Chapter 1 – Introduction to Cybercrime

WHAT IS COMPUTER

GENERAL DEFINITION

COMPUTER - A computer is a device that accepts

information (in the form of digitalized data) and
manipulates it for some result based on a program,
software, or sequence of instructions on how the
data is to be processed.

LEGAL DEFINITION

COMPUTER - refers to an electronic, magnetic,

optical, electrochemical, or other data processing or
communications device, or grouping of such devices,
capable of performing logical, arithmetic, routing, or
storage functions and which includes any storage
facility or equipment, or communications facility or
equipment directly related to or operating in
conjunction with such device. It covers any type of
computer device including devices with data
processing capabilities like mobile phones, smart
phones, computer networks and other devices
connected to the internet. (Republic Act No. 10175)

DIFFERENT TYPES OF COMPUTERS

SUPERCOMPUTER

 The biggest in size

 Most expensive in price

 It can process trillions of instructions in seconds.

 Governments specially use this type of computer for their different calculations and heavy
jobs.

 Different industries also use this huge computer for designing their products.

 In most of the Hollywood's movies it is used for animation purposes.

 This kind of computer is also helpful for forecasting weather reports worldwide

MAINFRAMES

 Can also process millions of instructions per second and

capable of accessing billions of data.

 This computer is commonly used in big hospitals, air

line reservations companies, and many other huge
companies prefer mainframe because of its capability of retrieving data on a
huge basis.

MINICOMPUTER

 This computer is next in the line but less offers less than

1
 Chapter 1 – Introduction to Cybercrime
mainframe in work and performance. These are the computers, which are mostly preferred by
the small type of business personals, colleges, etc.

PERSONAL COMPUTER

 It is the computer mostly preferred by the home users.

 These computers are lesser in cost than the computers given

above and also, small in size; they are also called PCs in short for
Personal computers.

 This computer is small in size. Today this is thought to be the most popular
computer in all.

NOTEBOOK COMPUTER

 Having a small size

and low weight.

 Easy to carry to
anywhere

 Used for students

 Same as the personal computer

COMPONENTS OF COMPUTER SYSTEM

2
 Chapter 1 – Introduction to Cybercrime

DEVELOPMENT OF COMPUTER

ABACUS

 Known as to be the first mechanical calculating device.

 Ancient Mesopotamians of Sumeria

 Tim Cranmer

NAPIERS BONE

 John Napier (1617)

 Napier used the bone rods of the counting purpose where some no.

PASCALS CALCULATOR

 French scientist Blaise Pascal (1642) Adding machine which

represents the position of digit with the help of gears in it.

LEIBNZ CALCULATOR

 German mathematician ,Gottfried Leibniz (1671) He modified pascal

calculator and developed a machine which could perform various calculation
based on multiplication and division as well.

CHARLES BABBAGE (1822) – Father of computer

ADA LOVELACE – First programmer

COMPUTER CARE

CERTAIN TASK TO ENSURE YOUR COMPUTER IS CLEAN

1. Keep dust away

2. Use clean hands

3. Keep off

4. Handle with care

5. Keep food away

3
 Chapter 1 – Introduction to Cybercrime
6. Treat with respect

7. Stop virus attack

ANATOMY OF COMPUTER

Power Supply

Monitor

Motherboard

Central Processing Unit (CPU)

Main Memory

Storage Device

INPUT AND OUTPUT DEVICES

Input Device – is a hardware that sends information to the computer.
Mouse
Digital Camera
Web Cam
Joystick
Keyboard
Microphone
Scanner

Output Device – is any peripheral that receives and/or displays output from a computer.
Monitor
Printer
Projector
Speaker

TYPES OF PROCESSOR

1. Single Core - CPUs were used in the traditional type of computers. Those CPUs were able to
perform one operation at once, so they were not comfortable to multi-tasking system.

2. Dual Core - processor contains two processors, and they are linked with each other like as
single IC (Integrated circuit). Every processor consists of its own local cache and controller,
so they are able to perform different difficult operations in quickly than single core CPU.
There are some examples which as used as Dual Core processors such as:

- Intel Core Duo

- AMD X2

- Dual-core PowerPC G5

3. Multi Core processor - is designed with using of various processing units means “Cores” on

4
 Chapter 1 – Introduction to Cybercrime
one chip, and every core of processor is able to perform their all tasks. For example, if you are
doing multiple activities at a same time like as using WhatsApp and playing games then one
core handles WhatsApp activities and other core manage to another works such as game.

4. Quad Core processor - is high power CPU, in which four different processors cover are
combined into one processor. Every processor is capable to execute and process all
instructions own level without taking support to other left processor cores. Quad Core
processors are able to execute massive instructions at a time without getting waiting pools.
Quad core CPU help to enhance the processing power of computer system, but it
performance depend on their using computing components.

5. Octa Core processor - is designed with using of multiprocessor architecture, and its design
produces the higher processing speed. Octa Core processor has best ability to perform multi
tasking and to boost up efficiency of your CPU. These types of processors are mostly used in
your smart phones.

6. CORE – it is the processing unit (brain) of the Processor that handles all the data for your
device. The Cores are responsible for the processing speed. It receives directions and
performs calculations or operations to fulfill those directions. The more cores a processor
has, the more functions it can execute simultaneously without overloading our system.

COMPUTER HARDWARE AND SOFTWARE

HARDWARE - Refers to the physical elements of a computer. It

sometimes called the Machinery or equipment of the
computer.

SOFTWARE - Is a physical entity. a set of instructions, data or

programs used to operate computers and execute specific task.
Implement algorithms (problem solution).

RAM (R-andom A-ccess M-emory) - is one of that fastest

types of memory, and it has the ability to be read and
write the data, but as long as there is Power Supply to the
device. When the computer is off, all the processed data
of RAM automatically goes to the trash.

RAM (Random Access Memory). - Used to store the

information and then process that information. (volatile
device).

2 Types of RAM
SRAM (Static Random Access
Memory).
DRAM (Dynamic Random Access
Memory)

5
 Chapter 1 – Introduction to Cybercrime
TYPES OF COMPUTER HARDWARE

HARD DISK - Used to store the data in it.

MONITOR - Device that used to display output.

CPU - A core hardware part of the computer system which is used to interpret and execute
most of the commands using other computer parts. i.e. software and hardware.

MOUSE - Hand operator devised that used to point something on the screen.

KEYBOARD. - Contains alphabet and numbers.

PRINTER - Transfer that displayed information to paper.

TYPES OF COMPUTER SOFTWARE

SYSTEM SOFTWARE. Type of computer program that is designed to run a computer’s

hardware and application.
OPERATING SYSTEM. Manages all of the software and hardware on the computer.
DEVICE DRIVERS. Type of software that controls particular hardware which is attached to the
system.
FIRMWARE - Permanent software that is embedded into a read only memory.
UTILITY - Designed to aid in analyzing, optimizing, configuring and maintaining a computer
system. It support the computer infrastructure.

TYPES OF APPLICATION SOFTWARE

APPLICATION SOFTWARE - Also known as end-used programs or productivity programs are software
that helps the user in completing task such as doing online research, jotting down notes, setting
alarms.

WORD PROCESSORS - These applications for documents.

DATABASE SOFTWARE - Used to create and manage database.
EDUCATION AND REFERENCES SOFTWARE - Designed to facilitate learning on a particular
subject. (academic software)
GRAPHIC SOFTWARE - Picture editors and illustration software.
WEB BROWSERS - Used to browse the internet.

STORAGE MEDIA
- Storage keeps, data, information and instructions for use in the future.

COMMON STORAGE MEDIA

1. Hard Drive

2. Floppy Disk

3. CD & DVD

4. USB Flash Drive

ADVANTAGES OF USING COMPUTER

6
 Chapter 1 – Introduction to Cybercrime
1. Provide access to more information

2. Complete task that might be impossible for humans to complete

3. Save time

4. Automates repetitive tasks

5. Allows for greater productivity

6. Allow for better communication and connections

7. Entertainment

DISADVANTAGES OF USING COMPUTER

1. Social Risks

2. Health Risks

3. Security Risks

4. High Cost

5. Distractions/disruptions

6. Environmental impact

INTERNET

INTERNET - is a global wide area network that connects computer systems across the world. It
includes several high-bandwidth data lines that comprise the internet “backbone”. These lines are
connected to major internet hubs that distribute data to other locations, such as webservers and ISPs.

7
 Chapter 1 – Introduction to Cybercrime
HISTORY INTERNET

- Starter in 1960 s

- Way for government researchers to share information.

- January 1, 1983 considered birthday of the internet.

DIFFERENT TYPES OF INTERNET CONNECTION

 Dial up

 DSL (Digital Subscriber Land)

 Cable

 Wireless

 Satellite

 Cellular

COMPUTER VIRUS

COMPUTER VIRUS - Is a small software program that is designed to spread from one computer to
other and to interfere with computer operation. Virus may spread between files or disk.

 There are estimated 30, 000 computer viruses is existence.

 First virus was created to show loopholes in software.

 Over 300 new ones are created each month.

 Today almost of all viruses are spread through the internet.

8
 Chapter 1 – Introduction to Cybercrime

May 4, 2000
Onel de Guzman

TYPES COMPUTER VIRUSES

1. RESIDENT VIRUS - Resident viruses live in your RAM memory. It

can interfere with normal system operation which can lead to the
corruption of files and programs.

- e.i. CMJ, Meve, MrKlunky and Randex

2. MULTIPARTITE VIRUS - This type of virus can easily spread in your

computer system. It is very infectious; performing unauthorized
actions in your operating system, in folder, and other programs on
the computer. They have the ability to infect both the executable
files and the boots sector.

3. BOOT SECTOR VIRUS - Your computer drive has a sector

solely responsible for pointing to the operating system so
that it can boot into the interface. A boot sector virus
damages or controls the boot sector on the drive, rendering
the machine unusable. Attackers usually use malicious USB
devices to spread this computer virus. The virus is activated
when users plug in the USB device and boot their machine.

4. WEB SCRIPTING VIRUS - Most browsers have defenses against

malicious web scripts, but older, unsupported browsers have
vulnerabilities allowing attackers to run code on the local device.

5. BROWSER HIJACKER - A computer virus that can change the

settings on your browser will hijack browser favorites, the home
page URL, and your search preferences and redirect you to a
malicious site. The site could be a phishing site or an adware
page used to steal data or make money for the attacker.

6. DIRECT ACTION VIRUS - When a user executes a seemingly

harmless file attached to malicious code, direct-action
viruses deliver a payload immediately. These computer
viruses can also remain dormant until a specific action is
taken or a timeframe passes.

7. POLYMORPHIC VIRUS - Malware authors can use

polymorphic code to change the program’s footprint to avoid
detection. Therefore, it’s more difficult for an antivirus to
detect and remove them.

8. FILE INFECTOR VIRUS - To persist on a system, a threat actor

uses file infector viruses to inject malicious code into critical

9
 Chapter 1 – Introduction to Cybercrime
files that run the operating system or important programs. The computer virus is activated
when the system boots or the program runs.

9. MACRO VIRUS - Microsoft Office files can run macros that

can be used to download additional malware or run malicious
code. Macro viruses deliver a payload when the file is opened
and the macro runs.

MAJOR ANTIVIRUS SOFTWARE which is most commonly used

1. Norton Antivirus

2. F-Secure Antivirus

3. Kaspersky Antivirus

4. AVAST Antivirus

5. Comodo Antivirus

6. McAfee Antivirus

SYMPTOMS OF VIRUS ATTACK

1. Computer runs slower than usual

2. Screen sometimes flicker

3. Systems crashes for no reason

4. Computer no longer boots up

5. Denial of Service (DoS)

6. File sometimes disappear

10
 Chapter 1 – Introduction to Cybercrime

CYBERCRIME AND HACKER

CYBERCRIME

Offenses that are committed against individuals or groups of individuals with a criminal
motive to intentionally harm the reputation of the victim or cause physical or mental harm or
loss, to the victim directly or indirectly, using modern telecommunication networks such as
internet (network including but not limited to chat rooms, emails, notice and groups) and
mobile phones (Bluetooth/SMS/MMS).

Consist of illegal activity conducted on a computer. Traditional crimes may be committed

while using a computer, but cybercrime consists of more specific types of crimes, such as
phishing scheme and viruses.

HISTORY OF CYBERCRIME

1970S - “Tech-savvy people known as “Phreakers” found a way around paying for long
distance calls through a series of codes.

1990 large project named “Operation Subdevil” was ex FBI agent confiscated 42 computers
and over 20, 000 floppy disks used by criminals for illegal credit card and telephone services.

Crime and cybercrimes become an increasingly problem in our society.

EVOLUTION, CATEGORIES AND CLASSSIFICAGTION OF CYBERCRIME

1997 – Cybercrimes and viruses initiated that includes Morris Code worm and other.

2004 – Malicious code, Trojan, Advances worm etc.

2007 – DNS Attack, Rise of Bornets, SQL attacks etc.

2013 – Social Engineering, DOS Attack BotNets, Malicious Emails, Ransomware attack etc.

Present – banking Malware, Keylogger, Bitcoin wallet, Phone Hijacking, Android Hack, Cyber
warfare etc.

ELEMENTS OF CYBERCRIME

1. Computer

2. Crime

CATEGORIES OF CYBERCRIME

1. The computer as a target

11
 Chapter 1 – Introduction to Cybercrime
2. The computer as a weapon

CYBERCRIME CAN BE CLASSIFIED INTO FOUR CATEGORIES.

A. CYBER CRIME AGAINST INDIVIDUAL - Crimes that are committed by the cyber-criminal against an
individual or a person.

➢ EMAIL SPOOFING - this technique is a forgery of an email header.

➢ SPAMMING - Email spam or otherwise called as Junk email. The

spammers use spam bots to create email distribution

 CYBER DEFAMATION - It means

the harm that is brought on the reputation of an individual through
cyber space.

 IRC CRIME (INTERNET RELAY CHAT) - IRC Servers allow

the people around the world to come together under a single
platform which is something called as rooms and they chat to
each other.

 cyber criminals basically uses it for the meeting.

 Hacker uses it for discussing their technique s

 Pedophiles use it to allure small children.

 PHISHING - It this type of crimes or fraud the hackers

tries to gain information or account’s information by
masquerading as a reputable individual or entity in various
communication channels or in email.

B. CYBER CRIME AGAINST PROPERTY - These types of crimes include

vandalism of computers, intellectual property crime (copyright, patented,
trademark etc.) online threatening.

 SOFTWARE PIRACY - It can be describe as the copying of

software unauthorized;

12
 Chapter 1 – Introduction to Cybercrime
 COPYRIGHT INFRINGEMENT - It can be described as the infringements of an individual or
organization’s copyright.

C. CYBER CRIME AGAINST ORGANIZATION – Cyber crimes against organization are as follows:

1. Unauthorized changing or deleting data;

2. Reading or copying of confidential information unauthorized, but the data are neither being
changed not deleted.

 DOS ATTACK ( DENIAL OF SERVICE) - In this attack, the

attacker floods servers, systems or networks with traffic in order to
overwhelm the victim resources and make it infeasible or difficult for
the users to use them.

 EMAIL BOMBING - It is type of net abuse; where huge

numbers of emails are sent to an email address in order to
overflow or flood the mailbox with mails or flood the server
where the email address.

 SALAMI ATTACK - The other name of salami attack is Salami

slicing.

D. CYBER CRIME AGAINST SOCIETY - Cybercrimes against society are as follows

FORGERY - means making a false document, signature, currency, revenue stamp

etc.

WEB JACKING - the term Web jacking - Fake website.

DIFFERENT TYPES OF CYBERCRIME

1. FINANCIAL CRIME - It is defined as crime that is

specifically committed against property. These crimes are
almost always committed for the personal benefit of the
criminal, and they involve an illegal conversion of ownership of
the property that is involved.

13
 Chapter 1 – Introduction to Cybercrime

2. CYBER PORNOGRAPHY - It is the act of using

cyberspace to create, display, distribute, import, or publish
pornography or obscene materials, especially materials
depicting children engaged in sexual acts with adults.

3. ONLINE GAMBLING - It is any kind of gambling

conducted on the internet. This includes virtual poker, casinos
and sports betting.

4. INTELLECTUAL PROPERTY CRIMES - Crime is a

generic term used by INTERPOL to describe a wide range of
counterfeiting and piracy offences.

5. EMAIL SPOOFING. - It is the fabrication of an email

header in the hopes of duping the recipient into
thinking the email originated from someone or
somewhere other than the intended sources.

6. CYBER DEFAMATION - It is considered to be the act of

defaming, insulting, offending or otherwise causing harm
through false statements pertaining to an individual in
cyberspace.

7. UNAUTHORIZED ACCESS - It is an attempt to exploit a

computer system or a private network inside a computer.

8. CYBER STAKING - It is the use of the internet or

other electronic means to stalk or harass an
individual, group, or organization. It harm include
false accusations, defamation, slander and libel.

9. THEFT - It is felonies taking and removing of personal

property with intent to deprive the rightful owner of it.

14
 Chapter 1 – Introduction to Cybercrime
10. EMAIL BOMBING - It is a malicious act in which a large
number of email messages are sent to a single email address in
a short difficult to detect.

11. SALAMI ATTACK - Stealing small amounts of funds

from multiple bank accounts.

12. DENIAL OF SERVICES (DOS) ATTACK - It is exploit in

which an attacker takes advantage of vulnerabilities in the
domain name system (DNS).

13. VIRUS/WORM - Malicious, self replicating program

that can spread throughout a network without
human assistance.

14. LOGIC BOMBS - It is a set of instructions secretly

incorporated into a program so that if a particular conditions is
satisfied they will be carried out usually with harmful effects.

15. TROJAN ATTACKS - It is a type of malware

that is often distinguished as legitimate
software. Trojan can be employed by
cyberthieves and hackers trying to gain access
to users’ systems.

16. WEB JACKING - It simple when someone clones your

website, and tricks you to believe the cloned site is yours. The
malicious link is placed somewhere on your waiting for a click.

17. CYBER-TERRORISM - It is a serious breach of the social

and political stability and cohesion of a nation.

CLASSIFICATION OF COMPUTER CRIME

15
 Chapter 1 – Introduction to Cybercrime
FINANCIAL FRAUD CRIMES - Defined as an intentional act of deception involving financial
transactions for purpose of personal gain. Fraud is a crime, and is also a civil law violation.

INTERNET FRAUD - Means trying to trick or scam someone else using internet. This usually means
that the person who is being tricked loses money to the people scamming them. Internet fraud can
take place on computer programs such as chat rooms, e-mail, message boards, or websites.

COMPUTER FRAUD - It is any dishonest misrepresentation of fact intended to let another to do refrain
from doing something which causes loss. In this context , the fraud will result an unauthorized way;

1. Altering in an unauthorized way;

2. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized

transactions;

3. Altering or deleting stored data

BANK FRAUD - It is the use of potential illegal means to obtain money, assets or other property
owned or held by financial institution, or to obtain money from depositors by fraudulently posing as a
bank or other financial institution.

CARDING - It is a form or credit card fraud in which a stolen credit card is used to charge pre-paid
cards.

IDENTITY THEFT - Also known identify fraud. (impersonate or impostor)

EXTORTION - Also called shakedown, outwrestling and extraction is a criminal offense of obtaining
money, property of services from an individual or institution, through coercion.

THEFT OF CLASSIFIED INFORMATION - It is sensitive information to which access is restricted by

law or regulation to participate classes of people.

SPAMMING - is the use of electronic system like e-mails and other digital delivery systems and
broadcast media to send unwanted bulk messages indiscriminately. PHISING - mostly propagated via
email.

PHISHING - emails may obtain links to other websites that are affected by malware. They may
contain links to fake online banking or other websites used to steal private account information.

STALKING - is unwanted or repeated surveillance by an individual or group towards another person.

TYPES OF STALKERS

REJECTED STALKER - This type of stalker becomes upset when the friendship or romantic
relationship has ended.

RESENTFUL STALKER - Feels humiliated that the relationship has ended and seeks revenge upon the
victim. (often irrationally paranoid, verbally assault their victim)

PREDATORY STALKER. - Seeks power and sexual gratification.

INTIMACY SEEKER - Seeks an intimate and romantic relationships with the victim. (continually phone
the victim, write letters, jealous and violent if the victim enters into a relationship to someone.)

INCOMPETENT SUITOR - Inadequate social skills. They want a relationship with the victim but do not
have the ability to realize he/she not meant to be with the victim.

EROTOMANIA AND MORBIDLY INFATUATED - Stalker feels that the victim loves them even though
they may not have had any contact with the victim. The stalker is usually paranoid, prefer suitors in a

16
 Chapter 1 – Introduction to Cybercrime
higher social class, and will repeatedly approach the victim.

HACKER - Someone who is proficient at software programming, debugging networks, or identifying

vulnerabilities in a given computer programmers and application, or computer network. An individual
who uses computer, networking or other skills to overcome a technical problem.

DIFFERENT TYPES OF HACKER

WHITE HAT HACKER - Also known ethical hackers. The security firms then help their customers
mitigate security issues before criminal hackers can exploit them.

BLACK HAT HACKERS - Intentionally gain unauthorized access to network and systems with
malicious intent, whether steal data, spread malware or profit from ransom ware, vandalize or other
damage systems.

GRAY HAT HACKERS - Fall someone between whit hat hackers and black hat hackers.

HACKER VS. CRACKER - Hackers are intended in knowing how things work. They like to explore and
discover the computer systems, programming and the networks. The purpose of a cracker is to break
the security of computers and networks. Crackers are also known as black hats.

HOW TO PROTECT YOURSELF FROM CYBER CRIME

1. Use strong passwords

2. Secure your computer

3. Block spyware attacks

4. Be social media savvy

5. Secure you mobile devices

6. Protect your data

7. Secure your wireless network

8. Protect your e-identity

9. Avoid being scammed

10. Call right person for help

17
 Chapter 2 – Cybercrime Offenses
CYBER OFFENSES

CHAPTER I :PRELIMINARY PROVISIONS

Republic Act No. 10175 - AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE PREVENTION,
INVESTIGATION, SUPPRESSION AND THE IMPOSITION OF PENALTIES THEREFOR AND FOR OTHER
PURPOSES.

Approved: September 12, 2012

SECTION 1. Title. — This Act shall be known as the “Cybercrime Prevention Act of 2012”.

SECTION 2. Declaration of Policy :

 The State recognizes the vital role of information and communications industries such as
content production, telecommunications, broadcasting electronic commerce, and data
processing, in the nation’s overall social and economic development.

 The State also recognizes the importance of providing an environment conducive to the
development, acceleration, and rational application and exploitation of information and
communications technology (ICT) to attain free, easy, and intelligible access to exchange
and/or delivery of information; and the need to protect and safeguard the integrity of
computer, computer and communications systems and databases, and the confidentiality,
integrity, and availability of information and data stored therein, from all forms of misuse,
abuse, and illegal access by making punishable under the law such conduct or conducts.

 In this light, the State shall adopt sufficient powers to effectively prevent and combat such
offenses by facilitating their detection, investigation, and prosecution at both the domestic
and international levels, and by providing arrangements for fast and reliable international
cooperation.

SECTION 3. Definition of Terms. — For purposes of this Act, the following terms are hereby defined
as follows:

(A) ACCESS - refers to the instruction, communication with, storing data in, retrieving data from, or
otherwise making use of any resources of a computer system or communication network.

(B) ALTERATION - refers to the modification or change, in form or substance, of an existing computer
data or program.

(C) COMMUNICATION - refers to the transmission of information through ICT media, including voice,
video and other forms of data.

(D) COMPUTER - refers to an electronic, magnetic, optical, electrochemical, or other data processing
or communications device, or grouping of such devices, capable of performing logical, arithmetic,
routing, or storage functions and which includes any storage facility or equipment or communications
facility or equipment directly related to or operating in conjunction with such device. It covers any type
of computer device including devices with data processing capabilities like mobile phones, smart
phones, computer networks and other devices connected to the internet.

(E) COMPUTER - data refers to any representation of facts, information, or concepts in a form
suitable for processing in a computer system including a program suitable to cause a computer
system to perform a function and includes electronic documents and/or electronic data messages
whether stored in local computer systems or online.

(F) COMPUTER PROGRAM - refers to a set of instructions executed by the computer to achieve
intended results.

18
 Chapter 2 – Cybercrime Offenses
(G) COMPUTER SYSTEM - refers to any device or group of interconnected or related devices, one or
more of which, pursuant to a program, performs automated processing of data. It covers any type of
device with data processing capabilities including, but not limited to, computers and mobile phones.
The device consisting of hardware and software may include input, output and storage components
which may stand alone or be connected in a network or other similar devices. It also includes
computer data storage devices or media.

(H) WITHOUT RIGHT - refers to either: (i) conduct undertaken without or in excess of authority; or (ii)
conduct not covered by established legal defenses, excuses, court orders, justifications, or relevant
principles under the law.

(I) CYBER - refers to a computer or a computer network, the electronic medium in which online
communication takes place.

(J) CRITICAL INFRASTRUCTURE - refers to the computer systems, and/or networks, whether physical
or virtual, and/or the computer programs, computer data and/or traffic data so vital to this country
that the incapacity or destruction of or interference with such system and assets would have a
debilitating impact on security, national or economic security, national public health and safety, or any
combination of those matters

(K) CYBERSECURITY - refers to the collection of tools, policies, risk management approaches, actions,
training, best practices, assurance and technologies that can be used to protect the cyber
environment and organization and user’s assets.

(L) DATABASE - refers to a representation of information, knowledge, facts, concepts, or instructions

which are being prepared, processed or stored or have been prepared, processed or stored in a
formalized manner and which are intended for use in a computer system.

(M) INTERCEPTION - refers to listening to, recording, monitoring or surveillance of the content of
communications, including procuring of the content of data, either directly, through access and use of
a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at
the same time that the communication is occurring.

(N) SERVICE PROVIDER - refers to:

a) Any public or private entity that provides to users of its service the ability to communicate by
means of a computer system; and

b) Any other entity that processes or stores computer data on behalf of such communication
service or users of such service.

(O) SUBSCRIBERS INFORMATION - refers to any information contained in the form of computer data
or any other form that is held by a service provider, relating to subscribers of its services other than
traffic or content data and by which identity can be established:

1. The type of communication service used, the technical provisions taken thereto and the
period of service;

2. The subscriber’s identity, postal or geographic address, telephone and other access numbers,
any assigned network address, billing and payment information, available on the basis of the
service agreement or arrangement; and

3. Any other available information on the site of the installation of communication equipment,
available on the basis of the service agreement or arrangement.

(P) TRAFFIC DATA OR NON-CONTENT DATA - refers to any computer data other than the content of
the communication including, but not limited to, the communication’s origin, destination, route, time,

19
 Chapter 2 – Cybercrime Offenses
date, size, duration, or type of underlying service.

20
 Chapter 2 – Cybercrime Offenses
CHAPTER 2: PUNISHABLE ACTS

SEC. 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime punishable
under this Act:

(a) Offenses against the confidentiality, integrity and availability of computer data and systems:

(1) Illegal Access. – The access to the whole or any part of a computer system without right.

(2) Illegal Interception. – The interception made by technical means without right of any non-
public transmission of computer data to, from, or within a computer system including
electromagnetic emissions from a computer system carrying such computer data.

(3) Data Interference. — The intentional or reckless alteration, damaging, deletion or

deterioration of computer data, electronic document, or electronic data message, without
right, including the introduction or transmission of viruses.

(4) System Interference. — The intentional alteration or reckless hindering or interference

with the functioning of a computer or computer network by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer data or program, electronic
document, or electronic data message, without right or authority, including the introduction or
transmission of viruses.

(5) Misuse of Devices.

(i) The use, production, sale, procurement, importation, distribution, or otherwise making
available, without right, of:

(aa) A device, including a computer program, designed or adapted primarily for the
purpose of committing any of the offenses under this Act; or

(bb) A computer password, access code, or similar data by which the whole or any
part of a computer system is capable of being accessed with intent that it be used for
the purpose of committing any of the offenses under this Act.

(ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent
to use said devices for the purpose of committing any of the offenses under this section.

(ii) Identical or in any way similar with the name of a person other than the registrant, in
case of a personal name; and

(iii) Acquired without right or with intellectual property interests in it.

(6) Cyber-squatting. – The acquisition of a domain name over the interne t in bad faith to
profit, mislead, destroy reputation, and deprive others from registering the same, if such a
domain name is:

(i) Similar, identical, or confusingly similar to an existing trademark registered with the
appropriate government agency at the time of the domain name registration:

(b) Computer-related Offenses:

(1) Computer-related Forgery. —

(i) The input, alteration, or deletion of any computer data without right resulting in
inauthentic data with the intent that it be considered or acted upon for legal purposes as
if it were authentic, regardless whether or not the data is directly readable and intelligible;
or

21
 Chapter 2 – Cybercrime Offenses
(ii) The act of knowingly using computer data which is the product of computer-related
forgery as defined herein, for the purpose of perpetuating a fraudulent or dishonest
design.

(2) Computer-related Fraud. — The unauthorized input, alteration, or deletion of computer

data or program or interference in the functioning of a computer system, causing damage
thereby with fraudulent intent: Provided, That if no damage has yet been caused, the penalty
imposable shall be one (1) degree lower.

(3) Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying information belonging to another, whether
natural or juridical, without right: Provided, That if no damage has yet been caused, the
penalty imposable shall be one (1) degree lower.

(c) Content-related Offenses:

(1) Cybersex. — The willful engagement, maintenance, control, or operation, directly or

indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a
computer system, for favor or consideration.

(2) Child Pornography. — The unlawful or prohibited acts defined and punishable by Republic
Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer
system: Provided, That the penalty to be imposed shall be (1) one degree higher than that
provided for in Republic Act No. 9775.

(3) Unsolicited Commercial Communications. — The transmission of commercial electronic

communication with the use of computer system which seek to advertise, sell, or offer for
sale products and services are prohibited unless:

(i) There is prior affirmative consent from the recipient; or

(ii) The primary intent of the communication is for service and/or administrative
announcements from the sender to its existing users, subscribers or customers; or

(iii) The following conditions are present:

(aa) The commercial electronic communication contains a simple, valid, and reliable
way for the recipient to reject. receipt of further commercial electronic messages
(optout) from the same source;

(bb) The commercial electronic communication does not purposely disguise the
source of the electronic message; and

(cc) The commercial electronic communication does not purposely include

misleading information in any part of the message in order to induce the recipients to
read the message.

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised
Penal Code, as amended, committed through a computer system or any other similar means
which may be devised in the future.

SEC. 5. Other Offenses. The following acts shall also constitute an offense:

(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who willfully abets or aids
in the commission of any of the offenses enumerated in this Act shall be held liable.

(b) Attempt in the Commission of Cybercrime. — Any person who willfully attempts to commit
any of the offenses enumerated in this Act shall be held liable.

22
 Chapter 2 – Cybercrime Offenses
SEC. 6. All crimes defined and penalized by the Revised Penal Code, as amended, and special laws, if
committed by, through and with the use of information and communications technologies shall be
covered by the relevant provisions of this Act: Provided, That the penalty to be imposed shall be one
(1) degree higher than that provided for by the Revised Penal Code, as amended, and special laws, as
the case may be.

SEC. 7. Liability under Other Laws. — A prosecution under this Act shall be without prejudice to any
liability for violation of any provision of the Revised Penal Code, as amended, or special laws.

23
 Chapter 2 – Introduction to Cybercrime
CHAPTER 3: PENALTIES

SEC. 8. Penalties. — Any person found guilty of any of the punishable acts enumerated in Sections
4(a) and 4(b) of this Act shall be punished with imprisonment of prison mayor or a fine of at least Two
hundred thousand pesos (PhP200,000.00) up to a maximum amount commensurate to the damage
incurred or both.

- Any person found guilty of the punishable act under Section 4(a)(5) shall be punished
with imprisonment of prison mayor or a fine of not more than Five hundred thousand
pesos (PhP500,000.00) or both

- If punishable acts in Section 4(a) are committed against critical infrastructure, the
penalty of reclusion temporal or a fine of at least Five hundred thousand pesos
(PhP500,000.00) up to maximum amount commensurate to the damage incurred or
both, shall be imposed.

- Any person found guilty of any of the punishable acts enumerated in Section 4(c)(1)
of this Act shall be punished with imprisonment of prison mayor or a fine of at least
Two hundred thousand pesos (PhP200,000.00) but not exceeding One million pesos
(PhP1,000,000.00) or both.

- Any person found guilty of any of the punishable acts enumerated in Section 4(c)(2)
of this Act shall be punished with the penalties as enumerated in Republic Act No.
9775 or the “Anti-Child Pornography Act of 2009”: Provided, That the penalty to be
imposed shall be one (1) degree higher than that provided for in Republic Act No.
9775, if committed through a computer system.

- Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3)
shall be punished with imprisonment of arresto mayor or a fine of at least Fifty
thousand pesos (PhP50,000.00) but not exceeding Two hundred fifty thousand pesos
(PhP250,000.00) or both.

- Any person found guilty of any of the punishable acts enumerated in Section 5 shall
be punished with imprisonment one (1) degree lower than that of the prescribed
penalty for the offense or a fine of at least One hundred thousand pesos
(PhP100,000.00) but not exceeding Five hundred thousand pesos (PhP500,000.00) or
both.

SEC. 9. Corporate Liability. — When any of the punishable acts herein defined are knowingly
committed on behalf of or for the benefit of a juridical person, by a natural person acting either
individually or as part of an organ of the juridical person, who has a leading position within, based on:

(a) a power of representation of the juridical person provided the act committed falls within
the scope of such authority;

(b) an authority to take decisions on behalf of the juridical person: Provided, That the act
committed falls within the scope of such authority; or

(c) an authority to exercise control within the juridical person, the juridical person shall be held
liable for a fine equivalent to at least double the fines imposable in Section 7 up to a
maximum of Ten million pesos (PhP10,000,000.00).

- If the commission of any of the punishable acts herein defined was made possible due to the
lack of supervision or control by a natural person referred to and described in the preceding
paragraph, for the benefit of that juridical person by a natural person acting under its authority,
the juridical person shall be held liable for a fine equivalent to at least double the fines

24
 Chapter 2 – Introduction to Cybercrime
imposable in Section 7 up to a maximum of Five million pesos (PhP5,000,000.00).

- The liability imposed on the juridical person shall be without prejudice to the criminal liability
of the natural person who has committed the offense.

25
 Chapter 3 – Cyber Intelligence Process
CYBER INTELLIGENCE

Can be defined as the tracking, analyzing, and countering of digital security treats.

This type of intelligence is a mixture of physical espionage and defense with modern
information technology

CHAPTER 4 OF CYBER CRIME LAW : LAW ENFORCEMENT AND IMPLEMENTATION

SEC. 10. LAW ENFORCEMENT AUTHORITIES. — The National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) shall be responsible for the efficient and effective law enforcement
of the provisions of this Act. The NBI and the PNP shall organize a cybercrime unit or center manned
by special investigators to exclusively handle cases involving violations of this Act.

SEC. 11. DUTIES OF LAW ENFORCEMENT AUTHORITIES. — To ensure that the technical nature of
cybercrime and its prevention is given focus and considering the procedures involved for international
cooperation, law enforcement authorities specifically the computer or technology crime divisions or
units responsible for the investigation of cybercrimes are required to submit timely and regular
reports including pre-operation, post operation and investigation results and such other documents as
may be required to the Department of Justice (DOJ) for review and monitoring.

SEC. 12. REAL-TIME COLLECTION OF TRAFFIC DATA. — Law enforcement authorities, with due
cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time
associated with specified communications transmitted by means of a computer system.

TRAFFIC DATA - refer only to the communication’s origin, destination, route, time, date, size, duration,
or type of underlying service, but not content, nor identities.

ALL OTHER DATA to be collected or seized or disclosed will require a court warrant.

Service providers are REQUIRED to cooperate and assist law enforcement authorities in the collection
or recording of the above-stated information.

COURT WARRANT - required under this section shall only be issued or granted upon written
application and the examination under oath or affirmation of the applicant and the witnesses he may
produce and the showing:

REASONABLE GROUNDS:

(1) that there are reasonable grounds to believe that any of the crimes enumerated hereinabove has
been committed, or is being committed, or is about to be committed:

(2) that there are reasonable grounds to believe that evidence that will be obtained is essential to the
conviction of any person for, or to the solution of, or to the prevention of, any such crimes;

(3) that there are no other means readily available for obtaining such evidence.

SEC. 13. PRESERVATION OF COMPUTER DATA. — The integrity of traffic data and subscriber
information relating to communication services provided by a service provider shall be preserved for a
minimum period of six (6) months from the date of the transaction. Content data shall be similarly
preserved for six (6) months from the date of receipt of the order from law enforcement authorities
requiring its preservation.

Law enforcement authorities may order a one-time extension for another six (6) months: Provided,
that once computer data preserved, transmitted or stored by a service provider is used as evidence in

26
 Chapter 3 – Cyber Intelligence Process
a case, the mere furnishing to such service provider of the transmittal document to the Office of the
Prosecutor shall be deemed a notification to preserve the computer data until the termination of the
case.

The service provider ordered to preserve computer data shall keep confidential the order and its
compliance.

SEC. 14. DISCLOSURE OF COMPUTER DATA. — Law enforcement authorities, upon securing a court
warrant, shall issue an order requiring any person or service provider to disclose or submit
subscriber’s information, traffic data or relevant data in his/its possession or control within seventy-
two (72) hours from receipt of the order in relation to a valid complaint officially docketed and
assigned for investigation and the disclosure is necessary and relevant for the purpose of
investigation.

SEC. 15. SEARCH, SEIZURE AND EXAMINATION OF COMPUTER DATA. — Where a search and
seizure warrant is properly issued, the law enforcement authorities shall likewise have the following
powers and duties.

Within the time period specified in the warrant, to conduct interception, as defined in this Act, and:

a. To secure a computer system or a computer data storage medium;

b. To make and retain a copy of those computer data secured;

c. To maintain the integrity of the relevant stored computer data;

d. To conduct forensic analysis or examination of the computer data storage medium;

and

e. To render inaccessible or remove those computer data in the accessed computer or

computer and communications network.

Pursuant thereof, the law enforcement authorities may order any person who has knowledge about
the functioning of the computer system and the measures to protect and preserve the computer data
therein to provide, as is reasonable, the necessary information, to enable the undertaking of the
search, seizure and examination.

Law enforcement authorities may request for an extension of time to complete the examination of the
computer data storage medium and to make a return thereon but in no case for a period longer than
thirty (30) days from date of approval by the court.

SEC. 16. CUSTODY OF COMPUTER DATA. - All computer data, including content and traffic data,
examined under a proper warrant shall, within forty-eight (48) hours after the expiration of the period
fixed therein, be deposited with the court in a sealed package, and shall be accompanied by an
affidavit of the law enforcement authority executing it stating the dates and times covered by the
examination, and the law enforcement authority who may access the deposit, among other relevant
data.

The law enforcement authority shall also certify that no duplicates or copies of the whole or any part
thereof have been made, or if made, that all such duplicates or copies are included in the package
deposited with the court.

The package so deposited shall not be opened, or the recordings replayed, or used in evidence, or

27
 Chapter 3 – Cyber Intelligence Process
then contents revealed, except upon order of the court, which shall not be granted except upon
motion, with due notice and opportunity to be heard to the person or persons whose conversation or
communications have been recorded.

SEC. 17. DESTRUCTION OF COMPUTER DATA. — Upon expiration of the periods as provided in
Sections 13 and 15, service providers and law enforcement authorities, as the case may be, shall
immediately and completely destroy the computer data subject of a preservation and examination.

SEC. 18. EXCLUSIONARY RULE. — Any evidence procured without a valid warrant or beyond the
authority of the same shall be inadmissible for any proceeding before any court or tribunal

SEC. 19. RESTRICTING OR BLOCKING ACCESS TO COMPUTER DATA. — When a computer data is
prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to
restrict or block access to such computer data.

SEC. 20. NONCOMPLIANCE. — Failure to comply with the provisions of Chapter IV hereof specifically
the orders from law enforcement authorities shall be punished as a violation of Presidential Decree
No. 1829 with imprisonment of prison correctional in its maximum period or a fine of One hundred
thousand pesos (Php100,000.00) or both, for each and every noncompliance with an order issued by
law enforcement authorities.

CHAPTER 5 OF CYBER CRIME LAW - JURISDICTION

SEC. 21. JURISDICTION. — The Regional Trial Court shall have jurisdiction over any violation of the
provisions of this Act. including any violation committed by a Filipino national regardless of the place
of commission.

Jurisdiction shall lie if any of the elements was committed within the Philippines or committed with
the use of any computer system wholly or partly situated in the country, or when by such commission
any damage is caused to a natural or juridical person who, at the time the offense was committed,
was in the Philippines.

There shall be designated special cybercrime courts manned by specially trained judges to handle
cybercrime cases.

CHAPTER 6 CYBER CRIME LAW - INTERNATIONAL COOPERATION

SEC. 22. GENERAL PRINCIPLES RELATING TO INTERNATIONAL COOPERATION — All relevant

international instruments on international cooperation in criminal matters, arrangements agreed on
the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the
purposes of investigations or proceedings concerning criminal offenses related to computer systems
and data, or for the collection of evidence in electronic form of a criminal, offense shall be given full
force and effect.

CHAPTER 7 CYBER CRIME LAW - COMPETENT AUTHORITIES

SEC 23. DEPARTMENT OF JUSTICE (DOJ). — There is hereby created an Office of Cybercrime within
the DOJ designated as the central authority in all matters related to international mutual assistance
and extradition.

SEC. 24. CYBERCRIME INVESTIGATION AND COORDINATING CENTER. — There is hereby created,
within thirty (30) days from the effectivity of this Act, an inter-agency body to be known as the
Cybercrime Investigation and Coordinating Center (CICC), under the administrative supervision of the
Office of the President, for policy coordination among concerned agencies and for the formulation

28
 Chapter 3 – Cyber Intelligence Process
and enforcement of the national cybersecurity plan.

SEC. 25. COMPOSITION. — The CICC shall be headed by the Executive Director of the Information and
Communications Technology Office under the Department of Science and Technology (ICTO-DOST)
as Chairperson with the Director of the NBI as Vice Chairperson.

MEMBERS:

a) the Chief of the PNP

b) Head of the DOJ Office of Cybercrime; and

c) one (1) representative from the private sector and academe,

The CICC shall be manned by a secretariat of selected existing personnel and representatives from
the different participating agencies.

SEC. 26. POWERS AND FUNCTIONS. — The CICC shall have the following powers and functions:

a. To formulate a national cybersecurity plan and extend immediate assistance for the
suppression of real-time commission of cybercrime offenses through a computer
emergency response team (CERT);

b. To coordinate the preparation of appropriate and effective measures to prevent and

suppress cybercrime activities as provided for in this Act;

c. To monitor cybercrime cases being bandied by participating law enforcement and

prosecution agencies;

d. To facilitate international cooperation on intelligence, investigations, training and

capacity building related to cybercrime prevention, suppression and prosecution;

e. To coordinate the support and participation of the business sector, local government
units and nongovernment organizations in cybercrime prevention programs and other
related projects;

f. To recommend the enactment of appropriate laws, issuances, measures and policies;

g. To call upon any government agency to render assistance in the accomplishment of

the CICC’s mandated tasks and functions; and

h. To perform all other matters related to cybercrime prevention and suppression,

including capacity building and such other functions and duties as may be necessary
for the proper implementation of this Act.

29