Cyber Crime and Environmental Laws and Protection

INTRO TO CYBER CRIME AND ENVIRONMENTAL LAWS AND PROTECTION
NOTES ON INTRODUCTION TO CYBER CRIME AND ENVIRONMENTAL LAWS AND

PROTECTION
CHAPTER 1
General Considerations
Learning Outcomes:
At the end of the chapter the students are expected to:
1. Explain the correlation of cybercrime and environmental crimes.
2. Differentiate cybercrime and cyber security.
3. Explain the basics of cybercrime and environmental crimes
4. Identify the significance of cybercrime investigation.
I. Overview
Due to information technology that is more embedded in our society, cybercrime has become
a common hazard on a global scale. With more than 4.5 billion people online, half of the world’s
population is potentially at risk of falling victim to cybercrime. More and more criminals are
exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of
criminal activities that know no borders, either physical or virtual. These activities cause serious
harm and pose very real threats to victims worldwide.
In this connection Floridi (2010) argues that while technology keeps growing
bottom-up, it is high time we start digging deeper, top-down, in order to expand and
reinforce our conceptual understanding of our information age, of its nature, less visible
implications and its impact on human and environmental welfare, giving ourselves a chance
to anticipate difficulties, identify opportunities and resolve problems, conflicts and dilemmas.
Much more the COVID-19 pandemic has resulted in the accelerated merging of our physical
and cyber spaces and increased reliance on connectivity for many of our basic tasks, in both our
work and personal lives.
It is important for law enforcement to acknowledge that the current measures,

practices and policies may not be enough to address today’s ever-evolving cybercrime and identify
what steps need to be taken to meet this shortfall.
Given the inherently transnational nature of cybercrime, it is highly likely that

evidence will be located across various jurisdictions. Currently, many law enforcement
agencies do not have the capability to conduct analysis on data that is necessary to further
cybercrime investigations, nor do they have access to real-time threat information that may have a
serious impact upon the safety of their citizens and infrastructure.
The elusive nature of cybercrime means that law enforcement bodies need to adopt new
techniques in order to prevent cybercrimes, identify offences, patterns of crime and lines of
enquiry that are robust enough to justify a criminal investigation.
Prepared by: Neil Bryan H. Otgalon, RCrim, MSCJ ALWAYS THINK BEFORE YOU CLICK Page 1
Thus, the public sector and the law enforcers must ramp up its preparedness,
effectiveness and leadership for collective cyber resilience. Cybersecurity is both a shared
responsibility and a common goal that we must constantly work for.
II. SALIENT TERMS
A. Primary
Terms
Cybercrime
-identifies the core offences that may include; 1) illegal access, (2) interfering with data,
(3) interfering with computer systems, (4) illegal interception of data, (5) illegal devices and
(6) child pornography which it considers to fall within its scope.
-Defined as offences committed against computer data, computer data storage media,
computer systems, service providers.
- Sophisticated attacks, or high-tech crimes
-Offences committed against computer data, computer data storage media,

computer systems, service providers. The concept usually covers categories of offences such as
illegal access, interfering with data and computer systems, fraud and forgery, illegal
interception of data, illegal devices, child exploitation and intellectual property infringements.
Cybersecurity
-Typically defined as the protection of confidentiality, integrity and availability of

computer data and systems in order to enhance security, resilience, reliability and trust in ICT. The
concept usually covers political (national interests and security), technical and administrative
dimensions.
-refers to the collection of tools, policies, risk management approaches, actions,

training, best practices, assurance and technologies that can be used to protect the cyber
environment, and organization and user’s assets;
-A strong cybersecurity stance protects computer systems from unauthorized access

or being otherwise damaged or made inaccessible. It aims to reduce the risk of cyberattacks and
protects against the unauthorized exploitation of systems, networks and technologies through the
use of technologies, processes and controls on technical, procedural and institutional levels.
-Cybersecurity focuses on the policy and procedure for securing and protecting
systems and assets.
-Cybersecurity regulations typically work to prevent attacks before they occur.

Security is a continuous cycle including incident response and revision of processes which happen
after the detection of a breach.
Computer forensics - is the process of methodically examining computer media (hard disks,
diskettes, tapes, etc.) for evidence. In other words, computer forensics is the collection,
preservation, analysis, and presentation of computer-related evidence.
Computer forensics - also referred to as computer forensic analysis, electronic discovery,

electronic evidence discovery, digital discovery, data recovery, data discovery, computer analysis,
and computer examination
Environmental crimes. Encompass a broad list of illicit activities, including illegal trade in
wildlife; smuggling of ozone-depleting substances (ODS); illicit trade of hazardous waste; illegal,
unregulated, and unreported fishing; and illegal logging and trade in timber
Environmental Law System - is an organized way of using all of the laws in our legal
system to minimize, prevent, punish, or remedy the consequences of actions which damage or
threaten the environment, public health and safety.
Environmental law - is an area where there is a "system" of statutes, regulations, guidelines,

factual conclusions, and case specific interpretations which relate to each other in the context of
generally accepted principles established during the short history of environmental law
B. Other Terms
Access. Refers to the instruction, communication with, storing data in, retrieving data from, or
otherwise making use of any resources of a computer system or communication network.
Access controls. Measures that establish privileges, determine authorized access, and prevent
unauthorized access.
Active digital footprint. Created by data provided by the user.
Advanced fee fraud. A computer-related fraud involving a request for an advance fee to
complete a transfer, deposit or other transaction in exchange for a larger sum of money.
Advanced persistent threats. Individuals and/or groups that persistently target an entity. Also
known as APTs.
Alteration. Refers to the modification or change, in form or substance, of an existing

computer data or program;
Appellations of origin. Symbols of products quality and the reputation of the place of its
creation property, which cannot be used unless the product was developed in that region according
to standards of practice. Also known as geographical indications.
Anonymity. The shielding of one’s identity to enable individuals to engage in activities

without revealing themselves and/or their actions to others.
Anonymizers. These proxy servers enable users to hide identity data by masking their IP address
and substituting it with a different IP address. Also known as anonymous proxy servers.
Anonymous proxy servers. These proxy servers enable users to hide identity data by
masking their IP address and substituting it with a different IP address. Also known as
anonymizers.
Anti-digital forensics. Tools and techniques used to obfuscate cybercrime investigation and
digital forensics efforts. Also known as anti-forensics.
Anti- forensics. Tools and techniques used to obfuscate cybercrime investigation and digital
forensics efforts. Also known as anti-digital forensics.
Antimalware or Antivirus . These systems use signatures or behavioral analysis of

applications to identify and block malicious code from being executed.
Application and file analysis. Type of analysis that is performed to examine applications and
files on a computer system to determine the perpetrator’s knowledge of and intent and capabilities
to commit cybercrime.
Asset. Something that is considered important and/or valuable.
Attribution. The determination of who and/or what is responsible for a cybercrime.
Availability. Data, services, and systems are accessible on demand.
Backdoor. A secret portal used to gain unauthorized access to systems.
Best evidence. The original piece of evidence or an accurate duplicate of the original.
Big data. Large volumes of structured and unstructured data that can be consolidated and analysed
to reveal information about associations, patterns, and trends.
Brute force attack. The use of a script or bot to guess user credentials.
Back-tracing. The process of tracing illicit acts back to the source of the cybercrime. Also known
as trace back.
Botcode. A type of malicious software that enables the remote control of these devices and use
them to commit cybercrimes, steal information, and/or engage in cyberattacks.
Botherder. Controller of bot-infected digital devices.
Botnet. A network of computers infected with botcode.
Buffer. This is a memory area allocated to an application.
Bulletproof hosting. A service that enables criminals to utilize servers to commit

cybercrime, store illicit content, and protect illicit content from being accessed by law
enforcement authorities and/or being taken offline.
Business continuity plan. Outlines instructions to be followed and actions to be taken in the
event of a cybersecurity incident. Also known as emergency management plan.
Catphishing. False or misleading promises of love and companionship designed to scam

individuals out of their time, money and/or other items.
Censorship. The prohibition of information, visual depictions, and written or oral

communications that are prohibited by law and/or their suppression by a government,
community or group because they are unlawful and/or viewed as harmful, unpopular,
undesirable, or politically incorrect.
Central Authority. refers to the DOJ – Office of Cybercrime;
Chain of custody. A detailed log about the evidence, the condition of the evidence, its
collection, storage, access, and transfer and reasons for its access and transfer, is essential to
ensure the admissibility of digital evidence in most courts of law.
Child grooming. Enticement of children or solicitation of children for sexual purposes.
Child sex trafficking. Acting in some manner that recruits, leads, causes, maintains, and/or
otherwise facilitates the commercial sexual exploitation of children.
Child sexual abuse material. The representation of child sexual abuse and/or other
sexualized acts using children.
Child sexual abuse to order. Viewers of child sexual abuse can be actively involved in abuse
by communicating with the child, the sexual abuser, and/or facilitator of the child sexual abuse and
requesting specific physical acts and/or sexual acts to be performed on and/or performed by the
child.
Child Pornography . Refers to the unlawful or prohibited acts defined and punishable by
Republic Act No. 9775 or the “Anti-Child Pornography Act of 2009”, committed through a
computer system:
Collection. Refers to gathering and receiving information;
Communication. Refers to the transmission of information through information and

communication technology (ICT) media, including voice, video and other forms of data;
Competent Authority. Refers to either the Cybercrime Investigation and Coordinating

Center or the DOJ – Office of Cybercrime, as the case may be;
Computer. Refers to an electronic, magnetic, optical, electrochemical, or other data

processing or communications device, or grouping of such devices, capable of performing logical,
arithmetic, routing or storage functions, and which includes any storage facility or equipment or
communications facility or equipment directly related to or operating in conjunction with such
device. It covers any type of computer device, including devices with data processing capabilities
like mobile phones, smart phones, computer networks and other devices connected to the internet;
Circumstantial evidence. Evidence that infers the truth of a matter.
Clearnet. Indexed websites that are accessible and available to the public and can be searched
using traditional search engines. Also known as Surface Web or Visible Web.
Code of ethics. Guidelines covering right and wrong conduct to inform decision-making.
Commercial sexual exploitation of children. A term used to describe a range of

activities and crimes that involve the sexual abuse of children for some kind of
remuneration of any monetary or non-monetary value.
Computer data. Any form of representation of information that is processed by a system of a

digital device. Also known as computer information. means any representation of facts,
information or concepts in a form suitable for processing in a computer system, including a
program suitable to cause a computer system to perform a function.
- any representation of facts, information or concepts in a form suitable for
processing in a computer system, including a program suitable to cause a computer system to
perform a function.
Computer data storage medium. Any article or material (for example, a

disk) from
which information is capable of being reproduced, with or without the aid of
any other article or device.
Computer Emergency Response Team. A team that provides support for

cybersecurity incidents. Also known as Computer Security Incident Response Team.
Computer information. Any form of representation of information that is

processed by a system of a digital device. Also known as computer data or data.
Computer network. Two or more computers that send and receive data
between them.
Computer Security Incident Response Team. A team that

provides support for cybersecurity incidents. Also known as Computer Emergency Response
Team.
Computer system. A stand-alone or networked device that performs data

processing among other functions. A device or a group of inter-connected or related devices,
including the internet, one or more of which, pursuant to a program, performs automatic processing
of data or any other function;
Computer program refers to a set of instructions executed by the computer to achieve

intended results;
Confidentiality. Systems, networks, and data are protected, and only authorized users can
access them.
Confirmation bias. The process whereby individuals look for and support results that
support their working hypothesis and dismiss results that conflict with their working
hypothesis.
Content data. Words in written communications or spoken words.
Coordinated vulnerability disclosure. The practice of harmonized information sharing and

disclosure of vulnerabilities to relevant stakeholders along with the tactics used for its mitigation.
Copyrights. Creative products, such as artistic and literary works, protected by law.
Crime displacement. When a crime that was intended for one target is committed on
another target because of security measures in place.
Crime reconstruction. This process seeks to determine who was responsible for the crime, what
happened, where did the crime occur, when did the crime take place, and how the crime unfolded,
through the identification, collation, and linkage of data. Also known as event reconstruction.
Critical infrastructure. Designated essential sectors that are considered fundamental to the
proper functioning of society.
Cryptocurrency. A form of digital currency secured utilizing advanced encryption. It is a

digital money that can be used to buy goods and services, using strong encryption techniques to
secure these online transactions.
Cryptojacking. A tactic whereby the processing power of infected computers is used to mine
cryptocurrency for the financial benefit of the person (or persons) controlling the bot- infected
digital devices.
- It is also an emerging threat that hides on a user’s computer mobile phone, tablet,
laptop or server, using that machine’s resources to ‘mine’ cryptocurrencies without the user’s
consent or knowledge.
Cybersex refers to the willful engagement, maintenance, control or operation,

directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid
of a computer system, for favor or consideration;
Cyber refers to a computer or a computer network, the electronic medium in

which online communication takes place;
Cyber-dependent crime. A cybercrime that would not be possible without the Internet and
digital technologies.
Cyber-enabled crimes. A cybercrime facilitated by the Internet and digital technologies.
Cyber organized crime. A term used to describe a continuing criminal enterprise that
rationally works to profit from illicit activities that are in demand online.
Cyber organized criminals. A structured group of three or more persons, existing for a period
of time and acting in concert with the aim of committing one or more serious crimes or offences
established in accordance with the United Nations Convention against Transnational Organized
Crime of 2000, which operate in whole or in part online, in order to obtain, directly or indirectly, a
financial or other material benefit.
Cyber proxies. The use of intermediaries to directly or indirectly contribute to a

cyberdependent crime intentionally targeting a state.
Cryptomarkets. A website utilizing cryptography to protect users of the site.
Cyberbullying. The use of information and communication technology by children to annoy,

humiliate, insult, offend, harass, alarm, stalk, abuse or otherwise attack another child or
children.
Cyberespionage. The use of information and communication technology by government

actors, state-sponsored or state-directed groups, or others acting on behalf of a government, to
gain unauthorized access to systems and data in an effort to collect intelligence on their targets in
order to enhance their own country’s national security, economic competitiveness, and/or military
strength.
Cyberharassment. The use of information and communication technology to intentionally

humiliate, annoy, attack, threaten, alarm, offend and/or verbally abuse an individual (or
individuals).
Cryptoransomware. Malware that infects a user’s digital device, encrypts the user’s
documents, and threatens to delete files and data if the victim does not pay the ransom.
Cybersmearing. Posting or otherwise distributing of false information or rumours about an adult

or child to damage the victim’s social standing, interpersonal relationships, and/or reputation.
Cyberspace. An environment accessed by Internet-enabled digital technology within which

online activities take place.
Cyberstalking. The use of information and communication technology to commit a series of acts
over a period of time designed to harass, annoy, attack, threaten, frighten, and/or verbally abuse an
individual (or individuals).
Cybersecurity. The collection of strategies, frameworks, and measures that are designed to
identify threats and vulnerabilities of systems, networks, services, and data to these threats; prevent
the exploitation of vulnerabilities; mitigate the harm caused by materialized threats; and safeguard
people, property, and information and communication technology.
Cybersecurity posture. A term used to describe the cybersecurity capabilities of a

country, organization or business.
Cyberterrorism. The cyber-dependent crimes perpetrated against critical infrastructure to cause

some form of harm and to provoke fear in the target population.
Cyberwarfare. Cyber acts that compromise and disrupt critical infrastructure systems, which
amount to an armed attack. It is also the use of technology to penetrate and attack another nation’s
computer systems and networks in an effort to cause damage or disrupt services, such as shutting
down a power grid.
Database refers to a representation of information, knowledge, facts, concepts or instructions

which are being prepared, processed or stored, or have been prepared, processed or stored in a
formalized manner, and which are intended for use in a computer system;
Digital evidence refers to digital information that may be used as evidence in a case. The
gathering of the digital information may be carried out by confiscation of the storage media (data
carrier), the tapping or monitoring of network traffic, or the making of digital copies (e.g., forensic
images, file copies, etc.), of the data held;
Dark Web. The part of the World Wide Web, which is known for its obscure and hidden
websites that host illicit activities, goods, and services, and can only be accessed using
specialized software. Also known as darknet.
Darknet. The part of the World Wide Web, which is known for its obscure and hidden websites
that host illicit activities, goods, and services, and can only be accessed using specialized
software. Also known as Dark Web.
Data. Any form of representation of information that is processed by a system of a digital device.
Also known as computer data or computer information.
Data hiding analysis. Type of analysis that searches for hidden data on a system.
Data preservation. Requests are made to service providers by law enforcement in an effort
to retain data before it is deleted or altered in any way.
Data mining. The retrieval of information from data sets.
Data protection. The safeguarding of personal information and regulates its collection,
storage, analysis, use, and sharing.
Data protection by design. Privacy measures embedded in the design of systems and
technologies. Also known as privacy by design.
DDoS attack. The use of multiple computers and other digital technologies to conduct
coordinated attacks with the intention of overwhelming servers to prevent legitimate users’ access.
Also known as a distributed denial of service attack.
Deep Web. The part of the World Wide Web that is not indexed by search engines and is not
easily accessible and/or available to the public.
Denial of service attack. A cybercrime that interferes with systems by overwhelming

servers with requests to prevent legitimate traffic from accessing a site and/or using a system.
Also known as DoS attack.
Design patents. A form of intellectual property that includes designs that are created with the
specific purpose of being aesthetically pleasing to consumers and impacts their choice between
products. Also known as industrial designs.
Deterrence. Discouraging illicit activity through punishment.
Digital evidence. Data obtained from information and communication technology. Also
known as electronic evidence.
Digital footprint. Data left behind by ICT users that can reveal information about them,
including age, gender, race, ethnicity, nationality, sexual orientation, thoughts, preferences,
habits, hobbies, medical history and concerns, psychological disorders, employment status,
affiliations, relationships, geolocation, routines, and other activities.
Digital forensic process. The search, retrieval, preservation, and maintenance of digital
evidence; description, explanation and establishment of the origin of digital evidence and its
significance; the analysis of evidence and its validity, reliability and relevance to the case; and the
reporting of evidence pertinent to the case.
Digital forensics. A branch of forensic science that applies matters of law to information and
communication technology and digital evidence.
Digital piracy. The illegal download of a movie from a third-party website that does not have
the right to distribute the copyrighted work.
Direct evidence. Evidence that establishes a fact.
Disinformation. The deliberate spreading of false information.
Disinhibition. The process whereby an individual demonstrates a lack of social restraint with
regards to online behavior.
Dissociative anonymity. Individuals detachment of their online behavior from their offline
behavior due to the anonymity afforded to them when utilizing the Internet and digital technology.
Dissociative imagination. Individuals’ view of cyberspace as a forum within which the rules
of everyday interactions, codes of conduct, social norms, and/or laws do not apply, disinhibiting
the individual to act in a manner contrary to offline rules of everyday interactions, codes of
conduct, social norms, and/or laws.
Distributed denial of service attack. The use of multiple computers and other digital
technologies to conduct coordinated attacks with the intention of overwhelming servers to prevent
legitimate users’ access. Also known as a DDoS attack.
Dogpiling. A tactic whereby users within an online space bombard victims with offensive,
insulting, and threatening messages to silence the target, force them to take back what they said
and/or apologize, or to force them to leave the platform.
Domain name. A representation of an IP address in an Internet (or web) browser.
Domain Name System. Enables Internet access by translating domain names to IP

address.
DoS attack. A cybercrime that interferes with systems by overwhelming servers with
requests to prevent legitimate traffic from accessing a site and/or using a system. Also known
as denial of service attack.
Doxing. Personal information about individuals posted online to cause the individual some form of
harm.
Doxware. A form cryptoransomware that perpetrators use against victims that releases the user’s
data if ransom is not paid to decrypt the files and data.
Dual criminality. A clause in treaties requiring acts to be considered illegal in cooperating

countries.
eDiscovery. The process of searching, identifying, and preserving digital data for use as
evidence in a legal proceeding.
Electoral fraud. The use of unlawful tactics to influence elections.
Electronic evidence. Data obtained from information and communication technology. Also
known as digital evidence.
- Electronic evidence refers to evidence, the use of which is sanctioned by

existing rules of evidence. in ascertaining in a judicial proceeding, the truth respecting a matter of
fact, which evidence is received, recorded, transmitted, stored, processed, retrieved or produced
electronically;
Emergency management plan. Outlines instructions to be followed

and actions to be taken in the event of a cybersecurity incident. Also known as business
continuity plan.
Encryption. Measure that blocks third party access to users’ information and
communications.
Event reconstruction. This process seeks to determine who was responsible for the event, what
happened, where did the event occur, when did the event take place, and how the event unfolded,
through the identification, collation, and linkage of data. Also known as crime reconstruction.
Expected utility theory. A theory that holds that people engage in actions when the expected
utility from these actions are higher than the expected utility of engaging in other actions.
Fake news. Propaganda and disinformation masquerading as real news.
Fifth domain. A term used to describe cyberspace as another domain of warfare.
Firewall. A security measure that restricts the free flow of information by blocking
unauthorized traffic data.
Forensics refers to the application of investigative and analytical techniques that conform to
evidentiary standards, and are used in, or appropriate for, a court of law or other legal context;
Forensic image, also known as a forensic copy, refers to an exact bit-by-bit copy of a data carrier,
including slack, unallocated space and unused space. There are forensic tools available for making
these images. Most tools produce information, like a hash value, to ensure the integrity of the image;
Forensic relevance. The relevance of forensic data is determined by whether the digital
evidence: links or rules out a connection between the perpetrator and the target and/or the crime
scene; supports or refutes perpetrator, victim and/or witness testimony; identifies the perpetrator(s)
of the cybercrime; provides investigate leads; provides information about the method of operation
of the perpetrator; and shows that a crime has taken place.
File carving. Search based on content identifiers.
First responders. Individuals who respond first to the scene and are responsible for
securing evidence at the scene.
Full vulnerability disclosure. Publicly publishing the software or hardware vulnerability

through online forums and websites before a fix is available.
Functional analysis. The assessment of the performance and capabilities of systems and devices
involved in events.
General deterrence. Punishment designed to send the message to others that similar illicit
behavior will receive similar severe punishment.
Geographical indications. Symbols of products quality and the reputation of the place of its
creation property, which cannot be used unless the product was developed in that region according
to standards of practice. Also known as appellations of origin.
Hacking. Unauthorized access to systems, networks, and data.
Hard drive. An internal, persistent memory in a computer.
Hearsay. Out of court statements.
Hash. A generated value.
Hash value refers to the mathematical algorithm produced against digital information (a file, a
physical disk or a logical disk) thereby creating a “digital fingerprint” or “digital DNA” for that
information. It is a one-way algorithm and thus it is not possible to change digital evidence without
changing the corresponding hash values
Human flesh search engine. A term used to describe online users work together to
identify a target and perpetrate coordinated online abuse against the target.
Identity management. The process of authenticating users’ identities, identifying

associated privileges, and granting user access based on these privileges.
Identity-related crime. A perpetrator unlawfully assumes and/or misappropriates the identity of

the victim and/or uses the identity and/or information associated with the identity for illicit
purposes.
Image-based sexual abuse. A form of sexual violence whereby sexually explicit images
and/or videos of the victims are intentionally created, distributed or threatened to be distributed
without the consent of the victims. This may be to cause some form of harm to the victim and/or
to benefit the perpetrator in some way (e.g. monetary gain, sexual gratification, social status
building and more).
Imaging. Creating a duplicate copy of the content of the digital device.
Incident detection. The process of identifying threats by actively monitoring assets and
finding anomalous activity.
Industrial control systems. Systems that command and control critical infrastructure
processes.
Industrial designs. A form of intellectual property that includes designs that are created with
the specific purpose of being aesthetically pleasing to consumers and impacts their choice
between products. Also known as design patents.
Information warfare. The collection, distribution, modification, disruption, interference

with, corruption, and degradation of information to gain some advantage over an adversary.
Identifying information refers to any name or number that may be used alone or in
conjunction with any other information to identify any specific individual, including any of the
following:
1.Name, date of birth, driver’s license number, passport number or tax identification
number;
2.Unique biometric data, such as fingerprint or other unique
physical representation;
3. Unique electronic identification number, address or routing code; and
4. Telecommunication identifying information or access device.
Information and communication technology system refers to system intended for, and
capable of, generating, sending, receiving, storing or otherwise processing electronic data messages
or electronic documents, and includes the computer system or other similar device by or in which
data is recorded or stored, and any procedures related to the recording or storage of electronic data
message or electronic document;
Interception refers to listening to, recording, monitoring or surveillance of the content of

communications, including procurement of the content of data, either directly through access and
use of a computer system, or indirectly through the use of electronic eavesdropping or tapping
devices, at the same time that the communication is occurring;
Internet content host refers to a person who hosts or who proposes to host internet
content in the Philippines;
Internet of Things (IoT). Is a large network of physical objects, such as sensors, software and
other equipment. All of these things are connected to the internet, with the ability to collect and
share data.
Inoculation theory. This theory holds that the way to inoculate individuals from persuasion
attempts of others is to expose them to these attempts and given them tools they need to resist
these attempts.
Integrity. Data is accurate and trustworthy and has not been modified.
Intellectual property. Products of creativity, such as works, innovations, creations, original

expression of ideas, and secret business practices and processes, that individuals have rights to as
prescribed by law.
Internet . It is the largest computer network in the world, connecting millions of computers. A
network is a group of two or more computer systems linked together.
Internet governance. The creation and application of Internet principles, rules, and
procedures by various stakeholders to guide the use of the Internet and shape its
development.
Internet of Things. An interconnected and interoperable network of Internet-enabled

devices that facilitate the monitoring of objects, plants, animals, and people, and the
collection, storage, examination, and dissemination of information about them.
Internet penetration rate. The portion of the population in an area that uses the Internet.
Internet Protocol address. A unique identifier assigned by an Internet service provider to an

Internet-connected digital device to connect to the Internet. Also known as IP address.
Internet service provider. Provides Internet services to a computer system or a system of

another digital device.
Internet trolls. Individuals that purposely post rude, aggressive, and offensive remarks
designed to create discord and discontent online.
IP address. A unique identifier assigned by an Internet service provider to an Internet

connected digital device to connect to the Internet. Also known as Internet Protocol address.
Interpersonal cybercrime. Cybercrimes committed by individuals against other individuals

with whom they are interacting, communicating, and/or having some form of real or imagined
relationship.
Intrusion detection systems. A cybersecurity measure that enables the detection of

cyberattacks and unauthorized access and use of systems, networks, data, services, and related
resources.
Jurisdiction. A state’s power and authority to enforce laws and punish non-compliance with
laws.
Key performance indicators. Measures that are used to determine progress towards the
realization of the strategic objectives of the national cybersecurity strategy.
Law enforcement authorities refers to the National Bureau of Investigation (NBI) and the
Philippine National Police (PNP) under Section 10 of RA 10171 (The Anti-Cybercrime law of the
Phil.)
Letters rogatory. Written requests from national courts for evidence from a foreign
country.
Live streaming of child sexual abuse. The real-time broadcasting of child sexual abuse to
viewers (often) in remote locations.
Logical extraction. The search for and acquisition of evidence from the file system
location.
Keyword searches. Search based on terms provided by the investigator.
Knowledge management. The process of identification and assessment of knowledge needs

and the utilization of knowledge assets.
Malware. Also known as Malicious software. Refers to any code that can be used to steal data,
bypass access controls, or cause harm to or compromise a system.
Metadata. Data about the content. Also known as non-content data.
Microlaundering. A form of money-laundering whereby the perpetrators launder a

significant amount of money through multiple small transactions.
Misinformation. False or inaccurate information.
Money-laundering. The concealment of illicit proceeds through a combination of

legitimate and illegitimate transactions.
Money mules. Individuals who either knowingly or unknowingly commit crimes and/or
cybercrimes by obtaining and transferring illicit goods, engaging in illicit services, and/or
illegally receiving or transferring money for others for remuneration.
Morphing. A victim’s face or head superimposed on the bodies of others for the purpose of
defamation, pornography, and/or sexual abuse.
Mutual legal assistance treaty. An agreement between countries to cooperate on

investigations and prosecutions of certain and/or all offences proscribed by both parties under
national law.
Net neutrality. Requires all data, irrespective of source, to be treated equally.
Neutralization techniques. Techniques used to overcome or minimize negative emotions

associated with the engagement in illicit activity.
Non-content data. Data about the content. Also known as metadata.
Online child sexual abuse. The use of information and communication technology as a
means to sexually abuse children
Online child sexual exploitation. The use of information and communication technology as a
means to sexually exploit children, where child sexual abuse and/or other sexualized acts using
children involve an exchange of some kind.
Online impersonation. The impersonation of victims by creating accounts with similar

names and, by making use of existing images of the victims.
Original author refers to the person who created or is the origin of the assailed electronic
statement or post using a computer system
Organized crime. A continuing criminal enterprise that rationally works to profit from illicit
activities that are often in great public demand.
Ownership and possession analysis. Type of analysis that is used to determine the
person who created, accessed, and/or modified files on a computer system.
Roasting. Individuals willingly posting images and/or videos of themselves on online and
inviting others to post insults about them.
Routine activity theory. A theory that holds that crime occurs when two elements are
present
- a motivated offender and a suitable target, and one element is
absent - a capable guardian.
Pedophile. A person sexually interested in children.
Passive digital footprint. Data that is obtained and unintentionally left behind by the
users of the Internet and digital technology.
Patent. “Exclusive right granted for an invention (innovation or creation), which is a product or
a process that provides, in general, a new way of doing something, or offers a new technical
solution to a problem” (WIPO, n.d.).
Patent trolls. These individuals neither create nor invent anything; they merely purchase patents
to license them to others, and sue any person, group, or organization infringing their acquired
patents
Personal autonomy. The ability to make choices and act in ways of their own choosing free
from coercion.
Pharming. The creation of a fake, duplicate website that is designed to trick users to input their
login credentials.
Phishing. The sending of an email to targets with a website link for users to click on, which
might either download malware onto the users’ digital devices or sends users to a malicious
website that is designed to steal users’ credentials.
Physical extraction. The search for and acquisition of evidence from the location within a
digital device where the evidence resides.
Privacy. The right to be left alone and be free from observation; the capacity to keep one’s
thoughts, beliefs, identity, and behavior secret; and the right to choose and control when, what, why,
where, how, and to whom information about oneself is revealed and to what extent information is
revealed.
Privacy by design. Privacy measures embedded in the design of systems and

technologies. Also known as data protection by design.
Preventive law. Legal rules that focus on regulation of risk and seek to prevent crime or at the
very least mitigate the damage that could be caused in the event of a crime.
Procedural law. Legal rules that cover the processes and procedures to be followed to apply
substantive law, the rules to enable the enforcement of substantive law, and the rules and
standards in criminal justice proceedings.
Preservation refers to the keeping of data that already exists in a stored form, protected from
anything that would cause its current quality or condition to change or deteriorate. It is the activity
that keeps that stored data secure and safe
Xc6 An intermediary server that is used to connect a client with a server that the client is
requesting resources from.
Pseudonymization. The process whereby identifying data in a record is replaced by

artificial identifiers.
Ransomware. Malware designed to take users’ system, files, and/or data hostage and
relinquish control back to the user only after ransom is paid.
Recovery. The identification, creation, and ultimate implementation of measures for

resilience and the restoration of systems, networks, services, and data that were unavailable,
harmed, damaged, and/or compromised during the incident.
Relational analysis. The determination of the individuals involved and what they did, and the
association and relationships between these individuals.
Resilience. The ability to withstand disruptions, adapt to changing conditions, and recover from
incidents of ICT and protect the confidentiality, integrity, and availability of systems, networks,
services, and data.
Responsible vulnerability disclosure. The practice of not disclosing the vulnerability

until a fix is provided by the responsible organization.
Risk. The impact of a threat and its probability of occurring.
Risk assessment. The evaluation of the probability of a threat, its impact, and the
exposure of an asset to this threat.
Risk treatment. Responses to risks.
Script. A computer programme.
Service provider. Provides services to a computer system or a system of another digital device.
Service provider refers to::
1.any public or private entity that provides users of its service with the ability to
communicate by means of a computer system; and
2.any other entity that processes or stores computer data on behalf of such
communication service or users of such service
Sexting. Self-generated sexually explicit material.
Sextortion. A form of cyber harassment whereby the victim is threatened with the release of
sexually explicit content if the demands of the perpetrator are not met.
Situational crime prevention. Measures used to prevent and reduce crime.
Smishing. Phishing via text messaging. Also known as SMS phishing.
SMS phishing. Phishing via text messaging. Also known as smishing.
Social engineering fraud. Tricking the victim into revealing or otherwise providing
personal information and/or funds to the perpetrator.
Sovereignty. A country’s right to exercise authority over its own territory.
Social dilemma. When individuals’ decisions are based on self-interest rather than the
interest of the group or collective, even when the utility of engaging in the collective interest is
higher than the utility of engaging in self-interest.
Solipsistic introjection. The fictional image of others created by users’ perceptions of others
and their traits absent contextual data, including the relationships they have with them based on
imagined rather than real information.
Social engineering. A tactic whereby a perpetrator tricks the target into divulging
information or performing another action.
Spam. Sending of unsolicited emails.
Spearphishing. The sending of emails with infected attachments or links that are
designed to dupe the receiver into clicking on the attachments or links.
Specific deterrence. Punishing individuals who commit crime to cease further illicit activity if
the punishment received outweighs the benefits of committing the crime.
Spyware. Malware designed to surreptitiously monitor infected systems, and collect and relay
information back to creator and/or user of the spyware.
Stalkerware. A form of spyware that can run on a victim’s computer, smartphone or other Internet-
enabled digital device and collect and relay all the user’s actions on these devices, from emails and
text messages sent and received, to photographs taken and keystrokes.
Standard operating procedures. Documents that include the policies and sequential acts that
should be followed to investigate cybercrime and handle digital evidence on information and
communication technology.
Steganography. The stealthy concealment of data by both hiding content and making it
invisible.
Substantive law. Legal rules that govern behaviour and responsibilities of those over whom
the state has jurisdiction.
Surface Web. Indexed websites that are accessible and available to the public and can be searched
using traditional search engines. Also known as Clearnet or Visible Web.
Subscriber’s information refers to any information contained in the form of computer data
or any other form that is held by a service provider, relating to subscribers of its services,
other than traffic or content data, and by which any of the following can be established:
The type of communication service used, the technical provisions taken thereto and the
period of service;
The subscriber’s identity, postal or geographic address, telephone and other access number,
any assigned network address, billing and payment information that are available on the basis of the
service agreement or arrangement; or
Any other available information on the site of the installation of communication

equipment that is available on the basis of the service agreement or arrangement.
Swappers. Semi-automated cryptocurrency exchanges.
Temporal analysis. The determination of the time events occurred and the sequence of
these events.
Territorial sovereignty. The state’s complete and exclusive exercise of authority

and power over its geographic territory.
Threat. A circumstance that could cause harm.

Time-frame analysis. Type of analysis that seeks to create a timeline or time sequence of
actions using time stamps that led to an event or to determine the time and date a user performed
some action.
Traceback. The process of tracing illicit acts back to the source of the cybercrime. Also
known as back-tracing.
Trade secrets. Valuable information about business processes and practices that are
secret and protect the business’ competitive advantage.
Trade secret theft. The theft of a trade secret offline and/or online to gain an unfair
competitive advantage.
Trademark counterfeiting. Intentional unauthorized use of a trademark to label good or

service that does not originate from the trademark owner.
Trademarks. Identifiers that distinguish the source of a good or service.
Traffic data. Data transmitted over a computer network (or network). It also means any computer
data relating to a communication by means of a computer system, generated by a computer system
that formed a part in the chain of communication, indicating the communication’s origin,
destination, route, time, date, size, duration, or type of underlying service.
- Traffic Data or Non-Content Data refers to any computer data other than the
content of the communication, including, but not limited to the communication’s origin,
destination, route, time, date, size, duration, or type of underlying service
Trojan horse. Malware designed to look like legitimate software in order to trick
the user into downloading the programme, which infects the users’ system to spy, steal and/or
cause harm.
Unallocated space. Space that is available for use because content was
deleted, or space never used.
Usability. Ease with which digital devices can be used.
Visible Web. Indexed websites that are accessible and available to the public and
can be searched using traditional search engines. Also known as Clearnet or Surface Web.
Vulnerability. Exposure to harm.
Virus. Malware that requires user activity to spread.
Vishing. Phishing via telecommunications.
Watering hole attack. Placing malware on the most frequented websites of

targets to ultimately infect their systems and gain unauthorized access to them.
Web crawlers. Applications designed to traverse the World Wide Web to achieve
specific objectives.
Whaling. Pretending to be higher level executives in a company, lawyers,

accountants, and others in positions of authority and trust, in order to trick employees into sending
them funds.
Worm. Stand-alone malicious software that spreads without the need for user
activity.
Write blocker. Designed to prevent the alteration of data during the copying process.
WIFI . Stands for Wireless Fidelity which is a generic term that refers to IEEE802.11 standard for
wireless Local Networks or WLANs. It is also an alternative network to wired network which is
commonly used for connecting devices in wireless mode.
Zero day. Previously unknown vulnerability that is exploited once identified.
III. HISTORICAL BACKGROUND OF CYBER AND ENVIRONMENTAL CRIME
A. History of Computer
- It is an almost a complete reality that the world is becoming a global village through
the use of computer. Therefore, it is imperative to look back into its beginning and origin.
Wilhelm Schickard - designed and constructed the first working

mechanical calculator in 1623:
Blaise Pascal and Goffried Liebnits –They invented the calculating machine
in 1642 which marked the genesis of the application of machine in industry.
Gottfried Leibniz - demonstrated a digital mechanical calculator, called the

Stepped Reckoner 1673. He may be considered the first computer scientist and information
theorist, for, among other reasons, documenting the binary number system.
Joseph Marie Jacquard - In France, 1801, invents a loom that uses

punched wooden cards to automatically weave fabric designs. Early computers would use
similar punch cards.
Thomas de Colmar – In 1820 he launched the mechanical calculator industry

when he released his simplified arithmometer, which was the first calculating machine strong
enough and reliable enough to be used daily in an office environment.
Charles Babbage (Father of Computer) – In 1822 (19th century), an

English mathematician who conceives of a steam-driven calculating machine that would
be able to compute tables of numbers. The project, funded by the English government, is a
failure. More than a century later, however, the world's first computer was actually built.
- He designed the Analytical Engine and it was this design that the basic
framework of the computers of today are based on.
Herman Hollerith – In 1885 he invented the tabulator, which used punched

cards to process statistical information; eventually his company became part of IBM.
Alan Turing – In 1936, he presents the notion of a universal machine, later called the Turing
machine, capable of computing anything that is computable. The central concept of the
modern computer was based on his ideas.
J.V. Atanasoff - a professor of physics and mathematics at Iowa State University,

attempts to build the first computer without gears, cams, belts or shafts in 1937.
Atanasoff and his graduate student, Clifford Berry - design a computer that can
solve 29 equations simultaneously in 1941. This marks the first time a computer is able to
store information on its main memory.
John Mauchly and J. Presper Eckert – In 1943-1944, they build the Electronic
Numerical Integrator and Calculator (ENIAC) and this is considered the grandfather of
digital computers. They build the UNIVAC in 1946, the first commercial computer for business
and government applications.
Douglas Engelbart - shows a prototype of the modern computer in 1964, with a

mouse and a graphical user interface (GUI). This marks the evolution of the
computer from a specialized machine for scientists and mathematicians to
technology that is more accessible to the general public.
Alan Shugart - leads a team of IBM engineers who invent the “floppy disk," allowing data
to be shared among computers in 1971.
Robert Metcalfe - a member of the research staff for Xerox, develops Ethernet for
connecting multiple computers and other hardware in 1973:
Steve Jobs and Steve Wozniak- start Apple Computers on April Fool's Day and roll
out the Apple I, the first computer with a single-circuit board, according to Stanford
University in 1976.
1983: Apple's Lisa is the first personal computer with a graphical user interface (GUI). It also
features a drop-down menu and icons. It flops but eventually evolves into the Macintosh.
The Gavilan SC is the first portable computer with the familiar flip form factor and the first
to be marketed as a "laptop."
1985: Microsoft announces Windows, according to Encyclopedia Britannica. This was

the company's response to Apple's graphical user interface (GUI). Commodore unveils the
Amiga 1000, which features advanced audio and video capabilities.
1985: The first dot-com domain name is registered on March 15, years before the World
Wide Web would mark the formal beginning of Internet history.
1990: Tim Berners-Lee, a researcher at CERN, the high-energy physics

laboratory in Geneva, develops Hyper Text Markup Language (HTML), giving rise to the
World Wide Web.
1999: The term Wi-Fi becomes part of the computing language and users begin
connecting to the Internet without wires.
2004: Mozilla's Firefox 1.0 challenges Microsoft's Internet Explorer,

the dominant Web browser. Facebook, a social networking site, launches.
2005: YouTube, a video sharing service, is founded. Google acquires Android, a Linux-
based mobile phone operating system.
2006: Apple introduces the MacBook Pro, its first Intel-based, dual-core mobile
computer, as well as an Intel-based iMac. Nintendo's Wii game console hits the market
2007: The iPhone brings many computer functions to the smart phone. 2009:
Microsoft launches Windows 7, which offers the ability to pin applications to the
taskbar and advances in touch and handwriting recognition, among other features.
2012: Facebook gains 1 billion users on October 4. 2015: Apple releases the Apple Watch.
Microsoft releases Windows 10.
THE GENERATIONS OF COMPUTER
1. First Generation of Computer (1937 – 1946):

- In 1937 the first electronic digital computer was built by Dr. John
V. Atanasoff and Clifford Berry. It was called the Atanasoff-Berry Computer
12 (ABC). In 1943 an electronic computer name the Colossus was built for the
military. Other developments continued until in 1946 the first general– purpose
digital computer, the Electronic Numerical Integrator and Calculator (ENIAC) was
built. It is said that this computer weighed 30 tons, and had 18,000 vacuum tubes
which was used for processing. When this computer was turned on for the first
time lights dim in sections of Philadelphia. Computers of this generation could
only perform single task, and they had no operating system.
 Characteristics:
i. Sizes of these computers were as large as the size of a room.

ii. Possession of Vacuum Tubes to perform calculation.
iii. They used an internally stored instruction called program.
iv. Use capacitors to store binary data and information.
v.They use punched card for communication of input and output data and
information
vi. They generated a lot of heat.
vii. They have about One Thousand 1000 circuits per cubic foot.
2. Second Generation of Computer (1947 – 1962)
Second generation of computers used transistors instead of vacuum tubes which were
more reliable. In 1951 the first computer for commercial use was introduced to the public; the
Universal Automatic Computer (UNIVAC 1). In 1953 the International Business Machine (IBM)
650 and 700 series computers made their mark in the computer world. During this generation
of computers over 100 computer programming languages were developed, computers had
memory and operating systems. Storage media such as tape and disk were in use also were printers
for output.
i.The computers were still large, but smaller than the first generation of
computers.
ii. They use transistor in place of Vacuum Tubes to perform calculation.
iii.They were produced at a reduced cost compared to the first generation of
computers.
iv. Possession of magnetic tapes as for data storage.
v.They were using punch cards as input and output of data and
information. The use of keyboard as an input device was also introduced.
vi.These computers were still generating a lot of heat in which an air
conditioner is needed to maintain a cold temperature.
vii. They have about one thousand circuits per cubic foot.
3. Third Generation of Computer (1963 – 1975):
The invention of integrated circuit brought us the third generation of

computers. With this invention computers became smaller, more powerful more reliable and they
are able to run many different programs at the same time.
i.They used large-scale integrated circuits, which were used for both data
processing and storage.
ii.Computers were miniaturized, that is, they were reduced in size
compared to previous generation.
iii.Keyboard and mouse were used for input while the monitor was used as
output device.
iv.Use of programming language like COBOL and FORTRAN were
developed.
v. They have hundred thousand circuits per cubic foot.
4. Fourth Generation of Computer (PC 1975 – Current)

At this time of technological development, the size of computer was re-divided to what
we called Personal Computers, PC. This was the time the first Microprocessor was created by
Intel. The microprocessor was a very large-scale, that is, VLS integrated circuit which
contained thousands of transistors.
Transistors on one chip were capable performing all the functions of a

computer’s central processing unit.
i.Possession of microprocessor which performs all the task of a

computer system use today.
ii. The size of computers and cost was reduced.
iii. Increase in speed of computers.
iv. Very large scale (VLS) integrated circuits were used.
v. They have millions of circuits per cubic foot.
5. Fifth Generation of Computers (Present and Beyond)

Fifth generations computing devices, based on artificial intelligence (AI) are still in
development, although there are some application such as voice recognition, facial face
detector and thumb print that are used today.
i. Consist of extremely large scale integration.
ii. Parallel processing
iii. Possession of high speed logic and memory chip.
iv. High performance, micro-miniaturization.
v.Ability of computers to mimic human intelligence, e.g. voice
recognition, facial face detector, thumb print.
vi. Satellite links, virtual reality.
vii. They have billions of circuits per cubic
B. History of Internet
The Internet has been developed through research grants from the U.S.
Department of Defense’s Advanced Research Projects Agency. Scientists wished to maintain
communication links between distant locations in the event that electrical rout had been destroyed.
The early Internet was devised and implemented in American research units, universities, and
telecommunication companies that had vision and interest in cutting-edge research. The
program grew in the 60s and 70s, becoming a network of computers that transmitted
information by “packet switching.” January 1, 1983 is considered the official birthday of the Internet.
With this, the Internet plays a crucial world in today’s technology and society (Luppicini,
2010). Then we witness circularity. New demands yielded further innovation and many more new
applications such as email, the world-wide-web, file
sharing, social networking, live-streaming, blogs, vlogs skype and more. These were not imagined in the
early stage of the net.
In order to understand how the Internet became an integral part of our lives, it is crucial
to examine its history and the major developments that took place from its modest infancy until its
giant presence.
Early 1960s- The history of the Internet started in the United States in the. This was the
Cold War period, when the world was bi-polar: The United States and the Soviet Union were
competing in expanding their influence in the world, viewing each other with great caution and
suspicion.
October 4, 1957 - the Soviet Union launched the first space satellite, Sputnik. The
Sputnik success necessitated American reaction. It was a question of pride and leadership
1984-1989 - entry of the Internet into the commercial phase (facilitated by the upgrading
of backbone links, the writing of new software programs and the growing number of
interconnected international networks; the massive expansion of the Internet into a global network
during the 1990s when business and personal computers with different operating systems joined
the universal network; the instant and growing success of social networking -- sites that enable
Netusers to share information, photos, private journals, hobbies and personal as well as commercial
interests with networks of mutual friends and colleagues.
Tim Berners-Lee – In 1989, an Englishman researcher at the Organisation Europeenne pour

la Recherche Nucleaire (CERN) in Geneva, proposed the idea of an international system of
protocols: Building a distributed hypermedia server which would allow Netusers to prepare
electronic documents that are composites of, or pointers to, many different files of potentially
different types, scattered across the world. He called it the World Wide Web (WWW). He wrote the
first WWW client (a browser-editor running under NeXTStep) and most of the
communications software, defining URLs (Uniform Resource Locator, webpage address), HTTP
(Hypertext Transfer Protocol between a server and clients) and HTML (interactive HyperText
Markup Language).
- His hypermedia software program enabled people to access, link and create
communications in a single global web of information.
June 22, 2001 – The growing impact of internet has paved an opportunity for
criminals and they were also quick to abuse the Internet for profit. Therefore, in the same date, the
European Council finalized its international Convention on Cybercrime and adopted it on
November 9; 2001.This was the first treaty addressing criminal offenses committed over the Internet.
Jimmy Wales and Larry Sanger – In the year 2001, launched “Wikipedia,” the web
based free encyclopedia. It is a collaborative, multilingual project supported by the non-profit
Wikimedia Foundation. Its 17 million articles (over 3.3 million in English) have been written by
volunteers around the world, and almost all of its articles can be edited by anyone with access to the
site. Wikipedia became the largest and most popular general reference resource on the Internet.
February 4, 2004 - Facebook. com was founded by Mark Zuckerberg,

Eduardo Saverin, Dustin Moskovitz and Chris Hughes. Facebook started as a social network
for American universities but in September 2006 the network was extended beyond educational
institutions to anyone with a registered email address. The site remains free to join, and makes a
profit through advertising revenue.
December 15, 2005 – The official debut of a video file sharing website called “YouTube
created by three former employees of Paypal, Chad Hurley, Steve Chen and Jawed Karim.” On
October 9, 2006, Google bought YouTube for $1.65 billion.
2006 - the free social networking site Twitter was started by Jack Dorsey.
HISTORY OF INTERNET IN THE PHILIPPINES
 1960 - The first computer system in the Philippines — an IBM 650 — is installed at the
Bureau of Lands to handle the country’s land survey computations.
 1986 – The year when the first Philippine based public access of BBS (bulletin board
system first wen online with an annual subscription fee of P1000.
 1992 – William “Bill” Torres (Grandfather of Philippine Internet), current chief executive of
the Philippine Internet Service Organization (PISO) initiated the first informal negotiations with
the US National Science Foundation to bring the Internet to the country.
 1993 – Birth of Philippine Internet
 March 29, 1994 - The Philippines has seen quite a number of milestones in this endeavor, all of
which started in this date, when users first got to establish a connection to the Internet. Such
a landmark moment has opened the doors for progress on the side of having Filipinos have access to
the information wellspring that the Internet offers over the following years ever since; the ICTO and
DOST are continuing this progress with the Free Public Wi- Fi Project and the use of TV White
Space (TVWS) Project. Thus, this year marked the First Internet Connection in the country.
 2011 – Philippines named “Social Networking Capital of the World” with a percentage of
93.9 for Facebook alone.
 2012 – The Cybercrime Prevention Act of 2012 was officially recorded as RA No. 10175 on
September 12, 2012.
 2014 - Fastest Growing Connections. The Philippines named fastest growing internet
population in the last five years with a growth of 531%
C. History of Cybercrime (Philippines)

- Cybercrime goes beyond the technical, transnational dimension and involves offenders who
deliberately fashion their attacks to exploit the potential weaknesses present in the
infrastructure’s transnational nature.
It threatens the substantial and growing reliance of commerce, governments, and the public upon
the information infrastructure to conduct business, carry messages, and process information.
Cybercrime is one of the fastest growing non-violent crimes in the Asian region. It takes a great
deal of technical expertise and co-operation, both local and foreign, in order to address
such problems. This crime affects different countries in varying degrees, depending on the extent
of the legislative enactment of each country.
In the Philippines, as technical and electronic landscapes change, there is a need to enact laws or
amend existing laws to fully address cyber threats.
“I Love You Virus” – became the Landmark and placed the country on the global cyber-map
and pushed congress to pass the first “cybercrime law “, RA No 8792 or the Electronic
Commerce (E-Commerce) act of 2000 and signed into law on June 14, 2000.
RA 8792 - provides for the legal recognition and admissibility of electronic data
messages, documents and signatures. It is also considered the landmark law in the history of the
Philippines as a legitimate player in the global marketplace. It has placed the Philippines among the
countries penalizing cybercrime. The salient features of the Act are as follows:
o Provides for the admissibility of electronic documents in court cases;

o Penalizes limited online crime, such as hacking, introduction of viruses and
copyright violations of at least Php100,000 and a maximum commensurate
to the damage incurred, and imprisonment of six months to three years,
among others;
o Promotes e-commerce in the country, particularly in business-to-business
and business-to-consumer transactions whereby business relations are
enhanced and facilitated and consumers are able to find and purchase
products online;
o Aims to reduce graft and corruption in government as it lessens personal
interaction between government agents and private individuals.
- Onel de Guzman, programming student at the AMA Computer University in Manila, in

May, 2000, created and unleashed this remarkably dangerous computer virus called “I LOVE YOU”,
cost several companies, governments, and citizens billions of US dollars in damages. The virus was
received in e-mail inboxes in Hong Kong on 4 May, 2000, with subject “I LOVE YOU” and an
attachment “LOVE-LETTER-FOR-YOU.TXT.vbs.”. It erases or blurs the graphics and data in
the computer and gets the contact addresses in the computer directory, and sends the same email to all
contacts listed in that directory. Once received and opened in another computer, it replicates all that
it did previously. The replication went on and on, sweeping all computers where the email was
received and opened, from Hong Kong, to Europe, to the United States, infecting and damaging
computers and networks of small and big companies, private and government institutions. The
damage was about US$ 5.5 billion; some reports say US$ 10 billion.
The “I LOVE YOU” virus illustrated that a person armed with a computer could, from a
distant location, attack and/or disrupt computers and networks worldwide and cause severe damage.
On May 11, 2000 he was arrested, the suspect apologized to the public and said he had no
intention of causing such great harm. Government prosecutors filed cases against him, but even at
the first stage, the indictment was dismissed
In August of the same year, charges against him in our country were dismissed, mainly because
we had not yet passed legislation addressing the crimes he had committed as there was no law
penalizing the act at the time (May 2000) in the Philippines (nullum crimen, sine lege). The public
around the world is justifiably outraged.
August 1, 2000 – The effectivity the Rules on Electronic Evidence drafted by the Supreme Court,
to emphasize the admissibility of evidence in electronic form, subject to its authenticity and reliability.
JJ Maria Giner - The first Filipino to be convicted of cybercrime, particularly hacking, was JJ
Maria Giner. He was convicted in September 2005 by Manila MTC Branch 14 Judge Rosalyn Mislos-
Loja. Giner pleaded guilty to hacking the government portal “gov.ph” and other government
websites. He was sentenced to one to two years of imprisonment and fined Php100,000.
The Anti-Transnational Crime Division (ATCD) – It was created in the year 2003 under the
Criminal Investigation and Detection Group of the Philippine National Police (PNP-CIDG)
involved in the gathering of electronic evidence and the tracking down of the Filipino hacker with
help from local Internet service provider Bitstop Inc., which hosted the gov. ph portal when it was
attacked by Giner.
Philippine Computer Emergency Response Team (PHCERT) - The first computer

emergency response team or CERT in the Philippines is the PH-CERT. PH-CERT provides
assistance or responses to cyber incidents locally. PH-CERT funding has to come from its
membership fees and sponsorships, thus it cannot afford to have permanent staff and its services
are purely voluntary. Its Concept of Operation of providing assistance is email-based and phone-based
and on-site services are very minimal or do not exist. The organization has a strong co-ordination
with law enforcement agencies through the conduct of technical training. However, lately, the
operation of PH-CERT encountered difficulty due to lack of financial support and human
resources.
September 26, 2007 - the Philippines signed the United Nations Convention on the Use
of Electronic Communications in International Contracts at United Nations
Headquarters in New York. Adopted by the United Nations General Assembly on 23
November 2005, the United Nations Convention on the Use of Electronic
Communications in International Contracts aims to enhance legal certainty and
commercial predictability where electronic communications are used in relation to
international contracts.
2001 – the start of the actual work on the Cybercrime Bill.
January 2004 – the first local cybercrime conference was organized by Atty. Gigo A.
Alampay, with representatives from the DOJ of both the US and Canada.
September 12, 2012 – The CPA of 2012 was signed and came into force on October 3,
2012.
CPA act of 2012 (RA No. 10175) – The first piece of legislation comprehensively
dealing with cybercrimes. Divided into 31 sections split across eight (8) chapters, the act
criminalizes several types of offenses such as illegal access, data interference, device
misuse, cybersquatting, computer fraud, cybersex among others. This law also reaffirms
existing laws against child pornography under RA 9775 (The anti-child pornography act of
2009) and libel punishable under Article 355 of the RPC.
RA No. 8792 – the first law that penalized “cybercrimes” specifically hacking or
cracking.
RA No. 10173 – also known as the Data Privacy Act of 2012, enacted to protect the
fundamental human right of privacy and of communication while ensuring free flow of
information to promote innovation and growth.
D. History of Computer Forensics
Late 1990s - what became known as digital forensics was commonly termed ‘computer
forensics’. The first computer forensic technicians were law enforcement officers who were also
computer hobbyists. In the USA in 1984 work began in the FBI Computer Analysis and Response
Team (CART). One year later, in the UK, the Metropolitan Police set up a computer crime
unit under John Austen within what was then called the Fraud Squad.

Cyber Crime and Environmental Laws and Protection

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Crime and Environmental Laws and Protection

Uploaded by

Copyright:

Available Formats

INTRO TO CYBER CRIME AND ENVIRONMENTAL LAWS AND PROTECTION

NOTES ON INTRODUCTION TO CYBER CRIME AND ENVIRONMENTAL LAWS AND

It is important for law enforcement to acknowledge that the current measures,

Given the inherently transnational nature of cybercrime, it is highly likely that

II. SALIENT TERMS

- Sophisticated attacks, or high-tech crimes

-Offences committed against computer data, computer data storage media,

-Typically defined as the protection of confidentiality, integrity and availability of

-refers to the collection of tools, policies, risk management approaches, actions,

-A strong cybersecurity stance protects computer systems from unauthorized access

-Cybersecurity regulations typically work to prevent attacks before they occur.

Computer forensics - also referred to as computer forensic analysis, electronic discovery,

Environmental law - is an area where there is a "system" of statutes, regulations, guidelines,

Active digital footprint. Created by data provided by the user.

Alteration. Refers to the modification or change, in form or substance, of an existing

Anonymity. The shielding of one’s identity to enable individuals to engage in activities

Antimalware or Antivirus . These systems use signatures or behavioral analysis of

Asset. Something that is considered important and/or valuable.

Attribution. The determination of who and/or what is responsible for a cybercrime.

Availability. Data, services, and systems are accessible on demand.

Backdoor. A secret portal used to gain unauthorized access to systems.

Botherder. Controller of bot-infected digital devices.

Botnet. A network of computers infected with botcode.

Buffer. This is a memory area allocated to an application.

Bulletproof hosting. A service that enables criminals to utilize servers to commit

Catphishing. False or misleading promises of love and companionship designed to scam

Censorship. The prohibition of information, visual depictions, and written or oral

Central Authority. refers to the DOJ – Office of Cybercrime;

Child grooming. Enticement of children or solicitation of children for sexual purposes.

Collection. Refers to gathering and receiving information;

Communication. Refers to the transmission of information through information and

Competent Authority. Refers to either the Cybercrime Investigation and Coordinating

Computer. Refers to an electronic, magnetic, optical, electrochemical, or other data

Circumstantial evidence. Evidence that infers the truth of a matter.

Commercial sexual exploitation of children. A term used to describe a range of

Computer data. Any form of representation of information that is processed by a system of a

Computer data storage medium. Any article or material (for example, a

Computer Emergency Response Team. A team that provides support for

Computer information. Any form of representation of information that is

Computer Security Incident Response Team. A team that

Computer system. A stand-alone or networked device that performs data

Computer program refers to a set of instructions executed by the computer to achieve

Content data. Words in written communications or spoken words.

Coordinated vulnerability disclosure. The practice of harmonized information sharing and

Cryptocurrency. A form of digital currency secured utilizing advanced encryption. It is a

Cybersex refers to the willful engagement, maintenance, control or operation,

Cyber refers to a computer or a computer network, the electronic medium in

Cyber-enabled crimes. A cybercrime facilitated by the Internet and digital technologies.

Cyber proxies. The use of intermediaries to directly or indirectly contribute to a

Cryptomarkets. A website utilizing cryptography to protect users of the site.

Cyberbullying. The use of information and communication technology by children to annoy,

Cyberespionage. The use of information and communication technology by government

Cyberharassment. The use of information and communication technology to intentionally

Cybersmearing. Posting or otherwise distributing of false information or rumours about an adult

Cyberspace. An environment accessed by Internet-enabled digital technology within which

Cybersecurity posture. A term used to describe the cybersecurity capabilities of a

Cyberterrorism. The cyber-dependent crimes perpetrated against critical infrastructure to cause

Database refers to a representation of information, knowledge, facts, concepts or instructions

Data mining. The retrieval of information from data sets.

Denial of service attack. A cybercrime that interferes with systems by overwhelming

Deterrence. Discouraging illicit activity through punishment.

Direct evidence. Evidence that establishes a fact.

Disinformation. The deliberate spreading of false information.

Domain name. A representation of an IP address in an Internet (or web) browser.