CYBERTERRORISM

CYBERTERRORISM
"Cyberterrorism is the premeditated,
politically motivated attack against
information, computer systems, computer
programs, and data which result in violence
against noncombatant targets by subnational
groups or clandestine agents."

Politically motivated attacks that cause

serious harm, such as severe economic
hardship or sustained loss of power or water,
might also be characterized as
cyberterrorism.
 CYBERTERRORISM
FBI defines terrorism as the unlawful use of
force or violence against persons or property
to intimidate or coerce a government, the
civilian population, or any segment thereof, in
furtherance of political or social objectives.

- as the use of computing resources to

intimidate or coerce others.
Ex. Hacking into a hospital computer
system and changing someone's medicine
prescription to a lethal dosage as an act of
revenge.
Who is at Risk of an Attack

Military Installations
Power Plants
Air Traffic Control Centers
Banks and Telecommunication networks
Other targets include police, medical, fire
and rescue systems, which could be hurt,
along with other government facilities,
water systems, etc.
 SOCIAL
ENGINEERING
SOCIAL ENGINEERING
Social engineering can be regarded as
"people hacking".
-A hacker jargon for soliciting unwitting
participation (by persuading targets to
volunteer information or assistance) from a
person inside a company, rather than
breaking into the system independently

- One of the most infamous cyber-

criminals, Kevin Mitnick, was notorious for
his advanced social engineering skills.
 Most Common Social
Engineering Practices and
Techniques
A confused and befuddled person will call a clerk and
meekly request a password change

Seemingly powerful and hurried people, identifying

themselves as executives, will telephone a new system
administrator and demand access to their account
IMMEDIATELY!

At an airport, somebody will look over a shoulder

("shoulder surfing") as telephone credit card numbers or
ATM PINs (sometimes even using binoculars or
camcorders) are keyed.
 Most Common Social
Engineering Practices and
Techniques
A visitor, incognito, will watch as you enter a
login-ID and password at your keyboard

Somebody will call and confidently instruct a

computer operator to type in a few lines of
instruction at the console

An attacker will sift through your paper trash

(also known as "dumpster diving"), looking for
clues to unlock your IT treasures or financial
life.
Technologies of
Defense
Technologies of Defense
Authentication
Cryptography
Access controls
Firewall
Audit
Intrusion detection/monitoring
Anti-viral tools
Vulnerability assessment tools
Trusted systems design
Management’s Response
Enhance IT disaster plan

Increase monitoring of all employee

activities

Increase monitoring of all cyber terrorism

activities

Rationalize all IT security projects

 CATCHING THE
CYBERCROOK IN
THE PHILIPPINES
 Philippine Computer-related
Fraudulent Concerns

Numerous cases of Hacking [violation of

section (a) of RA 8792]
Status: on-going

Cyberspace defamation

Pornography and gambling

Sale of illegal firearms/drugs

Terrorist activities
 ELECTRONIC COMMERCE ACT
(RA 8792)
Violation of the Consumer Act or
Republic Act No. 7394 and other
relevant or pertinent laws through
transactions covered by or using
electronic data messages or electronic
documents, shall be penalized with
same penalties as provided by those
laws.
 PURPOSE
Recognition and use of electronic commercial and non-
commercial transactions

Aims to facilitate domestic and international

agreements and promote the universal use of
electronic transaction in the government and by the
general public

Promotes principle of technology neutrality and

interoperability wherein all solutions implemented shall
neither favor a particular technology over another nor
discriminate against or in favor of a particular vendors
in technology.
 PURPOSE
Ensures interoperability of systems forming
part of the government network

Harmonization of Philippine National

Standards to relevant international standards
in the field of information technology.
 Internet Regulation in the
Philippines
National Telecommunications Commission (NTC) is
the government agency that regulates and
supervises the telecommunications and broadcast
industry in the Philippines.

Under RA 7925 (Public Telecom Policy Act), value-

added services are deregulated services. Internet
service is classified as value-added service.

Thus, Internet service is a deregulated service.

Rates are dictated by market forces.

There are no technical standards set by the NTC.

 Addressing the problem

Existing legal regime also applies to digital

environment

Establishment of ITECC (Information Technology and

E-commerce Council)
composed of public/private sector
chaired by the President
focuses on ICT concerns and issues
 Goal of ITECC

Develop the Philippines as a world class ICT service

provider

Implement e-government

Enhance information infrastructure

Develop human capital

Create an enabling legal and regulatory environment

Committees Under ITECC
To achieve its goals, the following committees
were formed:

Information Infrastructure Development

Human Resource Development
Business Development
E-Government Implementation
Legal and Regulatory
• subcommittee specifically to deal on Internet security and
privacy was formed
 Proposed Measures
Memorandum of Agreement (MOA) to be
signed by law enforcement agencies
engaged in the investigation of computer-
related activities and ICT private sector
organizations
MOA will enable law enforcement agencies to
effectively carry out investigation of computer-
related fraudulent activities as the private sector
agrees to cooperate with enforcement agencies to
the fullest extent allowed under existing laws and
regulations.
 Proposed Measures
ITECC is pushing for the passage of a Cyber
Crime law

Private sector to provide technical and

communication assistance to law enforcement
agencies (MOA being prepared)

Creation of a separate agency that will deal on

ICT
Government Agencies Involved
National Bureau of Investigation (Anti-Fraud and
Computer Crimes Division)
investigation of all computer related crimes and other
offenses which make use of the advancement in
technology
Intellectual Property Office
handles intellectual property rights violations
National Telecommunications Commission
supervises and regulates the telecom and broadcast
industry
Department of Trade and Industry
implements E-Commerce Act
handles consumer complaints
 Other Agencies Involved
The Philippine Computer Emergency Response
Team (PH-CERT)
A counterpart of CERT-US, a non-profit organization
that aims to provide reliable and trusted point of
contact for computers, Internet and other information
technology related emergencies.

Information Technology Foundation of

the Philippines
To represent the IT industry in the government in the
formulation and implementation of policies, laws,
regulations and statues affecting the IT industry.
supervises and regulates the telecom and broadcast
industry
 Evolving Philippine Cyber Laws
Congress is conducting studies on further
enumerating different computer crimes not covered
by present laws
Among the proposals are:
Punish intentional unauthorized access of Philippine
government computers and those of private financial and
banking institutions
Exceeding authorized access also be made a crime
Punishment of computer sabotage, domain-squatting and
“spamming”
Unauthorized distribution through the Internet of
copyrighted audio and video works
Despite constitutional guarantee of freedom of speech
and privacy, introduction of immoral doctrines, obscene
publications and exhibitions in cyberspace be made a
crime
 Evolving Philippine Cyber Laws

In response to terrorist threats, National Security

Council (intelligence policy authority) is proposing
before Congress for the passage of a law that,
subject to certain limitations, “carnivore” programs
or that which purposely read email messages and
trace certain addresses be authorized by trial
judges, much like search warrants.
Challenges and Priority Needs

Lack of equipment/technical capability

Lack of training (investigators, prosecutors,
regulators, enforcers, lawyer, judges)
Question of jurisdiction
Increase public awareness and public
consciousness
Closer coordination with other concerned
agencies, locally and internationally
End of presentation
Thank you