COMPUTER CRIMES

SUBMITTED BY:
SALES, GERONCIO SERDENIA, MARICEL TOLENTINO, PSYCHE VILLANUEVA, APRIL WAGAN, VERDETH MARIE

I.

DEFINITION
Computer crime, or cybercrime, refers to any violations of criminal law that involves knowledge of computer technology for their perpetration, investigation, or prosecution.
1

The Commission on Information and Communication Technology (CICT) define

cybercrimes as those offenses done in the realm of the internet which, just like usual offenses, have grave and concrete effects to the ones who are affronted. The crimes identified are hacking, identity theft, phishing, spamming, website defacement, denialof-service (DoS) attacks, malware or viruses, child pornography, and cyber prostitution. Such crimes are not yet punishable under the country's criminal law.

II.

Usual Crimes

The U.S. Department of Justice (DOJ) divides computer crime into three general categories: 1) The crime of obtaining computer hardware, peripherals, and software illegally; 2) Crimes that actually target a computer network or device directly (Computer hacking; viruses; worms; Trojan horses; logic bombs; malware; sniffers; bots, spyware, etc.); and 3) Crimes committed through the use of computer networks or devices (Cyberspace Crime), although the crime committed does not target the actual computer or the network (Fraud and identity theft: phishing and pharming scams; corporate espionage; embezzlement; copyright infringement with software, music and movie piracy; cyber terrorism; child pornography trafficking, and more).2 In the Philippines,

Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing.
2

Legal Directories

III.

HISTORY

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime.3 Cyber-criminals, sometimes called "blackhatters," received notoriety in 1971 when John Draper managed to figure out a way to make long distance calls for free, according to "Cybercrime: A Reference Handbook." Draper used a toy whistle to fool AT&T systems into thinking a call had ended, thereby stopping charges. Another important case occurred in 1985 when two hackers stole a telecom engineer's password and left messages for the Duke of Edinburgh. In some respects, the state of modern cyber crime reflects the origins of the first hackers. Its significance, before blackhats, benevolent "whitehats" from MIT genuinely wanted to use hacking for good. They based this on the idea that one should gain recognition for ingenuity based on creativity and results, not education or conferral, according to the Cybercrime Reference Handbook. Additionally, the whitehats felt that the government should not keep software and info from the public. For most of its early history, cyber crime was often via non-technical means, such as looking over someone's shoulder for a password or masquerading as a computer technician. In the late 1990s, two viruses--"Melissa" and "I Love You"--started spreading around the Internet causing slowdowns and damage, and making the public more aware of the dangers of virtual crime, according to TIME.

i.
3

Cybercrime History in the Philippine Setting

http://cybercrime.planetindia.net/intro.htm

Onel de Guzman, the Philippine dropout who, in August 2000, created and unleashed a remarkably dangerous computer virus called I LOVE YOU, cost several companies, governments, and citizens billions of US dollars in damages. The I LOVE YOU Computer Virus. The virus was received in e-mail inboxes in Hong Kong on 4 May, 2000, with subject I LOVE YOU and an attachment LOVE-LETTER-FORYOU.TXT.vbs.. It erases or blurs the graphics and data in the computer and gets the contact addresses in the computer directory, and sends the same email to all contacts listed in that directory. Once received and opened in another computer, it replicates all that it did previously. The replication went on and on, sweeping all computers where the email was received and opened, from Hong Kong, to Europe, to the United States, infecting and damaging computers and networks of small and big companies, private and government institutions. The damage was about US$ 5.5 billion; some reports say US$ 10 billion. The I LOVE YOU virus illustrated that a person armed with a computer could, from a distant location,4 since there were no laws in the Philippines against writing
malware at the time, de Guzman was released with all charges dropped by state prosecutors5 To address this legislative deficiency, the Philippine Congress enacted Republic Act No. 8792 otherwise known as the E-Commerce Law, in July 2000, just two months after the worm outbreak.6

ii.

Cybercrime in the current Philippine context

Cybercrime forms have evolved through the years with the continued growth and popularity of the Internet. Authorities said the most used social networking sites in carrying out the crimes are Facebook, Twitter, Multiply, and E-bay although other crimes have been committed through the use of cellphone, e-mail, and other websites.

4 5

Gilbert C. Sosa Arnold, Wayne (2000-08-22). "Technology; Philippines to Drop Charges on E-Mail Virus". The New York Times. Retrieved 2010-05-05. 6 Joselito Guianan Chan, Managing Partner, Chan Robles & Associates Law Firm (2001-0801). "Chanrobles.com". Chanrobles.com. Retrieved 2010-12-05.

In intervening years, e-commerce has gained a foothold, websites have increased tenfold while online shopping sites, blogs and social networking sites like Friendster, Twitter, MySpace and Facebook which has a following of around 20 million in the Philippines, have grabbed the attention of Internet surfers and tech-savvy individuals all over the world, pushing cybercriminals to modify their act or wear a new hat altogether. Records showed that Internet users in the country increased by as much as 1,000 percent from 2003 up to present. The Philippines ranks number 5 worldwide in terms of the number of Facebook users. Records show there are more than 22 million Filipinos who have Facebook accounts. Hence, cyberspace in its current state, is tainted with illegal activities ranging from website defacements, libel, cyber stalking, computer forgery, malware invasion in which a harmful software gains access to a computer system without the users knowledge and consent, illegal uploading of indecent material such as photos, music, and videos, online pornography, child prostitution and cybersex which mostly involve foreigners operating
Senior Supt. Gilbert C. Sosa, head of the Anti-Transnational Crime Division of the Criminal Investigation and Detection Group, said that from January to June this year, they have recorded 56 computer-related crimes compared to the 72 similar cases they investigated last year.

The ploy of convincing an Internet surfer to install software

and allow cybercriminals to earn, is called Pay-Per-Install. They have other underground ploys as well: Pay-Per-Click wherein criminals earn income whenever surfers click on advertising links put up by these cyber partnerships, and Credential Theft, wherein confidential information such as credit card numbers and banking credentials are stolen. Credential Theft also pertains to the use of money mules and pack mules. According to senior threat researcher Nart Villeneuve, The default lifeblood of cybercrime is theft and the Philippines is an emerging market when it comes to online banking and purchasing. With the boom of BPOs and medical tourism, cybercrime is sure to follow the monetary breadcrumbs here.7
7

Philtechnology

IV.

BILLS PASSED

In order to curb the threat posed by cybercrime, the Philippine Congress enacted Republic Act (RA) 8792, otherwise known as the Electronic Commerce Act of 2000. RA 8792 provides for the legal recognition and admissibility of electronic data messages, documents and signatures. This was signed into law on 14 June 2000. The salient features of the Act are as follows: Provides for the admissibility of electronic documents in court cases; Penalizes limited online crime, such as hacking, introduction of viruses and copyright violations of at least Php100,000 and a maximum commensurate to the damage incurred, and imprisonment of six months to three years, among others; Promotes e-commerce in the country, particularly in business-to-business and business-to-consumer transactions whereby business relations are enhanced and facilitated and consumers are able to find and purchase products online; Aims to reduce graft and corruption in government as it lessens personal interaction between government agents and private individuals. RA 8792 is considered the landmark law in the history of the Philippines as a legitimate player in the global marketplace. It has placed the Philippines among the countries penalizing cybercrime. Likewise, the Supreme Court drafted the Rules on Electronic Evidence, which took effect on 1 August 2000, to emphasize the admissibility of evidence in electronic form, subject to its authenticity and reliability. This restriction intends to safeguard against accepting evidence of doubtful character. We have also the Access Devices Regulation Act of 1998 (RA 8484) which regulates the issuance and use of access devices, prohibiting fraudulent acts committed and providing penalties and for other purposes; and, Philippine Central Bank Circular 240 dated 7 April 2000 regulating the electronic banking services of financial institutions. While RA 8792 is already in place, it was found to have failed to address all forms of cybercrime that are enumerated in the Budapest Convention on Cybercrime of 2001, namely: Offences against confidentiality, integrity and availability of computer data and systems which include illegal access, illegal interception, data interference, system interference, misuse of devices;

 Computer-related offences which include computer-related forgery and computer-related fraud; Content-related offences such as child pornography; Offences related to infringement of copyright and related rights. Enforcing the law with the use of the existing guidelines embodied in the Revised Penal Code, as amended, may not work for cybercrime. Unlike the traditional and terrestrial crimes which deal with corporeal evidence, cybercrime involves more electronic data which are intangible evidence. In order to cope with the daunting problem of cybercrime, the Department of Justice (DOJ) created the Task Force on E-Government, Cyber-security and Cybercrime in 2007 to deal with cyber-security issues in relation to legislation and investigation. It was created to pursue the e-government agenda, institutionalize a cyber-security regime and implement laws. The said task force worked closely with the Council of Europe, a private organization, and local experts composed of IT practitioners and other stakeholders.8 In the increasing rate of Cybercrimes, House Bill 6794, also known as the Cybercrime Prevention Act of 2009 was passed in the congress. Having read through the entire bill and it looks like this will have an impact on internet marketing practices in the Philippines, especially with e-mails. While a bit vague, the bill also might affect online gaming publishers and their respective communities. The highlights of the proposed bill contain:

CHAPTER II PUNISHABLE ACTS SEC. 4. Cybercrime Offenses: The following acts constitute the offenses of cybercrime punishable under this Act:

Gilbert C. Sosa

A. Offenses against the confidentiality, integrity and availability of computer data and systems: 1. Illegal Access. The intentional access to the whole or any part of a computer system without right. 2. Illegal Interception. the intentional interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data: Provided, That it shall not be unlawful for an officer, employee, or agent of a service provider, whose facilities are used in the transmission of communications, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity that is necessary to the rendition of his service or to the protection of the rights or property of the service provider, except that the latter shall not utilize service observing or random monitoring except for mechanical or service control quality checks: 3. Data Interference the intentional or reckless alteration of computer data without right; 4. System Interference the intentional or reckless hindering without right of the functioning of a computer system by inputting, transmitting, deleting or altering computer data or program; 5. Misuse of Devices (a) The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of: (i) a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offenses under this Act; or (ii) a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with the intent that it be used for the purpose of committing any of the offenses under this Act; (b) The possession of an item referred to in paragraphs A,5(a) (i) or (ii) herein with the intent to use said devices for the purpose of committing any of the offenses under this Section: Provided, That no criminal liability shall attach when

the use, production, sale, procurement, importation, distribution, or otherwise making available, or possession of computer devices/data referred to is for the authorized testing of a computer system. B. Computer-related Offenses: 1. Computer Forgery (a) The intentional input, alteration, or deletion of any computer data, without right resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible; or (b) The act of knowingly using a computer data which is the product of computerrelated forgery as defined herein, for the purpose of perpetuating a fraudulent or dishonest design. 2. Computer-related Fraud the intentional and unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, including but not limited to phishing, causing damage thereby, with the intent of procuring an economic benefit for oneself or for another person or for the perpetuation of a fraudulent or dishonest activity: Provided, That if no damage has yet been caused, the penalty imposable shall be one degree lower. C. Content-related Offenses: 1. Cybersex engaging in any of the following acts: (a) Establishing, maintaining or controlling, directly or indirectly, any operation for sexual activity or arousal with the aid of or through the use of a computer system, for a favor or consideration; (b) Recording private acts, including but not limited to sexual acts, without the consent of all parties to the said acts or disseminating any such recording by any electronic means with or without the consent of all parties to the said acts; (c) Coercing, intimidating, or fraudulently inducing another into doing such indecent acts for exhibition in the internet with the use of computer technologies;

(d) Exhibiting live or recorded shows depicting sexual or other obscene or indecent acts; (e) Posting of pictures depicting sexual or other obscene or indecent acts; (f) Establishing, financing, managing, producing, or promoting a cybersex operation; (g) Participating, in whatever form, in the cybersex operation;9 V.

RECOMMENDATIONS:

In section 4 of Chapter II, it will basically criminalize hacking. Its very vague though since it just says computer data or program. Its pretty obvious that this will safeguard the rights of website owners from hackers but does this also extend to social networks, emails, and other online programs where your account can be hi-jacked by other malicious users. If the entire contents above are included in the scope of the bill then the body that will handle cybercrime complaints should prepare themselves for a deluge of cases as soon as this is public. The lack of detail in the bill will definitely increase the issues and the confusion in punishing the criminals would be in question. It would be proper to create a special agency with the technical expertise to monitor and regulate cyber-activities. Also Law enforcement agencies be manned by law enforcement personnel with adequate computer skills and technical expertise and thoroughly trained to operate highly technical equipment. These agencies should have adequate resources to be provided to law enforcement agencies in order to acquire the necessary tools, equipment and technical skills and continuously upgrade them for the defense of network systems from cybercrime attacks. Crimes will be prevented if technologies like firewalls, encryption and other infrastructure systems are required for all computer network systems in order to prevent intrusion but the Co-operation among all sectors of society to combat cybercrime

New Media Philippines

would be a definite solution. Lastly, Advocacy to increase awareness of the dangers of cybercrime is strengthened to include public awareness in order for everyone to become responsible and ethical users of computers and information systems to enhance continuous efforts to lobby the members of Congress for the immediate passage of the cybercrime bill, to include the problem of cyber-terrorism. Since we want to combat cybercrime it would be necessary Technical equipment must also be updated, as technology is rapidly changing, in order to cope with the modern equipment of todays cybercrime offenders. 10

VI.

PROBLEMS

THAT

MIGHT

BE

ENCOUNTERED

IN

EXECUTING CYBERCRIMES
Internet has grown so big, there remains a lack in measures to regulate the technology and prevent cybercrimes. The present laws are not sufficient to completely deter cyber-offenders and to protect the Philippines cyberspace. For instance, the most important cyber-security legislation in the country, which is Republic Act 8792 or the E-Commerce Act, enacted on 14 June 2000, only penalizes hacking, cracking and piracy. It does not provide penalties for other cybercrimes such as cyber-fraud and similar offences. Up to this time, the general public is not yet properly educated on the debilitating effect of cyber intrusions and improper computer ethics. One of the challenges in cybercrime enforcement is the extradition of suspects from one country to another. If two countries don't have the same or similar legislation for that matter, double criminality can't be established which is a requirement for extradition. The public should understand its role in securing the countrys cyberspace.11

10

Gilbert Sosa, 40TH INTERNATIONAL TRAINING COURSE PARTICIPANTS PAPERS.

11

Philippine Internet Review: 10 Years of Internet History Friday, January 05, 2007