CASES AND ISSUES IN ICT .
Cyber Grooming is when a person builds an online relationship
Modern life has been transformed by computers, mobile
phones, and the internet. They give us with numerous
advantages.
Information technology, on the other hand, puts us vulnerable
to a variety of hazards. These dangers may result in financial
losses or reputational damage.
Cybercriminals can gain access to our digital lives through a
little breach in our digital life management. As a result,
understanding how to protect ourselves from cybercrime is
critical.
Cybercrime is a crime or unlawful act committed through the
use of computers and networks. It's possible that the computer
was utilized in the commission of a crime or that it was the
intended target.
The majority of cybercrime goes into one of two categories:
o Computer-related criminal conduct
o Computer-assisted criminal conduct.
• Malware, such as viruses, are frequently used in cybercrime
that targets computers.
• Cybercrime that involves the use of computers to commit
other crimes can include spreading malware, illicit
information, or illegal photos. (computer related)
• Cybercriminals exploit communication technology to steal
financial information and perpetrate identity theft. (computer
assisted)
Cybercrime often includes the following
• illegal spyware on people's computers without
their consent,
• exploitation of security vulnerabilities on online
merchants' websites to steal customers’ bank and
credit card details
• sending out of phishing emails, which direct
customers to a bogus website, such as a fake
banking website,
• viruses and worms causing computers to
malfunction, and
• hackers sometimes use unwitting people's
computers to generate spam email
Firewalls are used to protect against unauthorized access,
along with software to halt viruses and spyware, help to deter
online.
Examples of Cybercrimes
Child sexually abusive material (CSAM) refers to a material
containing sexual images in any form, of a child who is abused
or sexually exploited.
Cyberbullying is a form of harassment or bullying inflicted
through the use of electronic or communication devices such as
computers, mobile phones, laptops, etc.
Cyberstalking is the use of electronic communication by a
person to follow a person or attempts to contact a person to
foster personal interaction repeatedly despite a clear indication
of disinterest by such person; or monitors the internet, email or
any other form of electronic communication commits the offence
of stalking.
with a young person and tricks or pressures him/ her into doing
a sexual act.
Online Job Fraud is an attempt to defraud people who are in
need of employment by giving them false hope/ promise of
better employment with higher wages.
Online Sextortion occurs when someone threatens to distribute
private and sensitive material using an electronic medium if he/
she doesn’t provide images of a sexual nature, sexual favors, or
money.
Phishing is a type of fraud that involves stealing personal
information such as Customer ID, IPIN, Credit/Debit Card
number, Card expiry date, CVV number, etc. through emails that
appear to be from a legitimate source.
Vishing is an attempt where fraudsters try to seek personal
information like Customer ID, Net Banking password, ATM PIN,
OTP, Card expiry date, CVV etc. through a phone call.
Smishing is a type of fraud that uses mobile phone text
messages to lure victims into calling back on a fraudulent phone
number, visiting fraudulent websites or downloading malicious
content via phone or web.
Sexting is an act of sending sexually explicit digital images,
videos, text messages, or emails, usually by cell phone.
SIM Swap Scam occurs when fraudsters manage to get a new
SIM card issued against a registered mobile number fraudulently
through the mobile service provider. With the help of this new
SIM card, they get One Time Password (OTP) and alerts,
required for making financial transactions through the victim’s
bank account. Getting a new SIM card against a registered
mobile number fraudulently is known as SIM Swap.
Credit card or debit card fraud involves the unauthorized use
of another’s credit or debit card information for the purpose of
purchases or withdrawing funds from it.
Impersonation and identity theft is an act of fraudulently or
dishonestly making use of the electronic signature, password or
any other unique identification feature of any other person.
Spamming occurs when someone receives an unsolicited
commercial message sent via email, SMS, MMS and any other
similar electronic messaging media.
Ransomware is a type of computer malware that encrypts the
files, storage media on communication devices like desktops,
Laptops, Mobile phones etc., holding data/information as a
hostage. The victim is asked to pay the demanded ransom to
get his device decrypts
Computer virus is a program written to enter your computer
and damage/alter your files/data and replicate itself.
Worms are malicious programs that make copies of themselves
again and again on the local drive, network shares, etc.
Trojan horse is not a virus. It is a destructive program that looks
like a genuine application. It gives malicious users/programs
access to your system, allowing confidential and personal
information to be theft.
Worms, Virus, and Trojan Horse are threats for electronic
payment system.
Data breach is an incident in which information is accessed
without authorization. 18. Denial of Services (DoS) attack
Denial of Services (DoS) attack is an attack intended for
denying access to computer resources without the permission
of the owner or any other person who is in charge of a computer,
computer system or computer network.
Website Defacement is an attack intended to change the visual
appearance of a website and/ or make it dysfunctional. The
attacker may post indecent, hostile and obscene images,
messages, videos, etc.
Cyber-Squatting is an act of registering, trafficking in or using
a domain name with an intent to profit from the goodwill of a
trademark belonging to someone else.
Pharming is a cyber-attack aiming to redirect a website’s traffic
to another, bogus website.
Cryptojacking is the unauthorized use of computing resources
to mine cryptocurrencies.
Online Drug Trafficking is a crime of selling, transporting, or
illegally importing unlawful controlled substances, such as
heroin, cocaine, marijuana, or other illegal drugs using electronic
means.
Espionage is the act or practice of obtaining data and
information without the permission and knowledge of the owner.
CYBERCRIME LAWS IN THE PHILIPPINES
The country has passed several laws to regulate e-commerce
and other online activities.
Republic Act 8484 or the Access Devices Regulation Act of
1998
• An act regulating the issuance and use of access devices,
prohibiting fraudulent acts committed relative thereto,
providing penalties and for other purposes
Republic Act 8792 or the Electronic Commerce Act of 2000
• An Act Providing For The Recognition And Use of Electronic
Commercial And Non-Commercial Transactions, Penalties
For Unlawful Use Thereof, And Other Purposes, also known
as the "Electronic Commerce Act."
Republic Act 10175 or The Cybercrime Prevention Act Of
2012.
• An Act Defining Cybercrime, Providing for The Prevention,
Investigation, Suppression and The Imposition of Penalties
Therefor and For Other Purposes.
TYPES OF CYBERCRIME (R.A. 10175)
1. Illegal access - Unauthorized access (without right) to a
computer system or application.
2. Illegal interception - Unauthorized interception of any non-
public transmission of computer data to, from, or within a
computer system
3. Data Interference - Unauthorized alteration, damaging,
deletion or deterioration of computer data, electronic document,
or electronic data message, and including the introduction or
transmission of viruses.
4. System Interference - Unauthorized hindering or
interference with the functioning of a computer or computer
network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program,
electronic document, or electronic data messages, and including
the introduction or transmission of viruses.
5. Misuse of Device - The unauthorized use, possession,
production, sale, procurement, importation, distribution, or
otherwise making available, of devices, computer program
designed or adapted for the purpose of committing any of the
offenses stated in Republic Act 10175.
6. Cyber-squatting - Acquisition of domain name over the
Internet in bad faith to profit, mislead, destroy reputation, and
deprive others from the registering the same.
7. Computer-related Forgery - Unauthorized input, alteration,
or deletion of computer data resulting to inauthentic data with
the intent that it be considered or acted upon for legal purposes
as if it were authentic, regardless whether the data is directly
readable and intelligible.
8. Computer-related Fraud - Unauthorized input, alteration, or
deletion of computer data or program or interference in the
functioning of a computer system, causing damage thereby with
fraudulent intent.
9. Computer-related Identity Theft - Unauthorized acquisition,
use, misuse, transfer, possession, alteration or deletion of
identifying information belonging to another, whether natural or
juridical.
10. Cybersex - Willful engagement, maintenance, control, or
operation, directly or indirectly, of any lascivious exhibition of
sexual organs or sexual activity, with the aid of a computer
system, for favor or consideration
11. Child Pornography - Unlawful or prohibited acts defined
and punishable by Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer
system.
12. Libel - A published false statement that is damaging to a
person's reputation; a written defamation.
13. Aiding or Abetting in the commission of cybercrime -
Any person who willfully abets or aids in the commission of any
of the offenses enumerated in this Act shall be held liable
14. Attempt in the commission of cybercrime - Any person
who willfully attempts to commit any of the offenses enumerated
in this Act shall be held liable.
ETHICS, PRIVACY, AND INFORMATION SECURITY .
Ethics
• a branch of philosophy that deals with what isconsidered to
be right and wrong.
• refers to the principles of right and wrong that individuals
use make choices that guide their behavior.
Code of Ethics
• a collection of principles intended as a guide for members
of a company or organization.
• a collection of principles that are intended to guide decision
making by members of an organization.
Fundamental Tenets of Ethics
Fundamental tenets of ethics include responsibility,
accountability, and liability.
• Responsibility - means that you accept the
consequences of your decisions and actions.
• Accountability - means a determination of who is
responsible for actions that were taken.
• Liability - a legal concept meaning that individuals
have the right to recover the damages done to them by
other individuals, organizations, or systems.
Four Ethical Issues of the Information Age by Richard O.
Mason
Our period is an information age, and our civilization is truly an
information society. In this information age, we face a variety of
distinct issues. They come from the very nature of information.
Information
• the way by which the mind expands and increases its
potential to attain its objectives, frequently as a result of
input from another mind.
• it serves as the intellectual capital upon which humans build
their lives and maintain their dignity.
The development of intellectual capital, on the other hand, is
vulnerable in a variety of ways. These dangers to human dignity
must be addressed in the digital age's social compact.
The 4 ethical problems summarized by means of an
acronym -- PAPA:
1. Privacy: What information about one's self or one's
associations must a person reveal to others, under what
conditions and with what safeguards? What things can people
keep to themselves and not be forced to reveal to others?
Many consider privacy to be the most important area in which
their interests need to be safeguard. Privacy has long been
considered “the right to be left alone”. It has been defined in
terms of individuals’ ability to personally control information
about themselves.
Our privacy is under assault from two forces.
• The advancement of information technology, which has
increased surveillance, communication, processing,
storage, and retrieval capabilities.
• The rising usefulness of information in decision-making, a
more subtle threat.
2. Accuracy: Who is responsible for the authenticity, fidelity and
accuracy of information? Similarly, who is to be held
accountable for errors in information and how is the injured party
to be made whole?
The accuracy or the correctness of information assumes real
importance for society as computers come to dominate in
corporate record-keeping activities
Misinformation has a tendency of messing up people's lives,
especially when the party disseminating the false information
has a power and authority advantage.
3. Property: Who owns information? What are the just and fair
prices for its exchange? Who owns the channels, especially the
airways, through which information is transmitted? How should
access to this scarce resource be allocated?
The topic of intellectual property rights is one of the most
complicated concerns we confront as a society. These rights are
surrounded by significant economic and ethical problems, which
revolve around the unique characteristics of information and the
ways by which it is delivered. In the beginning, producing a
single piece of data can be too expensive.
4. Accessibility: What information does a person or an
organization have a right or a privilege to obtain, under what
conditions and with what safeguards?
Literacy is our primary source of information. From the invention
of paper to the modern computer, each advancement in
information management has placed new demands on literacy.
To be literate in an information society, a citizen must have at
least three skills:
- To deal with knowledge, one must have the necessary
intellectual abilities.
• Reading, writing, reasoning, and calculating are
examples of these abilities. This is an educational task
- Access to information technologies that store, transmit, and
process data is required.
• Libraries, radios, televisions, telephones, and,
increasingly, personal computers or terminals
connected to mainframes via networks are all
examples of this. This is a problem in social economics.
- One must have physical access to the data. This necessity
harkens back to the issue of property, and it's also a social
economics issue.
These literacy requirements are a function of the individual's
knowledge level as well as his or her economic status.
Unfortunately, both of these levels are currently decreasing for
many individuals around the world. In modern organizations and
society, they are major forces acting for and against
contemporary literacy.
UNETHICAL VS ILLEGAL
'Unethical' refers to something that is morally incorrect.
'Illegal' refers to something that is against the law.
• Unethical is not necessarily illegal.
• The law is the deciding factor in an illegal act.
• When it comes to unethical behavior, the man's own
conscience is the decisive factor.
• Although an unethical act is against morality, it is not
against the law.
• An illegal conduct is always unethical, but an unethical
action can be legal or not.
Some more examples of unethical practices are deliberate
deception, violation of conscience, and failure to honor
commitments.
Some examples of illegal practices are discrimination or
harassment, theft, unfair employee treatment, and unjust health
and safety protocols.
PRIVACY
• In Philippine law, the concept of privacy is enshrined in the
Constitution and is regarded as the right to be free from
unwarranted exploitation of one’s person or from intrusion
into one’s private activities in such a way as to cause
humiliation to a person’s ordinary sensibilities (Hing v.
Choachuy, 2013).
• It has been described as the most comprehensive of rights
and the right most valued by civilized men (Morfe v. Mutuc,
1968).
Republic Act 10173 or Data Privacy Act of 2012
• It is a law that seeks to protect all forms of information, be it
private, personal, or sensitive. It is meant to cover both
natural and juridical. It is an act protecting individual
personal information in information and communications
systems in the government and the private sector, creating
for this purpose a national privacy commission, and for
other purposes.
• It was passed in accordance with the Philippines
agreements under ASEAN Vision 2020 and at the urging of
the growing business process outsourcing industry. The law
was modeled after the Data Protection Directive (95/46/EC)
with many of its terminologies and provisions similar to
privacy laws in other jurisdictions.
The National Privacy Commission (NPC) is in charge of
administering and implementing the DPA. It is also tasked to
monitor and ensure compliance of the Philippines with
international standards for personal data protection.
The major functions of the NPC are as follows:
• Rule making
• Advisory. The NPC is the advisory body on matters related
to personal data protection.
• Public education. The NPC shall launch initiatives to
educate the public about data privacy, data protection and
fair information rights and responsibilities.
• Compliance and monitoring. The body has compliance
and monitoring functions to ensure personal information
controllers comply with the law. It is also tasked to manage
the registration of personal data processing systems.
• Complaints and investigations.
• Enforcement.
Personal information refers to any information whether recorded
in a material form or not, from which the identity of an individual
is apparent or can be reasonably and directly ascertained by the
entity holding the information, or when put together with other
information would directly and certainly identify an individual.
Personal data refers to all types of personal information.
Processing is any operation/s performed upon personal data.
These operations include, but are not limited to the collection,
recording, organization, storage, updating or modification,
retrieval, consultation, use, consolidation, blocking, erasure, or
destruction of data.
“Personal information controller” is an individual or institution, or
any other body who controls the processing of personal data, or
instructs another to process personal data on its behalf.
Data subject refers to an individual whose personal information
is processed.
KEY RIGHTS THAT SUMMARIZE THE DATA PRIVACY ACT
FOR THE PHILIPPINES
1. The Right to be Informed
• The foundation for the Data Privacy law is consent.
Which means the willingness of data subjects to hand
over their data. Data can be accessed and used by
marketers so long as users give their permission to do
so.
2. The Right to Object
• At the opposite end of consent is the right of any person
to object to the collection and processing of their
personal data. While agreeing to the terms of use may
be mandatory to use a service, data subjects have the
right to refuse to accept the terms at anytime.
3. The Right to Access and Data Portability
• Once someone has given you their consent to use their
personal data, they also have the right to access it.
These data subjects must have reasonable access to
the data they have given. Access should be easy as
well as “data portable” meaning their personal data can
be electronically stored and copied at anytime.
4. The Right to Rectify
• Access to their collected personal data entitles the data
subject to correct any mistakes or misrepresentation.
5. The Right to Erasure or Blocking
• Consent means permission but data subjects also have
the right to withdraw their consent at anytime. This can
be addressed through unsubscription to email services
for example, or by directly emailing the company’s Data
Protection Officer.
6. The Right to Damages and to file a Complaint with the
NPC
• At the extreme end of the spectrum, if damages are
done to the data subject, he has the right to file for
damages as well as escalate matters with the National
Privacy Commission.
THREATS TO SECURITY AND PRIVACY
Undetected intrusions on our privacy
• Identity thieves, hackers, unethical marketers, and other
nefarious actors usually attack in one of several ways.
• One of the most effective methods to arm and protect
ourselves against these attacks is to become familiar with
these forms.
Data
• Data is valuable, which is one of the main reasons why your
online privacy is at risk.
• A hacker has struck gold if they can gain illegal access to
an airline's reservation system or an e-commerce site's
customer database.
• Any information you post on the internet could be misused.
As a result, you must exercise caution when it comes to
your online privacy.
Digital data
• Transactional data, location data, electronic medical
records, e-commerce data, insurance data, images and
videos, thoughts and views, and other types of personal
data are all examples of digital data.
• All of these data pieces are personal and sensitive
information that should not be shared without the data
owner's permission.
Privacy breaches can occur at several phases of data
processing (Ram, Murali, & Kumar, 2021).
Data breach
• This can an happen at any point along the data
processing process, with different types of employees
operating at different levels.
• Top-level management should ensure that no data
breaches occur at any point, necessitating the
establishment of a policy and an ethical code of
behavior for all firm personnel.
• Policies alone, however, are insufficient; a regulating
agency is required to ensure that the policies are
followed.
• Individuals are also contributing to data leakage
through irresponsible usage of social media and mobile
devices.
Threats to data security and privacy:
Data aggregators, digital dossiers, and profiling
• Data aggregators companies that collect public
data (e.g., real estate records, telephone
numbers) and nonpublic data (e.g., social security
numbers, financial data, police records, motor
vehicle records) and integrate them to produce
digital dossiers.
• Digital dossier is an electronic description of you
and your habits.
• Profiling is the process of creating a digital dossier.
Electronic Surveillance
• The tracking of people ‘s activities, online or
offline, with the aid of computers.
• Many people are blissfully unaware that they can
be under electronic surveillance while they are
using their computers.
Personal Information
• information about individuals is being kept in many
databases like banks, utility companies,
government agencies, and the most visible
locations are credit-reporting agencies.
Information on Internet Bulletin Boards, Newsgroups,
and Social Networking Sites
• Social Networking Sites often include electronic
discussions such as chat rooms. These sites
appear on the Internet, within corporate intranets,
and on blogs.
• A blog (Weblog) is an informal, personal journal
that is frequently updated and intended for general
public reading.
• Social networking sites can cause you problems.
Anyone can post derogatory information about you
anonymously. You can also hurt yourself. The best
thing to do is be careful what information you post
on social networking sites.
PROTECTING PRIVACY
Privacy policies or privacy codes
• The instructions for protecting the privacy of an
organization's customers, clients, and workers
• Senior management in many companies has realized
that when they collect large volumes of personal data,
they must secure it. Furthermore, many businesses
give their customers a say in how their information is
utilized by providing either opt-out or opt-in options.
Opt-in
• Opting-in means a user, acknowledging interest in a
product or service and authorizing a third party to contact
them with further information.
• Subscribing to email and newsletter mailing lists, permitting
cookie use, and consenting to legal terms are all examples
of circumstances when opting in is appropriate.
• When a user registers for an account, they have the
opportunity to opt in to receiving emails as well as to agree
to the terms of use and privacy policy. When users first
arrive on this page, both boxes are unchecked, allowing
them to take direct action to indicate their preferences.
• It’s not only your privacy policy that you should ask users to
opt in to. After you create terms and conditions, you should
also host these on a banner or form, and request user
consent to agreement.
Opt-out
• The opt-out model of informed consent allows the company
to collect personal information until the client expressly
requests that it be removed.
• Opting out means a user takes action to withdraw their
consent.
There are two main ways to offer opt-outs to users.
1. Unchecking boxes
• The user then has the opportunity to opt out,
meaning they uncheck the boxes in order to
withdraw their consent.
2. Consent withdrawal
• When you offer users a way to withdraw their
permission or change their preferences after the
original point of consent.
• The company notifies users that they may opt out
of receiving future marketing contact by directing
them to a preference manager via the opt-out link.
“unsubscribe” link - more common method of opt out
o Unsubscribe links are often contained in the footer of
an email.
o They direct users to a page or form that allows them to
opt out of receiving further outreach from the company.
INFORMATION SECURITY
Key Information Security Terms
• Threat is any danger to which a
system/information resource may be exposed.
• Exposure is the harm, loss or damage that can
result if a threat compromises an information
resource.
• Vulnerability is the possibility that the
system/information resource will suffer harm by a
threat.
 • Risk is the likelihood that a threat will occur. o gathering techniques. Espionage crosses the legal
• Information system controls ere the procedures, boundary.
devices, or software aimed at preventing a o Information extortion
compromise to a system. o Sabotage or vandalism
o Theft of equipment or information
Factors Increasing the Threats to Information Security ▪ For example, dumpster diving
• Today’s interconnected, interdependent, o Compromises to intellectual property
wirelessly- networked business environment ▪ Intellectual property. Property created by individuals or
• Government legislation Smaller, faster, cheaper corporations which is protected under trade secret, patent,
computers and storage devices and copyright laws.
• Decreasing skills necessary to be a computer • Trade secret. Intellectual work, such as a business plan,
hacker. that is a company secret and is not based on public
• International organized crime turning to information.
cybercrime • Patent. Document that grants the holder exclusive rights
• Downstream liability on an invention or process for 20 years.
• Copyright. Statutory grant that provides creators of
• Increased employee use of unmanaged devices
intellectual property with ownership of the property for life of
• Lack of management support
the creator plus 70 years.
▪ Piracy. Copying a software program without making
CATEGORIES OF THREATS TO INFORMATION SYSTEMS
payment to the owner.
o Software Attacks
- Unintentional acts
▪ Virus, Worm, Trojan horse, and Logic Bomb
▪ Human errors
▪ Phishing attacks
- Tailgating
▪ Distributed denial-of-service attacks
• To deter tailgating, many companies have anti-
o Alien Software
tailgating doors protecting the entrance into high-
▪ Spyware
security areas. Note that only one person at a time
▪ Spamware
can go through this door.
▪ Cookies
- Shoulder surfing
o Supervisory control and data acquisition (SCADA)
• Shoulder surfing occurs when the attacker
attacks
watches another person’s computer screen over
that person’s shoulder. Particularly dangerous in
public areas such as airports, commuter trains,
and on airplanes.
- Carelessness with laptops and portable computing
devices
• Opening questionable sites
• Careless Internet surfing
▪ Poor password selection and use
▪ Deviations in quality of service-by-service providers
(e.g., utilities)
▪ Environmental hazards (e.g., dirt, dust, humidity)
• We should note that the biggest threat to the security of an
organization’s information assets are the company’s
employees.
• In fact, the most dangerous employees are those in human
resources and IT. HR employees have access to sensitive
personal data on all employees. IT employees not only have
access to sensitive personal data, but control the means to
create, store, transmit, and modify these data.

Social Engineering is an attack where the attacker uses social

skills to trick a legitimate employee into providing confidential
company information such as passwords. Social engineering is
a typically unintentional human error on the part of an employee,
but it is the result of a deliberate action on the part of an attacker.

- Natural disasters
- Technical failures
- Management failures
- Deliberate acts (Whitman and Mattord, 2003)
o Espionage or trespass is the competitive intelligence
consists of legal information-