INTRODUCTION

TO
CYBERCRIME

CRI 327/L
RA 10364 – Expanded the Anti-Trafficking in
Person Act
RA 9775 – Anti Child Pornography Act of
2009
RA 9208 – Anti-Trafficking in Persons Act
of 2003
G8
1. France
2. Germany
3. Italy
4. Japan
5. United Kingdom
6. United States
7. Canada
8. Russia
Botnet - collection of infected
computers
Spyware - enables the remote monitoring
of a computer user’s activities or
information on an individual’s computer
where this software has been installed
Keyloggers - records every keystroke of
the user and reports this information
back to its source
Kevin Poulsen - hacked under the
pseudonym ‘Dark Dante’
Richard D. Greenblatt - considered to
have founded the hacker community
Tom Knight - co-engineer of ARPANET
• Digital natives – people that were
brought into a world that was already
digital, spend large amounts of time
in digital environments, and use
technological resources in their day-
to- day lives
• Digital immigrants - those who were
born prior to the creation of the
Internet and digital technologies
• Kevin Mitnick - most notorious hackers
in internet history
• David L. Smith - first person ever
prosecuted for writing a computer
virus (Melissa virus)
Computer forensics has the following key
elements:
1. The use of scientific methods
2. Collection and preservation
3. Validation
4. Identification
5. Analysis and interpretation
6. Documentation and presentation
Allan Kotok – member of the famous MIT-
TMRC

• Virus - software program designed to

spread itself to other computers and to
damage or disrupt a computer
• Trojan horses - tricks the computer
user into thinking that it is
legitimate software, but actually
contains hidden functions
• Backdoor - used to get unauthorized
access to a website then spread the
malware in the system through unsecured
American Standard Code for Information
Interexchange (ASCII)
- a standard that assigns letters,
numbers, and other characters in the
256 slots available in the 8-bit code
• Warrant to Disclose Computer Data (WDCD)
- to disclose subscriber’s information
• Warrant to Intercept Computer Data (WICD)
- listening, recording, monitoring,
surveillance
• Warrant to Search, Seize and Examine
Computer Data (WSSECD)
• - to search the particular place for
items to be seized
Router - a device that connects two or
more packet-switched networks or
subnetworks

• ShellBags - tracks the directories a

user navigates, even when they do not
open or save a file
• NTUSER.dat - a hive that stores
information about a specific user
account such as the user’s browser
settings and history and data related
to user applications
• UserAssist key - tracks applications
Router - a device that connects two or
more packet-switched networks or
subnetworks

• ShellBags - tracks the directories a

user navigates, even when they do not
open or save a file
• NTUSER.dat - a hive that stores
information about a specific user
account such as the user’s browser
settings and history and data related
to user applications
• UserAssist key - tracks applications
Misuse of Device – use device, including
a computer program or computer password
and access code
Illegal Access – the access to the whole
or any part of a computer system without
right

Devices at risk for remote destruction or

corruption – use faraday bag
Computer crimes
- refer to criminal activity involving
computers
Net-crime
- criminal use of the internet
Cybercrime
- a crime committed with or through the
use of information and communication
technology such as radio, television,
cellular phones, computer and network
and other communication devices or
application
United Nations
a. Cybercrime in a narrow sense (computer
crime): Any illegal behavior directed by
means of electronic operations that
targets the security of computer systems
and the data processed by them.
b. Cybercrime in a broader sense (computer-
related): Any illegal behavior committed
by means of, or in relation to, a
computer system or network, including
such crimes as illegal possession [and]
offering or distributing information by
History of Cybercrime:
• Alexander Graham Bell – invented the
first telephone; employed teenage boys
who repeatedly and intentionally
misdirected and disconnected customer
calls
• Nevil Maskelyne – disrupts the first
public demonstration of Marconi’s
“secure” wireless telegraphy technology
by sending insulting Morse code messages
discrediting the invention
• Alan Turing – led the development of the
“Bombe”, an electro-mechanical device
• Joe Engressia, aka Joybubbles - father
of phreaking, blind seven-year-old boy
with perfect pitch
Phone phreaking - fraudulent
manipulation of telephone signaling
in order to make free phone calls
• RABBITS Virus - known to be the first
virus on a computer
• ARPANET - Advanced Research Projects
Agency (ARPA)
- forerunner of the Internet and World
Wide Web
• Kevin Mitnick - most notorious hackers
in internet history; penetrated some of
• Kevin Poulsen - hacked under the
pseudonym ‘Dark Dante’; best known for
penetrating telephone company computers
to win radio station phone-in contests
in Los Angeles
• DataStream Cowboy and Kuji - caused
havoc across global military networks;
best known of all attacks on Air Force
data system; Rome Laboratory computer
network at Rome
• David L. Smith - first person ever
prosecuted for writing a computer virus
(Melissa virus)
• Stuxnet worm - the world’s first
digital weapon
• DNC email leak - Democratic National
Committee emails (19,252 emails and
8,034 attachments) were leaked to and
subsequently published by WikiLeaks
• Brian Thomas Mettenbrink - targeted
websites of the Church of Scientology
in January 2008; downloaded a piece of
software which sent out large amounts
of illegitimate traffic to several
Scientology websites which could not
process all the information
• Onel de Guzman – created the I LOVE YOU
VIRUS which was received in e-mail in
boxes in Hong Kong on May 4 with
subject “I LOVE YOU” and an attachment
Cyberspace
- the virtual computer world, and more
specifically, is an electronic medium
used to form a global computer network
to facilitate online communication
- new horizon which is controlled by
machine for information and
communication between human beings
across the world
COMMON MOTIVATIONS OF CYBERCRIMINAL:
• Revenge
- attacker may commit a criminal
offense against a company after a
perceived injustice against
themselves
• Opportunity
- while undertaking duties, a person
may identify a vulnerability in the
internal systems where money or data
could be removed without anyone else
being able to identify their actions
then decide to exploit the
vulnerability to their benefit
• Greed
• Test of skill
- commit technical attacks against
others as a training exercise to
develop their skills or advertise
their skill set to build their
credibility on cybercriminal websites
• Business Competitor
- the marketplace can be a very
aggressive environment for
businesses, with each placing an
emphasis on developing a strategic
advantage
• Professional Criminal
- seeking personal financial advantage;
• Terrorism
- causing a massive security failure in
another nation’s critical
infrastructure—such as power, nuclear
energy, or water delivery—that leads
to a large-scale loss of life
• Geopolitics
- state actor is a government agency or
aligned group who conducts cyber
activities on behalf of the
government to gain a competitive
advantage
Categories of Cybercrime

1. Individual - carried out against a

single person

Examples:
• Cyber harassment
• Identity theft
• Distribution of child pornography
• Credit card fraud
2. Property - stealing of data and
intellectual property

Examples:
• Hacking
• Virus transmission
• Phishing
3. Government - least common but is the
most serious offense; crime against the
government

Examples:
• Accessing confidential information
• Cyber warfare
• Pirated software
Hierarchy of Contemporary Cybercriminals
a. Script kiddies, also known as skidiots,
skiddie, or Victor Skill Deficiency
(VSD)
- the lowest life form of
cybercriminal, least sophisticated of
all cybercriminals
- inexperienced hackers who employ
scripts or other programs authored by
others to exploit security
vulnerabilities or otherwise
compromise computer systems
b. Cyberpunks
- individuals’ intent on wreaking havoc
c. Cybercriminal organizations
- groups comprised of criminally minded
individuals who have used the
Internet to communicate, collaborate,
and facilitate cybercrime
- motivations include those activities
associated with political extremism
or economic gain
d. Hackers or crackers

Hackers - sophisticated computer

criminals who are capable of programming,
writing code, and breaching complex
systems

Crackers - sophisticated users who employ

their knowledge for personal gain

• Hackers or crackers
- those who target data which is
valuable on its face or directed at
data which may be used to further
TYPES OF HACKERS
1. Black hats- hackers who commit illegal
acts, and their main purpose is to harm
information systems, steal information,
etc.
2. Gray-hat hacker - falls between black-
and white-hat hackers who have shifting
or changing ethics depending on the
specific situation
3. White-hats - have the knowledge and
skills that would enable them to
function in the same way as black-hats,
but they decided to be on the right
side of the law; often cooperate with
e. Hacktivists
- emerged in the 1990s when the Cult of
the Dead Cow hacker coined the term
to describe their actions
- technological social movements
- for politically or socially motivated
purposes
 TOOLKIT OF CYBERCRIMINALS

Malwares or malicious software

- refers to code that causes damage to
computer system
- includes
a. Back doors
b. Trojan horses
c. Viruses
d. Worms
e. Denial of service
a. Backdoor
- used to get unauthorized access to a
website then spread the malware in
the system through unsecured points
of entry, such as outdated plug-ins
or input fields
b. Trojan horses
- tricks the computer user into
thinking that it is legitimate
software, but actually contains
hidden functions
c. Virus
- software program designed to spread
itself to other computers and to
damage or disrupt a computer
d. Computer Worm
- unique form of malware that can
spread autonomously, though they do
not necessarily have a payload
- use system memory to spread, self
replicate, and deteriorate system
functionality
- written as stand- alone programs in
that they do not need to attach to
existing system files or modify any
code
- once activated, it copies itself into
the system memory and attempts to
spread to other systems through email
 Difference between a virus and worm

Virus Worm

Requires a host Spreads independently

Triggered by human Doesn’t require human
interaction interaction
Often arrives through an Often arrives through a
infected file or program software vulnerability
(file-infector)
e. Bundlers
- malware which is hidden inside what
appears to be legitimate software or
download
- containers often include gaming
software, freeware, image or audio
files, or screensavers
f. DoS (Denial of Service)

• Denial of Service (DoS) Attack

- attempt to prevent users of a
particular service from effectively
using that service
- a network server is bombarded with
authentication requests overwhelming
 • Distributed Denial of Service (DDoS)
Attack
- perpetrator seeks to gain control
over multiple computers and then uses
these computers to launch an attack
against a specific target or targets
Difference Between DoS Attacks and DDoS Attacks
DoS attack DDoS attack
system-on-system attack several systems attacking
a single system
attack is slower attack is faster

Easy to trace Difficult to trace

g. Botnet and Zombie (Bots)
• Bot – short for “robot” is a type of
software, application, or code script
that can be commanded remotely by the
attacker
• Zombie - the infected computer which
is being remotely animated by the
attacker
• Botnet - collection of infected
computers
• Botherder — A person who controls a
botnet
h. Spyware
- enables the remote monitoring of a
computer user’s activities or
1. Keyloggers - records every keystroke of
the user and reports this information
back to its source
2. Sniffer - used to monitor internet
traffic in real time, including
websites you visit and anything you
download or upload
Phishing
- the solicitation of information via e-
mail or the culling of individuals to
fake Web sites
- an attack in which the threat actor
poses as a trusted person or
organization to trick potential victims
into sharing sensitive information or
sending them money
Categories of phishing:
a. Spoofing - criminals attempt to obtain
someone’s personal information by
pretending to be a legitimate business,
a neighbor, or some other innocent
party
b. Pharming - an advanced form of
phishing, which redirects the
connection between an IP address and
its target server
c. Redirectors - malicious programs which
redirect users’ network traffic to
undesired sites
d. Floating windows - phishers may place
floating windows over the address bars
DIGITAL DEVICE
- a physical unit of equipment that
contains a computer or microcontroller
- a piece of physical equipment that uses
digital data, such as by sending,
receiving, storing or processing it
COMMON TYPES OF DIGITAL DEVICES
1. Personal Computers
- capable of performing most common
computing tasks
- include desktops & laptops

Computer - an electronic device for

storing and processing data, typically in
binary form, according to instructions
given to it in a variable program

Ada Lovelace - wrote the world's first

computer program
American Standard Code for Information
Interexchange (ASCII)
- a standard that assigns letters, numbers,
The name “Juanito Dela Cruz” is equivalent
to how many bytes and bits?
a. 17 bytes or 142 bits
b. 15 bytes or 120 bits
c. 15 bytes or 128 bits
d. 17 bytes or 136 bits
 Examples:
web
Servers servers
- refers to a computer that managesmail
access to
servers
different resources and services over a
network file
servers
- a computer or system that
provides resources,print
data,
servers
services, or programs to
other computers, known as
clients, over a network
- very similar to personal
computers but commonly
contain a larger storage
capacity, higher processing
Mobile Devices
- a computing device that is
designed to be portable by
being compact, light-weight
and capable of running for
extended periods on battery
power
Examples:
tablets
smartphon
es
Entertainment System
- computing devices that are designed to
entertain, such as watching television,
listening to music and playing video
games Examples:
digital media
players
mp3 players
Navigation System video game
- a digital device consoles
that uses GPS (Global
Positioning System) to provide a real-
time map of our current location, as
well as including route planning tools
Examples:
to give us in-car
directions
satnavto a chosen
destination Global Navigation Satellite
BASIC PARTS OF A COMPUTER
Case
- the enclosure that contains most of the
components of a personal computer
- protects the internal components from
damage, dirt, and moisture
Power source
- a hardware component of a computer that
supplies all other components with
power
- converts the alternating current (AC)
line from your home to the direct
current (DC) needed by the personal
Motherboard
- controls all the components of the
computer system and establishes a link
between all components
Central Processing Unit (CPU)
- computer chips, or groups of chips,
that do the thinking (the massive
number of binary calculations) of the
computer necessary to run all programs
- responsible for all commands executed
by the computer
Memory
1. Read-Only Memory (ROM)
- also known as flash memory
- considered as non-volatile memory
- a memory device or storage medium
that stores information permanently
2. Random Access Memory (RAM)
- temporary or volatile storage
- a temporary memory bank where your
computer stores data it needs to
retrieve quickly
Persistent storage
- holds data stored in the computer even
after the power is disconnected

1. HHD
- Hard Disk Drives
- sometimes referred to as the "C
drive“
2. SSD
- Solid State Drives
- a storage device that allows reading,
writing, and storing data permanently
without a constant power source
Persistent storage
- holds data stored in the computer even
after the power is disconnected

1. HHD
- Hard Disk Drives
- sometimes referred to as the "C
drive“
2. SSD
- Solid State Drives
- a storage device that allows reading,
writing, and storing data permanently
without a constant power source
Interfaces for input and output with user
- Input-Output Interface
- method which helps in transferring of
information between the internal
storage devices

Output devices
- monitor and printer
Input devices
- keyboard and mouse provide
Physical ports
- Network Interface Controller (NIC)
- allows communications between computers
connected via local area network (LAN)
as well as communications over large-
scale network through Internet Protocol
(IP).
External storage, and servers
- external hard drives
- flash drives (thumb drives)
- network-attached storage
Computer Software
- refers to a series of instructions
that performs a particular task
- the interpretation of binary byte
sequences represented by a listing of
instructions to the processors
Different Types of System Software
Translators
- a software application that helps you
translate text into a variety of
languages
Device Drivers
- programs used to help better
functionality of hardware devices
Utility Programs
- Format, Defragmentation, cleaning of
hard disk space & installing and
removing application programs from
computer
Operating System
- the primary interface between a user
The Convention on Cybercrime:

BUDAPEST CONVENTION

- an international treaty ratified by 42

member states
- seeks to address computer and internet
crimes by harmonizing national laws,
improving investigative techniques, and
increasing cooperation among nations
- aims to protect society against
cybercrime
LAW on CYBERCRIME:

REPUBLIC ACT NO. 10175

AN ACT DEFINING CYBERCRIME, PROVIDING FOR

THE PREVENTION, INVESTIGATION,
SUPPRESSION AND THE IMPOSITION OF
PENALTIES THEREFOR AND FOR OTHER PURPOSES

"Cybercrime Prevention Act of 2012″

LAW on CYBERCRIME:

REPUBLIC ACT NO. 10175

AN ACT DEFINING CYBERCRIME, PROVIDING FOR

THE PREVENTION, INVESTIGATION,
SUPPRESSION AND THE IMPOSITION OF
PENALTIES THEREFOR AND FOR OTHER PURPOSES

"Cybercrime Prevention Act of 2012″

Cybercrime Offenses
Offenses Against the Confidentiality,
Integrity and Availability (CIA) of
Computer Data and Systems
• ILLEGAL ACCESS – the access to the whole
or any part of a computer system without
right.
• ILLEGAL INTERCEPTION – interception
made by technical means without right of
any non-public transmission of computer
data to, from, or within a computer
system including electromagnetic
emissions from a computer system
• DATA INTERFERENCE – the intentional or
reckless alteration, damaging, deletion
or deterioration of computer data,
electronic document, or electronic data
message, without right, including the
introduction or transmission of viruses.
• SYSTEM INTERFERENCE – the intentional
alteration, or reckless hindering or
interference with the functioning of a
computer or computer network by
inputting, transmitting, damaging,
deleting, deteriorating, altering or
suppressing computer data or program,
electronic document or electronic data
• MISUSE OF DEVICES – committed through any
of the following acts:
The use, production, sale, procurement,
importation, distribution or otherwise
making available any of the following:
a. device, including a computer program,
designed or adapted primarily for the
purpose of committing any of the
offenses
b. a computer password, access code, or
similar data by which the whole or any
part of a computer system is capable of
being accessed with the intent that it
be used for the purpose of committing
• CYBERSQUATTING - the acquisition of a
domain name over the internet in bad
faith to profit, mislead, destroy
reputation, and deprive others from
registering the same
Domain name is:
a. Similar, identical, or confusingly
similar to an existing trademark
registered with the appropriate
government agency at the time of the
domain name registration
b. identical or in any way similar with the
name of a person other than the
 Computer Related Offenses
• COMPUTER RELATED FORGERY
a. the input, alteration or deletion of any
computer data without right, resulting
in inauthentic data, with the intent
that it be considered or acted upon for
legal purposes as if it were authentic,
regardless whether or not the data is
directly readable and intelligible
b. the act of knowingly using computer
data, which is the product of computer-
related forgery as defined herein, for
the purpose of perpetuating a fraudulent
• COMPUTER RELATED FRAUD - the unauthorized
“Input, alteration or deletion of
computer data or program, or interference
in the functioning of a computer system,
causing damage thereby with fraudulent
intent
• COMPUTER-RELATED IDENTITY THEFT - the
intentional acquisition, use, misuse,
transfer, possession, alteration or
deletion of identifying information
belonging to another, whether natural or
juridical, without right
CONTENT-RELATED OFFENSES
• CYBERSEX - willful engagement,
maintenance, control, or operation,
directly or indirectly, of any lascivious
exhibition of sexual organs or sexual
activity, with the aid of a computer
system, for favor or consideration.
• CHILD PORNOGRAPHY - unlawful or
prohibited acts defined and punishable by
Republic Act No. 9775 or the Anti-Child
Pornography Act of 2009, committed
through a computer. System.
• LIBEL –unlawful or prohibited acts of
libel, as defined in Article 355 of the
National Bureau of Investigation (NBI) and
the Philippine National Police (PNP)
- responsible for the efficient and
effective law enforcement of the
provisions of RA 10175
Regional Trial Court
- shall have jurisdiction over any
violation of the provisions of RA 10175
 RULES ON CYBERCRIME WARRANTS
Warrant to Disclose Computer Data (WDCD)
- requires any person to disclose
subscriber’s information, traffic data,
or relevant data in his possession or
control within 72 hours from receipt of
the order
- request for WDCD may only be filed if
there is a complaint officially docketed
and assigned for investigation and the
disclosure is necessary and relevant for
the investigation
 RULES ON CYBERCRIME WARRANTS
Warrant to Disclose Computer Data (WDCD)
- requires any person to disclose
subscriber’s information, traffic data,
or relevant data in his possession or
control within 72 hours from receipt of
the order
- request for WDCD may only be filed if
there is a complaint officially docketed
and assigned for investigation and the
disclosure is necessary and relevant for
the investigation
- an order in writing issued in the name of
the People of the Philippines, signed by
a judge, upon application of law
Return on the WDCD
- within 48 hours from implementation or
after the expiration of the effectivity
of the WDCD
Warrant to Intercept Computer Data (WICD)
- an order in writing issued in the name of
the People of the Philippines, signed by
a judge, upon application of law
enforcement authorities, authorizing the
latter to carry out any or all of the
following activities
a. listening to
b. Recording
c. Monitoring
d. surveillance of the content of
communications, including procuring of
the content of computer data, either
directly, through access and use of a
computer system or indirectly, through
Warrant to Search, Seize and Examine
Computer Data (WSSECD)
- an order in writing issued in the name of
the People of the Philippines, signed by
a judge, upon application of law
enforcement authorities, authorizing the
latter to search the particular place for
items to be seized and/or examined
Warrant to Examine Computer Data
- warrant issued when a computer device or
system is previously seized by another
lawful method, such as a warrantless
arrest
- made by law enforcement before searching
any device seized
- must state the relevance and necessity of
the data sought and describe particularly
the information sought to be disclosed
 Digital Forensic Process
Philippine National Police Anti-Cybercrime
Group
1. Identification - investigator explains
and documents the origin of the evidence
and its significance
2. Data Acquisition - the first contact
with the evidence, it is the point where
evidence is most likely to be damaged or
destroyed
• Imaging - making an exact copy (bit-
by-bit) of the original drive onto a
new digital storage device
• Verification - establishes the
4. Reporting/Documentation - the findings
determined to be relevant to the
investigation are finalized in a report
5. Court Presentation
The piece of software that runs the
specific applications and provides an
interface to the hardware components.
a.Application
b.Operating system
c.Program
d.Command
The part of the computer where all other
computer components are
connected.
a.RAM
b.Circuit board
c.Motherboard
d.Processor
In computers, it is considered the
smallest piece of data and has two
possible electrical states, 1 or 0.
a.File
b.Data
c.Bit
d.Sector
It is considered as the basic language of
computers.
a.Binary
b.decimal conversion
c.Electrical signalization
d.ACSII
A part of the computer responsible for all
the commands executed by the computer.
a.ROM
b.Processor
c.RAM
d.Storage
For computers to be able to communicate
with one another via the internet using
the __.
a.Network connection
b.Network Interface controller
c.Internet adapter
d.Router
This is a storage device wherein there no
moving parts and all data is save in
computer chips.
a.HDD
b.SHD
c.SSD
d.HSSA
This type of memory enables the CPU to
communicate with the hard disk and the
input/output devices that are attached to
the computer.
a.Processor
b.ROM
c.BIOS
d.SSD
A memory that is an important part of the
basic input/output system.
a.Flash memory
b.RAM
c.Processor
d.Hard drive
Joe Engressia, aka Joybubbles -father of
phreaking, blind seven-year-old boy with
perfect pitch
The speed of the processor is determined
by rate of the:
a.Size of the processor
b.Power
c.Bit rate
d.Hertz
The speed of the processor is determined
by rate of the:
a.Size of the processor
b.Power
c.Bit rate
d.Hertz