CYBERCRIME AND OTHER DIGITAL CRIMES AND EMERGING CRIME

TYPOLOGIES

WHAT IS CYBERCRIME?
 Cybercrime is a criminal activity which uses electronic device with a connection to
the internet
 Cyber crimes are criminal offenses committed via the Internet or otherwise aided by
various forms of computer technology, such as the use of online social networks to
bully others or sending sexually explica digital photos with a smart phone
 Cybercrime, also called computer crime, the use of a computer as an instrument to
further illegal ends such as committing fraud, trafficking in child pornography and
tellectual property, stealing identities, or violating privacy
 Need to know
49% of adults were victims of cybercrime on 2014

TYPES OF CYBERCRIME
THREE GENERIC TYPES OF CYBERCRIME:

1. CRIMES AGAINST THE MACHINCE (integrity related cybercrime) - eg Hacking

2. CRIMES USING THE MACHINE (Computer assisted cybercrime)-eg Fraud,
3. Deception CRIMES IN THE MACHINE (Content-related cybercrime)-eg
Obscenity/Violent or Abusive Speech/ Grooming, Information Leakage/Espionage

TOP CYBERCRIME/CYBER-ATTACK
1. RANSOMWARE
This is a type of malware that encrypts a victim's files and demands a ransom
payment in exchange for the decryption key. Ransomware attacks have become
increasingly common and have impacted individuals. businesses, and government
organizations

2. PHISHING
This is a type of social engineering attack that involves sending fraudulent emails
or messages to trick victims nto providing sensitive information such as login credentials
or financial data Phishing attacks have become more sophisticated and difficult to detect
in recent years.
3. IDENTITY THEFT
The theft of someone's personal information, such as their name, address, Social
Security number, and cred card details, to commit fraud or other crimes.

4. ONLINE SCAMS
Various types of fraudulent activities conducted over the internet, such as fake lottery or
charity
Scams

5. SCAREWARE
A malicious software that defrauds victims by scaring them into paying for fake anti-
virus packages that purport to fix their computer Incidents have risen by as much as
seven-fold this year

HISTORY OF THE LOVE BUG "I LOVE YOU VIRUS" May 4, 2000
The First Recorded Cybercrime in the Philippines

 ILOVEYOU, sometimes referred to as Love Bug or Love Letter for you or fake love
letter, is a computer worm that infected over ten million Windows personal computers
on and after 4 May 2000 when it started spreading as an email message with the
subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU txt vbs"
The worm inflicts damage on the local machine. overwriting random types of files
and sends a copy of itself to all addresses in the Windows Address Book used by
Microsoft Outlook This made it spread much faster than any other previous email
worm

CREATION
LOVEYOU was created by Onel de Guzman, who was a college student in
Manila, Philippines and was 24 years old at the time. De Guzman created the worm alone
and had no accomplices He was poor and struggled to pay for internet access at the time.
His purpose for creating the computer worm was to steal passwords that he could use to
log in to other users' internet accounts without needing to pay for the service. He justified
his actions on his belief that internet access is a human right, and his belief that he wasn't
actually stealing

The worm used the same principles that de Guzman had described in his
undergraduate thesis at AMA Computer College He stated that the worm was very easy to
create, thanks to a bug in Windows 95 that would un code in email attachments when the
user clicked on them Originally designing the worm to only work in Manila, out of
curiosity, he removed this geographic restriction which allowed the worm to spread
worldwide De Guzman did not expect this worldwide spread

On 14 June 2000, RA 8792 or the Electronic Commerce Act was signed into law
RA 8792 positioned the Philippines as the third country to enact an e-commerce law, next
to Singapore and Malaysia

CRIMINOLOGICAL THEORIES ASSOCIATED TO CYBERCRIME

1. DETERRENCE THEORY - Deterrence is the theory that criminal penalties do not
just punish violators, but also discourage other people from committing similar offenses
Many people point to the need to deter criminal actions after a high-profie incident in
which an offenders seen to have received a light sentence Libicki (2009) suggested that
the goal of cyber-deterrence is to attenuate the risk of cyber-attacks to an acceptable level
at an acceptable cost, when a defending state aime to mitigate potential offensive actions
by threatening a potential retaliation

2. SOCIAL LEARNING THEORY - Albert Bandura's social learning theory suggests

that observation and modeling play a primary role in how and why people learn Crimes
like cyberstalking, juvenile sexting online piracy, computer intrusions, malware illicit file
manipulation, and other have all been examined through social learning theory

3 SELF-CONTROL THEORY - Gollfredson and Hirschi define self-control as the

blockade that stands between the individual and deviant/criminal activity. Self-control
represents the capability to abandon the short-term pleasures that potentially result in
long-term, negative consequences This theory has been applied to a variety of
cybercrimes Most studies examine the role of low self-control in predicting specific kinds
of cybercrime like cyberstalking, teen sexting, illicit computer intrusion and file
manipulation, identity theft and digital piracy.

4. RATIONAL CHOICE THEORY - This theory assumes that offenders seek to benefit
themselves by their criminal behavior, that this involves the making of decisions and of
choice, however rudimentary on occasion these processes might be, and that these
processes exhibit a measure of rationality, albeit constrained by limits of time and ability
and the availability of relevant information. Everyone is capable of crime depending on
whether circumstances align to make crime seem the most reasonable choice at the time

5. ROUTINE ACTIVITY THEORY

Introduced by Lawrence E. Cohen and Marcus Felson in 1979 This theory assumes the
rationality of human actors but focuses on evaluating factors that affect the differential
distribution of criminal opportunities across space and time Offenders are not so much
driven to chime by extemal forces, but are rather presented with different levels of
opportunity to engage in crime
1. perceived attractiveness of the target (suitable/vulnerable target)
2. numerous potential offender (motivated offender)
3. lack of capable guardian (absence of capable guardian)

 CYBERSPACE - refers to indefinite place where individuals transact and

communicate It is the place between places (Britz, 2013
 CYBERCOPS - forensic investigators who specialized in computer technology, need
to understand what the evidence is indicating
 DIGITAL EVIDENCE - as provided in RA 10175, it refers to digital information
that may be used as evidence in a case

Digital Evidence can be

a.) INCULPATORY EVIDENCE - an evidence which indicates that the accused is
guilty of the crime charged against him/her
b.) EXCULPATORY EVIDENCE - evidence which indicates that the accused is
innocent of the crime charged against him/her

For Harris and Lee (2019), digital evidence refers to the information and data of valise
to investigation that is stored on, received, or sent by a digital device or attachment
Accordingly digital evidence has the following features

1. it is latent (hidden)
2. It crosses jurisdictional boarders quickly and easily
3. it can be altered, damaged, or deleted with little effort
4 it can be time sensitive

Morever, digital communication is considered by Philippine law as ephemeral as

provided in the Rules on Electronic Evidence
 Ephemeral Electronic Communication refers to telephone conversations text
message chat room session, streaming audio or video other electronic forms of
communication, evidence of which is not recorded or retained was already mention
that the collection of digital evidence needs specialized training because this evidence
is onsidered ephemeral. As such investigators must have the knowledge in ha s
probative value
 Computer Forensic is a branch of forensic science, refers to the investigation and
analysis of media originating om digital sources to uncover evidence to present in a
court of law.

forensic science has the following key elements

 The use of scientific methods
 Collection and preservation
 Validation
 Identification
 Analysis and interpretation
 Documentation and presentation

 Forensic Science - is the application of scientific techniques and principles in order to

provide evidence to legal
- forensic science was derived from the Latin forensis" which means forum
- forensic is sometimes referred to as criminalistics

CRIMINOLOGY VS. CRIMINALISTICS

Criminology - study of crime
Criminalistics study - of criminal things

 Digital Forensic Investigator are the one performing digital investigative analysis.
Digital forensic investigator re also called as digital forensic examiner

Digital - it is all forms of eletronic information from computers

Investigative - focuses on examination and investigation of digital evidence.
Analysis - it focuses in identification, preservation, and analyzation
 REPUBLIC ACT NO. 10175 CYBERCRIME PREVENTION ACT OF
2012
THE SALIENT PROVISIONS OF THE LAW
RA 10175 is an act defining cybercrime providing for the prevention, investigation
suppression and the mposition of penalties and for other purposes. Tha Act shall be
known as the "Cybercrime Prevention Act of 2012.

DEFINITION OF TERMS
 ACCESS - refers to the instruction, communication with, storing data in, retrieving
data from or otherwise making use of any resources of a computer system or
communication network .

 ALTERATION - refers to the modification or change, in form or substance of an

existing computer data or program.

 COMMUNICATION - refers to the transmission of information through ICT media,

including voice video and other forms of data.

 COMPUTER - refers to an electronic, magnetic, optical, electrochemical or other

data processing or communications device, or grouping of such devices, capable of
performing logical, arithmetic, routing or storage functions, It covers any type of
computer device including devom like mobile phones, smart phones, computer
networks and other devices connects.

 COMPUTER DATA - refers to any representation of facts, information, or concepts

in a form suitable for processing in a computer system and includes electronic
documents and/or electronic data messages whether stored in local computer systems
or online.

 COMPUTER PROGRAM - refers to a set of instructions executed by the computer

to achieve intended results.

 COMPUTER SYSTEM refers to any device or group of interconnected or related

devices, one or more of which, pursuant to a program, performs automated processing
of data.
 WITHOUT RIGHT - refers to either conduct undertaken without or in excess of
authority or () conduct not covered by established legal defenses, excuses, court
orders, justifications, or relevant principles under the law.

 CYBER - refers to a computer or a computer network, the electronic medium in

which online communication takes place.

 CRITICAL INFRASTRACTURE - refers to the computer systems, computer

programs, computer data that the incapacity or destruction of or interference with
such system and assets would have a debilitating impact on security, national or
economic security, national public health and safety or any combination of those
matters.

 CYBERSECURITY - refers to the collection of tools, policies, risk management

approaches, actions, training, best practices, assurance and technologies that can be
used to protect the cyber environment and organization and user's assets.

 DATABASE - refers to a representation of information, knowledge, facts, concepts,

or instructions which are being prepared, processed or stored or have been prepared,
processed or stored in a formalized manner and which are intended for use in a
computer system.

 INCTERCEPTION - refers to listening to, recording, monitoring or surveillance of

the content of communications, including procuring of the content of data, either
directly, through access and use of a computer system or indirectly, through the use of
electronic eavesdropping or tapping devices, at the same time that the communication
is occurring.

 SERVICE PROVIDER - refers to Any public or private entity that provides to users
of its service the ability to communicate by means of a computer system, and Any
other entity that processes or stores computer data on behalf of such barnst
of such service.

 SUBSCRIBER'S INFORMATION - refers to any information contained in the

form of computer data or any other form that is held by a service provider and by
which identity can be established
The type of communication service used, the technical provisions taken thereto and
the period of service. The subscriber's identity, postal or geographic address,
telephone and other access numbers, any assigned network address billing and
 payment information, available on the basis of the service agreement or arrangement,
and Any other available information on the site of the installation of communication
equipment, available on the basis of the service agreement or arrangement

 TRAFFIC DATA (NON-CONTENT DATA - relets to any computer data other than
the content of the communication including, but not limited to the communication's
origin, destination route time, date, size, duration, or type of underlying service.

 CONTENT DATA - refers to the communication content of the commun

communication, or the message or information being conveyed by the
communication, other than traffic data.

 DIGITAL EVIDENCE - refers to digital information that may be used as evidence in

a case carried out by confiscation of the storage media, the tapping or monitoring of
network traffic, or the making of digital coples of the data held (forensic images, file
coples, etc.)

 ELECTRONIC EVIDENCE - refers to evidence, the use of which is sanctioned by

existing rules of evidence, in ascertaining in a judicial proceeding the truth respecting
a matter of fact, which evidence is received recorded transmitted, stored, processed,
retrieved or produced electronically.

 FORENSIC IMAGE - also known as a forensic copy refers to an exact bit-by-bit

copy of a data carrier including slack, unallocated space and unused space

 HASH VALUE - refers to the mathematical algorithm produced against digital

information (a file, a physical disk or a logical disk) thereby creating a "digital
fingerprint" or "digital DNA for that information It one way algorithm and thus it is
not possible to change digital evidence withoutchouring the m hash values,

 INTERNET CONTENT HOST - refers to a person who hosts or who proposes to

host internet content in the Philippines,

 LAW ENFORCEMENT AUTHORITIES - refers to the National Bureau of

Investigation (NBI) and the Philippine National Police (PNP)

 ORIGINAL AUTHOR - refers to the person who created or is the origin of the
assailed electronic statement or post using a computer system,
 PRESERVATION - refers to the keeping of data that already exists in a stored form,
protected from anything. that would cause its current quality or condition to change or
deteriorate. It is the activity that keeps that stored data secure and safe,