Cybercrime Prevention and Response Part 2 | Cybercrime and information security incidents | Introduction to Cybercrime and Environmental Law Lesson 3

A more formal or technical term for cybercrime is “cybercrime and information security incidents.” This term encompasses a wide range of malicious activities that are committed using the internet and other forms of technology, such as hacking, identity theft, and online scams. The term “information security incidents” refers to any event that results in a breach of the confidentiality, integrity, or availability of sensitive information.

In the Philippines, some of the most prevalent forms of cybercrime and information security incidents include:

  1. Online Scams: These include phishing scams, advance fee scams, and investment scams that target people through emails, social media, and online advertisements.
  2. Identity Theft: This involves the unauthorized use of another person’s personal information for malicious purposes such as accessing bank accounts, applying for loans, and making unauthorized purchases.
  3. Hacking: This involves unauthorized access to computer systems, networks, and data. Hacking is often used to steal personal information, financial data, and sensitive information from individuals and organizations.
  4. Cyberstalking and Cyberbullying: This involves the use of technology to harass, intimidate, or threaten someone. This can include sending threatening messages, posting harmful or false information online, and using social media to harass or intimidate someone.
  5. Online Child Sexual Exploitation: This involves the use of technology to sexually exploit children, including the production and distribution of child pornography.
  6. Cryptojacking: This involves the unauthorized use of someone else’s computer resources to mine cryptocurrency. This can slow down or damage the affected computer and result in increased electricity costs for the victim.

Other forms of cybercrime and information security incidents:

  1. Ransomware Attacks: This involves the use of malware to encrypt a victim’s data and demand payment in exchange for the decryption key.
  2. Distribution of Malware: This involves the spread of malicious software, such as viruses and Trojans, through email attachments, malicious websites, and other means.
  3. Payment Fraud: This involves the unauthorized use of credit card information or other payment methods to make unauthorized purchases or steal funds.
  4. Intellectual Property Theft: This involves the unauthorized use or distribution of another person’s copyrighted material, such as music, movies, software, and other digital content.
  5. Insider Threats: This involves employees or contractors using their access to sensitive information for malicious purposes, such as theft of data or selling confidential information to unauthorized parties.
  6. Cyber Espionage: This involves the unauthorized collection of sensitive information from individuals or organizations for political or economic gain.
  7. DDoS Attacks: This involves flooding a website or network with traffic to make it unavailable to users, often as a form of protest or to extort payment from the victim.
  8. Botnets: This involves the use of a network of compromised computers to carry out malicious activities, such as DDoS attacks and spamming.
  9. Social Engineering: This involves using deception to trick individuals into revealing sensitive information or performing actions that compromise their security, such as clicking on a malicious link or downloading malware.
  10. Cyber Insurance Fraud: This involves making false insurance claims for losses that were not caused by a cyber attack or were fabricated.
  11. Darknet Marketplaces: This involves the use of the darknet, a hidden part of the internet, to buy and sell illegal goods and services, such as drugs, stolen data, and hacking tools.
  12. Cyber Warfare: This involves the use of cyberattacks as a form of military aggression or as a tool of political influence.
  13. e-Waste Crime: This involves the illegal dumping or export of electronic waste, which can result in environmental harm and the release of sensitive information.
  14. Vishing: This involves the use of voice calls or voicemails to trick individuals into revealing sensitive information or performing actions that compromise their security, such as providing access to bank accounts.
  15. SIM Swapping: This involves the unauthorized transfer of a mobile phone number to a different SIM card in order to gain access to sensitive information, such as online accounts and financial information.
  16. Cyber Extortion: This involves the use of threats, such as the release of sensitive information or the initiation of a DDoS attack, to extort payment from a victim.
  17. Cyber Squatting: This involves the registration of domain names that are similar to existing trademarks or brand names, in order to profit from the confusion or to sell the domain name for a high price.
  18. Cyber Vandalism: This involves the unauthorized alteration or destruction of websites or other online assets, often as a form of protest or for the purpose of causing disruption.
  19. Mobile Malware: This involves the spread of malicious software on mobile devices, such as smartphones and tablets, often through malicious apps or text messages.
  20. ATM Skimming: This involves the use of physical devices, such as card readers, to steal credit card information from ATMs.
  21. Tech Support Scams: This involves tricking individuals into paying for unnecessary or fraudulent technical support services.
  22. BEC Scams: This involves the use of email scams to trick individuals or organizations into transferring funds to the attacker’s account.
  23. Cloud Computing Fraud: This involves the use of cloud computing services for malicious purposes, such as hosting malware or storing stolen data.
  24. Electronic Voting Fraud: This involves the manipulation of electronic voting systems in order to alter election results.
  25. Cyber Espionage: This involves the unauthorized collection of sensitive information from individuals or organizations for political or economic gain.
  26. Cyber Fraud in E-Commerce: This involves the use of fake websites, phishing scams, and other methods to steal payment information or defraud consumers in online transactions.
  27. Cyber Insurance Fraud: This involves making false insurance claims for losses that were not caused by a cyber attack or were fabricated.
  28. Cyber Vandalism: This involves the unauthorized alteration or destruction of websites or other online assets, often as a form of protest or for the purpose of causing disruption.
  29. Internet Censorship: This involves the restriction of access to information or the suppression of speech on the internet, often for political or cultural reasons.
  30. Cyber Harassment: This involves the use of technology to harass, intimidate, or threaten someone, including the use of social media, email, and text messaging.
  31. Cyberstalking: This involves the use of technology to stalk or monitor someone, often as a form of harassment or intimidation.
  32. Cyber Theft of Trade Secrets: This involves the theft of confidential business information, such as product designs, marketing strategies, and customer data.
  33. Online Gaming Fraud: This involves the use of fake websites, phishing scams, and other methods to steal payment information or defraud players in online gaming transactions.
  34. Online Piracy: This involves the unauthorized distribution of copyrighted material, such as movies, music, and software, often through peer-to-peer networks or file-sharing websites.

These are just a few more examples of the different types of cybercrimes that exist. As technology continues to advance, new types of cybercrimes will continue to emerge, making it important to stay vigilant.

Crimes under RA10175

This section may include the author’s opinion.

Under RA10175 or the Cybercrime prevention act of 2012 the following could be construed as a punishable crime.

Offenses against the confidentiality, integrity, and availability of computer data and systems

Under “Offenses against the confidentiality, integrity, and availability of computer data and systems”, the following can be considered as a cybercrime.

  1. Unauthorized Access: This involves accessing a computer system, network, or data without proper authorization, such as breaking into a computer system or network.
  2. Hacking: This involves the unauthorized access to or manipulation of computer systems, networks, or data, often with the intent to steal or damage the information.
  3. Interference with computer systems: This involves intentionally disrupting or destroying the normal functioning of computer systems, networks, or data.
  4. Malware attacks: This involves the spread of malicious software, such as viruses and Trojans, that can damage or steal information from computer systems.
  5. Data breaches: This involves the unauthorized access to or theft of sensitive information, such as financial data, personal information, and confidential business information.
  6. Network intrusion: This involves unauthorized access to a computer network, often with the intent to steal or damage information or to use the network for malicious purposes, such as DDoS attacks.

Computer-related offenses,

Under, “Computer-related offenses,” the following forms of cybercrime could be included:

  1. Identity Theft: This involves the unauthorized use of another person’s personal information, such as their name, Social Security number, or credit card information, for malicious purposes, such as opening bank accounts or making unauthorized purchases.
  2. Cybersex: This involves the use of technology, such as webcams, to engage in sexually explicit activities with another person.
  3. Child Pornography: This involves the production, distribution, or possession of sexually explicit images or videos of minors.
  4. Online Gaming Fraud: This involves the use of fake websites, phishing scams, and other methods to steal payment information or defraud players in online gaming transactions.
  5. Tech Support Scams: This involves tricking individuals into paying for unnecessary or fraudulent technical support services.
  6. Online Dating Scams: This involves tricking individuals into sending money or personal information to someone they have met through an online dating service.

Content-Related Offenses

Under “Content-related offenses,” the following forms of cybercrime could be included:

  1. Cyber Libel: This involves the use of technology, such as social media, to publish false or defamatory information about another person.
  2. Cyber-Squatting: This involves registering domain names that are similar to existing trademarks or brand names, in order to profit from the confusion or to sell the domain name for a high price.
  3. Unsolicited Commercial Communications: This involves sending unsolicited advertising messages, such as spam email or text messages, to individuals or organizations.
  4. Online Piracy: This involves the unauthorized distribution of copyrighted material, such as movies, music, and software, often through peer-to-peer networks or file-sharing websites.
  5. Online Sale of Counterfeit Goods: This involves the sale of fake or counterfeit goods, such as designer clothing, through online marketplaces.
  6. Online Sale of Illegal Goods: This involves the sale of illegal goods, such as drugs or stolen goods, through online marketplaces.

Online fraud

Under, “Online fraud,” the following forms of cybercrime could be included:

  1. Phishing: This involves tricking individuals into revealing sensitive information, such as passwords and credit card numbers, through fake websites or emails that appear to be from legitimate organizations.
  2. Advance Fee Scams: This involves tricking individuals into paying money upfront in order to receive a larger sum of money or a valuable item, such as a prize or inheritance.
  3. Investment Scams: This involves tricking individuals into investing in fake or fraudulent investment opportunities, often through online advertisements or emails.
  4. Lottery Scams: This involves tricking individuals into believing they have won a lottery or prize, and then asking them to pay money in order to receive the winnings.
  5. Tech Support Scams: This involves tricking individuals into paying for unnecessary or fraudulent technical support services.
  6. BEC Scams: This involves the use of email scams to trick individuals or organizations into transferring funds to the attacker’s account.

Cyber-espionage

Under “Cyber-espionage,” the following forms of cybercrime could be included:

  1. Industrial Espionage: This involves the unauthorized collection of sensitive business information, such as product designs and marketing strategies, for commercial gain.
  2. Political Espionage: This involves the unauthorized collection of sensitive political information, such as diplomatic communications or government secrets, for political gain.
  3. Economic Espionage: This involves the unauthorized collection of sensitive economic information, such as trade secrets or market analysis, for economic gain.
  4. Cyber-espionage as a Service: This involves the sale of unauthorized access to sensitive information, such as login credentials or confidential data, to other organizations or individuals.
  5. Insider Threats: This involves the unauthorized collection of sensitive information by employees or contractors who have legitimate access to the information.

Cyber-terrorism

Under “Cyber-terrorism,” the following forms of cybercrime could be included:

  1. DDoS attacks: This involves overwhelming a website or network with traffic in order to cause a denial of service, often as a form of protest or political statement.
  2. Ransomware attacks: This involves encrypting a victim’s data and demanding payment in exchange for the decryption key.
  3. Destruction of Critical Infrastructure: This involves the disruption or destruction of critical infrastructure, such as power grids or transportation systems, through cyber attacks.
  4. Threats to National Security: This involves the use of technology to cause widespread panic or harm to national security, such as the spread of false information or the release of sensitive government data.
  5. Political Cyberattacks: This involves the use of technology to influence political events, such as manipulating election results or spreading false information about political candidates.

Be reminded that this list offers only a few examples of possible forms under the categories mentioned in RA10175.

see also: The Implementing Rules and Regulation of RA 10175

Documented cases

There have been several documented cases of cybercrime in the Philippines that have been prosecuted under Republic Act 10175, the Cybercrime Prevention Act of 2012. Some examples include:

  1. The case of Maria Ressa, the CEO and executive editor of the online news site Rappler, who was charged with cyber libel in relation to a 2012 article published on the site. The case has received widespread attention as a test of press freedom in the Philippines.
    https://www.bbc.com/news/world-asia-53046052
  2. The case of Peter Scully.
    https://www.rappler.com/nation/84555-cagayan-de-oro-cybersex-ops/
  3. The case of Paul Biteng.
    https://newsinfo.inquirer.net/1234860/comeleak-hacker-cleared-of-cybercrime-charges
  4. An international probe has cracked a pedophile ring which streamed live sexual abuse of Filipino children over the Internet, leading to dozens of arrests, police in the Philippines, Britain and Australia
    https://www.rappler.com/world/48082-uk-us-australia-police-probe-ph-sex-abuse-ring/

Case study

This case study is a hypothetical scenario intended to illustrate the legal principles involved in the prosecution of cyber libel under Republic Act 10175. It is not based on a real-life case and should not be taken as legal advice or a representation of actual events. The facts and circumstances of the case, as well as the outcome, may vary depending on the specific facts and circumstances involved.

Case Background: A person, identified as “Jane Doe,” posted a false and defamatory statement on a social media platform about a public figure, “Mr. Smith.” The statement was widely shared and caused significant harm to Mr. Smith’s reputation. Mr. Smith reported the incident to the authorities and the case was prosecuted under RA 10175.

Avenue for Prosecution: RA 10175 provides for the prosecution of cybercrime, including cyber libel. In this case, Jane Doe was charged with cyber libel for posting a false and defamatory statement on social media.

Procedure: The case was brought to court, and the prosecution presented evidence to support the charges, including digital evidence and testimony from witnesses. Jane Doe was given the opportunity to defend herself, and the court heard from both sides before rendering a verdict.

Outcome: In this hypothetical scenario, Jane Doe was found guilty of cyber libel and was sentenced to a term of two years in prison and ordered to pay a fine of PHP 500,000. The case demonstrated the effectiveness of RA 10175 in prosecuting cybercrime, including cyber libel, and provided a deterrent to others who might consider committing similar crimes.

Would he be found guilty if his statement was factual?

In the Philippines, the law provides for protection against false and defamatory statements, regardless of the medium in which they are made. If a statement is found to be false and defamatory, the person who made the statement may be found guilty of cyber libel under Republic Act 10175, even if the statement is factually true.

However, if a statement is factually true and not made with malicious intent, the person who made the statement may not be found guilty of cyber libel. In this case, the person who was the subject of the statement may have other legal remedies, such as a claim for defamation or a claim for invasion of privacy, but the person who made the statement would not be found guilty of cyber libel.

It’s important to note that the laws surrounding cyber libel and freedom of speech can be complex and may vary depending on the jurisdiction. In general, it is always best to seek legal advice before making any statement that could potentially be defamatory or harmful to another person.

How would you go about in your defense?

If a person is facing charges of cyber libel, there are several potential defenses that could be raised, depending on the specific circumstances of the case. Some common defenses include:

  1. Truth: If the statement made by the defendant is factually true and not made with malicious intent, the defendant may be able to argue that the statement is not defamatory.
  2. Lack of Intent: If the defendant did not intend to make a false and defamatory statement, they may be able to argue that they should not be held responsible for the harm caused by the statement.
  3. Freedom of Speech: In some cases, the defendant may argue that their right to freedom of speech under the Philippine Constitution or other applicable laws has been violated by the prosecution.
  4. Good Faith: If the defendant made the statement in good faith, believing that it was true, they may be able to argue that they should not be held responsible for any harm caused by the statement.
  5. Privilege: If the statement was made in a privileged context, such as in a court proceeding or in the course of a legitimate investigation, the defendant may be able to argue that they should not be held responsible for the harm caused by the statement.

What would a criminologist do in this case?

A criminologist could play several roles in a case involving cyber libel, including:

  1. Investigator: A criminology graduate could be involved in the investigation of the case, working to gather evidence and identify the person responsible for the false and defamatory statement.
  2. Prosecutor: A criminology graduate could also be involved in the prosecution of the case, working to build a strong case against the defendant and presenting evidence to support the charges.
  3. Expert Witness: A criminology graduate with expertise in cybercrime could be called upon to provide expert testimony in the case, helping the court to understand the technical aspects of the crime and the digital evidence involved.
  4. Victim Advocate: A criminology graduate could also play a role in advocating for the rights and interests of the victim, working to ensure that their needs are met and that they receive justice in the case.
  5. Educator: A criminology graduate could also play a role in educating the public about cybercrime and the importance of preventing and prosecuting these crimes.

For a more comprehensive video discussion please visit the links below

Introduction to Cybercrime and Environmental Laws and Protection | Part 1

Reviewer

References

Philippine Government. (2015, August 12). Implementing Rules and Regulations of Republic Act No. 10175 [Official Gazette]. Retrieved from https://www.officialgazette.gov.ph/2015/08/12/implementing-rules-and-regulations-of-republic-act-no-10175/

Clifford, R. D. (2011). Cybercrime: The Prevention, Investigation, and Prosecution of Computer-Related Crime (2nd ed.). Charles C Thomas Publisher.

Related Posts

3 thoughts on “Cybercrime Prevention and Response Part 2 | Cybercrime and information security incidents | Introduction to Cybercrime and Environmental Law Lesson 3

  1. We have hacked your website hamnus.com and extracted your databases. This was due to the security holes you had in your your site/server which have gained us remote control of everything that was on the server.

    Our team is mostly interested in customer, administrative, and employee information which we have extracted through your databases once we got remote control over the server. It still needs to be sorted out but it will be well-organized once finished. First, we will be going through the emails/sms information and contacting the recipient how you held in disregard about their information being exposed to a hacking group when you could have stopped it. This would be detrimental to your personal image with these relationships with these people. Lastly, now that we have information not only will we be monetizing off it with our methods but made public or sold to other people that will do whatever they wish with the information also after we are done.

    Now you can put a stop to this by paying a $3000 fee (0.10 BTC) in bitcoin to the address 37J6b5DADjC5WubZX5PCGNTg2WXjdVa3Fa We will be notified of payment which we will then delete the information we have obtained, patch the hole in the site/server which we got in and remove you from any future targeting in the future. You have 72 hours in doing so after viewing this message or the series of steps will commence. You can obtain bitcoin through such services such as paxful.com or do a search on bing.com

  2. We have hacked your website hamnus.com and extracted your databases. This was due to the security holes you had in your your site/server which have gained us remote control of everything that was on the server.

    Our team is mostly interested in customer, administrative, and employee information which we have extracted through your databases once we got remote control over the server. It still needs to be sorted out but it will be well-organized once finished. First, we will be going through the emails/sms information and contacting the recipient how you held in disregard about their information being exposed to a hacking group when you could have stopped it. This would be detrimental to your personal image with these relationships with these people. Lastly, now that we have information not only will we be monetizing off it with our methods but made public or sold to other people that will do whatever they wish with the information also after we are done.

    Now you can put a stop to this by paying a $3000 fee (0.11 BTC) in bitcoin. You can find our address by visiting https://blockchair.com/bitcoin/address/31o29SdN5c5fpPuy4WvHzkyT37RHUSA36Q where you can copy and paste the address or scan the QR code. We will be notified of payment which we will then delete the information we have obtained, patch the hole in the site/server which we got in and remove you from any future targeting in the future. You have 72 hours in doing so after viewing this message or the series of steps will commence. You can obtain bitcoin through such services such as paxful.com or do a search on bing.com

Leave a Reply

Your email address will not be published. Required fields are marked *