Introduction to cybercrime reviewer

REPUBLIC ACT NO. 10175

- Cybercrime Prevention Act of 2012

- Approved by Former president Benigno Aquino III

PNP Anti- Cybercrime Group (PNP ACG)

- The PNP ACG is responsible for enforcing laws on cybercrime and related offenses.
- Director-- PMGEN RONNIE FRANCIS M CARIAGA

The Cybercrime Investigation and Coordinating Center (CICC)

- which was created upon the approval of Republic Act 10175, is an attached agency of the
Department of Information and Communications Technology (DICT) and is chaired by the DICT
Secretary.
- Following RA 10844, the CICC is one of the agencies hereby attached to the DICT for policy and
program coordination and shall continue to operate and function in accordance with the charters,
laws or orders creating them, insofar as they are not inconsistent with this Act.
- All powers and functions related to cybersecurity including, but not limited to, the formulation of
the National Cybersecurity Plan, establishment of the National Computer Emergency Response
Team (CERT), and the facilitation of international cooperation on intelligence regarding
cybersecurity matters are transferred to the Department.
- Usec. ALEXANDER RAMOS --Executive Director, CICC

DICT Cybersecurity Bureau

- Mandate: The DICT Cybersecurity Bureau is the national authority for cybersecurity policies,
standards, and initiatives.
- Notable Initiatives: Implementation of the Cybersecurity Management System (CMS) for
government agencies.
What is Cybercrime?

- is an unlawful act punishable by state or the law.

- imposes an ever-increasing cost on the global economy.
- is an evolving form of transnational crime"(UNODC,2023)
- are transnational in nature, causing harm and threats to victims worldwide (INTERPOL, 2023).

"Cybercrime Treaty" or the "Budapest Convention"

- was formed to address concerns on copyright infringement, computer fraud, child pornography,
hate crimes, and breaches of network security.

What is cyber?

- Cyber refers to an electronic medium used for online communication such as a computer or a
computer network.

What is crime?

- Crime is an act or omission in violation of law forbidding or commanding it

What is cyber space?

- defined as a digital space where individuals transact, conduct business, and communicate in
limitless ways.
- term used to refer to a digital and global domain within the information environment consisting of
the interdependent network of information systems infrastructures including the internet,
telecommunications networks, computer systems, and embedded processors and controllers.

------------------------------------------------------------------

DATA BREACH ALERT

ALLEGED HOTEL SOGO DATA BREACH EXPOSES GUEST'S INFORMATION

Date Published: September 05, 2024

A recent claim by the threat actor "angkoldeghostman" suggests that over 500 records from the database
of Hotel Sogo (hotelsogo.com), a well-known hospitality provider in the Philippines, have been leaked.
The compromised data reportedly includes guests’:

- Guest names
- Email addresses
- Contact numbers
- Room type and booking dates
- Branch locations, primarily from Metro Manila

Virtual world
The cybercrime takes place in the cyber space. All cybercrime activities are committed in the virtual
world or space.
Collection of evidence
The nature of cybercrime makes it challenging to collect evidence and substantiate it in the court of law.
The criminal in cybercrime invokes jurisdiction of multiple countries while operating in a safe location
where he or she cannot be located.\

Magnitude of crime is unimaginable

Cybercrime has the potential of causing injury and loss of life to an unimaginable extent. cyber terrorism,
cyber pornography, etc. are examples of crimes with wide reach and can destroy the websites and steal
company data.

Types of Cyber Criminals

1.The hackers- Refers to anyone with technical skills in using the internet and computers, however, it
typically refers to an individual who uses his or her skills to access to systems or networks of other
individuals or organizations to commit crimes.

2. The social engineer- Cyber criminals who pretend to be someone else or assume another identity to
trick unsuspecting employees or individuals to compromise data.

3. The phisher- The cybercriminal who sends false messages thru email, SMS, and calls which appear to
be from a legitimate sender. These messages contain a malicious attachment or link that gives phishers
access to banking credentials, trade secrets, and other sensitive information that they can use to access
personal accounts of individuals or organizations.

4. The rogue employee- Unhappy employees who have access to the company's data and are possible
threat to its data and system.

5. The ransom artist- Ransomware rose because of code modifications and implementation of new
ransom attack methods as instigated by bad actors.

Cybercrime Prevention

1. Keep your operating system and installed software up to date.

2. Regularly uninstall software that is no longer used.

3. Use an anti-virus program from a reputable company.

4. Do not download software, movies, or music from sharing sites as these often have malware.

5. Do not download attachments or click links from unknown senders.

6. Do not enter or provide personal information in unknown websites, random SMS, and emails.

7. Verify the website's legitimacy before providing financial information.

Common Types of Cybercrimes

 1. Hacking- is the act of unauthorized breaking into a computer system or online account which
compromises the device, the system, and the networks.

Types of Hackers

a) Black Hat Hackers- are the "bad guys" of the hacking community.
They exert effort in identifying vulnerabilities in computer systems and software to exploit for
monetary gains, malicious purposes, build reputation, carry-out corporate espionage, or as part of
a nation-state hacking campaign.

b) White Hat Hackers - are the "good guys" who endeavors to prevent black hat hackers through
proactive hacking. They use ethical hacking by assessing and testing the level of network security
by breaking into systems.
- “penetration testing or white hate hackers” are done by paid professional

c) Grey Hat Hackers - fall between the good and the bad guys. Unlike black hat
hackers, they attempt to violate standards and principles without the intention to inflict harm or
gain financially. Their actions are typically carried out for the common good such as expose
publicly the vulnerability of a system to raise awareness that it exists.

Hacktivism
 A hacktivist is someone who utilizes technology to publicize a social, ideological,
religious, or political message.
 It is defined as the use of legal and/or illegal digital tools in pursuit of political ends."
Therefore, it is considered a political or ideological vandalism

2. Malware- It stands for malicious software, or any software designed to harm or exploit a device
or a network. Malicious applications are a security threat to cyber-physical systems as this system
are made-up of heterogeneous distributed systems and mostly depends on the internet, ICT
services and products.

--------------------------------------------------------------------------

WHAT IS CYBER?

Defining the Term "Cyber”

- Evolved from the world Cybernetics which referred to the "field of control and communication
theory, whether in machine or in the animal”
- A Working Definition of “Cyber”
 o "The electronic world created by interconnected networks of information technology and
the information on those networks. It is global commons where people are linked together
to exchange ideas, services and friendship.

What is "Security”

- freedom from danger; freedom from fear or anxiety

- "Cybersecurity is the organization and collection of resources, processes, and structures used to
protect cyberspace and cyberspace-enabled systems”

Cybersecurity Threats

*Society is increasingly reliant on information technology to improve efficiency and increase profitability
*Banking
*Retail
*Transportation
*Health
*Vulnerabilities to those systems can be exploited

Defining a Threat Acto0072

- A cyber-attack is orchestrated by a person or organization

- That person or organization is motivated by some purpose
- They execute the operation utilizing available resources and leverage available tactics, tools, and
processes

Defining a Threat Actor: Motivation

1. Curiosity: Some threat actors engage in malicious activities driven by a desire to explore systems
or test boundaries, often without malicious intent but still causing harm.
2. Reputation: Hackers may seek recognition within their community by breaking into high- profile
systems or gaining access to sensitive information.
3. Financial: This is a common motivation for cybercriminals seeking to profit through theft, fraud,
or extortion by accessing financial data or holding systems ransom.
4. Political Activism: Also known as hacktivism, threat actors may carry out attacks to support a
political cause, protest, or draw attention to societal issues.
5. Terrorism: Cyberterrorists aim to disrupt critical infrastructures, spread fear, or cause physical
and economic damage as part of a broader agenda.
6. National Security: State-sponsored actors or governments may engage in cyberespionage,
sabotage, or warfare to protect or advance their nation's interests.

Types of Malwares
 a. Viruses
- A program or piece of code that is loaded and processed on a computer without the individual's
knowledge.
- Viruses can also replicate and spread on its own.
- All computer viruses are manmade.

b. Trojan Horses
- A Trojan Horse virus appears to be useful and functional.
- It neither replicates nor copies itself but causes damage or compromises the security of the
computer.
- A Trojan Horse can be in the form of a software, or a program sent by someone or embedded in
another program or application.

c. Worms
- Worms Computer worms are self- replicating computer program.
- It transfers or duplicates itself to other nodes through the computers' network and may do so
automatically.
- It does not require attaching itself to an existing program.

d. Spyware
- A type of malware installed on computers that gathers user data without the user's knowledge or
consent.
- The presence of a spyware is typically hidden from the user and can be challenging to detect.
Spyware lurks on computers with the intent to steal sensitive information and data, such as
passwords, logins, and other personal identification information to be sent to a third party.

e. Zombie /BotNets
- Zombie programs takeover of the computer and its internet connection to carry out attack to other
computers or networks or to perform criminal activities.

f. Spam
- Spam is an email that you did not request and do not want to receive from unknown individuals
or organizations not in your mailing lists.
- One person's spam is another's useful newsletter or sale advertisement.
- Spam is used commonly to spread viruses, trojans, and the like.

g. Adware
- Adware is short for advertising supported software. This is a type of malware that automatically
delivers advertisements.
- Common examples of adware include pop-up ads on websites or webpages.
h. Ransomware
- Ransomware takes over a computer system as a captive until a ransom is given.

-------------------------------------------------------------------------
Denial-of-Service (DoS) Attacks or Distributed Denial of Service (DDoS)

- attack is a malicious and targeted attack that floods a network with false requests to disrupt
business operations.
- prevent users form performing their routine and essential tasks like accessing emails, browsing
websites, and accessing online accounts that are operated by a hacked computer or network.

1) Volumetric attacks-This type of attack creates a bottleneck by consuming the bandwidth between the
target server and the internet. As the namesake suggests, volumetric attacks are characterized by sending a
large amount of data using amplification with the aid of a botnet.

2) Protocol attacks- This type targets weaknesses in the third and fourth layers of a protocol stack by
overwhelming the server or network resources such as firewalls.

3) Application layer attacks- Attacks the layer where web pages are generated and delivered in response
to HTTP queries.

4) Phishing is a type of cyberattack that lures the victims into sharing their private information such as
their passwords or account numbers or into downloading malicious programs or files that will infect their
computer or mobile phones.

Spear-phishing

- is a type of phishing attack that uses malicious emails to target specific individuals or
organizations. Spear phishing aims to steal sensitive information such as login credentials or
infect the targets' device with malware.

Whaling

- is a type of social engineering attack which targets senior or C-level executive employees to steal
money or information or gain access to the person's computer to execute further cyberattacks.

Smishing

- is the sending of fraudulent text messages in attempt to trick individuals into sharing their
sensitive data such as passwords, usernames and credit card numbers. A smishing attack may
involve cybercriminals pretending to be a representative of the bank or a shipping service.

Vishing

- is a voice phishing attack. It is the fraudulent use of phone calls and voice messages posing to be
from a reputable organization to trick individuals in divulging their personal information such as
bank details and passwords.
5) Spoofing is a technique used when a cybercriminal disguises as a known or a reputable source. In this
technique, the cybercriminal is able to engage with the target and access their systems or devices with the
aim of stealing information, extorting money, or installing malware or other harmful software on the
target's device.

Domain spoofing

- is a form of phishing where an attacker poses as a known business or person using a fake website
or email domain to trick the victim into the trusting them.

Email Spoofing

- use emails with falsified email addresses to target businesses and organizations

ARP Spoofing

- Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack used
to intercept data. By tricking a device to send a message to the hacker instead on the intended
recipient, a hacker commits an ARP spoofing attack.

7. Identity-Based Attacks Identity-driven attacks occur when a user's credentials have been
hacked and someone is and that of the hacker using conventional security measures and tools.

Kerberoasting

- is a post-exploitation attack that attempts to crack the password of a service account within the
Active Directory (AD). In this type of attack, the attacker poses as an account user with a service
principal name (SPN) requesting a ticket which contains an encrypted
password or Kerberos.

Man-in-the-middle attack (MITM Attack)

- A man-in-the-middle attack is a type of cyberattack which occurs when an attacker eavesdrops on

a conversation between two targets to collect personal data, passwords or banking details, and/or
to convince the victim to change login credentials, complete a transaction, or initiate a transfer of
funds.

Pass the hash

- Pass the hash (PtH) is a type of attack in which the attacker steals a "hashed" user credential to
create a new user session on the same network. To access the system, the attacker does not need
to know or crack the password to gain access to the system, instead it uses a saved version of the
password to initiate a new session.
Golden Ticket Attack

- In a golden ticket attack, attackers attempt to gain unlimited access to an organization's domain
by accessing the user data stored in the Microsoft Active Directory (AD) by exploiting the
vulnerabilities in the Kerberos identity authentication protocol.

Silver Ticket Attack

- A silver ticket is a forged authentication ticket that is created when an attacker steals a password
of an account. A forged service ticket is encrypted and enables access to resources for the specific
service targeted by the silver ticket attacker.

Credential Harvesting

- is used by cybercriminals to gather user credentials such as user IDs, email addresses, passwords,
and other login information to gain access to systems, collect sensitive data, or sell it on the dark
web

Password Spraying

- requires a threat actor using a single common password against multiple accounts on the same
application. By doing this, account lockouts that typically occur when an attacker uses a brute
force attack on a single account by using several passwords are prevented.

Brute Force Attacks

- utilizes a trial-and-error approach to methodologically guess login info, credentials, and

encryption keys.

Downgrade Attacks

- is a form of cyberattack where attackers take advantage of a system's backward compatibility to

force it into operating in a less secure mode, such as compelling a user to go into a HTTP version
of a website instead of HTTPS.

7. Intellectual property theft -A person who steals an idea, creative expression, or invention from an
individual or a company.

The following are used in cybercrime:

a. Surface web - is part of the internet that is accessible through search engines like Google It is
composed of websites that have been indexed and can be found through a simple search query

b. Deep web - is part of the internet that is not indexed by search engines and cannot be accessed using a
simple search query.

c. Dark web - The dark web is a part of the deep web It is specifically designed to be anonymous and
inaccessible through normal means. It is often associated with illegal activities such as cybercrime, drug
trafficking, and human trafficking.
8. The Blues- Bluebugging, Bluejacking and Bluesnarfing are examples of Bluetooth attacks. Initially
these are threats against laptops with Bluetooth capability which later targeted mobile phones

Bluebugging

o It permits a virtual takeover of the target phone. It manipulates the phone to compromise
its security to create a backdoor attack without warning or informing the owner. This
allows the user to "take control" of the victim's phone. Not only can the blue bugger
make calls, send messages, read phonebooks, or examine calendars, but it can also listen
on phone conversations.

Bluejacking
o It is a subtler version of Bluebugging which involves sending of anonymous and
unwanted messages to other users with Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the capacity of Bluetooth phones to detect and connect with
other nearby Bluetooth devices. Bluejacking is harmless since the Bluejacker does not
steal personal information or take control of a person's phone.

Bluesnarfing
o This refers to the data theft using a Bluetooth phone. The attacker, by running the
appropriate software installed in the laptop, can discover a nearby phone, connect to it
without confirmation, and download phonebook, emails, pictures and private videos, and
calendar. It can also detect the mobile phone's serial number to replicate the entire phone.
Even by turning off the Bluetooth, the potential victim is not safe from the possibility of
being Bluesnarfed.

9. Pornography
- Refers to sexually explicit content that is distributed, accessed, and consumed through the
internet. It encompasses a wide range of sexually explicit materials, including images, videos,
live streams, and interactive content, all of which are made available online for users to view or
download.

10. Cyber terrorism

- Cyber terrorism is the premeditated use or threat of disruptive activities in cyber space with the
intent to further social, ideological, religious, political,or similar objectives, or to intimidate any
person in furtherance of such objectives.

11. Cookie manipulation

- A cookie is a small file or text-only string stored in the web browser's memory. It is used to
identify a website user. The term originated from a computer science terminology that is used when
describing an opaque piece of data held by an intermediary.
 12. Data Diddling

- which is the illegal or unauthorized data alteration is one of the most common forms of
computer crime.

13. Salami Theft

- These attacks are used for committing financial crimes. The technique used is making an
insignificant alteration in single cases so it would be unnoticeable.

What Are Cookies?

Cookies are small files stored on your computer by websites.

--------------------------------------------------------------------------------------------

Cyber Crime in the Philippines

The "I LOVE YOU" Computer Virus

- Onel De Guzman, a Filipino school dropout, in August 2000, invented and released a destructive
computer virus called" I LOVE YOU
- "LOVE-LETTER-FOR-YOU.TXT vbs."
- An international manhunt was conducted to capture the creator of the virus. The investigators
traced the origin of the virus, Onel De Guzman, a programming student at the AMA Computer
University in Manila. Arrested in May 11,2000,

Common Types of Cybercrimes in the Philippines

1. Online Scams

a. Phishing scams- These scams involve tricking individuals into providing sensitive information such as
passwords, credit card details, or personal identification through fraudulent websites or emails designed to
resemble legitimate platforms.

b. Investment scams- Fraudulent investment schemes promise high returns with little risk, enticing
individuals to invest their money. However, these scams often result in financial losses as the promised
returns are never realized.

c. Online shopping scams- Unscrupulous sellers advertise products online but fail to deliver the items
after payment or provide substandard goods. Some even use fake websites or social media accounts to
deceive unsuspecting buyers.

d. Job and employment scams- Scammers pose as employers offering lucrative job opportunities,
requiring individuals to pay fees for applications or training materials.
e. Romance scams- Scammers create fake profiles on dating websites or social media platforms to build
emotional connections with victims, leading to requests for money under false pretenses.

Key Elements of a Romance Scam

1. Fake Identity:
- Scammers usually create a false persona using stolen photos, often of attractive people or military
personnel, and fabricated personal details.

2. Emotional Manipulation:
- Scammers spend weeks or months building trust and a romantic relationship with the victim.
They may engage in long conversations, share fake details about their life, and express

3. Requests for Money:

- After establishing trust, the scammer fabricates a crisis or urgent situation, asking for money.

4. Long-Distance Relationship:

- Most romance scams occur online, where the scammer avoids meeting in person, citing reasons like
military deployment, working overseas, or other personal challenges.

5. Exploitation of Vulnerabilities:

- Scammers often target people who are lonely, recently divorced or widowed, or vulnerable due to
other personal challenges.

*******

2. Illegal Access- The unauthorized access to the entire or any part of a computer system.

3. Computer-Related Identity Theft- Computer-related identity theft is the deliberate acquisition, use,
misuse, transfer, possession, alteration or deletion of another person's identification without their consent
or authorization

4. Automated Teller Machine or Credit Card Fraud

a) Lost or Stolen Card- Lost credit card fraud occurs when a perpetrator uses a misplaced or lost
card in making unauthorized transactions using the card.

b) Account Takeover- In this scheme, the fraudsters take over a person's credit card account.

c) Collusive Merchant- This happens when the employees work with fraudsters to defraud banks
and customers. They swipe the card twice-first in the payment terminal. Second, in a skimming
device that collects all the data of the card. The stolen data is sold in the dark web.

d) Card-Not-Present (CNP) Fraud- This type of credit card fraud is committed when the
account number and expiry date of the card are known by fraudsters.
 e) Card Replacement Scam-Fraudsters claiming to be bank personnel will notify the card owner
via SMS, email, or phone call that they are entitled to a lifetime free membership, an increase in
credit limit, or that your credit card has been used for a fraudulent transaction.

f) Skimming or Credit Card Cloning- Fraudsters place skimming devices, which capture data
from the card's magnetic stripe in the ATMs. A small camera is also sometimes placed to capture
PIN key-ins. Data captured from the credit card will be replicated and printed into a fake one.

g) SIM Swapping- The perpetrator steals a person's phone number and assigns it to a new SIM
card. Once the reassignment of the mobile number is successful, the fraudster can take over the
person's credit card account.

5. Cyber Threats- This refers to the crime of threatening another with the infliction upon the person,
honor, or property of the latter or of his family of any wrong amounting to a crime made online or through
electronic means.

6. Data Interference- The intentional or reckless alteration, damaging, deletion or deterioration of

computer data, electronic document, or electronic data message, without right, including the introduction
or transmission of viruses.

7. Photo And Video Voyeurism- This refers to the act of photographing or recording a person or group of
persons engaging in a sexual act or other similar activity or of capturing an image of the private part of a
person or persons without their consent, in situations where they expect privacy, or the act of selling,
copying, reproducing, broadcasting, sharing, displaying or exhibiting the photo or video coverage or
recordings of such sexual act or similar activity through the internet, mobile phones, and similar means

8. Computer Related Fraud- The unauthorized input, alteration, or deletion of computer data or program
or interference in the operation of the computer system which caused damaged due to a fraudulent intent.

9. Unjust Vexation- The criminal offense under the Revised Penal Code of the Philippines, Article 287.
This crime is often considered a catch-al provision for acts that cause annoyance, irritation, or torment to
another but do not fall under other specific criminal offenses.

10. Cyber Libel- The public, online, and malicious accusations of a crime, or of a vice or defect, real or
imaginary, or any act, omission, condition, status, or circumstance that would cause the dishonor,
discredit, or contempt of a living or the memory of a deceased person.