The Republic Act No.

10175, also known as the “Cybercrime Prevention Act of 2012,” is a law in the
Philippines that defines cybercrime and provides for its prevention, investigation, suppression, and the
imposition of penalties 1. The following are some of the definitions of terms used in the act:

Access: Refers to the instruction, communication with, storing data in, retrieving data from, or otherwise
making use of any resources of a computer system or communication network

Alteration: Refers to the modification or change, in form or substance, of an existing computer data or
program

Communication: Refers to the transmission of information through ICT media, including voice, video and
other forms of data

Computer: Refers to an electronic, magnetic, optical, electrochemical, or other data processing or

communications device capable of performing logical, arithmetic, routing, or storage functions and
which includes any storage facility or equipment or communications facility or equipment directly
related to or operating in conjunction with such device. It covers any type of computer device including
devices with data processing capabilities like mobile phones, smart phones, computer networks and
other devices connected to the internet

Computer data: Refers to any representation of facts, information, or concepts in a form suitable for
processing in a computer system including a program suitable to cause a computer system to perform a
function and includes electronic documents and/or electronic data messages whether stored in local
computer systems or online

A violation of R.A. 10175, particularly Sec. 4 (c) (4) of R.A. 10175 (Cyberlibel) can result, not only in the
filing of a criminal complaint, but also a civil complaint for damages. Article 2219, paragraph (7) of the
Civil Code allows the recovery of moral damages in case of libel, slander or any other form of
defamation.

Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections 4(a) and 4(b)
of this Act shall be punished with imprisonment of prision mayor or a fine of at least Two hundred
thousand pesos (PhP200,000.00) up to a maximum amount commensurate to the damage incurred or
both.

Any person found guilty of the punishable act under Section 4(a)(5) shall be punished with imprisonment
of prision mayor or a fine of not more than Five hundred thousand pesos (PhP500,000.00) or both.

If punishable acts in Section 4(a) are committed against critical infrastructure, the penalty of reclusion
temporal or a fine of at least Five hundred thousand pesos (PhP500,000.00) up to maximum amount
commensurate to the damage incurred or both, shall be imposed.

Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1) of this Act shall be
punished with imprisonment of prision mayor or a fine of at least Two hundred thousand pesos
(PhP200,000.00) but not exceeding One million pesos (PhPl,000,000.00) or both.
Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2) of this Act shall be
punished with the penalties as enumerated in Republic Act No. 9775 or the "Anti-Child Pornography Act

of 2009″: Provided, That the penalty to be imposed shall be one (1) degree higher than that provided for
in Republic Act No. 9775, if committed through a computer system.

Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3) shall be punished
with imprisonment of arresto mayor or a fine of at least Fifty thousand pesos (PhP50,000.00) but not
exceeding Two hundred fifty thousand pesos (PhP250,000.00) or both.

Any person found guilty of any of the punishable acts enumerated in Section 5 shall be punished with
imprisonment one (1) degree lower than that of the prescribed penalty for the offense or a fine of at
least One hundred thousand pesos (PhPl00,000.00) but not exceeding Five hundred thousand pesos
(PhP500,000.00) or both.

RA 10173, or the Data Privacy Act, is a law that protects the right to privacy of communication and
personal information in information and communications systems in government and in the private
sector1234. The law sets rules for the collection, handling, and disposal of personal information, and
requires notification to the Commission when automated processing systems are used to make decisions
about a data subject125. The law aims to promote innovation and growth while ensuring data security
and protection34.

The Data Privacy Act of 2012 (DPA) is a law enacted by the Philippine Congress to protect the privacy of
personal data in information and communication systems of both the government and private sector 12.
The law created the National Privacy Commission to ensure that personal information is secured and

(a) Commission shall refer to the National Privacy Commission created by virtue of this Act.

(b) Consent of the data subject refers to any freely given, specific, informed indication of will, whereby
the data subject agrees to the collection and processing of personal information about and/or relating to
him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on
behalf of the data subject by an agent specifically authorized by the data subject to do so.

(c) Data subject refers to an individual whose personal information is processed.

(d) Direct marketing refers to communication by whatever means of any advertising or marketing
material which is directed to particular individuals.

(e) Filing system refers to any act of information relating to natural or juridical persons to the extent that,
although the information is not processed by equipment operating automatically in response to
instructions given for that purpose, the set is structured, either by reference to individuals or by
reference to criteria relating to individuals, in such a way that specific information relating to a particular
person is readily accessible.

(f) Information and Communications System refers to a system for generating, sending, receiving, storing
or otherwise processing electronic data messages or electronic documents and includes the computer
system or other similar device by or which data is recorded, transmitted or stored and any procedure
related to the recording, transmission or storage of electronic data, electronic message, or electronic
document.

(g) Personal information refers to any information whether recorded in a material form or not, from
which the identity of an individual is apparent or can be reasonably and directly ascertained by the
entity holding the information, or when put together with other information would directly and certainly
identify an individual.

(h) Personal information controller refers to a person or organization who controls the collection,
holding, processing or use of personal information, including a person or organization who instructs
another person or organization to collect, hold, process, use, transfer or disclose personal information on
his or her behalf.

PENALTIES

SEC. 25. Unauthorized Processing of Personal Information and Sensitive Personal Information. – (a) The
unauthorized processing of personal information shall be penalized by imprisonment ranging from one
(1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but
not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who process personal
information without the consent of the data subject, or without being authorized under this Act or any
existing law.

(b) The unauthorized processing of personal sensitive information shall be penalized by imprisonment
ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons
who process personal information without the consent of the data subject, or without being authorized
under this Act or any existing law.

SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a)
Accessing personal information due to negligence shall be penalized by imprisonment ranging from one
(1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but
not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to
negligence, provided access to personal information without being authorized under this Act or any
existing law

(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment
ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons
who, due to negligence, provided access to personal information without being authorized under this
Act or any existing law.

SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information. – (a) The
improper disposal of personal information shall be penalized by imprisonment ranging from six (6)
months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but
not more than Five hundred thousand pesos (Php500,000.00) shall be imposed on persons who
knowingly or negligently dispose, discard or abandon the personal information of an individual in an area
accessible to the public or has otherwise placed the personal information of an individual in its container
for trash collection.
(b) The improper disposal of sensitive personal information shall be penalized by imprisonment ranging
from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos
(Php100,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons
who knowingly or negligently dispose, discard or abandon the personal information of an individual in an
area accessible to the public or has otherwise placed the personal information of an individual in its
container for trash collection.

SEC. 28. Processing of Personal Information and Sensitive Personal Information for Unauthorized
Purposes. – The processing of personal information for unauthorized purposes shall be penalized by
imprisonment ranging from one (1) year and six (6) months to five (5) years and a fine of not less than
Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00)
shall be imposed on persons processing personal information for purposes not authorized by the data
subject, or otherwise authorized under this Act or under existing laws.

The processing of sensitive personal information for unauthorized purposes shall be penalized by
imprisonment ranging from two (2) years to seven (7) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be
imposed on persons processing sensitive personal information for purposes not authorized by the data
subject, or otherwise authorized under this Act or under existing laws.

SEC. 29. Unauthorized Access or Intentional Breach. – The penalty of imprisonment ranging from one (1)
year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Two million pesos (Php2,000,000.00) shall be imposed on persons who knowingly and
unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system
where personal and sensitive personal information is stored.

SEC. 30. Concealment of Security Breaches Involving Sensitive Personal Information. – The penalty of
imprisonment of one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be
imposed on persons who, after having knowledge of a security breach and of the obligation to notify the
pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach.

SEC. 31. Malicious Disclosure. – Any personal information controller or personal information processor or
any of its officials, employees or agents, who, with malice or in bad faith, discloses unwarranted or false
information relative to any personal information or personal sensitive information obtained by him or
her, shall be subject to imprisonment ranging from one (1) year and six (6) months to five (5) years and a
fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1,000,000.00).

SEC. 32. Unauthorized Disclosure. – (a) Any personal information controller or personal information
processor or any of its officials, employees or agents, who discloses to a third party personal information
not covered by the immediately preceding section without the consent of the data subject, shall he
subject to imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five
hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).

(b) Any personal information controller or personal information processor or any of its officials,
employees or agents, who discloses to a third party sensitive personal information not covered by the
immediately preceding section without the consent of the data subject, shall be subject to imprisonment
ranging from three (3) years to five (5) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million pesos (Php2,000,000.00).

SEC. 33. Combination or Series of Acts. – Any combination or series of acts as defined in Sections 25 to
32 shall make the person subject to imprisonment ranging from three (3) years to six (6) years and a fine
of not less than One million pesos (Php1,000,000.00) but not more than Five million pesos
(Php5,000,000.00)

SEC. 34. Extent of Liability. – If the offender is a corporation, partnership or any juridical person, the
penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by
their gross negligence, allowed the commission of the crime. If the offender is a juridical person, the
court may suspend or revoke any of its rights under this Act. If the offender is an alien, he or she shall, in
addition to the penalties herein prescribed, be deported without further proceedings after serving the
penalties prescribed. If the offender is a public official or employee and lie or she is found guilty of acts
penalized under Sections 27 and 28 of this Act, he or she shall, in addition to the penalties prescribed
herein, suffer perpetual or temporary absolute disqualification from office, as the case may be.

SEC. 35. Large-Scale. – The maximum penalty in the scale of penalties respectively provided for the
preceding offenses shall be imposed when the personal information of at least one hundred (100)
persons is harmed, affected or involved as the result of the above mentioned actions.

SEC. 36. Offense Committed by Public Officer. – When the offender or the person responsible for the
offense is a public officer as defined in the Administrative Code of the Philippines in the exercise of his or
her duties, an accessory penalty consisting in the disqualification to occupy public office for a term
double the term of criminal penalty imposed shall he applied.

SEC. 37. Restitution. – Restitution for any aggrieved party shall be governed by the provisions of the New
Civil Code.
 Zero-day exploit:
Cyber Attacks
A vulnerability in a system or device that
Types of Cyber Attacks has been disclosed but is not yet patched.
Impacts of Cyber Attacks
Advanced Persistent Threat (APT): A
network attack in which an unauthorized
person gains access to network and stays
A successful cyber attack can cause major
there undetected for a long period of time.
damage to organizations or systems, as well
Backdoor: Method of bypassing normal as to business reputation and consumer
authentication and gaining access in OS or trust.
application.
Some potential results include:
Types of Cyber Attacks Continued
Financial loss.
Buffer Overflow:
Reputational damage.
An exploit that takes advantage of the
Legal consequences.
program that is waiting for a user’s input.
Malicious Code
Man-in-the-middle Attack
Types of Malicious Code
This attack intercepts and relays messages
between two parties who are Virus:
communicating directly with each other.
Malicious software program, when it is
Types of Cyber Attacks Continued executed, it replicates itself by modifying
other computer programs and inserting its
Cross-Site Scripting (XSS):
own code.
A code injection attack that allows an
Network Worm:
attacker to execute malicious JavaScript in
another user’s browser. Standalone malware which replicates itself
in order to spread to other computers.
Denial of Service Attack:
Types of Malicious Code Continued
Any attack where the attackers attempt to
prevent the authorized users from accessing Trojan Horse:
the service.
A program that claims to free your
Types of Cyber Attacks Continued computer from viruses but instead
introduces viruses onto your system.
SQL injection: A very common exploited
web application vulnerability that allows Botnet:
malicious hacker to steal and alter data in
Used to perform distributed denial-of-
website’s database.
service attack (DDoS attack), steal data,
send spam, and allow the attacker access to Vulnerability is the composition of three
the device and its connection. elements:
Types of Malicious Code Continued A flaw in system.
Keylogger: Access of attacker to that flaw.
A type of surveillance technology used to Capability of attacker to exploit the flaw.
monitor and record each keystroke typed on
specific computer’s keyboard.
Classification of Vulnerabilities
Rootkit:
Vulnerabilities are classified according to
Collection of tools or programs that enable
the asset:
administrator-level access to computer or
computer network. Hardware.
Types of Malicious Code Continued Software.
Spyware: Network.
Software that is hidden from the user in Personal.
order to gather information about internet
Physical site.
interaction, keystrokes, passwords, and
other valuable data.
Adware: Classification of Vulnerabilities

Designed to display advertisements on your Vulnerabilities are classified according to

computer and redirect your search requests the asset:
to advertising websites to collect marketing
Hardware.
data about you.
Software.
Types of Malicious Code Continued
Network.
Ransomware:
Personal.
Malware that prevents or limits users from
accessing their system, either by locking the Physical site.
system’s screen or by locking the user’s files
Organizational
unless a ransom is paid.
Vulnerability
What is a Vulnerability?
A cyber-security term that refers to a flaw in
a system that can leave it open to attack.

Malware
1. Malware
2. Usage of Malware
3. Types of Malware
4. How Malware Spreads?
5. How Can You Protect Computer? 6.
Symptoms
7. Anti-Malware Program
• Short for malicious software.
• A is software used or created to disrupt
computer operation, gather sensitive
information, or gain access to private
computer systems.
• It can appear in the form of code, scripts,
active content, and other software.
• 'Malware' is a general term used to refer
to a variety of forms of hostile, intrusive, or
annoying software
Usage of Malware
• Many early infectious programs, including
the first Internet Worm, were written as
experiments or pranks. • Today, malware is
used primarily to steal sensitive personal,
financial, or business information for the
benefit of others.
• Malware is sometimes used broadly
against government or corporate websites
to gather guarded information, or to
disrupt their operation in general.
• However, malware is often used against
individuals to gain personal information
such as social security numbers, bank or
credit card numbers, and so on.
Types of Malware
• Viruses • Trojan horses
• Worms • Spyware
• Zombie • Phishing
• Spam • Adware • Ransomware
Viruses
• A program or piece of code that is loaded
onto your computer without your
knowledge and runs against your wishes.
• Viruses can also replicate themselves.
• All computer viruses are manmade.
• Viruses copy themselves to other disks to
spread to other computers.
• They can be merely annoying or they can
be vastly destructive to your files.
• Examples of computer viruses are: –
Macro virus
– Boot virus
– Logic Bomb virus
– Directory virus
– Resident virus
Trojan Horses
• A Trojan Horse program has the
appearance of having a useful and desired
function.
• A Trojan Horse neither replicates nor
copies itself, but causes damage or
compromises the security of the computer.
• A Trojan Horse must be sent by someone
or carried by another program and may
arrive in the form of a joke program or
software of some sort.
• These are often used to capture your
logins and passwords.
Example of Trojan Horses
• Remote access Trojans (RATs) • Backdoor
Trojans (backdoors) • IRC Trojans (IRCbots)
• Keylogging Trojans.
Worms
• A computer worm is a self-replicating
computer program.
• It uses a network to send copies of itself
to other nodes (computers on the network)
and it may do so without any user
intervention.
• It does not need to attach itself to an
existing program.
Spyware
• Spyware is a type of malware installed on
computers that collects information about
users without their knowledge.
• The presence of spyware is typically
hidden from the user and can be difficult to
detect.
• Spyware programs lurk on your computer
to steal important information, like your
passwords and logins and other personal
identification information and then send it
off to someone else.
Zombie
• Zombie programs take control of your
computer and use it and its Internet
connection to attack other computers or
networks or to perform other criminal
activities.
Phishing
• Phishing (pronounced like the word
'fishing') is a message that tries to trick you
into providing information like your social
security number or bank account
information or logon and password for a
web site.
• The message may claim that if you do not
click on the link in the message and log
onto a financial web site that your account
will be blocked, or some other disaster.
Spam
• Spam is email that you did not request
and do not want.
• One person's spam is another's useful
newsletter or sale ad.
• Spam is a common way to spread viruses,
trojans, and the like.
15
Adware
• Adware (short for advertising-supported
software) is a type of malware that
automatically delivers advertisements.
• Common examples of adware include
pop-up ads on websites and
advertisements that are displayed by
software.
• Often times software and applications
offer “free” versions that come bundled
with adware.
Ransomware
• Ransomware is a form of malware that
essentially holds a computer system captive
while demanding a ransom.
• The malware restricts user access to the
computer either by encrypting files on the
hard drive or locking down the system and
displaying messages that are intended to
force the user to pay the malware creator
to remove the restrictions and regain
access to their computer.
How Malware Spreads?
• Malware is a program that must be
triggered or somehow executed before it
can infect your computer system and spread
to others.
• Here are some examples on how malware
is distributed:
a) Social network
b) Pirated software
c) Removable media
d) Emails
e) Websites
20
CSCA0101 Computing Basics
Malware
Damages
1. Data Loss
• Many viruses and Trojans will attempt to
delete files or wipe hard drives when
activated, but even if you catch the
infection early, you may have to delete
infected files.
2. Account Theft
• Many types of malware include keylogger
functions, designed to steal accounts and
passwords from their targets.
• This can give the malware author access
to any of the user's online accounts,
including email servers from which the
hacker can launch new attacks.
3. Botnets
• Many types of malware also subvert
control over the user's computer, turning it
into a "bot" or "zombie." • Hackers build
networks of these commandeered
computers, using their combined processing
power for tasks like cracking password files
or sending out bulk emails.
4. Financial Losses
• If a hacker gains access to a credit card or
bank account via a keylogger, he can then
use that information to run up charges or
drain the account.
• Given the popularity of online banking
and bill payment services, a hacker who
manages to secrete a keylogger on a user's
system for a full month may gain access to
the user's entire financial portfolio,
allowing him to do as much damage as
possible in a single attack.
How Can You Protect Your Computer?
• Install protection software.
• Practice caution when working with files
from unknown or questionable sources.
• Do not open e-mail if you do not recognize
the sender.
• Download files only from reputable
Internet sites. • Install firewall.
• Scan your hard drive for viruses monthly.
Symptoms
• Increased CPU usage
• Slow computer or web browser speeds •
Problems connecting to networks
• Freezing or crashing
• Modified or deleted files
• Appearance of strange files, programs, or
desktop icons
• Programs running, turning off, or
reconfiguring themselves (malware will
often reconfigure or turn
• Strange computer behavior
• Emails/messages being sent automatically
and without user’s knowledge (a friend
receives a strange email from you that you
did not send)
• There seems to be a lot of network
activity when you are not using the
network
• The available memory on your computer
is lower than it should be
• Programs or files appear or disappear
without your knowledge
• File names are changed
Anti-Malware Program
• Anti-Malware program is used to prevent,
detect, and remove computer viruses,
worms, trojan horses and any other type of
malware.
• Examples of Anti-Malware program:
– Antivirus program
– Anti-spyware program
– Anti-spam program
– Firewall
Antivirus Program
• “Antivirus" is protective software designed
to defend your computer against malicious
software. • In order to be an effective
defense, the antivirus software needs to run • Your computer can become infected
in the background at all times, and should through shared disks or even from another
be kept updated so it recognizes new computer on the network.
versions of malicious software.
• So you need to monitor what your
Examples of Antivirus Program computer is putting out over the network or
internet also.
• Norton Antivirus
• AVG
• Kaspersky
• Avast!
• PC-Cilin
• McAffee
• Avira
Anti-Spyware Program
• Anti-spyware program is a type of
program designed to prevent and detect
unwanted spyware program installations
and to remove those programs if installed.
• Examples of Anti-spyware program:
– Spyware Doctor
– AVG Anti-spyware
– STOPzilla
– Spysweeper
• Anti-spam software tries to identify
useless or dangerous messages for you.
Firewall
• A firewall blocks attempts to access your
files over a network or internet connection.
• That will block incoming attacks.
CYBERTHREATS, SECURITY, AND PRIVACY ISSUE

Some employers allow their employees to use their personal smartphone, laptop, or tablet on the job–
the so-called bring your own device (BYOD) policy. But, are they aware of the security issues involved in
using their personal technologies? In this chapter, we will discuss the different cyber threats, security,
and privacy issues. Particularly in this module, we will discuss the cyber intruders: trolls, spies, hackers,
and thieves

CYBERINTRUDERS: TROLLS, SPIES, HACKERS, & THEIVES

“There isn’t a corporation in the world that can’t be penetrated, not one,” says Mike McConnell,
former U.S Director of National Intelligence

McConnell was talking about companies’ openness to cyberattacks, attempts to gain unauthorized
access to or to disrupt or damage a computer system or electronic communication network.

1. TROLLS
Not a scary fairy tale creature who lives under a bridge, a troll is a person who posts
intentionally offensive, incendiary, or off-topics comments online, to upset people.

In recent years, trolls have become a scourge,” says one report. “Reasoned political discussion is
often so overwhelmed by venomous, tit-for-tat name – calling that website have to shut down
their comment boards, as hundreds and even thousands of invective – filled responses pour in.”

The phenomenon occurs, it’s suggested, because of an “online dis-inhibition effect” that allows
people who might never utter a hateful word in person to unleash withering vitriol on comment
boards.
2. SPIES
In 2010, the average visit to one of the 50 most popular U.S websites (such as Google,
Facebook ,and Yahoo!) yielded 10 instances of data collection. By March 2013, that figure had
jumped to 42instances.
“The rise in data collection has been driven by the online-advertising business,” says one
report, “which uses information about web users to target ads. Over the past few
years, hundreds of companies have been vying to place tracking technologies across the web
to determine what user might want to see or buy.”
For instance, Facebook, which has a billion-plus users, is using new ways to cull information from
outside the social network to match it with data from its user, the purpose being
to win over advertisers such as General Motors.
 Advertisers are also moving beyond people’s personal computers to better pin-point mobile
users’ online activity on their smartphones and tablets, the better to track users across such
devices.
All such data collecting – spying, really – is perfectly legal, as is much of the gathering of personal
facts about us by credit agencies, educational and health institutions, and agencies of
the U.S government.
Data brokers can easily buy all our health records and financial records, so that our personal data
ends up by wandering to places you’ve never been.

3. HACKERS
Al though the term original referred to a computer enthusiast or a clever or expert programmer,
a hacker is now considered to be a person who gains unauthorized access to computers or
network. Hackers are divided into three type s
:a. Malicious Hackers-Malicious hackers known as crackers are people who break into
computers for destructive purposes – to obtain information for financial gain, shut down
hardware, pirate software, steal people’s credit information, or alter or destroy data
Among types of malicious software are the following:
1. Script Kiddies
teenagers without much technical expertise who use downloadable software or other
existing code to perform malicious break-ins
2. Hacktivists
Hacker activists,” people who break into computer system for politically or socially
motivated purposes.
3. Black-hat hackers
Often professional criminals, are those who break into computer systems – recently
including smartphones and Twitter – to steal or destroy information or to use it for illegal
profit.
4. Cyberterrorist
According to FBI, it is any premeditated, politically motivated attack against information,
computer systems, computer programs, and data which results in violence against non-
combatant targets by sub-national group or clandestine agents.

b. Benign Hackers-Also called thrill-seeker hackers are hackers who illegally access computer
systems simply for the challenge of it, not to damage or steal anything; their reward is the
achievement of breaking in.

c. Benevolent Hackers -Called ethical hackers, also known as white-hat hackers, are
usually computer professionals who break into computer systems and networks with the
knowledge of their owners to expose security flaws that can be fixed.

5. THIEVES
There is a widespread belief that cybercrime is large, rapidly growing, profitable, and highly
evolved.
Actually, it’s not; the popular accounts and statistics are wildly inflated. Most cyber thieves
make very little money.
Cybercrime billionaires are hard to locate because there aren’t any. Still, we should know
what kind of people are out there trying. There are so many types of cyber thievery, going on
that we cannot coverall the kinds of perpetrators. Some examples follow:

a. Employees-They are considered as the largest group of cyberthieves, simply because they
have better access to their companies’ computer systems.- Workers may use information
technology for personal profit or to steal hardware or information to sell. They may
also use it to seek revenge for real or imagined wrongs, such as being passed over for
promotion, indeed, the disgruntled employee is a principal source of computer crime.

b. Outside Partners and Suppliers-Suppliers and clients may also gain access to a company’s
information technology and use it to commit crimes, especially since intranets and extranets
have become more commonplace.-Partners and vendors also may be the inadvertent source
of hacker mischief because their systems may not be as well protected as the larger
partner’s networks and computers, and so a third party may penetrate their security.

c. Hardware Thieves-Hardware theft can range from shoplifting an accessory in a computer

store to removing a laptop or tablet from someone’s car.-Professional criminals may steal
shipments of microprocessor chips off a loading dock; steal desktop computers, laptops, and
other devices for their parts; or even pry cash machines out of shopping-center walls.

d. Con Artists, Scammers, and Counterfeiters-Fraudulent behavior extends to almost

every area of life on the World Wide Web, and because it sometimes seems no
different from standard e-commerce, it may be hard to discern the criminality in it.-The
difference, of course, is usually that involves a deal that is almost too good to be
believed