CYBERCRIME AND SECURITY

Cybercrime

is committed in cyberspace using information and communication technologies such as televisions, smartphones, computers, networks, and other communication devices.

Cybercrime Categories

These are the four categories fitting the definition of cybercrime: o Cyber-enabled offenses. o Cyber-dependent offenses. o Computer/cyber-supported offenses; and o national security offenses or cyberterrorism.

Cyber-Enabled Offenses

These are offenses committed with or without technology but increased their reach using such technologies. These cybercrimes are also described as “technology-as-instrument” offenses.

Identity theft

refers to obtaining or possessing another’s identity and information to commit a legal offense

Identity fraud

refers to the fraudulent impersonation of someone to gain an advantage, obtain property, cause a disadvantage, or avoid prosecution

Phishing

refers to luring users to log onto a fake website that appears real to gather sensitive information, such as the user’s password, account number, ATM PIN, and credit card.

Cyberbullying and Online Harassmen

Online tools and social media applications are used to harass, intimidate, or embarrass another person or other identifiable groups.

Cyber-Dependent Offenses

These are offenses that are strictly committed using information and communication technologies. Cyber-dependent crimes target network systems and data confidentiality, integrity, and availability.

Examples:Hacking, Unauthorized access, Modification of data, Impairment of data.

Hacking

refers to someone manipulating a computer system or private network to access digital files or systems without proper authorization. Hacking can be classified into five categories

Unauthorized access

refers to gaining logical or physical entry to a network, data, website, program, or another system, without proper authorization or credentials

Modification of data

refers to inserting, removing, or altering data without proper authorization

Impairment of data

refers to disrupting the transmission or communication of data.

Interception of data

refers to the unauthorized access and alteration in the data transmission between machines for personal or financial gain.

Misuse of assets

refers to the unauthorized use of company files, systems, computers, and networks to damage the company's properties.

Cyber-attack

These are attacks that use computers against other computers or networks to modify, steal, or gain information through unauthorized access. An insider or an outsider can initiate an attack.

Examples: Inside attack, Outside attack

Inside attack

an attack from inside the security perimeter, also called “insider.

Outside attack

an attack from outside the security perimeter or the system, also called “outsider.”

Malware

or malicious software- is software-based hacking and cyber-attacking tools. The difference between malware and software is that malware is intentionally malicious.

Examples: Virus, Worm, Trojan

Virus

This is designed to spread from one program to another, which can self-replicate. When a virus is executed, it replicates itself by changing other computer programs, documents, or boot sectors.

Worm

Unlike viruses, this standalone malware replicates itself without human intervention. It uses a computer network to spread itself by depending on the security failures of the targeted computer to access it.

Trojan

trojan horse or trojan virus, appears as a legitimate program when downloaded to a computer. It can be found on file-sharing sites, email attachments, sketchy websites, and hacked Wi-Fi networks.

Spammer

sends massive amounts of unsolicited commercial emails to illegally acquired email addresses. While this is illegal, these programs are not fundamentally destructive.

Spyware

used to perform illegal activities such as creating malicious pop-up advertisements, capturing banking login details, and taking screenshots of the visited websites.

Computer/Cyber-Supported Offenses

These offenses deal with the illegal use of computers for data storage, documentation, and communication. Computer/cyber-supported offenses are instances wherein the use of the computer or network is not vital to the actual crime but may still be legally relevant to be considered as evidence or as an accessory to the crime.

National Security Offenses

These are considered cyberterrorism, an umbrella term for unlawful offenses that commit terrorist activities or engage in terrorism against computers, networks, and the information stored therein. It is the conjunction of terrorism and cyberspace.

cyberterrorism

an umbrella term for unlawful offenses that commit terrorist activities or engage in terrorism against computers, networks, and the information stored therein. It is the conjunction of terrorism and cyberspace.

Examples: Incursion, Destruction, Disinformation

Incursion

sudden invasive attacks targeting computer information systems, networks, infrastructure, or personal electronic devices.

Destruction

an umbrella term for destroying digital data where it becomes unreadable, inaccessible, or susceptible to unauthorized purposes

Disinformation

refers to the intentional dissemination of false information to mislead, confuse, or manipulate an audience.

Distributed Denial of Service (DDoS)

refers to malicious attempts from multiple machines to disrupt computer networks by temporarily or indefinitely making them inaccessible.

Defacement of Websites

refers to malicious attacks targeting websites to replace their content with the attacker’s message. These offenses convey political or religious messages, profanity, and other inappropriate content.

Penalties

Any person or group found liable for any of the offenses in Cyberenabled, and Cyber-enabled offenses are punished with prision mayor which is six (6) years and one (1) day to 12 years of imprisonment or a fine of at least P200,000.

Misuse of Assets penalty

punished with prision mayor or a fine of not more than P500,000 or both.

Cyber-enabled offenses penalty

critical infrastructure, reclusion temporal which is 12 years and 1 day to 20 years of imprisonment, or a fine of at least P500,000

Computer/Cyber-Supported and National Security Offenses Penalty

imprisonment one (1) degree lower than the advised penalty for the offense or a fine of at least P100,000 but not exceeding P500,000 or both is imposed.

Cybersecurity

is securing computer systems, networks, and programs from any cyber-attack. It is one of the fastest-growing global challenges that is becoming increasingly important to address, with its enormous implications for government security, economic prosperity, and public safety.

Encryption

It takes plain text, such as a message or an email, and codes it into an unreadable format. It protects the user from illegal and unauthorized access and various malicious attacks.

encryption keys

Encryption is encoded using_____which are part of specific algorithms.

decryption key

used to decrypt data to make it readable again.

Authentication

It is a technique to validate the identity of an end user or a computer program. Nowadays, personal identification numbers (PINs), driving licenses, and government IDs are used for authentication.

Example: Valid passport

Biometrics

It assures good security as an individual’s physical and behavioral traits are permanent and unique. Unlike security keys and passwords, physical and behavioral traits are harder to lose and duplicate.

Example: Uses of Eyes, Fingerprints, face, Optical scanners, ultrasonic, voice

Firewall

It is the barrier between networks implemented in software, hardware, or cloud-based applications. It serves as the first line of defense utilized for blocking inbound specific packet types from reaching the protected network and for eliminating unauthorized data access to defend the network.

Example: imagine a wall around a city that prevents people and merchandise from getting in and out of the town. Inspectors check people and packages that want to get in or out based on city policies.

Virus Detection

Antivirus or anti-malware software for computers prevents, detects, and removes any malicious software. It helps users isolatethe infected file from cyber-attacks like ransomware, trojan horses, phishing, and DDoS attacks.

Phishing Detection

As phishing models evolve, phishing detection technologies for identifying and preventing attacks now use the same characteristics that attackers use:

Visual Similarity-Based Phishing Detection

it targets the visual likeness of the phishing sites. The visual representations of the legitimate websites are stored in a database wherein the malicious website in question crosses the similarity threshold.

Blacklist-Based Phishing Detection

Most blacklist-based phishing detection technologies keeps a database of approved and unapproved URLs.

Web Crawling-Based Phishing Attack Detection (WC-PAD)

When the user visits a website, the first thing that WC-PAD checks is whether the website link is in the DNS blacklist.