COMPUTER

AND INTERNET
CRIMES
Chapter 2
COVERAGE:
1.Define and concepts of
cybercrime.
2.Why computer incidents are
prevalent.
3.Types of computer attacks.
4.Classification of perpetrators
of computer crime.
5.Phases of cybersecurity
attacks.
CYBERCRIME
■Is any criminal offense that involves a
computer and a network.
■Some of the aspects that computer criminals
can be dangerous:
1. Human Threat
2. Organizational Threat
3. Group Threat
4. National Security Threat
WHY COMPUTER INCIDENTS ARE
PREVALENT?
■Increasing complexity increases
vulnerability
■Higher computer user expectations
■Technological Advancement introduces new
risks
■Increase reliance on commercial software
with known vulnerabilities
■Bringing your own device (BYOD) policy
■Delay in software updates
CLASSIFICATION OF
PERPETRATORS OF
COMPUTER CRIME
1. Hackers
■They do it out of scientific curiosity
and see how they can get access to
information systems and how far
they can go.
2. Crackers
■They hack into other
people’s networks
and systems to do
things like deface
web sites, crash
computer, distribute
malicious programs or
hateful messages and
write scripts and
automated programs
3. Malicious Insiders
■They are often
granted access
to the networks
they misuse,
they are
incredibly
difficult to track
or avoid.
4. Industrial Spies
■They procure trade secrets from
their sponsor’s rivals by
fraudulent means. Theft of
innovative product ideas,
manufacturing records, marketing
documents, or new tech source
code are all examples of
industrial espionage.
5. Cyber Criminals
■The opportunity for material gain
motivates cyber Criminals. They rob
by breaking into company servers
and converting funds from one
account to another. They stole and
resold credit card numbers, personal
names and cellphone IDs.
6. Cyberterrorist
■Conducts a computer-based
assault against other computers
and networks in an effort to
intimidate or coerce a nation. They
employ tactics to destroy or
interrupt networks in order to
inflict damage rather than gather
information.
CLASSIFICATION
OF HACKERS
1. White Hat Hackers
■Often referred to as “ethical hackers”
■They never plan to damage a device;
rather, they aim to discover vulnerabilities
in a computer or network system.
■Ethical hacking is one of the most difficult
jobs in the IT industry.
2. Black Hat Hackers

■Also known as “crackers”

■Attempt to obtain unauthorized
access to a device in order to
disrupt its activities or steal
classified information.
3. Gray Hat Hackers
■They are a mix of black and white.
■They behave without malice, just
for the sake of amusement, they
exploit a security flaws in a
computer device or network
without the consent or knowledge
of the owner.
4. Miscellaneous Hackers
a. Red Hat Hacker – they normally operate at
the level of hacking government departments,
top-secret intelligence hubs, and everything
else that pertains to classified data.
b. Blue Hat Hacker – is a person who works
independently of computer security
consultancy companies and is responsible for
bug-testing a device prior to its release.
■Bluehat is used by Microsoft to refer to a
series of security briefing.
■C. Elite Hacker – is a hacker’s
social standing that is used to
identify the most experienced
hacker.
■D. Script Kiddie – is a non-expert
who breaks into computer systems
using pre-packaged programmed
tools written by others and no
knowledge of the underlying
■E. Green Hat Hacker (Neophyte,
“noob”, “Newbie”) – is someone who
is new to hacking or phreaking and has
little to no understanding about how
computers and hacking work.
■F. Hacktivist – is a hacker who uses
computers to spread a message that is
psychological ideological, moral, or
governmental.
 TYPES OF
COMPUTER
ATTACKS
1. Viruses
■There are applications that travel
through networks and operating
systems, attaching themselves to a
variety of other programs and
databases.
■It is a serious offense to
intentionally create and distribute a
virus.
■The best way to remain up to date
 2. Worms
■Are programs that repeatedly
reproduce themselves. The self-
replicating activity clogs computers
and networks until it becomes
involved in a network, slowing or
stopping their operations.
■Does not bind itself to a computer
or alter or erase files. Worms can
bear a virus.
■Viruses and worms are usually
spread through email attachment
 3. Trojan Horses
■Are applications that tend to be
harmless, but they actually contain
malicious code.
■Are often seen in a form of free
video games and screensaver
applications that can download
from the internet.
■One of the most dangerous trojan
horse forms claims to provide free
 4. Denial of Service
■By overwhelming a computer system
or network with requests for
information and data, a denial of
service attack aims to delay or stop
it.
■Once the ISP or website has been
hacked, the computers at the ISP or
website become overburdened by
demands for service and are unable
to respond to legitimate users.
■Internet Service Providers (ISPs) and
5. Rogue Wifi Hotspot
■There are free wifi networks everywhere,
this open networks are imitated by rogue
wifi hotspots. Once linked, the rogue
networks collect all information submitted
to legitimate sites by users, including user
names and passwords.
6. Identity Theft
■Identity stealing is the fraudulent use of
another person’s identity for financial gain.
They often share personal details such as
birthdate, family names, addresses.
7. Internet Scams
■Scam is a misleading or an ethical act or activity
that entices people into sharing personal information
or wasting time and resources with little or no
benefit.
■Internet fraud is basically a con that takes place over
the internet.
8. Rootkits
■Is a collection of programs that allows its user to
obtain administrator level access to a device without
the permission or knowledge of the end user.
9. Spam
■10. Phishing
Phishing is the malicious use of e-mail to
try to get the user to share personal
information. In a phishing scam, a con
artist sends out e-mails that appear to be
from a reputable source, encouraging the
user to take action in order to avert
undesirable repercussions or to earn a
payout.
Spear-phishing is a form of phishing in
which the phisher sends phony e-mails to
■11. Adware It's a piece of software that
forces pre- selected advertisements to
appear on a computer
■12. Attack It is a procedure for gaining
access to a device and extracting
confidential data.
■13. Back Door This hidden access to a
computer system or app, also known as a
"trap door," bypasses authentication
mechanisms such as logins and password
■14. Botnet It's a program that automates a
task so that it can be carried out at a much
faster pace and over a longer period of time
than a human operator might. A botnet, also
known as a "zombie army," is a collection of
computers that are managed without the
knowledge of their users.
■15. Brute Force Attack - It is the easiest
and most automatic way of gaining access to
a device or website. It repeatedly attempts
combinations of usernames and passwords
before it succeeds.
■16. Buffer Overflow If more data is written
to a block of memory or a buffer than the
buffer is allocated to contain, this is a
mistake.
■17. Clone Phishing It is the addition of a
false connection to an actual, valid e-mail in
order to dupe the receiver into sharing
personal information.
■18. Exploit Kit - It's a software framework
that runs on Web servers to find software
flaws in client computers that communicate
■19. Exploit. It's a piece of software, a
block of code, or a series of commands
that exploits a flaw or loophole in a
device or network device to undermine
its protection.
■20. Firewall. A firewall is a security
device that keeps unauthorized
intruders out of a computer system or
network while allowing secure contact
■21. Keystroke Logging. This is the
procedure for keeping track of the keys
pressing on a monitor (and which
touchscreen points are used). It's nothing
more than a computer/human interface map.
Gray and black hat hackers use it to keep
track of login IDs and passwords. A Trojan
sent via phishing e-mail is typically used to
install key loggers on a computer.
■22. Logic Bomb - It is a virus that is
secreted into a device and when those
requirements are met, it performs a
■23. Malware It's a catch-all word for a
wide range of malicious malware, from
computer viruses, worms, Trojan horses,
malware, spyware, adware, scareware, and
other malicious programs.
■24. Master Program This is the software
that a black hat hacker uses to send orders
to infected zombie drones over the
internet, usually to carry out DoS or spam
attacks.
■25. Phreakers These was thought to be
the first computer hackers. They are those
■26. Shrink Wrap Code This is the process of
finding flaws in unpatched or incorrectly
designed applications and exploiting them.
■27. Social Engineering - This entails
deceiving others in order to obtain confidential
and personal data such as credit card
numbers, usernames, and passwords.
■28. Spoofing It's a method of gaining
unwanted access to computers in which an
attacker sends messages to a device with an IP
address that indicates the message came from
■29. Spyware This is software that collects
information about an individual or
organization without their permission and
may transmit that information to another
party without their consent, or that asserts
authority over a device without their
knowledge.
■30. SQL Injection This is a SQL code
injection technique for targeting data-driven
applications in which malicious SQL
statements are inserted into an entry field
for execution.
■32. Vulnerability - This is a flaw that helps
a hacker to break through a computer or
network system's safe.
■33. Cross-site Scripting (XSS) This is a
common form of computer security flaw
found in Web applications.
■34. Zombie Drone - It is described as a
computer that has been hacked and is being
used anonymously as a soldier or "drone"
for malicious purposes, such as sending
unwanted spam e-mails.
 TOP 10 MOST VALUABLE INFORMATION TO CRIMINALS
VALUABLE INFORMATION %
Customer Information 17%
Financial Information 12%
Strategic Plans 12%
Board Member Information 11%
Customer Password 11%
Research and development (R&D) 9%
Information
Mergers and Acquisitions (M&A) 8%
Information
Intellectual Property 6%
Non-Patented 5%
Supplier Information 5%
 TOP 10 BIGGEST
CYBER THREATS
TO ORGANIZATION
 CYBER THREATS %
Phishing 22
Malware 20
Cyber-attacks (to disrupt) 13
Cyber-attacks (to steal 12
money)
Fraud 10
Cyber-attacks (to steal IP) 8
Spam 6
Internal attacks 5
Natural disaster 2
■HACKING SKILLS
As an ethical hacker, there is a need to
understand various hacking techniques, which
are as follows:
a. Password guessing and cracking
b. Session hijacking
c. Session spoofing
d. Network traffic sniffing
e. Denial-of-service attacks
f. Exploiting buffer overflow vulnerabilities
 PHASES OF
CYBERSECURITY
ATTACK
(6) Phases of Cybersecurity Attack
■1. Reconnaissance The attacker
gathers information about a goal by
active or passive means during this
process. Google Dorks and Maltego are
two commonly used methods in this
process.
■2. Scanning During this process, the
attacker deliberately probes a target
computer or network for exploitable
vulnerabilities. Nessus or Nexpose are
■3. Gaining Access - The vulnerability
is discovered during this operation. The
attacker tries to use it to gain access to
the device. Metasploit is the most
important method in the operation.
■4. Maintaining Access - When a
hacker has already obtained access to a
device, this is the method. After
obtaining entry, the hacker sets up
some back doors to allow him access to
the device in the future if he wants it. In
■5. Clearing Tracks - This is a morally
reprehensible procedure. It has to do
with the removal of all logs of all events
that occur during the hacking process.
■6. Reporting - This is the last move in
the ethical hacking procedure. The
ethical hacker compiles a paper
detailing his or her discoveries and the
job that was completed, including the
methods used, progress rate, bugs
 HOW TO PROTECT
YOURSELF AGAINST
CYBERCRIME
1. KEEP SOFTWARE AND
OPERATING SYSTEM UPDATED
■Use anti-virus software and keep it updated
■Use strong passwords
■Never open attachments in spam emails
■Do not click on links in spam emails or untrusted
websites
■Don not give out personal information unless
secure
■Contact companies directly about suspicious
requests
INCIDENT RESPONSE
■Also known as an IT incident, computer
incident or security incident, is a
coordinated approach to handling and
managing the aftermath of a security
breach or cyber attack.
■The aim is to deal with the situation in a
manner that limits harm and decreases
recovery time and costs.
■Is about making and having a flight plan.
IMPORTANCE OF INCIDENT
RESPONSE
■It help an organization minimize
losses, mitigate vulnerabilities
exploited, restore services and
procedures, and reduce the risks
posed by future incidents.
5 MEASURES IN
INCIDENT
RESPONSE
■1. PREPARATION - the secret to efficient
incident response is planning. Features
included in an incident response plan in
order to resolve security incidents
successfully:
a. Development of incident response policies
and documentation
b. Definition of guidelines on communication
guidelines
c. Threat intelligence feeds incorporation
d. Conduct of cyber hunting exercises
■2. DETECTION AND REPORTING - the aim
of this process is to track security events.
a. Monitor
b. Detect
c. Alert
d. Report
■3. TRIAGE AND ANALYSIS - to collect data
from instruments and systems for further
study and to recognize signs of
compromise, resources should be used.
■Analyst should concentrate on 3 KEY AREAS
as information is gathered:
3.1 Endpoint Analysis RAM (Random Access
Memory) - is the short-term data storage for
your system; it stores the data that your
computer is currently using so that it can be
accessed easily.
■3.2. Binary Analysis - Examine malicious
binaries or devices leveraged by the attacker
and record the features of such programs.
■This analysis is preformed in 2 ways:
A. Behavioral Analysis: execute the malicious
program in a VM to monitor its behavior. VM
(virtual machine) - it is a programming tool
that uses software to run programs and
execute applications instead of a physical
computer.
B. Static Analysis: to check out the entire
■3.3. ENTERPRISE HUNTING
To access the scope of compromise
evaluate with the current structure
and event log technologies.
■4. Containment and
neutralization This is one of the
most important incident response
level. It is based on the intelligence
gathered during the review process
and the compromise indicators.
• Coordinated Shutdown
• Wipe and Rebuild
• Threat Mitigation Requests
■5. ACTIVITY FOR POST-INCIDENTS
Make sure that any details that can be
used to avoid similar events from
occurring again in the future is properly
recorded.
a. Complete a report on incidents
b. Monitor Post-Incident
c. Threat intelligence update
d. Identify protective acts
■CRITERION FOR AN APPROPRIATE
INCIDENT RESPONSE PLAN
1. Be simple but accurate
A. Have comprehensive roles and
responsibilities
B. Bringing professional and non-
technical staff together
C. Provide a system classification
2. Understand the priority of the
organization
■FIVE THINGS NOT TO DO DURING
AN INCIDENT
1. Not to panic
2. Do not shut down the infected
systems
3. Unless otherwise instructed, do not
discuss the incident with anyone
4. When accessing a device
environment, do not use domain
administrative credentials
■THINGS TO DO DURING AN
INCIDENT
1. Use forensic tools to extract a
volatile data and other essential
objects from the device
2. Gather external intelligence based on
known compromise indicators (IOC)
3. Safeguard systems and other media
for forensic collection.
4. Collect suitable logs
■BUILDING INCIDENT RESPONSE
TEAM AND THEIR KEY ROLES AND
RESPONSIBILITIES
IR team should consist of:
1. Incident response manager
2. Security analyst
Two types of analyst:
A. Triage analyst
B. Forensic analyst
■TIPS TO GET MORE EFFICIENT
INCIDENT RESPONSE
1. Keep confidential information of
incident response
2. Coordinate system shutdown
3. Be sure to reset credentials
USAGE OF CURRENT TOOLS
FOR PROMOTING RESPONSE
TO INCIDENTS
■When more companies begin adopting
incident management systems, many ask
what resources are available to support
the response to incidents. The good news
for security teams is that many of your
current instruments provide features that
would be useful for forensics and other
tasks of incident response.
DETECT ACTORS OF THREAT
THROUGH ANTIVIRUS LOGS
■Just 10% to 15% of malware can be
detected by your online antivirus solution,
but your antivirus logs may contain vital
attack indicators. One of their first targets
when threat actors break into your
environment is to tell in passwords by
running a credential dumping program.
■PNP CYBERCRIME INCIDENT
RESPONSE PROCEDURE
Cybercrime Response - is the actual
police interference in the cyber
crime incident where inside the
hardware, software and network of
the device the acquisition of
evidentiary value issues is
traceable.
GUIDELINES FOR CYBERCRIME INCIDENT
FIRST RESPONDER
■A. When responding to a cyber crime incident
or a crime scene where computers must be
able to secure, capture and scan the same and
able to locate possible evidence.
■B. After defining the theories about the role of
the machine in the commission of the crime,
the first responder should consider the
question necessary for any further police
intervention.
■C. I want issued by the court
includes the search of computers
and seizure of data from them.
■D. Reasonable collection
techniques shall be used in order to
retain the confiscated data sought.
■E. The evidence obtained is subject
to forensic analysis by professional
staff.
SEARCH AND SEIZURE OF COMPUTER
1. Secure the scene
2. Secure the computer as evidence
3. For stand-alone connection or single area
connection computers (non-network)
A. Consult a computer specialist
B. If specialist is not available:-photograph and
detach all the power sources and connectors -
over each drive slot, put proof tape
-photograph and mark pieces
-Mark all connectors and cable end assembly as
needed.
4.For Networked Computers
A. For help, consult a computer
expert.
B. Do not pull the plug automatically
to stop
-significant machine damage
-The disturbance of legitimate
company
GUIDELINES IN THE TREATMENT OF
OTHER ELECTRONIC DATA STORAGE
DEVICES
■The FR should recognize that it is possible
for other electronic devices to produce
viable evidence related to crime. That FR
must make sure that the computer cannot
be accessed unless an emergency of yours.
The FR should ensure that any acts relevant
to the misuse of the device are recorded in
order to record the chain of custody and to
ensure that it is accepted as evidence in
SEARCH AND SEIZURE OF WIRELESS
TELEPHONES

A. If the system is "ON" then do not turn

"OFF "on it
B. Leave "OFF" if the system is "OFF"
ELECTRONIC PAGING DEVICES SEARCH
AND SEIZURE
■The FR should note that only went into
dental to a lawful arrest, when permission
has been granted, and when it warrant has
been released, will be the search for stored
data is an electronic paging system be
performed.
FACSIMILE OR FAX MACHINE SEARCH
AND SEIZURE
■If the fax machine is ON, that FR should
■Caller ID devices search and
Seizure
A.Potential proof found in caller ID
systems should be known by the FR.
B.The FR should note that disruption of
the caller ID device's power supply can
cause data loss if the internal battery
pack up is not secured.
C.The FR must also ensure that all store
data is registered before the computer
Members:
Ordeniza
Montalban
Jabagat
THANK YOU!
Sumaguila
Naser
Santiago
Agot
Godoy
Lusica
Laranjo