cyber 2
Types of Hackers
a. White Hat Hackers
10
also known as ethical hackers, strive to operate in the public best interest, rather than to create turmoil.
They play a proactive and preventive role, using the same tools and techniques as malicious hackers but with
permission and for the purpose of strengthening digital defenses.
They identify vulnerabilities before black hat hackers can exploit them.
b. Black Hat Hackers
-
They hack to take control over the system for personal gains. They destroy, steal and even prevent authorized
users from accessing the system.
- The digital outlaws of internet world; individual who exploit systems with malicious intent, often for financial gain,
espionage or disruption.
- Malicious-stealing data, spreads malware, extorting victims, or sabotaging systems.
c. Gray Hat Hackers
They belong to the neutral zone.
- They act in the middle ground between white hat hackers, who operates on behalf of those maintaining secure
systems, and sometimes act as black hat hackers who act maliciously to exploit vulnerabilities in systems.
- Mixed: often to expose vulnerabilities or improve security, but with consent.
4. PHISHERS
They want your personal information and most likely, your identity, by directing you a phony website.
They are initiators of fraud via deceptive communication (E-Mail, SMS, Voice, Etc.).
- Their primary goal is to steal credentials, financial data or personal information, they use impersonation,
urgency, fake links or malicious attachments.
5. POLITICAL/RELIGIOUS/COMMERCIAL GROUP
- Tend to not be interested in financial gain. These guys develop malware for political ends.
- Stunet work which attacked Iran's atomic program of its Nuclear Facilities was believed to be created by a
foreign govemment.
6. INSIDERS
- These attackers are considered to be the highest risk. To make matters worse, as the name suggest, they often
reside within an organization.
7. ADVANCED PERSISTENT THREAT (APT) AGENTS
- This group is responsible for highly targeted attacks carried out by extremely organized state-sponsored
groups. Their technical skills are deep and they have access to vast computing resources.
REPUBLIC ACT 10175 - CYBERCRIME PREVENTION ACT OF 2012
IMPLEMENTING RULES AND REGULATIONS
Date Filed: September 21, 2015
CYBER INTELLIGENCE PROCESS
- Defined as the tracking, analyzing and countering of digital security threats. This type of intelligence is a mixture
of physical espionage and defense with moder information technology.
- The cyber intelligence community provides security against digital threats such as viruses, hackers and
terrorists that aim to steal sensitive information over the internet.
RULE 3: ENFORCEMENT AND IMPLEMENTATION
a. SECTION 10. LAW ENFORCEMENT AUTHORITIES
11
g. 12
h. i. The NBI and PNP cybercrime unit or division shall have the folowing powers and functions:
a. Investigate all cybercrimes where computer systems are involved;
b.
Conduct data recovery and forensic analysis on computer systems and other electronic evidence seized;
c. Formulate guidelines in investigation, forensic evidence recovery, and forensic data analysis consistent with
industry standard practices;
d. Provide technological support to investigaling units within the PNP and NBI including the search, seizure,
evidence preservation and forensic recovery of data from crime scenes and systems used in crimes, and
provide testimonies:
e.
Develop public, private sector, and law enforcement agency relations in addressing cybercrimes;
f.
Maintain necessary and relevant databases for statistical and/or monitoring purposes;
Develop capacity within their organizations in order to perform such duties necessary for the enforcement of the
Act;
Support the formulation and enforcement of the national cybersecurity plan; and
Perform other functions as may be required by the Act.
b. SECTION 11. DUTIES OF LAW ENFORCEMENT AUTHORITIES
To ensure that the technical nature of cybercrime and its prevention is given focus, and considering the procedures
involved for international cooperation, law enforcement authorities, specifically the computer or technology crime
divisions or units responsible for the investigation of cybercrimes, are required to submit timely and regular reports
including pre-operation, post-operation and investigation results, and such other documents as may be required to
the Department of Justice (DOJ) - Office of Cybercrime for review and monitoring.
Law enforcement authorities shall act in accordance with the guidelines, advisories and procedures issued and
promulgated by the competent authority in all matters related to cybercrime, and utilize the prescribed forms and
templates, including, but not limited to, preservation orders, chain of custody, consent to search, consent to
assume account/online identity and request for computer forensic examination.
C. SECTION 12. PRESERVATION AND RETENTION OF COMPUTER DATA
The integrity of traffic data and subscriber information shall be kept, retained and preserved by a service provider
for a minimum period of six 6) months from the date of the transaction. Content data shall be similarly preserved
for six 6) months from the date of receipt of the order from law enforcement authorities requiring its preservation.
Law enforcement authorities may order a one-time extension for another six 6) months: Provided, That once
computer data that is preserved, transmitted or stored by a service provider is used as evidence in a case, the
mere act of fumishing such service provider with a copy of the transmittal document to the Office of the Prosecutor
shall be deemed a notification to preserve the computer data until the final termination of the case and/or as
ordered by the Court, as the case may be.
d.
The service provider ordered to preserve computer data shall keep the order and its compliance therewith
confidential.
SECTION 13. COLLECTION OF COMPUTER DATA
Law enforcement authorities, upon the issuance of a court warrant, shall be authorized to collect or record by
technical or electronic means, and the service providers are required to collect or record by technical or electronic
means and/or to cooperate and assist in the collection or recording of computer data that are associated with
specified communications transmitted by means of a computer system.
The court warrant required under this section shall be issued or granted upon writen application, after the
examination under oath or affirmation of the applicant and the witnesses he may produce, and the showing that: (1)
there are reasonable grounds to believe that any of the crimes enumerated hereinabove has been committed, is
i.
J.
13
eing committed or is about to be committed; (2) there are reasonable grounds to believe that the evidence that wil
be obtained is essential to the conviction of any person for, or to the solution of, or to the prevention of any such
crimes; and (3) there are no other means readily available for obtaining such evidence.
e. SECTION 14. DISCLOSURE OF COMPUTER DATA
Law enforcement authorities, upon securing a court warrant, shall issue an order requiring any person or service
provider to disclose or submit, within seventy-two (72) hours from receipt of such order, subscriber's information,
traffic data or relevant data in his/its possession or control, in relation to a valid complaint officially docketed and
assigned for investigation by law enforcement authorities, and the disclosure of which is necessary and relevant for
the purpose of investigation.
Law enforcement authorities shall record al sworn complaints in their official docketing system for investigation.
f. SECTION 15. SEARCH, SEIZURE AND EXAMINATION OF COMPUTER DATA
Where a search and seizure warrant is properly issued, the law enforcement authorities shall likewise have the
following powers and duties:
a. Within the time period specified in the warrant, to conduct interception, as defined in this Rules, and to:
Search and seize computer data;
Secure a computer system or a computer data storage medium;
Make and retain a copy of those computer data secured:
4. Maintain the integrity of the relevant stored computer data;
5. 6. Conduct forensic analysis or examination of the computer data storage medium; and
Render inaccessible or remove those computer data in the accessed computer or computer and
communications network.
b. Pursuant thereto, the law enforcement authorities may order any person, who has knowledge about the
functioning of the computer system and the measures to protect and preserve the computer data therein, to
provide, as is reasonable, the necessary information to enable the undertaking of the search, seizure and
examination.
Law enforcement authorities may request for an extension of time to complete the examination of the computer
data storage medium and to make a return thereon, but in no case for a period longer than thirty (30) days from
date of approval by the court.
g. SECTION 16. CUSTODY OF COMPUTER DATA
Al computer data, including content and traffic data, that are examined under a proper warrant shall, within forty-
eight (48) hours after the expiration of the period fixed therein, be deposited with the court in a sealed package,
and shall be accompanied by an affidavit of the law enforcement authority executing it, stating the dates and times
covered by the examination, and the law enforcement authority who may have access to the deposit, among other
relevant data. The law enforcement authority shall also certify that no duplicates or copies of the whole or any part
thereof have been made or, if made, that al such duplicates or copies are included in the package deposited with
the court. The package so deposited shal not be opened, or the recordings replayed, or used in evidence, or their
contents revealed, except upon order of the court, which shall not be granted except upon motion, with due notice
SECTION 17. DESTRUCTION OF COMPUTER DATA
and opportunity to be heard to the person or persons whose conversation or communications have been recorded.
Upon expiration of the periods as provided in Sections 12 and 15 hereof, or until the final termination of the case
and/or as ordered by the Court, as the case may be, service providers and law enforcement authorities, as the
case may be, shal immediately and completely destroy the computer data that are the subject of a preservation
and examination order or warrant.
SECTION 18. EXCLUSIONARY RULE
Any evidence obtained without a valid warrant or beyond the authority of the same shall be inadmissible for any
proceeding before any court or tribunal.
SECTION 19. NON-COMPLIANCE
14
k. Failure to comply with the provisions of Chapter IV of the Act, and Rules 7 and 8 of Chapter VI hereof, specifically
the orders from law enforcement authorities, shall be punished as a violation of Presidential Order No. 1829
(entiled "Penalizing Obstruction Of Apprehension And Prosecution Of Criminal Offenders") with imprisonment
of prision correccional in its maximum period, or a fine of One Hundred Thousand Pesos (P100,000.00), or both for
each and every noncompliance with an order issued by law enforcement authorities.
SECTION 20. EXTENT OF LIABILITY OF A SERVICE PROVIDER
Except as otherwise provided in this Section, no person or party shal be subject to any civil or criminal liability in
respect of a computer data for which the person or party acting as a service provider merely provides access if
such liability is founded on:
a. The obligations and liabilities of the parties under a computer data;
b. The making, publication, dissemination or distribution of such computer data or any statement made in such
computer data, including possible infringement of any right subsisting in or in relation to such computer
data: Provided, That:
1. The service provider does not have actual knowledge, or is not aware of the facts or circumstances
from which it is apparent, that the making, publication, dissemination or distribution of such material is
unlawful or infringes any rights subsisting in or in relation to such material;
2. The service provider does not knowingly receive a financial benefit directly attributable to the unlawful
or infringing activity; and
3. The service provider does not directly commit any infringement or other unlawful act, does not induce or
cause another person or party to commit any infringement or other unlawful act, and/or does not
directly benefit financially from the infringing activity or unlawful act of another person or
party: Provided, further, That nothing in this Section shall affect:
Any obligation arising from contract;
i. The obligation of a service provider as such under a licensing or other regulatory regime
established under law;
li.
iv.
Any obligation imposed under any law; or
The civiliability of any party to the extent that such liability forms the basis for injunctive relief
issued by a court under any law requiring that the service provider take or refrain from actions
necessary to remove, block or deny access to any computer data, or to preserve evidence of a
violation of law. RULE 4: JURISDICTION
b.
a. SECTION 21. JURISDICTION
The Regional Trial Court shall have jurisdiction over any violation of the provisions of the Act, including any
violation committed by a Filipino national regardless of the place of commission. Jurisdiction shall lie if any of
the elements was committed within the Philippines, or committed with the use of any computer system that is
wholy or partly situated in the country, or when by such commission any damage is caused to a natural or
juridical person who, at the time the offense was commited, was in the Philippines.
SECTION 22. VENUE
Criminal action for violation of the Act may be filed with the RTC of the province or city where the cybercrime or
any of its elements is committed, or where any part of the computer system used is situated, or where any of
the damage caused to a natural or juridical person took place: Provided, That the court where the criminal
action is first filed shall acquire jurisdiction to the exclusion of other courts.
C. SECTION 23. DESIGNATION OF CYBERCRIME COURTS
There shall be designated special cybercrime courts manned by specially trained judges to handle cybercrime
SECTION 24. DESIGNATION OF SPECIAL PROSECUTORS AND INVESTIGATORS
The Secretary of Justice shall designate prosecutors and investigators who shall comprise the prosecution task
force or division under the DOJ-Office of Cybercrime, which wil handle cybercrime cases in violation of the Act.
RULE 5: INTERNATIONAL COOPERATION
a. SECTION 25. INTERNATIONAL COOPERATION
Al relevant international instruments on international cooperation on criminal maters, and arrangements agreed
on the basis of uniform or reciprocal legislation and domestic laws shall be given ful force and effect, to the
widest extent possible for the purposes of investigations or proceedings concerning crimes related to computer
systems and data, or for the collection of electronic evidence of crimes.
The DOJ shal cooperate and render assistance to other contracting parties, as wel as request assistance from
foreign states, for purposes of detection, investigation and prosecution of offenses referred to in the Act and in
the collection of evidence in electronic form in relation thereto. The principles contained in Presidential Decree
No. 1069 and other pertinent laws, as wel as existing extradition and mutual legal assistance treaties, shall
apply. In this regard, the central authority shall:
a. Provide assistance to a requesting State in the real-time collection of traffic data associated with specified
communications in the country transmitted by means of a computer system, with respect to criminal offenses
defined in the Act for which real-time collection of traffic data would be available, subject to the provisions of
Section 13 hereof;
b. Provide assistance to a requesting State in the real-time collection, recording or interception of content data of
specified communications transmitted by means of a computer system, subject to the provision of Section 13
hereof;
C. Allow another State to:
1. Access publicly available stored computer data located in the country or elsewhere; or
2. Access or receive, through a computer system located in the country, stored computer data located in
another country, if the other State obtains the lawful and voluntary consent of the person who has the
lawful authority to disclose the data to said other State through that computer system.
d. Receive a request of another State for it to order or obtain the expeditious preservation of data stored by means
of a computer system located within the country, relative to which the requesting State shall submit a request for
mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the stored
computer data: Provided, That:
1. A request for preservation of data under this section shall specify:
i. i. The authority seeking the preservation;
The offense that is the subject of a criminal investigation or proceedings and a brief summary
of the related facts;
il.
iv.
V.
The stored computer data to be preserved and its relationship to the offense;
The necessity of the preservation; and
That the requesting State shall submit a request for mutual assistance for the search or similar
access, seizure or similar securing, or disclosure of the stored computer data.
2. Upon receiving the request from another State, the DOJ and law enforcement agencies shall take al
appropriate measures to expeditiously preserve the specified data, in accordance with the Act and
not be required as a condition;
3. other pertinent laws. For the purposes of responding to a request for preservation, dual criminality shall
A request for preservation may only be refused if:
i.
ії .
The request concerns an offense that the Philippine Government considers as a political
offense or an offense connected with a political offense; or
The Philippine Goverment considers the execution of the request to be prejudicial to its
sovereignty, security, public order or other national interest.
15
4.
Where the Philippine Govemment believes that preservation wil not ensure the future availability of the
data, or wil threaten the confidentiality of, or otherwise prejudice the requesting State's investigation, it
shall promptly so inform the requesting State. The requesting State wil determine whether its request
should be executed; and
5. Any preservation effected in response to the request referred to in paragraph (d) shall be for a period
not less than sixty (60) days, in order to enable the requesting State to submit a request for the search
or similar access, seizure or similar securing, or disclosure of the data. Following the receipt of such a
request, the data shall continue to be preserved pending a decision on that request.
e. Accommodate request from another State to search, access, seize, secure, or disclose data stored by means of
a computer system located within the country, including data that has been preserved under the previous
subsection.
The Philippine Govemment shall respond to the request through the proper application of international
instruments, arrangements and laws, and in accordance with the following rules:
1. The request shall be responded to on an expedited basis where:
There are grounds to believe that relevant data is particularly vulnerable to loss or modification;
or
i. The instruments, arrangements and laws referred to in paragraph (b) of this section otherwise
provide for expedited cooperation.
2. The requesting State must maintain the confidentiality of the fact or the subject of request for
assistance and cooperation. It may only use the requested information subject to the conditions
specified in the grant.
f. Make a request to any foreign state for assistance for purposes of detection, investigation and prosecution of
offenses referred to in the Act;
g. The criminal offenses described under Chapter Il of the Act shall be deemed to be included as extraditable
offenses in any extradition treaty where the Philippines is a party: Provided, That the offense is punishable
under the laws of both Parties concerned by deprivation of liberty for a minimum period of at least one year or
by a more severe penalty.
The Secretary of Justice shall designate appropriate State Counsels to handle al matters of international cooperation as
provided in this Rule.
RULE 6: COMPETENT AUTHORITIES
a. SECTION 26. CYBERCRIME INVESTIGATION AND COORDINATING CENTER; COMPOSITION. - The inter-
agency body known as the Cybercrime Investigation and Coordinating Center (CICC), under the administrative
supervision of the Office of the President, established for policy coordination among concerned agencies and for
the formulation and enforcement of the national cyber security plan, is headed by the Executive Director of the
Information and Communications Technology Office under the Department of Science and Technology (ICTO-
DOST) as Chairperson; the Director of the NBI as Vice-Chairperson; and the Chief of the PNP, the Head of the
DOJ Office of Cybercrime, and one (1) representative each from the private sector, non-govermental
organizations, and the academe as members.
The CICC members shall be constituted as an Executive Committee and shall be supported by Secretariats,
specifically for Cybercrime, Administration, and Cybersecurity. The Secretariats shall be manned from existing
personnel or representatives of the participating agencies of the CICC.
16
The CICC may enlist the assistance of any other agency of the government including govemment-owned and -
controlled corporations, and the following:
b. Bureau of Immigration;
Philippine Drug Enforcement Agency;
d. Bureau of Customs:
National Prosecution Service;
Anti-Money Laundering Council;
Securities and Exchange Commission;
h.
1.
National Telecommunications Commission; and
Such other offices, agencies and/or units, as may be necessary.
The DOJ Ofice of Cybercrime shal serve as the Cybercrime Operations Center of the CICC and shal submit
periodic reports to the CICC.
Participation and representation in the Secretariat and/or Operations Center does not require physical presence,
but may be done through electronic modes such as email, audio-visual conference calls, and the like.
b. SECTION 27. POWERS AND FUNCTIONS
The CICC shall have the following powers and functions:
b. a. Formulate a national cybersecurity plan and extend immediate assistance for the suppression of real-time
commission of cybercrime offenses through a computer emergency response team (CERT);
Coordinate the preparation of appropriate and effective measures to prevent and suppress cybercrime activities
as provided for in the Act;
c. Monitor cybercrime cases being handled by participating law enforcement and prosecution agencies;
d. Facilitate international cooperation on intelligence, investigations, training and capacity-building related to
cybercrime prevention, suppression and prosecution through the DOJ-Office of Cybercrime;
e. Coordinate the support and participation of the business sector, local goverment units and NGOs in
cybercrime prevention programs and other related projects;
f. Recommend the enactment of appropriate laws, issuances, measures and policies;
g. Cal upon any government agency to render assistance in the accomplishment of the CICC's mandated tasks
and functions;
h. Establish and perform community awareness program on cybercrime prevention in coordination with law
enforcement authorities and stakeholders; and
i. Perform al other matters related to cybercrime prevention and suppression, including capacity-building and
such other functions and duties as may be necessary for the proper implementation of the Act.
C. SECTION 28. DEPARTMENT OF JUSTICE (DOJ; FUNCTIONS AND DUTIES
The DOJ- Office of Cybercrime (OOC), designated as the central authority in al matters related to international
mutual assistance and extradition, and the Cybercrime Operations Center of the CICC, shall have the following
functions and duties:
a. Act as a competent authority for al requests for assistance for investigation or proceedings concerning
of evidence, giving legal information and location of suspects;
cybercrimes, facilitate the provisions of legal or technical advice, preservation and production of data, collection
b. 17
Act on complaints/referrals, and cause the investigation and prosecution of cybercrimes and other violations of
c. Issue preservation orders addressed to service providers;
i. 1. d. Administer oaths, issue subpoena and summon witnesses to appear in an investigation or proceedings for
cybercrime;
e. Require the submission of timely and regular reports including pre-operation, post-operation and investigation
results, and such other documents from the PNP and NBI for monitoring and review.
1. Monitor the compliance of the service providers with the provisions of Chapter IV of the Act, and Rules 7 and 8
Facilitate intermational cooperation with other law enforcement agencies on intelligence, investigations, training
and capacity-building related to cybercrime prevention, suppression and prosecution;
Issue and promulgate guidelines, advisories, and procedures in all maters related to cybercrime investigation,
forensic evidence recovery, and forensic data analysis consistent with industry standard practices;
Prescribe forms and templates, including, but not limited to, those for preservation orders, chain of custody,
consent to search, consent to assume account/online identity, and request for computer forensic examination;
Undertake the specific roles and responsibilities of the DOJ related to cybercrime under the implementing Rules
and Regulation of Republic Act No. 9775 or the "Anti-Child Pornography Act of 2009"; and
Perform such other acts necessary for the implementation of the Act.
SECTION 29. COMPUTER EMERGENCY RESPONSE TEAM (CERT)
The DOST-ICT Office shall establish and operate the Computer Emergency Response Team (CERT) that shall
serve as coordinator for cybersecurity related activities, including but not limited to the following functions and
duties:
a. Extend immediate assistance to the CICC to fulfil its mandate under the Act with respect to matters related to
cybersecurity and the national cybersecurity plan;
b. Issue and promulgate guidelines, advisories, and procedures in all matters related to cybersecurity and the
national cybersecurity plan;
c. Facilitate international cooperation with other security agencies on intelligence, training, and capacity-building
related to cybersecurity; and
d. Serve as the focal point for all instances of cybersecurity incidents by:
1. Providing technical analysis of computer security incidents;
2. Assisting users in escalating abuse reports to relevant parties;
3. Conducting research and development on emerging threats to computer security;
4. Issuing relevant alerts and advisories on emerging threats to computer security.
5. Coordinating cyber security incident responses with trusted third parties at the national and
international levels; and
6. Conducting technical training on cyber security and related topics.
The Philippine National Police and the National Bureau of Investigation shall serve as the field operations arm of the
CERT. The CERT may also enlist other government agencies to perform CERT functions.
CYBER INVESTIGATION
- Refers to the systematic process of detecting, preserving, analyzing and presenting digital evidence in
cybercrime cases under Philippine Law.
- The cornerstone legislation is R.A. 10175 which defines and penalizes offenses; computer-related offenses and
1. content-related offenses. These laws empower investigators to secure special cyber warrants, compel service
providers to disclose data and uphold chain-of-custody requirements for admissibility in court.
RA 10173 (Data Privacy Act of 2012);
3. 2. RA 9995 (Anti-Photo and Video Voyeurism Act of 2009)
RA 11313 (Safe Spaces Act)
18
PHASE/STEP
CONTEXT
Preparation
SE/STEP
Obtain special cyber warrant (Rule 3, IRC annex C); coordinate with
DOJ-OOC for MLAT requests.
Identification
Leverage CERT-PH alerts via DICT; consult PNP ACG/NBI-CCD for
initial triage.
Preservation
Execute forensic imaging under PNP or NBI guidelines; secure devices
per IRR evidentiary rules.
Acquisition
Examination & Analysis
Issue data preservation orders to telcos or online platforms; collect logs
from NTC archives.
Use Philippine Digital Forensic Laboratory protocols; apply Volatility,
Autopsy, Wireshark.
Draft affidavits following Rules of Court; Submit reports to OCPD for
Reporting & Presentation ng & Presentation Draft affidavits following Rules of Court; Submit rcyber prosecution.
Remediation & Feedback Implement DOJ-OOC advisories; share lessons via PHILCERT and
PNP-ACG trainings.
ERT and
PNP-ACG trainings.
ROLES AND RESPONSIBILITIES
AGENCY MANDATE CORE FUNCTION
DOJ - Office of CybercAGENCY MANDATE CORE FUNCTION
DOJ - Office of Cybercrime (DOJ-
onal requests.
PNP-Anti-CyberPolicy, Cyber prosecution, mutual legal
crime Group
(PNP-ACG)
Frontline in0OC)
PNP-Anti-Cybercrime Group
Issue cyber warrants; handle
assistance.
Frontline investigations, digital
transnational requests.
CD)
Specialized investigat(PNP-ACG)
NBI - Cybercrime Division
forensics. Specialized investigations, high-
testimony.
Field operations; regional forensics
exam.
Laboratory examinations; expert
d
incident coordination. I(NBLCCD)
ries; coordinate threat
intelligenprofile/transnational cases.
National Cyber security strategy and
incident coordination. Issue advisories; coordinate threat
DICT & CERT-PH
National Telecommunications
Regulation of Telcos and ISPs. Data retention compliance; law
intelligence.
enforcement liaison.
Commission
ROLES AND RESPONSIBILITIES
PROCEDURE IN HANDLING COMPUTER /CYBER CRIME CASE
Purpose: The standard operating procedure prescribes a uniform and step-by-step process to be observed by al
personnel of CID in the conduct of investigation regarding Computer/Cybercrime cases.
Scope of Application:
This procedure shall be strictly, observed by investigators handling computer/cybercrime cases. The head of
office or chief must always be informed of the disposition or action taken on complaints. Computer and network can be
involved in crimes in several ways:
19
a. Computer or network can be a tool of crime (used to commit the crime)
b. Computer or network can be a target of the crime (the "victim")
c. Computer or network can be used for incidental purposes related to the crime
POLICY GUIDELINES OF COMMAND
1. Guidelines and procedures in the Conduct of Arrested Person under Custodial Investigation (R.A. 7438).
Guidelines on Police Intervention Operations such as arrest, raid, Search and seizure and others.
III. Guidelines on PNP personnel to strictly respect and uphold human rights.
PROCEDURES
A. Walk-in Complainant (Note: Complaints can be handled by RCIDU or coordinated with ATCD).
Complaints wil be guided to fil up a complaint sheet and affi his/her signature.
Swom statements and other necessary documents wil be prepared.
3. If the nature of complaint is pertaining to Computer/Cyber Crime cases such as but not limited to:
• Hacking/Cracking
• Email Cases (Hacking/Threat/Extortion)
• Identity Theft or in relation to Social Networking cases.
(Note: The investigator shall determine the Internet Protocol (IP) address or Domain Name Service (DNS) address in
question/involved in the investigation).
4. The investigator shall then conduct online WHOIS tracing on the identified IP address or Domain name
(website) to determine its Internet Service Provider (ISP) and Web Hosting Company.
5. If the result of the WHOIS traces to the local IP address and Local Domain Name Hosting, the
investigator shall coordinate with ISP and Web Hosting Company through letters to preserve the log
files and further identify the owner of the IP address and the registrant of Domain Name (Website).
6. Else, if the WHOIS traces foreign IP address and Foreign Domain Name Hosting, the investigator shall
coordinate with the foreign counter-part Law Enforcement Agency through Mutual Legal Assistance
Treaty (MLAT) procedures to get the information on the owner of the IP address and the registrant of
Domain Name (website). Coordination should be made with Legal Division, CIDG.
7. After the completion of the investigative requirements, the case wil be filed in court for possible arrest
and conviction of the suspect. If not, pursued the solution of the case.
(Note: Al seized devices should be sent to Computer Forensic Sec, ATD, CIDG for Computer/Cellphone Forensic
examination) 8. If the nature of the complaint is pertaining to cellphone-related cases such as but not limited to:
• Text Scam
• Cellphone Threat
• Cellphone Extortion, and etc.
(Note: The investigator shall identify the subscriber identity module (SIM) Card number and its corresponding
Telecommunication Company (TELCO) carrier: SMART/GLOBE/SUN/PLDT)
If the SIM card number belongs to a local TELCO, then the investigator shall coordinate through letter