University of luzon

College of Criminology
Perez Blvd. Dagupan City

Term Paper On
Cyber Crime

Vincent Onin B. Valerio

July 18, 2023

 History of Cybercrimes

Introduction

Any discussion of cybercrime in the Philippines starts with reference to the "I
Love You" virus unleashed globally in 2000. It placed the country on the global
cyber-map and pushed Congress to pass the first 'cybercrime law, Republic Act
No. 8792 or the Electronic Commerce (E-Commerce) Act of 2000.

Section 33 of the said E-Commerce Act provides:

Penalties. The following Acts, shall be penalized by fine and/or imprisonment,
as follows:

(a) Hacking or crackling which refers to unauthorized access into or

interference in a computer system/server or information and communication
system; or any access in order to corrupt, alter, steal, or destroy using a
computer or other similar information and communication devices, without the
knowledge and consent of the owner of the computer or information and
communications system, including the introduction of computer viruses and
the like, resulting in the corruption, destruction, alteration, theft or loss of
electronic data messages or electronic documents shall be punished by a
minimum fine of One Hundred Thousand pesos (P100,000.00) and a maximum
commensurate to the damage incurred and a mandatory imprisonment of six
(6) months to three (3) years.

Hence, the concept of cybercrime which has long been recognized as a scourge
in other parts of the world formally became a crime in the country.

Not long after, the Department of Justice (DOJ) and the primary law
enforcement agencies, the National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) Criminal Investigation and Detection Group
(CIDG) - established the first cybercrime forensic laboratories in 2001 - one for
each agency given the need to build capacity and to spur development of cyber
investigations.

The Supreme Court, on the other hand, recognized the emerging crime set and
issued the Rules on Electronic Evidence on 17 July 2001. This was initially
applicable only to all civil actions and proceedings, as well as quasi- judicial
and administrative cases. The Rules were subsequently amended on 24
September 2002 to include criminal cases.¹

With the budding cybercrime fighting capability, two convictions stemmed out
of the several cases investigated by the DOJ under the E- Commerce law. The
first conviction arose in September 2005 when the respondent, an employee of
a leading university in the south, pleaded guilty to hacking the governmental
portal "gov.ph" and other government websites in Criminal Case No419672-CR
filed before Branch 14 of the Metropolitan Trial Court of Manila.He was
sentenced to serve one to two years of imprisonment and to pay a fine of
Php100,000.00

The second conviction was obtained in May 2006 against a 22-year old former
call center agent who broke into the computer system of a credit card company
and a client of his multi-national employer in the firm in the Philippines,
thereby gaining access to a database maintained by a sister firm in the United
StatesUsing an internal IP address, he proceeded to purchase goods online
using various credit cards. He was sentenced by the Quezon City Metropolitan
Court to serve a minimum imprisonment term of one to two years plus a fine of
Php100,000.00, as provided under Section 33 of the E-Commerce Law.2

Meanwhile, in 2008, the DOJ created the Task Force on E-Government, Cyber-
security and Cybercrime to address cyber-security issues and to pursue an e-
government agenda.3 The Task Force assessed the state of cybercrime
legislation not only in the country but also in the global arena. It was to train
law enforcers and prosecutors in dealing with cybercrime and to create e-
courts to handle high-tech cases such as hacking and other crimes committed
using internet technology.

The Task Force began collaborating with the Council of Europe (COE), the
organization which drafted and pushed for the adoption of the first
international Convention on Cybercrime (CoC), popularly known as the
Budapest Convention.4

The Convention on Cybercrime

The Convention on Cybercrime, also known as the Budapest Convention, is an

international treaty ratified by 42 states - members and non-member of the
COE.5 It seeks to address computer and internet crimes by harmonizing
national laws, improving investigative techniques, and increasing cooperation
among nations. Specifically, the Convention aims to protect society against
cybercrime "by providing for the criminalization of such conduct and the
adoption of powers sufficient for effectively combating such criminal offenses,
by facilitating their detection, investigation and prosecution at both domestic
and international levels and by providing arrangements for fast and reliable
international cooperation."

The Convention is divided into three principal partsThe first part identifies the
substantive cybercrime offenses which each ratifying State is obliged to adopt
in its domestic law. The second part deals with investigative procedures that
States must implement. Lastly, the third part relates to mechanisms that will
enhance international cooperation.

To monitor the compliance of parties and update observers to the said

Convention, the COE conducts a regular conference known as the Octopus
Conference which is preceded by the plenary meeting of the Cybercrime
Convention Committee (T-CY).

The author was invited in the annual conference held in Strasbourg, France as
an observer, panel speaker, and moderator in 2007 and subsequently,
thereafter.

On 31 August 2007, the DOJ through the office of former Undersecretary

Ernesto L. Pineda expressed the request of the Government of the Philippines
to be invited for accession to the Budapest Convention. In a letter dated 15
June 2011, the COE Secretary General Thorbjorn Jagland formally invited the
Philippines to accede to the Budapest Convention.

Introduction to the Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act (CPA) of 2012 is the first piece of legislation
comprehensively dealing with cybercrimes. Divided into 31 sections split across
eight chapters, the Act criminalizes several types of offenses such as illegal
access, data interference, device misuse, cybersquatting, computer fraud,
cybersex, among othersIt also reaffirms existing laws against child
pornography punishable under RA 9775 (Anti-Child Pornography Act of 2009)
and libel punishable under Article 355 of the Revised Penal Code.

While it was RA 8792 which first penalized "cybercrimes," RA 8484 (Access

Device Regulation Act of 1998) and RA 4200 (Anti-wiretapping Law) had earlier
recognized acts done using information and communication technology (ICT).
More recently, but prior to the effectivity of the CPA, RA 10173 or the Data
Privacy Act of 2012 was enacted to protect the fundamental human right of
privacy and of communication while ensuring free flow of information to
promote innovation and growth.

This paper thus traces the history and development of the CPA - one of the
country's most critical and highly debated legislative measuresThrough the
years, netizens have been victims of numerous cybercrimes committed by
criminals with impunityThe CPA's eventual passage into law and the recent 50-
page decision of the Supreme Court confirming its constitutionality, save for
some provisions, finally opens a new period for law enforcement in cyberspace.

The Roots of the CPA

The actual work on the Cybercrime Bill started in 2001 under the Legal and
Regulatory Committee of the former Information Technology and e- Commerce
Council's (ITECC) which later became the Commission on Information and
Communication Technology (CICT)It was headed by former Secretary Virgilio
"Ver" Peña and the Committee was chaired by Atty. Claro Parlade. It was an
initiative of the Information Security and Privacy Sub- committee chaired by
Albert P. Dela Cruz who was the president of PHCERT10 together with then
NBI Anti-Computer Crime and Fraud Division Chief, Atty. Elfren Meneses,
JrThe documentation was handled by the Presidential Management Staff (PMS)
acting as the CICT secretariat

Numerous public sector consultations were held. In January 2004, the first
local Cybercrime Conference was organized by Atty. Gigo A. Alampay with
representatives from the Department of Justice of both the US and Canada

These activities were held cognizant of the limited scope of the cybercrime
provisions in the E-Commerce Act.
Meanwhile, during the interim years of 2006 and 2007, the prototype
Cybercrime Prevention Act was substantially crafted and was later finalized
after the first International Cybercrime Conference on 25-26 October 2007,
conducted by the DOJ in partnership with the COE. During the first quarter of
2008, legislative strategy on information and communication was created by
the government focused mainly in adopting a three-tiered approach in crafting
related laws to underline the primacy of three virtual subjects, namely: data
privacy, cybercrime, and cybersecurity.
 Types of Cybercrime

What is cybercrime?

Cybercrime is criminal activity that either targets or uses a computer, a

computer network or a networked device. Most cybercrime is committed by
cybercriminals or hackers who want to make money. However, occasionally
cybercrime aims to damage computers or networks for reasons other than
profit. These could be political or personal.

Cybercrime can be carried out by individuals or organizations. Some

cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.

What are the types of cybercrime?

Types of cybercrime include:

● Email and internet fraud.

● Identity fraud (where personal information is stolen and used).
● Theft of financial or card payment data.
● Theft and sale of corporate data.
● Cyberextortion (demanding money to prevent a threatened attack).
● Ransomware attacks (a type of cyberextortion).
● Cryptojacking (where hackers mine cryptocurrency using resources they
do not own).
● Cyberespionage (where hackers access government or company data).
● Interfering with systems in a way that compromises a network.
● Infringing copyright.
● Illegal gambling.
● Selling illegal items online.
● Soliciting, producing, or possessing child pornography.

Cybercrime involves one or both of the following:

● Criminal activity targeting computers using viruses and other types of

malware.
● Criminal activity using computers to commit other crimes.
Cybercriminals that target computers may infect them with malware to damage
devices or stop them working. They may also use malware to delete or steal
data. Or cybercriminals may stop users from using a website or network or
prevent a business providing a software service to its customers, which is
called a Denial-of-Service (DoS) attack.

Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread malware, illegal information or illegal images.
Cybercriminals are often doing both at once. They may target computers with
viruses first and then use them to spread malware to other machines or
throughout a network. Some jurisdictions recognize a third category of
cybercrime which is where a computer is used as an accessory to crime. An
example of this is using a computer to store stolen data.

Examples of cybercrime
Here are some famous examples of different types of cybercrime attack used by
cybercriminals:

Malware attacks
A malware attack is where a computer system or network is infected with a
computer virus or other type of malware. A computer compromised by malware
could be used by cybercriminals for several purposes. These include stealing
confidential data, using the computer to carry out other criminal acts, or
causing damage to data.

A famous example of a malware attack was the WannaCry ransomware attack,

a global cybercrime committed in May 2017. WannaCry is a type of
ransomware, malware used to extort money by holding the victim’s data or
device to ransom. The ransomware targeted a vulnerability in computers
running Microsoft Windows.

When the WannaCry ransomware attack hit, 230,000 computers were affected
across 150 countries. Users were locked out of their files and sent a message
demanding that they pay a Bitcoin ransom to regain access.

Worldwide, the WannaCry cybercrime is estimated to have caused $4 billion in

financial losses. To this day, the attack stands out for its sheer size and
impact.
Phishing
A phishing campaign is when spam emails, or other forms of communication,
are sent with the intention of tricking recipients into doing something that
undermines their security. Phishing campaign messages may contain infected
attachments or links to malicious sites, or they may ask the receiver to respond
with confidential information.

A famous example of a phishing scam took place during the World Cup in
2018. According to our report, 2018 Fraud World Cup , the World Cup
phishing scam involved emails that were sent to football fans. These spam
emails tried to entice fans with fake free trips to Moscow, where the World Cup
was being hosted. People who opened and clicked on the links contained in
these emails had their personal data stolen.

Another type of phishing campaign is known as spear-phishing. These are

targeted phishing campaigns which try to trick specific individuals into
jeopardizing the security of the organization they work for.

Unlike mass phishing campaigns, which are very general in style, spear-
phishing messages are typically crafted to look like messages from a trusted
source. For example, they are made to look like they have come from the CEO
or the IT manager. They may not contain any visual clues that they are fake.

Distributed DoS attacks

Distributed DoS attacks (DDoS) are a type of cybercrime attack that
cybercriminals use to bring down a system or network. Sometimes connected
IoT (Internet of Things) devices are used to launch DDoS attacks.

A DDoS attack overwhelms a system by using one of the standard

communication protocols it uses to spam the system with connection requests.
Cybercriminals who are carrying out cyberextortion may use the threat of a
DDoS attack to demand money. Alternatively, a DDoS may be used as a
distraction tactic while another type of cybercrime takes place.

A famous example of this type of attack is the 2017 DDoS attack on the UK
National Lottery website. This brought the lottery’s website and mobile app
offline, preventing UK citizens from playing. The reason behind the attack
remains unknown, however, it is suspected that the attack was an attempt to
blackmail the National Lottery.
 COMPUTER SYSTEM AND ITS FUNCTION

Parts Of A Computer And Their Functions (All Components)

Going over the basic parts of a computer and their functions will help you
understand all the vital components that make up a computer.

Full list of basic computer parts and what they do

Here is a complete list of all the common computer hardware components and
common peripherals used with them.

1. The computer case or system unit

This is the component that holds all of the parts to make up the computer
system. It is usually designed in such a manner to make fitting a motherboard,
wiring, and drives as easy as possible. Some are designed so well that it is easy
to make everything look tidy and presentable.

Cases come in all different sizes and shapes to accommodate various types of
computer components and satisfy the consumer’s needs. Design elements can
vary from plain to highly elaborate. You can get a plain grey desktop case or
one with colored lighting everywhere to make it look spectacular.Computer
cases rely on computer fans inside them to create proper airflow to keep all the
internals cool and working reliably.A computer case, like most things, varies in
quality. You can get them made from cheap metals or good quality materials
that provide you with a sturdy design.

List of computer case sizes (known as form factor):

Very small form factor: Supports Mini ITX motherboards

Small form factor: Supports micro ATX motherboards.
Standard form factor: Supports standard ATX motherboards.
Larger form factors: Supports ATX and XL-ATX motherboards.

2. Motherboard
The motherboard is the main board that is screwed directly inside the
computer case. All other cards and everything else plugs directly into the
motherboard, hence its name. The CPU, RAM, drives, power supply, and more
are connected to it.

Its function involves integrating all the physical components to communicate

and operate together. A good motherboard offers a wide amount of connectivity
options. It also has the least amount of bottlenecks possible. This allows all the
components to operate efficiently and to fulfill their maximum potential as they
were designed to do. Obviously, as the physical size is reduced, it begins to
limit connectivity options and functionality.

Motherboard Dimensions
Pico-ITX 3.9 inch x 2.9 inch | 100mm x 72mm
Nano-ITX 4.7 inch x 4.7 inch | 120mm x 120mm
Mini-ITX 6.7 inch x 6.7 inch | 170mm x 170mm
Micro-ATX 9.6 inch x 9.6 inch | 244mm x 244mm
Standard-ATX 12 inch x 9.6 inch | 305mm x 244mm
XL-ATX EVGA: 13.5 inch x 10.3 inch | 343mm x 262mm
Gigabyte: 13.58 inch x 10.31 inch | 345mm x 262mm
Micro-Star: 13.6 inch x 10.4 inch | 345mm x 264mm

3. Central Processing Unit (CPU)

The CPU or central processing unit is basically like the brain of computer
systems. It processes all the information on a computational level. It takes all
the processes from the RAM and processes them to perform the tasks required
by the computer system.

The central processing unit is usually seated in a socket that utilizes a lever or
a latch with a hinged plate with a cut-out in the center to secure the CPU onto
the motherboard. It has many copper pads underneath it for the socket
contacts to push up against them to make electrical contact.

There are other ways CPUs can be attached to the motherboard.

Here are some common examples:

● ZIF (Zero Insertion Force): Although this is a more desirable socket, they
are mostly found on older computer motherboards. A lever-operated
mechanism to clamp the pins of the processor.
● PGA (Pin Grid Array): It is also a ZIF socket but has a different pin pitch
and contains a different pin count.
 ● LGA (Land Grid Array): More commonly found on motherboards today. A
levered hinged plate with a center cut-out clamps down on the processor.
● BGA (Ball Grid Array): The CPU is soldered directly onto the
motherboard. This makes it a non-user-swappable component. It is
susceptible to bad connectivity.

A processor generates a decent amount of heat, especially when it is working

under high loads. It will run even hotter when it is set to a higher clock speed
to make it run faster. This is called overclocking. This is why a heatsink and
fan assembly are required to draw the heat away from the central processing
unit and distribute it to thin sheets or fins of metal for the fan to cool down.

There are so many different types of computer processors. The top

manufacturers of processors are Intel, AMD, and NVidia.

4. Random Access Memory (RAM)

RAM is a data storage device that can provide fast read and write access. RAM
is volatile memory, meaning it loses all the stored data when power is lost.

The RAM keeps data ready for the CPU to process. The RAM speed is a big
contributor to the overall speed of a computer system. It plugs directly into a
long slot that has contacts on either side of the slot. It, too, has a clock speed,
just like a processor. So, it can also be overclocked to deliver increased
performance beyond the intended specification.

Certain RAM modules are sold with a heat spreader. It helps dissipate the heat
from the individual memory ICs, keeping them cooler. RAM has evolved like
any other component. RAM used on the motherboard often uses DDR (Double
Data Rate) SDRAM (Synchronous Dynamic Random Access Memory) type
memory.

RAM Amount always comes in powers of 2, so you will always see numbers like
16GB, 32GB, or 64GB of RAM, to mention some examples of memory units.

5. Graphics Card or Graphics Processing Unit (GPU)

A graphics card is an output device that processes the data from the
motherboard and sends the appropriate information to the computer’s screen
for display.
You can connect monitors to it using HDMI, DisplayPort, DVI, or VGA
connectors. It can also be referred to as a video or display card. A video card
takes the burden of all the video processing from the main CPU. This gives a
computer a big boost in performance.Because of the large processing
requirements for a gaming GPU, fans are almost a given.

A video card plugs into a PCI Express (Peripheral Component Interconnect

Express) slot on the motherboard. It is a serial expansion bus slot capable of
high bandwidth in two directions. A graphics card has a GPU (Graphics
Processing Unit), the main part of a computer system that requires cooling. A
GPU is slower than a CPU but is designed to deal with mathematical
operations required for video rendering.

The card’s memory amount varies depending on the manufacturer’s design.

Video cards use GDDR (Graphics Double Data Rate) SDRAM, which is specially
designed to optimize graphics performance. GDDR is built to handle a higher
bandwidth compared to plain DDR ram.

6. Sound Card
Most of the time, the sound chip built into the motherboard is used for audio
output. But, if you are a sound enthusiast or prefer high-quality audio output
while playing a game, you might be inclined to use a sound card.

Sound cards plug into a computer in multiple ways. It can be through USB,
PCI slot, or PCI Express x 1 slot. External DACs have gained much more
popularity and help deliver clearer and more defined audio or high-definition
sound output. They connect up using an IO cable like a USB cable to your
computer or laptop and provide a line out for your speakers or headphones.

A sound processing chip on the card does all of the audio processing and is
usually not a very powerful processor. A sound card can offer a wide range of
connectivity with various audio equipment. A few examples could be optical
audio, a 1/4 inch jack, or RCA connectors.

7. Hard Disk Drive (HDD)

A hard drive is still found in many PCs to this day. A mechanical drive’s
purpose is to store all your information for retrieval at any time.

Apart from storing information for your computer, it also functions as a boot
drive to run the operating system (OS) from it. You can install operating
systems of many different kinds depending on your needs. An OS is a software
program that’s installed, making a computer useable, like Microsoft Windows,
for example. The biggest vulnerability of a mechanical drive is its physically
fragile nature.

One bump the wrong way can destroy a whole drive. A mechanical hard drive
contains one or more platters that spin anywhere between 5200 to 10000 RPM
(revolutions per minute). The read and write heads are spaced only about
0.002 (51 micro M) inches from the platter. This gives you an idea about the
physical limitations of its fragile nature. Small areas on the platter can be
arranged to represent a 1 or a 0. It can be changed using the drive head to
alter the material to represent the correct value magnetically. This is how to
write data to the drive for storage.

There are various categories of hard drives made for various real-world
applications.

Some examples include:

● General use for desktops or laptops.
● Gaming optimized for desktops or laptops.
● General high-capacity storage.
● NAS Devices.
● Servers.
● Video recording.

They can also be purchased as an external drive that usually connects to your
computer by USB cable. An uninterruptible power supply is sometimes used to
prevent data loss with mechanical drives where a sudden power outage is
experienced, or the power cord is accidentally disconnected while the computer
is running. This allows proper shutdowns for desktop systems that have
experienced sudden power loss.

8. Solid State Drive (SSD)

An SSD is also a type of hard drive, but it doesn’t have any moving bits. It
consists of a bank of flash memory that can hold a reasonable amount of
information. While SSDs are increasing in size all the time, they aren’t cost-
effective for storing large amounts.

A mechanical drive has a cheaper gigabyte-to-dollar ratio.

However, the SSD is a high-performance drive. It’s fast and cannot be as easily
damaged by dropping it or taking a few bumps.SSDs are available as 2.5-inch
laptop encapsulated drives, and an M.2 SDD is the most commonly used kind
on the market. That’s why I always recommend SSDs for portable-type
computers where possible. In our other article, you can read more about
whether or not SSD’s are worth it.

9. Power Supply Unit (PSU)

A power supply unit mounts inside the computer case. It converts the AC
mains supply from the power cord from a wall socket and supplies the correct
DC voltages to all the components inside the computer.

A computer power supply supplies the following voltages:

● +3.3v: This voltage is supplied to the motherboard.

● +5V: This voltage is supplied to the motherboard and other computer
hardware.
● +12V: This voltage is supplied to the motherboard and other
components.
● -12V: This voltage is supplied to the motherboard.

It plays an important role in keeping a computer running reliably. You get

different wattage ratings for power supplies. The higher the wattage, the higher
the electrical current that can be made available to everything that needs it to
function properly. The higher you go in Watts, the more the power supply will
likely cost.

A power supply usually also comes with a cooling fan. This helps all the
internal components in your computer to stay cool when the power supply is
subjected to bigger loads.

10. Monitor or Visual Display Unit (VDU)

A monitor is an output device used to visualize the graphics information sent
from the computer’s GPU.

There are various types of monitors on the market. A LED (Light Emitting
Diode) backlit LCD (Liquid Crystal Display) monitor is the most commonly used
with a modern PC.
There are also various computer screen sizes with different aspect ratios. The
aspect ratio is simply the ratio between height and width. For example, a 16:9
aspect ratio computer screen will have 16 parts wide to 9 parts in height. There
are also curved computer monitors, but they are more expensive computer
screens. Monitors also have a fast response time to keep up with the high
demands required to eliminate delays with user input for gaming.

11. Keyboard
A keyboard is an input device that is one of the ways to communicate with a
computer. Typing a key from the keyboard sends a small portion of information
to tell the computer which key was pressed. Once the computer receives input
from the keyboard, it can use the keystrokes in digital form to produce a
specific task in any software that’s being used.

The computer system can use this information in many ways. An example
could be a command or a character that can be used in a document. There are
two main different types of keyboards. Mechanical and membrane types.

12. Mouse
A mouse is an input device that allows the user to move a pointer displayed on
the monitor and experience a more intuitive interaction with computer
systems. These days mice have more buttons than the common three and offer
way more functions than mice in the early days. However, the three main
buttons allow the user to select, grab, scroll and access extra menus and
options.

A computer mouse is a handy pointing device that can be wired or wireless.

The latter obviously requires batteries. Optical mice of today allow for very
accurate precision and smooth movement.

Common peripheral components for computers

Here are some common peripherals that connect to a computer and extend
their usefulness.

Printer- A printer can take an image sent by a computer and deliver it onto a
sheet of paper. It does this by using the information from the computer, and by
either using toner or ink, it deposits one of these in a controlled and accurate
manner to form the image.
Scanner- A scanner can take anything on paper, and it functions by scanning
it to produce a replicated digital image for a computer to save. This is also
handy for saving physical photos you want to preserve. Once the photo is
stored digitally, it won’t decay as a physical photo does over time. The flatbed
scanner is the most commonly used today. Many all-in-one devices, also
known as multifunction devices, have printer and scanning capabilities in one
reasonably compact product.

Computer Speakers- Computer speakers can connect to the sound card at the
rear of the computer. Another way they can be connected is by a monitor that
already has built-in speakers. Generally, the sound quality is poor from a
monitor’s speakers. That’s why most people buy a set of computer speakers for
their desks. You can even connect up a 7.1 surround speaker system to certain
sound cards for a computer. This can add a nicer experience to gaming,
playing music, or watching a film.

Conclusion

That covers all the components of a computer system. All of these play a vital
function in a computer to make it work.

Once you understand these basic parts to a memorable level, it probably won’t
be long until you repair or build desktops yourself.