofed
email, telephone, or facsimile.
 Business Email Compromise

In this version, the fraudsters identify themselves as high-

level executives (CFO, CEO, CTO, etc.), lawyers, or
other types of legal representatives and purport to be
handling confidential or time-sensitive matters and initiate
a wire transfer to an account they control. In some cases,
the fraudulent request for wire transfer is sent directly to
the financial institution with instructions to urgently send
funds to a bank. This scam is also known as “CEO
Fraud”, “Business Executive Scam”, “Masquerading”,
and “Financial Industry Wire Frauds”.
 Business Email Compromise

Similar to the two other versions, an email account of an

employee is hacked and then used to make requests for
invoice payments to fraudster-controlled bank accounts.
Messages are sent to multiple vendors identified from the
employee’s contact list. The business may not become
aware of the scheme until their vendors follow up to
check for the status of the invoice payment.
 Identity Theft

Identity theft is the deliberate use of someone

else's identity, usually as a method to gain a
financial advantage or obtain credit and other
benefits in the other person's name,[1][2] and
perhaps to the other person's disadvantage or
loss.
 Law on Cyber crime

Republic Act 10175 “ Cybercrime Prevention Act of

2012”

The following acts constitute the offense of Cyber

crime:

1.Offense against Confidentiality, Integrity, and Availability (CIA)

of computer data and system: such as;
– Illegal Access
– Illegal Interception
– Data Interference
– System Interference
– Misuse of Devices
 Computer crime Offenses

2 – Computer Related Offenses: such as;

– Computer-related Forgery
– Computer-related Fraud
– Computer-related Identity Theft

3 – Content-related Offenses: such as;

– Cybersex
– Child Pornography
– Libel
 Law on Cyber crime

Republic Act 10175 “ Cybercrime Prevention

Act of 2101”

Section 6- All crimes defined and penalized by the

Revised Penal Code, as amended, and special laws, if
committed by, through and with the use of information and
communications technologies shall be covered by the
relevant provisions of this Act: Provided, That the penalty
to be imposed shall be one (1) degree higher than that
provided for by the Revised Penal Code, as amended, and
special laws, as the case may be.
 Laws Relating to Cybercrime

- Republic Act 8792 Electronic Commerce Act of 2000

- Section 33 of the law has two (2) provisions that enumerates and
penalizes the following acts:
• Computer hacking,
• Introduction of computer virus, and
• Copyright infringement
- Republic Act 10175

- Other Laws Relating Cybercrime:

• RA.8484 – Access Devices Regulation Act
• RA.9775 – Anti Child Porn of 2009
• RA.9995 – Anti Photo and Video Voyeurism
• RA 10173 – Data Privacy Act
 Question