CDI412-Introduction to Cybercrime

Computer A device that accepts information (in the form of digitalized data) and manipulates it
for some result based on a program, software, or sequence of instructions on how the
data is to be processed.

An electronic, magnetic, optical, electrochemical, or other data processing or

communications device, or grouping of such devices, capable of performing logical,
arithmetic, routing, or storage functions.

Different Types of Computer:

1. Super Computer The biggest in size and the most expensive in price. It can process trillions of
instructions in seconds. Governments specially use this type of computer for their
different calculations and heavy jobs.

2. Mainframe It can also process millions of instruction per second and capable of accessing billions
of data. This computer is commonly used in big hospitals, air line reservations
companies, and many other huge companies

3. Minicomputer This computer is next in the line but less offers less than mainframe in work and
performance. These are the computers, which are mostly preferred by the small type
of business personals, colleges, etc.

4. Personal It is the computer mostly preferred by the home users. These computers are lesser in
Computer cost than the computers given above and also, small in size. This computer is small in
size. Today this is thought to be the most popular computer in all.

5. Notebook It has a small size and low weight. Easy to carry to anywhere and commonly used by
Computer students. Same as the personal computer.

Abacus Known to be the first mechanical calculating device.

Napier's Bone John Napier used the bone rods for counting purposes.

Pascal's Calculator French scientist, Blaise Pascal invented this adding machine which represents the
position of digit with the help of gears in it.

Leibniz Calculator German mathematician, Gottfried Leibniz modified pascal calculator and developed a
machine which could perform various calculation based on multiplication and division
as well.

Charles Babbage Father of Computer

Ada Lovelace The first programmer

Anatomy of Power Supply

Computer: Monitor
Motherboard
Central Processing Unit (CPU)
Main Memory
Storage Device

Input Device A hardware that sends information to the computer.

• Mouse
• Digital Camera
• Web Cam
• Joystick
• Keyboard
• Microphone
• Scanner

1
Output Device Any peripheral that receives and/or displays output from a computer.
• Monitor
• Printer
• Projector
• Speaker

Hardware Refers to the physical elements of a computer. It sometimes called the Machinery or
equipment of the computer.

Software A set of instructions, data or programs used to operate computers and execute
specific tasks, and implement algorithms (problem solution).

Different Types of Computer Hardware:

1. Random Access Used to store the information and then process that information. (Volatile device)
Memory (RAM)

Two Types of RAM: 1. Dynamic Random Access Memory (DRAM)

2. Static Random Access Memory (SRAM)

2. Central Processing A core hardware part of the computer system which is used to interpret and execute
Unit (CPU) most of the commands using other computer parts.

3. Mouse Hand operator devised that used to point something on the screen.

Different Types of Computer Software:

1. System Software It is designed to run a computer’s hardware and application.

2. Operating Manages all of the software and hardware on the computer.

Software

3. Device Drivers A type of software that controls particular hardware which is attached to the system.

4. Firmware Permanent software that is embedded into a read-only memory.

5. Utility It is designed to aid in analyzing, optimizing, configuring and maintaining a computer

system. It support the computer infrastructure.

Application Software Also known as end-used programs or productivity programs are software that helps
the user in completing task such as doing online research, jotting down notes, setting
alarms.

Types of Application Software:

1. Word Processor This application is used for creating documents.

2. Database Software Used to create and manage database.

3. Education and Designed to facilitate learning on a particular subject.

Reference Software

4. Graphic Software Picture editors and illustration software.

5. Web Browser Used to browse the internet.

Common Storage 1. Hard drive

Media: 2. Floppy Disk
3. CD & DVD
4. USB Flash Drive

Advantages of Using 1. Provide access to more information

Computer: 2. Complete task that might be impossible for humans to complete
2
 3. Save time
4. Automates repetitive tasks
5. Allows for greater productivity
6. Allow for better communication and connections
7. Entertainment

Disadvantages of 1. Social Risks

Using Computer: 2. Health Risks
3. Security Risks
4. High Cost
5. Distractions/disruptions
6. Environmental impact

Internet A global wide area network that connects computer systems across the world. It
includes several high-bandwidth data lines that comprise the internet “backbone”.

January 1, 1983 considered birthday of the internet but started on 1960s.

Computer Virus A small software program that is designed to spread from one computer to other and
to interfere with computer operation.

Onel De Guzman Created the ILOVEYOU virus which is a type of computer worm that infected over 10
million personal computers.

Elk Cloner or The The world's first computer virus.

Creeper

Types of Computer Virus:

1. Resident Virus It lives in your RAM memory. It can interfere with normal system operation which can
lead to the corruption of files and programs.

2. Multipartite Virus This type of virus can easily spread in your computer system. It is very infectious;
performing unauthorized actions in your operating system, in folder, and other
programs on the computer.

3. Boot Sector Virus It damages or controls the boot sector on the drive, rendering the machine unusable.
Attackers usually use malicious USB devices to spread this computer virus. The virus
is activated when users plug in the USB device and boot their machine.

4. Web Scripting Most browsers have defenses against malicious web scripts, but older, unsupported
Virus browsers have vulnerabilities allowing attackers to run code on the local device.

5. Browser Hijacker A computer virus that can change the settings on your browser will hijack browser
favorites, the home page URL, and your search preferences and redirect you to a
malicious site.

6. Direct Action Virus When a user executes a seemingly harmless file attached to malicious code, direct-
action viruses deliver a payload immediately. These computer viruses can also remain
dormant until a specific action is taken or a timeframe passes.

7. Polymorphic Virus Malware authors can use polymorphic code to change the program’s footprint to avoid
detection. Therefore, it’s more difficult for an antivirus to detect and remove them.

8. File Infector Virus To persist on a system, a threat actor uses file infector viruses to inject malicious code
into critical files that run the operating system or important programs. The computer
virus is activated when the system boots or the program runs.

9. Macro Virus Microsoft Office files can run macros that can be used to download additional
malware or run malicious code. Macro viruses deliver a payload when the file is
opened and the macro runs.

3
Major Antivirus Norton Antivirus
Software: F-Secure Antivirus
Kaspersky Antivirus
AVAST Antivirus
Comodo Antivirus
McAfee Antivirus

Symptoms of Virus Computer runs slower than usual

Attack: Screen sometimes flicker
Systems crashes for no reason
Computer no longer boots up
Denial of Service (DoS)
File sometimes disappear

Cybercrime Committed against individuals with a criminal motive to intentionally harm the
reputation or cause physical or mental harm to the victim, using modern
telecommunication networks such as the internet.

Phreakers Tech-savvy people who found a way around paying for long distance calls through a
series of codes.

Operation Subdevil A large project where an ex-FBI agent confiscated 42 computers and over 20,000
floppy disks used by criminals for illegal credit card and telephone services.

Robert Morris Developed the Morris Code.

Elements of 1. Computer
Cybercrime: 2. Crime

Categories of 1. Computer as a target

Cybercrime: 2. Computer as a weapon

4 Classifications/Categories of Cybercrime:

1. Cybercrime Committed by the cyber criminal against an individual or a person.

Against Individual:

1.1 Email Spoofing This technique is a forgery of an email header.

1.2 Spamming Otherwise called as JUNK EMAIL. The spammers use spam bots to create email
distribution list.

1.3 Cyber Harm is brought on the reputation of an individual through the cyber space.
Defamation

1.4 IRC Crime Servers allow the people around the world to come together under a single platform
(Internet Relay Chat) which is something called as ROOMS and they chat to each other.

Cyber criminals basically use it for the meeting. Hackers use it for discussing their
techniques. Pedophiles use it to allure small children.

1.5 Phishing The hackers tries to gain information or account’s information by masquerading as a
reputable individual or entity in various communication channels or in email.

2.Cybercrime These types of crimes include vandalism of computers, intellectual property crime
against Property: (copyright, patented, trademark etc.) online threatening.

2.1 Software Piracy Can be described as the unauthorized copying of software.

2.2 Copyright Can be described as the infringements of an individual or organization’s copyright.

Infringement

4
3. Cybercrime Include the unauthorized changing or deleting of data; unauthorized reading or copying
against of confidential information.
Organization:

3.1 DOS (Denial of The attacker floods servers, systems or networks with traffic in order to overwhelm
Service) Attack the victim resources and make it infeasible or difficult for the users to use them.

3.2 Email Bombing It is type of net abuse where huge numbers of emails are sent to an email address in
order to overflow or flood the mailbox with mails or flood the server where the email
address is.

3.3 Salami Attack Also known as Salami Slicing. Slowly cutting and deducting small amounts from a
bank account.

4. Cybercrime against Society:

4.1 Forgery Means making false documents, signature, currency, revenue stamp etc.

4.2 Web Jacking A fake website.

Different Types Of Cybercrime:

1. Financial Crime The crime that is specifically committed against property. These crimes are almost
always committed for the personal benefit of the criminal, and they involve an illegal
conversion of ownership of the property that is involved.

2. Cyber The act of using cyberspace to create, display, distribute, import, or publish
Pornography pornography or obscene materials, especially materials depicting children engaged in
sexual acts with adults.

3. Online Gambling Any kind of gambling conducted on the internet. This includes virtual poker, casinos
and sports betting.

4. Intellectual A generic term used by INTERPOL to describe a wide range of counterfeiting

Property Crimes and piracy offences.

5. Email Spoofing Fabrication of an email header in the hopes of duping the recipient into thinking the
email originated from someone or somewhere other than the intended sources.

6. Cyber Defamation Act of defaming, insulting, offending or otherwise causing harm through false
statements pertaining to an individual in cyberspace.

7. Unauthorized An attempt to exploit a computer system or a private network inside a computer.

Access

8. Cyber Stalking The use of the internet or other electronic means to stalk or harass an individual,
group, or organization. Its harm include false accusations, defamation, slander and
libel.

9. Theft Taking and removing of personal property with intent to deprive the rightful owner of it.

10. Email Bombing A malicious act in which a large number of email messages are sent to a single email
address in a short time, difficult to detect.

11. Salami Attack Stealing small amounts of funds from multiple bank accounts.

12. Denial Of Service Exploiting in which an attacker takes advantage of vulnerabilities in the domain name
(DOS) Attack system (DNS).

13. Virus/Worm Malicious, self-replicating program that can spread throughout a network without
human assistance.

5
14. Logic Bombs A set of instructions secretly incorporated into a program so that if a particular
conditions is satisfied they will be carried out usually with harmful effects.

15. Trojan Attacks A type of malware that is often distinguished as legitimate software. Trojan can be
employed by cyberthieves and hackers trying to gain access to users’ systems.

16. Web Jacking When someone clones your website, and tricks you to believe the cloned site is yours.
The malicious link is placed somewhere on your computer waiting for a click.

17. Cyber Terrorism A serious breach of the social and political stability and cohesion of a nation.

Classifications of Computer Crime:

1. Financial Fraud An intentional act of deception involving financial transactions for purpose of personal
Crimes gain. Fraud is a crime, and is also a civil law violation.

2. Internet Fraud Trying to trick or scam someone else using internet. This usually means that the
person who is being tricked loses money to the people scamming them. Internet fraud
can take place on computer programs such as chat rooms, e-mail, message boards, or
websites.

3. Computer Fraud Any dishonest misrepresentation of fact intended to let another to do refrain from
doing something which causes loss. In this context, the fraud will result to an
unauthorized way;
a. Altering in an unauthorized way;
b. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions;
c. Altering or deleting stored data

4.Bank Fraud The use of potential illegal means to obtain money, assets or other property owned or
held by financial institution, or to obtain money from depositors by fraudulently posing
as a bank or other financial institution.

5. Carding A form or credit card fraud in which a stolen credit card is used to charge pre-paid
cards.

6. Identity Theft Also known as Identify Fraud (impersonate or impostor).

7. Extortion Also called Shakedown, outwrestling and extraction is a criminal offense of obtaining
money, property of services from an individual or institution, through coercion.

8. Theft of Classified It is sensitive information to which access is restricted by law or regulation to

Information participate classes of people.

Spamming The use of electronic system like e-mails and other digital delivery systems and
broadcast media to send unwanted bulk messages indiscriminately.

Phishing Mostly propagated via email. Phishing emails may obtain links to other websites that
are affected by malware. They may contain links to fake online banking or other
websites used to steal private account information.

Stalking Unwanted or repeated surveillance by an individual or group towards another person.

Types of Stalkers:

1. Rejected Stalker Becomes upset when the friendship or romantic relationship has ended.

2. Resentful Stalker Feels humiliated that the relationship has ended and seeks revenge upon the victim
(often irrationally paranoid, verbally assault their victim).

3. Predatory Stalker Seeks power and sexual gratification.

6
4. Intimacy Seeker Seeks an intimate and romantic relationships with the victim (continually phone the
victim, write letters, jealous and violent if the victim enters into a relationship to
someone).

5. Incompetent Has inadequate social skills. They want a relationship with the victim but do not have
Suitor the ability to realize he/she not meant to be with the victim.

6. Erotomania and Stalker feels that the victim loves them even though they may not have had any
Morbidly Infatuated contact with the victim. The stalker is usually paranoid, prefer suitors in a higher social
class, and will repeatedly approach the victim.

Hacker Someone who is proficient at software programming, debugging networks, or

identifying vulnerabilities in a given computer programmers and application, or
computer network.

An individual who uses computer, networking or other skills to overcome a technical

problems.

Different Types of Hacker:

1. White Hat Hackers Also known as Ethical Hackers. The security firms then help their customers mitigate
security issues before criminal hackers can exploit them.

2. Black Hat Hackers Intentionally gain unauthorized access to network and systems with malicious intent,
whether steal data, spread malware or profit from ransomware, vandalize or other
damage systems.

3. Gray Hat Hackers Someone who falls between white hat hackers and black hat hackers.

Hacker Intended in knowing how things work. They like to explore and discover the computer
systems, programming and the networks.
✓ Never damages the data
✓ Ethical professionals
✓ Have legal certificates
✓ Hacks for knowledge purposes

Cracker Breaks the security of computers and networks. Also known as Black Hats.
✓ Deletes or damages the data
✓ Unethical person, do illegal tasks
✓ Motive is to stay anonymous
✓ Breaks into the system for benefits

How to protect 1. Use strong passwords

yourself from 2. Secure your computer
Cybercrime: 3. Block spyware attacks
4. Be social media savvy
5. Secure you mobile devices
6. Protect your data
7. Secure your wireless network
8. Protect your e-identity
9. Avoid being scammed
10. Call right person for help

Computer Case Metal and plastic box that contains the main components of the computer.

Video Card/Graphic Responsible for what you see in the monitor. It is typically built into the motherboard
Card but can be upgraded.

Core The processing unit of the processor that handles all the data for your device. It is
responsible for the processing speed. It receives directions and performs calculations
or operations to fulfill those directions.

7
Single Core CPU Used in the traditional types of computer. It can only perform one operation at once,
and is not capable of multi-tasking systems.

Dual Core Processor Contains two processors which are linked to each other like a single IC (Integrated
Circuit).

Multi-Core Processor Designed with using various processing units on one chip and every core of the
processor is able to perform its task.

Quad Core Processor A high power CPU in which four different processors are combined into one. Every
processor is capable of executing all instructions in its own level without taking
support from the three other processors.

Octa Core Processor Designed with a multi-processor architecture, and its design produces a higher speed
processing data. It has the best ability to perform multitasking and boost the efficiency
of your CPU.

Two Types of 1. Random Access Memory (RAM)

Computer Storage: 2. Read Only Memory (ROM)

RAM One of the fastest types of memory, and it has the ability to read and write data.

Binary Code Language used to code and create instructions on a computer.

Bit (B) ⅛ of a byte, has a value of 0 or 1

Byte (B) 1 byte, 8 bits

Kilobyte (KB) 1,000 bytes

Megabyte (MB) 1,000² bytes

Gigabyte (GB) 1,000³ bytes

Tyrabyte (TB) 1,000⁴ bytes

Petabyte (PB) 1,000⁵ bytes

Exabyte (EB) 1,000⁶ bytes

Zettabyte (ZB) 1,000⁷ bytes

Yottabyte (YB) 1,000⁸ bytes

Republic Act No. Also known as “Cybercrime Prevention Act of 2012”

10175
An act defining cybercrime, providing for the prevention, investigation, suppression and
the imposition of penalties therefor and for other purposes. Approved on September
12, 2012.

Section 2: 1. The vital role of information and communications industries such as content
Declaration of Policy production, telecommunications, and data processing, in the nation’s overall social and
economic development.
2. Important in providing an environment conducive to the development, acceleration,
and rational application and exploitation of information and communications
technology (ICT) to attain free, easy, and intelligible access to exchange and/or
delivery of information.
3. To protect and safeguard the integrity of computer, communications systems and
databases, and the confidentiality, integrity, and availability of information, from all
forms of misuse, abuse, and illegal access by making punishable under the law such
conduct or conducts.

8
Access The instruction, communication with, storing data in, retrieving data from, or otherwise
making use of any resources of a computer system or communication network.

Alteration Modification or change, in form or substance, of an existing computer data or

program.

Communication Transmission of information through ICT media, including voice, video and other forms
of data.

Computer An electronic, magnetic, optical, electrochemical, or other data processing or

communications device, or grouping of such devices, capable of performing logical,
arithmetic, routing, or storage functions.

Computer Data Any representation of facts, information, or concepts in a form suitable for processing
in a computer system including a program suitable to cause a computer system to
perform a function.

Computer Program A set of instructions executed by the computer to achieve intended results.

Computer System Any device or group of interconnected or related devices, one or more of which,
pursuant to a program, performs automated processing of data. It covers any type of
device with data processing capabilities including, but not limited to, computers and
mobile phones.

Without Right Conduct undertaken without or in excess of authority.

Conduct not covered by established legal defenses, excuses, court orders,

justifications, or relevant principles under the law.

Cyber A computer or a computer network, the electronic medium in which online

communication takes place.

Critical Infrastructure The computer systems, and/or networks, whether physical or virtual, and/or the
computer programs, computer data and/or traffic data so vital to this country that the
incapacity or destruction of or interference with such system and assets would have a
debilitating impact on security, national or economic security, national public health
and safety, or any combination of those matters.

Cybersecurity The collection of tools, policies, risk management approaches, actions, training, best
practices, assurance and technologies that can be used to protect the cyber
environment and organization and user’s assets.

Database A representation of information, knowledge, facts, concepts, or instructions which are

being prepared, processed or stored or have been prepared, processed or stored in a
formalized manner and which are intended for use in a computer system.

Interception Listening to, recording, monitoring or surveillance of the content of communications,

including procuring of the content of data, either directly, through access and use of a
computer system or indirectly, through the use of electronic eavesdropping or tapping
devices, at the same time that the communication is occurring.

Service Provider Any public or private entity that provides to users of its service the ability to
communicate by means of a computer system.

Any other entity that processes or stores computer data on behalf of such
communication service or users of such service.

Subscriber's Any information contained in the form of computer data or any other form that is held
Information by a service provider, relating to subscribers of its services other than traffic or content
data and by which identity can be established.

Traffic Data or Non- Any computer data other than the content of the communication including, but not

9
Content Data limited to, the communication’s origin, destination, route, time, date, size, duration, or
type of underlying service.

Section 4: Cybercrime Offenses

A. Offenses against the Confidentiality, Integrity and Availability of Computer Data and Systems:

1. Illegal Access The access to the whole or any part of a computer system without right.

2. Illegal Interception The interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including
electromagnetic emissions from a computer system carrying such computer data.

3. Data Interference The intentional or reckless alteration, damaging, deletion or deterioration of computer
data, electronic document, or electronic data message, without right, including the
introduction or transmission of viruses.

4. System The intentional alteration or reckless hindering or interference with the functioning of a
Interference computer or computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data.

5. Misuse of Devices The use, production, sale, procurement, importation, distribution, or otherwise making
available, without right of a device, including a computer program, designed or adapted
primarily for the purpose of committing any of the offenses under this Act.

6. Cyber Squatting The acquisition of a domain name over the internet in bad faith to profit, mislead,
destroy reputation, and deprive others from registering the same

B. Computer-Related Offenses:

1. Computer-Related The input, alteration, or deletion of any computer data without right resulting in
Forgery inauthentic data with the intent that it be considered or acted upon for legal purposes
as if it were authentic, regardless whether or not the data is directly readable and
intelligible.

2. Computer-Related The unauthorized input, alteration, or deletion of computer data or program or

Fraud interference in the functioning of a computer system, causing damage thereby with
fraudulent intent.

3. Computer-Related The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of
Identity Theft identifying information belonging to another, whether natural or juridical.

C. Content-Related Offenses:

1. Cybersex The willful engagement, maintenance, control, or operation, directly or indirectly, of any
lascivious exhibition of sexual organs or sexual activity, with the aid of a computer
system, for favor or consideration.

2. Child Pornography The unlawful or prohibited acts defined and punishable by R. A. 9775 or the Anti-Child
Pornography Act of 2009, committed through a computer system.

3. Unsolicited The transmission of commercial electronic communication with the use of computer
Commercial system which seek to advertise, sell, or offer for sale products and services are
Communications prohibited.

4. Libel The unlawful or prohibited acts of libel as defined in Article 355 of the RPC, committed
through a computer system or any other similar means which may be devised in the
future.

Section 5: Other Offenses

1. Aiding or Abetting Any person who willfully abets or aids in the commission of any of the offenses

10
in the Commission of enumerated in this Act shall be held liable.
Cybercrime

2. Attempt in the Any person who willfully attempts to commit any of the offenses enumerated in this
Commission of Act shall be held liable.
Cybercrime

Section 8: Penalties

Section 4(A) & 4(B) Prision mayor or a fine of at least PhP200,000.00

Section 4(A)(5) Prision mayor or a fine of not more than PhP500,000.00 or both

Section 4(A) against Reclusion temporal or a fine of at least PhP500,000.00

a Critical
Infrastructure

Section 4(C)(1) Prision mayor or a fine of at least PhP200,000.00 but not exceeding PhP1,000,000.00
or both

Section 4(C)(2) Shall be punished with the penalties as enumerated in R.A. 9775 or the Anti-Child
Pornography Act of 2009.

One (1) degree higher than that provided for in R.A. 9775, if committed through a
computer system.

Section 4(C)(3) Arresto mayor or a fine of at least PhP50,000.00 but not exceeding PhP250,000.00 or
both

Cyber Intelligence Tracking, analyzing, and countering of digital security threats.

The mixture of physical espionage and defense with modern information technology.

National Bureau Of Responsible for the efficient and effective law enforcement of the provisions of RA
Investigation (NBI) & 10175.
Philippine National
Police (PNP) Shall organize a cybercrime unit manned by special investigators to handle cases
involving violations of RA 10175.

Required to submit timely and regular reports as may be required by the Department of
Justice, including:
• Pre-Operation
• Post Operation
• Investigation Results

Traffic Data The communication’s origin, destination, route, time, date, size, duration, or type of
underlying service, but not content, nor identities.

All other data to be collected or seized or disclosed will require a COURT WARRANT.

Service Providers Required to cooperate and assist law enforcement authorities in the collection or
recording of information.

Court Warrant Only to be issued or granted upon written application and the examination under oath
or affirmation of the applicant.

Grounds for the 1. That there are reasonable grounds to believe that any of the crimes enumerated
Issuance of Court hereinabove has been committed, or is being committed, or is about to be committed.
Warrant: 2. That there are reasonable grounds to believe that evidence that will be obtained is
essential to the conviction of any person for, or to the solution of, or to the prevention
of, any such crimes.
3. That there are no other means readily available for obtaining such evidence.

11
Traffic Shall be preserved for a minimum period of SIX (6) MONTHS from the date of the
Data/Subscriber's transaction.
Information

Content Data Shall be similarly preserved for SIX (6) MONTHS from the date of receipt.

6 Months Length of the one-time extension given for the preservation of computer data.

72 Hours Length of time given to any person or service provider to disclose or submit
subscriber’s information, traffic data or relevant data in his/its possession or control.

Powers and Duties 1. To SECURE a computer system or a computer data storage medium.
of Law Enforcement 2. To MAKE and retain a copy of those computer data secured.
as Defined in RA 3. To MAINTAIN the integrity of the relevant stored computer data.
10175: 4. To CONDUCT forensic analysis or examination of the computer data storage
medium.
5. To RENDER inaccessible or remove those computer data in the accessed computer.

30 Days Extension of time to complete the examination of the computer data storage medium

48 Hours All computer data, including content and traffic data, examined under a proper warrant
shall be deposited with the court in a sealed package, and shall be accompanied by an
affidavit of the law enforcement authority executing it.

Department of Shall issue an order to restrict or block access to a computer data considered as prima
Justice facie evidence.

P.D. No. 1829 Failure to comply with the provisions of Chapter IV hereof specifically the orders from
law enforcement authorities shall be punished according to this law.

Penalty is imprisonment of Prision Correctional in its maximum period or a fine of

Php100,000.00 or both.

Regional Trial Court Shall have jurisdiction over any violation of the provisions of this Act, including any
violation committed by a Filipino national regardless of the place of commission.

Office of Cybercrime Office within the DOJ designated as the central authority in all matters related to
international mutual assistance and extradition.

Cybercrime An inter-agency body under the administrative supervision of the OFFICE OF THE
Investigation and PRESIDENT, for policy coordination among concerned agencies and for the
Coordinating Center formulation and enforcement of the national cybersecurity plan.
(CICC)
Manned by a SECRETARIAT of selected existing personnel and representatives from
the different participating agencies.

CICC Composition: CHAIRPERSON: Executive Director of the Information and Communications

Technology Office under the Department of Science and Technology (ICTO-DOST)

VICE CHAIRPERSON: Director of the NBI

MEMBERS:
1. Chief of the PNP
2. Head of the DOJ Office of Cybercrime
3. One (1) representative from the private sector
4. One (1) representative from the academe

Powers and 1. To FORMULATE a national cybersecurity plan and extend immediate assistance for
Functions of the the suppression of real-time commission of cybercrime offenses.
CICC: 2. To COORDINATE the preparation of appropriate and effective measures to prevent
and suppress cybercrime activities.
3. To MONITOR cybercrime cases being bandied by participating law enforcement and
12
 prosecution agencies.
4. To FACILITATE international cooperation on intelligence, investigations, training and
capacity building related to cybercrime prevention.
5. To COORDINATE the support and participation of the business sector, local
government units and nongovernment organizations in cybercrime prevention
programs.
6. To RECOMMEND the enactment of appropriate laws, issuances, measures and
policies.
7. To CALL upon any government agency to render assistance in the accomplishment
of the CICC’s mandated tasks and functions.
8. To PERFORM all other matters related to cybercrime prevention and suppression,
including capacity building and such other
functions and duties.

RA 8792 or Legal basis for the procedures in handling of computer/cybercrime cases.

Electronic
Commerce Act Of
2000

RA 8484 or Access
Devices Regulation
Act OF 1998

Crime Investigation Observes the standard operating procedure in the conduct of investigation regarding
and Detection Group computer/cybercrime cases.
(CIDG)

Policy Guidelines of 1. Guidelines and Procedures in the Conduct of Arrested Person under Custodial
Command in Investigation (R.A. No. 7438).
Handling Cybercrime 2. Guidelines on Police Intervention Operations such as arrest, raid, Search and seizure
Cases: and others.
3. Guidelines on PNP personnel to strictly respect and uphold Human Rights.

Computer Server A computer or device on a network that manages network resources.

Computer Network A collection of computers and devices connected to each other.

Computer Crime Any illegal behavior directed by means of electronic operations that targets the
security of computer systems and the data processed by them.

Cyber Crime Any illegal behavior committed by means of a computer system or network.

Domain Name An identification label to define realms of administrative autonomy, authority, or

control in the internet, based on the Domain Name System.

Electronic Mail Often abbreviated as e-mail or email, is a method of exchanging digital messages,
designed primarily for human use.

Internet Protocol (IP) A numerical identification and logical address that is assigned to devices participating
Address in a computer network utilizing the Internet Protocol for communication.

Electronic Evidence Any probative information stored or transmitted in digital form that a party to a court
case may use at trial.

Electronic Crime A crime scene where there are electronic evidence found.
Scene

Web Hosting Service An individual or organizations providing website or Internet hosting service that allows
individuals or organizations to provide their own website accessible via the World Wide
Web.

Web Site (Group of A collection of related web pages, images, videos or other digital assets that are

13
Web Pages) addressed with a common domain name or IP address in an Internet Protocol-based
network.

Social Network A web site that focuses on building online communities of people who share interests
Website and activities.

Hacking or Cracking Refers to unauthorized access into or interference in a computer system and
communication system.

Any access in order to corrupt, alter, steal, or destroy using a computer or other similar
information and communication devices, without the knowledge and consent of the
owner.

Regional Criminal RCIDU handles and ATCD coordinates the walk-in complaints
Investigation and about/computer/cybercrime cases.
Detection Unit
(RCIDU)

Anti-transnational
Crime Division
(ATCD)

WHOIS Owner of the IP address.

MLAT Mutual Legal Assistance Treaty

ISP Internet Service Provider

SIM Subscriber Identity Module

Electronic Crime 1. Secure the area containing the suspected electronic evidence.
Scene Procedure: 2. Move individuals at the scene to prevent corruption of data.
3. Interview the suspects or potential witnesses.
4. Photograph the monitor of the computer upon arrival.
5. Check to see if the system is connected to the internet and collect volatile data.
6. Disconnect the computer from the power supply to shut it down.
7. Document the crime scene by taking photographs.
8. Document the crime scene by drawing the sketch.
9. Label and tag all the evidence collected.
10. Place evidence tape to avoid tampering.
11. Package all the equipment for transportation.
12. Fill out chain of custody.
13. Search and find passwords.

R.A. 8484 or Access Law that punishes access device fraud (unlawful use of credit card).
Device Regulations
Act of 1998

Access Device Means any card, plate, code, account number, electronic serial number, personal
identification number, or other telecommunications service.

Counterfeit Access Any access device that is counterfeit, fictitious, altered, or forged, or an identifiable
Device component of an access device or counterfeit device.

Unauthorized Access Any access device that is stolen, lost, expired, revoked, canceled, suspended, or
Device obtained with intent to defraud.

Access Device Means any access device that was applied for or issued on account of the use of
Fraudulently Applied falsified document, false information, fictitious identities and addresses, or any form
For of false pretense or misrepresentation.

Consumer Means a natural person.

14
Credit Card Any card, plate, coupon book, or other credit device existing for the purpose of
obtaining money, goods, property, labor or services or any thing of value on credit.

Device Making or Any equipment, mechanism or impression designed or primarily used for making or
Altering Equipment altering or re-encoding an access device or a counterfeit access device.

Finance Charges Represent the amount to be paid by the debtor incident to the extension of credit such
as interest or discounts, collection fees, credit investigation fees, and other service
charges.

Open-End-Credit Plan A consumer credit extended on an account pursuant to a plan.

Penalty Charges Any amount, in addition to interest, imposed on the credit card holder for non-payment
of an account within a prescribed period.

Produce Includes design, alter, authenticate, duplicate or assemble.

Trafficking Means transferring, or otherwise disposing of, to another, or obtaining control of, with
intent to transfer or dispose of.

Prohibited Acts or 1. PRODUCING, using, trafficking in one or more counterfeit access devices.
Acts that Constitute 2. TRAFFICKING in one or more unauthorized access devices or access devices
Access Device fraudulently applied for.
Frauds: 3. USING, with intent to defraud, an unauthorized access device;
4. USING an access device fraudulently applied for.
5. POSSESSING one or more counterfeit access devices or access devices fraudulently
applied for.

R.A. 10175 or Defines acts constituting cybercrime offenses; prescribes penalties therefor, and
Cybercrime provides procedures facilitating their detection, investigation, and prosecution.
Prevention Act of
2012

Rules on Cybercrime This Rule sets the procedure for the application and grant of warrants and related
Warrants orders involving the preservation, disclosure, interception, search, seizure, and/or
examination, as well as the custody, and destruction of computer data, as provided
under RA 10175.

Took effect on August 15, 2018.

Communication The transmission of information through information and communications technology

(ICT).

Computer An electronic, magnetic, optical, electrochemical, or other data processing or

communications device, or grouping of such devices, capable of perfoming logical
arithmetic, routing, or storage functions.

Computer Data Any representation of facts, information, or concepts in a form suitable for processing
in a computer system, including a program suitable to cause a computer system to
perform a function.

Computer System Any device or group of interconnected or related devices, one or more of which,
pursuant to a program, performs automated processing of data.

Content Data The content of the communication, the meaning or purported meaning of the
communication, or the message or information being conveyed by the communication,
other than traffic data.

Cybercrime Court Any of the Regional Trial Courts which are designated as special cybercrime courts.

Forensic Image Also known as a FORENSIC COPY. It refers to an exact bit-by-bit copy of a data carrier,
including slack, unallocated space, and unused space.

15
Forensics The application of investigative and analytical techniques that conform to evidentiary
standards for use in court.

Hash Value The mathematical algorithm produced against digital information (a file, a physical
disk or a logical disk) thereby creating a "DIGITAL FINGERPRINT" or "DIGITAL DNA" for
that information.

Information and The totality of electronic means to access, create, collect, store, process, receive,
Communications transmit, present and disseminate information.
Technology (ICT)

Interception Listening to, recording, monitoring or surveillance of the content of communications,

including procuring of the content data, either directly or indirectly.

Item Refers to objects of the warrant application and/or the warrant itself, such as the
subject computer data, the related computer device, and/or other parts of the
computer system.

Offenses Refer to either a violation of Section 4 (Cybercrime Offenses), Section 5 (Other

Offenses), or Section 6 (all crimes defined and penalized by the Revised Penal Code.

Off-Site Search Process whereby law enforcement authorities are allowed to bring the computer
device/s and/or parts of the computer system outside the place to be searched in
order to conduct the forensic examination of the computer data subject of the warrant.

On-Site Search Process whereby law enforcement authorities obtains the computer data subject
thereof for forensic examination, without the need of bringing the related computer
device/s and/or parts of the computer system outside the place to be searched.

Preservation The keeping of data that already exists in a stored form, protected from anything that
would cause its current quality or condition to change or deteriorate.

Service Provider Any public or private entity that provides users of its service the ability to communicate
by means of a computer system.

Any other entity that processes or stores computer data on behalf of such
communication service or users of such service.

Subscriber's Any information contained in the form of computer data or any other form that is held
Information by a service provider, relating to subscribers of its services, other than traffic or
content data.

Traffic Data Any computer data other than the content of the communication, including, but not
limited to, the communication's origin, destination, route, time, date, size, duration, or
type of underlying service.

Regional Trial Court Where the application for a warrant under this Rule concerning a violation of Section 4
(Cybercrime Offenses) and/or Section 5 (Other Offenses), Chapter II of RA 10175 shall
be filed by the law enforcement authorities.

Cybercrime Courts 1. Quezon City

that can act on 2. City of Manila
Applications and 3. Makati City
Issue Warrants: 4. Pasig City
5. Cebu City
6. Iloilo City
7. Davao City
8. Cagayan De Oro City

Judge Must personally examine the applicant and the witnesses in the form of searching
questions and answers before issuing a warrant.

16
10 Days Any warrant issued under this Rule shall only be effective for this length of time.

The court issuing the warrant may, upon motion, extend its effectivity based only on
justifiable reasons.

Contempt Any responsible law enforcement authorities who failed to timely file the returns for
any of the issued warrants under this Rule or to duly turn-over to the court's custody
any of the items disclosed, intercepted, searched, seized, and/or examined as
prescribed.

PD 1829 Provides penalty for the obstruction of justice for non-compliance.

The failure to comply with the provisions of Chapter IV, specifically the orders from law
enforcement authorities, shall be punished under this law.

Department of Supervises the service of warrants and/or other court processes for persons or service
Justice-Office of providers situated outside of the Philippines.
Cybercrime

Warrant to Disclose An order in writing authorizing law enforcement authorities to issue an order to
Computer Data disclose and accordingly, require any person or service provider to disclose or submit
(WDCD) subscriber's information, traffic data, or relevant data in his/her or its possession or
control.

72 Hours Length of time to disclose the or submit subscriber's information, traffic data or
relevant data in his/her or its possession or control.

Contents of 1. The PROBABLE OFFENSE involved.

Application for a 2. RELEVANCE AND NECESSITY of the computer data or subscriber's information
WDCD: sought to be disclosed.
3. NAMES of the individuals or entities whose computer data or subscriber's
information are sought to be disclosed.
4. Particular DESCRIPTION of the computer data or subscriber's information.
5. PLACE where the disclosure of computer data or subscriber's information is to be
enforced.
6. MANNER OR METHOD by which the disclosure of the computer data or subscriber's
information is to be carried out.
7. Other RELEVANT INFORMATION that will persuade the court that there is a probable
cause to issue a WDCD.

48 Hours The authorized law enforcement officer shall submit a return on the WDCD to the court
that issued it and simultaneously turn over the custody of the disclosed computer data
or subscriber's information.

Warrant to Intercept An order in writing authorizing the law enforcement authorities to carry out any or all of
Computer Data the following activities:
(WICD) (a) LISTENING TO
(b) RECORDING
(c) MONITORING
(d) SURVEILLANCE

Including the procurement of the content of computer data, either directly, through
access and use of a computer system or indirectly, through the use of electronic
eavesdropping or tapping devices, at the same time that the communication is
occurring.

Within 30 Days From the lapse of the forty-eight (48) hour period to file the return, the authorized law
enforcement officer has the duty to notify the person whose communications or
computer data have been intercepted of the activities conducted pursuant to the WICD
within this period of time.

17
Within 10 Days The person whose communications or computer data have been intercepted may
challenge, by motion, the legality of the interception before the issuing court.

Warrant to Search, An order in writing authorizing the law enforcement authorities to search the particular
Seize and Examine place for items to be seized and/ or examined.
Computer Data
(WSSECD)

Within 10 Days The authorized law enforcement officers shall submit an initial return containing the
seized computer data.

Content of the Initial 1. A list of all the items that were seized
Return: 2. A statement on whether a forensic image of the computer data was made on-site,
and if not, the reasons for making the forensic image off-site.
3. A statement on whether the search was conducted on-site, and if not, the reasons
for conducting the search and seizure off-site.
4. A statement on whether interception was conducted during the implementation of
the WSSECD.
5. List of all the actions taken to enforce the WSSECD.
6. A reasonable estimation of how long the examination of the items seized will be
concluded and the justification therefor.

30 Days Extension for the period to conclude the examination of all the items seized.

Warrant to Examine Issued upon acquiring possession of a computer device via a lawful warrantless arrest
Computer Data before searching the said computer device for the purpose of obtaining forensic
examination of the the computer data
contained.

Within 10 Days Period to file the motion to move for the immediate transmittal of the records as well
as the transfer of the intercepted, disclosed, searched, seized and/or examined
computer data and items.

Within 5 Days The motion to move for immediate transmittal shall be acted upon by the court within
this period.

Content of Motion to 1. The relevance of the computer data sought to be opened, replayed, revealed, or used
Reopen, Replay or as evidence.
Reveal a Computer 2. The names of the persons who will be allowed to have access thereto, if the motion
Data used as is granted.
Evidence:

10 Days Period given to the person whose computer data is the subject of the motion to file a
comment, after which the court shall rule on the motion.

31 Days Order the complete or partial destruction, or return to its lawful owner, the computer
data if no preliminary investigation or case involving these items has been instituted
within this period.

Branch Clerk-of- The destruction of computer data and related items, if so allowed under Section 8.2 of
Court this Rule, shall be made in his presence.

3 Days The accused may witness the destruction of the computer data if upon written notice
they appear before the Branch Clerk-of-Court within this period prior to the date of the
destruction of evidence.

Within 24 Hours The Branch Clerk-of-Court or the witness duly designated by the court shall issue a
sworn certification as to the fact of destruction and file the said certificate with the
same court.

Rules on Electronic Shall apply whenever an electronic document or electronic data message, is offered or
Evidence used in evidence. It took effect on the August 1, 2001.

18
Asymmetric or Public A system capable of generating a secure key pair, consisting of a private key for
Cryptosystem creating a digital signature, and a public key for verifying the digital signature.

Business Records Include records of any business, institution, association, profession, occupation, and
calling of every kind, whether or not conducted for profit, or for legitimate or
illegitimate purposes.

Certificate An electronic document issued to support a digital signature which purports to confirm
the identity or other significant characteristics of the person who holds a particular key
pair.

Computer Any single or interconnected device or apparatus, which, by electronic, electro-

mechanical or magnetic impulse, or by other means with the same function, can
receive and record information, data, text, and graphics or perform any one or more of
these functions.

Digital Signature An electronic signature consisting of a transformation of an electronic document

using an asymmetric or public cryptosystem.

Digitally Signed An electronic document or electronic data message bearing a digital signature verified
by the public key listed in a certificate.

Electronic Data Information generated, sent, received or stored by electronic, optical or similar means.
Message

Electronic Document Information or the representation of information, data, figures, symbols by which a
right is established or an obligation extinguished, or by which a fact may be proved and
affirmed.

Electronic Key A secret code which secures and defends sensitive information that crosses over
public channels into a form decipherable only with a matching electronic key.

Electronic Signature Any distinctive mark, characteristic and/or sound in electronic form, representing the
identity of a person and attached to or logically associated with the electronic data
message.

Ephemeral Electronic Telephone conversations, text messages, chatroom sessions, streaming audio,
Communication streaming video, and other electronic forms of communication the evidence of which
is not recorded or retained.

Information and A system for generating, sending, receiving, storing or otherwise processing electronic
Communication data messages and includes the computer system or other similar devices by or in
System which data are recorded or stored.

Key Pair The private key and its mathematically related public key such that the latter can verify
the digital signature that the former creates.

Private Key The key of a key pair used to create a digital signature.

Public Key The key of a key pair used to verify a digital signature.

Electronic Document Shall be regarded as the equivalent of an original document under the Best Evidence
Rule if it is a printout or output readable by sight or other means, shown to reflect the
data accurately.

Manner of 1. By evidence that it had been digitally signed by the person purported to have signed
Authentication of the same.
Electronic 2. By evidence that other appropriate security procedures or devices for authentication
Document: of electronic documents were applied to the document.
3. By other evidence showing its integrity and reliability to the satisfaction of the judge.

Electronic Signature If authenticated in the manner prescribed hereunder is admissible in evidence as the

19
 functional equivalent of the signature of a person on a written document.

Authentication of 1. By evidence that a method or process was utilized to establish a digital signature
Electronic and verify the same.
Signatures: 2. By any other means provided by law.
3. By any other means satisfactory to the judge as establishing the genuineness of the
electronic signature.

Disputable 1. The information contained in a certificate is correct.

Presumptions 2. The digital signature was created during the operational period of a certificate.
Relating to Digital 3. No cause exists to render a certificate invalid or revocable.
Signatures: 4. The message associated with a digital signature has not been altered from the time
it was signed.
5. A certificate had been issued by the certification authority indicated therein.

Factors for 1. The reliability of the manner or method in which it was generated.
Assessing 2. The reliability of the manner in which its originator was identified.
Evidentiary Weight: 3. The integrity of the information and communication system in which it is recorded
or stored.
4. The familiarity of the witness or the person who made the entry with the
communication and information system.
5. The nature and quality of the information which went into the communication and
information system.
6. Other factors which the court may consider as affecting the accuracy or integrity of
the electronic document or electronic data message.

Integrity of an 1. Whether the information and communication system or other similar device was
Information and operated in a manner that did not affect the integrity of the electronic document.
Communication 2. Whether the electronic document was recorded or stored by a party to the
System: proceedings with interest adverse to that of the party using it.
3. Whether the electronic document was recorded or stored in the usual and ordinary
course of business by a person who is not a party to the proceedings and who did not
act under the control of the party using it.

Business Records Exception to the hearsay rule, a memorandum made by electronic, optical or other
similar means by a person with knowledge thereof, and kept in the regular course or
conduct of a business activity, and such was the regular practice to make the
memorandum is exempt.

20