cyber part 1

Example Problem How Computer Acts as a Weapon Impact

Distributed Denial of Service Flooding a target server with traffic

from multiple compromised systems.

Website/Service downtime, Financial

Loss.

Cyberweapons: Malware, Worms,

Trojans

Deploying malicious code to infiltrate

or damage systems. Data Theft, Espionage, Sabotage.

Phishing Campaigns

Sending deceptive emails from a

controlled system to harvest

credentials.

Identity Theft, Fraud, Scam.

Large-scale disruption, spam,

Botnet Operations Using infected computers to perform

coordinated attacks.

ransomware delivery.

Cyber Espionage Launching targeted intrusions to steal

sensitive information.

National security threats, corporate

espionage.

yber Crime

- Described as the convergence of computer- and internet-based offenses, encompassing unlawful acts

commited against individuals or groups with the intent to deliberately damage the victim's reputation, or to inflict

physical or psychological harm, whether directly or indirectly, through modem telecommunication channels such

as the Internet and mobile devices.

- A criminal activity that either targets or uses a computer, a computer network or networked device.

Cyber Criminology

- Study of causation of crimes that occur in the cyberspace and its impact in the physical space.

General Categories of Cyber Crime

A. Computer as a Target

- Offenses where the primary goal of the criminal act is to compromise the computer system itself (data,

operation or its availability) rather than simply using it as a tool to commit another crime.

How to identify that your computer is the TARGET?

1. 2. Confidentiality - purpose of stealing or exposing protected data.

Integrity - altering or corrupting data or programs.

3. Availability - disrupting or denying access to systems or services.

B. Computer as Weapon

When it is deliberately used to execute malicious actions against another system, network or entity. In this

role, it becomes the platform from which the attack originates.

Characteristics:

1. Offensive Use - computer is the launchpad for the crime.

2. Remote Reach - attacks can be carried out across borders without physical presence.

3. Automation - malicious software can run continuously without direct human input.

4. Scalability - one system can target thousands or millions of victims at once.

Examples:

COMPONENTS OF COMPUTER

A. Hardware - physical components of computer

Input Devices - any hardware component that allows the user to enter data into the computer.

Keyboard

Mouse

S c a n n e r

Microphone

5. Digital Camera

6. PC Video Camera

Output Devices - component that gives information to the users.

1. Monitor

2. Printer

3. Speaker

B. Software - there are instructions that tell the computer what to do and how to do it.

2 Main Categories of Software:

1. System Software - Also known as Operating System (OS) which actualy runs the computer. (Ex. /OS, Windows,

Linux)

2. Application Software - programs that allows users to a specific task on the computer. (Ex. Word Processing,

Spreadsheet, E-Mail, Internet Applications)

THE CLASSIFICATION OF CYBERCRIME

A. COMPUTER FRAUD AND FINANCIAL CRIMES

- It involves the use of computers, networks, or digital systems to unlawfully obtain money, property or financial

advantage through deception, manipulation or breach of trust.

Note:

Any computer-related fraud and computer-related forgery are punishable offenses under the following laws:

* RA 10175 (Cybercrime Prevention Act of 2012

* RA 8795 (Electronic Commerce Act of 2020) - penalizes hacking and unauthorized access.

* Revised Penal Code - applies to estafa, swindling, and falsification when committed digitally.

* RA 9160 as amended (Anti-Money Laundering) - covers laundering of proceeds from cyber-enabled crimes.

OFFENSE TYPE

Computer-Related

Fraud

Prisión mayor (6 yrs

TYPE DESCRIPTION EXAMPLE

Computer-Related Fraud

Unauthorized input, alteration, or

deletion of data to gain benefit or

cause loss.

Manipulating online banking

records to transfer funds.

Phishing & Social Engineering Deceiving victims into revealing

credentials or financial info

Fake bank emails requesting login

details.

Credit/Debit Card Fraud Using stolen card data for

unauthorized purchases. Skimming devices or hacked e-

commerce sites.

Online Investment & Ponzi Schemes

Fraudulent offers promising high

returns. Crypto "pump-and-dump" scams.

Business E-mail Compromise Impersonating executives to trick

staff into wiring funds.

Fake supplier payment instructions.

Identity Theft financial gain. Using stolen personal data for

Opening loans under another

person's name.

Unauthorized input,

MO/TECHNIQUE LAW & PROVISION PENALTY

transaction logs to

alteration, or deletion RA 10175 (Sec. 8 in

relation to Sec. 6)

1 day-12 yrs) + fine

SCENARIO

Altering e-banking

redirect funds to

of computer data to

cause loss or gain.

≥ P200k; higher if

Creating forged e-

Computer-Related

Forgery

Input/alteration of data

info treated as

to produce inauthentic

RA 10175, Sec. 7

committed against

critical infrastructure

own account

Same as computer-

land titles uploaded

Phishing / Social

Engineering

authentic

Deceiving user into

revealing credentials

via fake sites/emails

RA 10175 (as

fraud or identity

provisions theft) + RPC related fraud

computer-related

estafa

RPC Art. 315

to government database

collecting ATM

PINS

Credit/Debit Card

Fraud

Use of stolen card

data for purchases or

cash advance

RA 8484 - Access

Devices Regulation

Act

yrs-20 yrs + fine up

to triple the value

defrauded

spoofed link

Imprisonment of 6

Skimming ATM

Online Investment /

Ponzi Schemes

Offering unreal returns

via digital platforms

Securities

Regulation Code (RA

8799) + RA 10175 if

Fine up to P5M +

cards in mall kiosk

Crypto "pump-and-

media groups

Business Email

Compromise (BEC)

Impersonating

executives/suppliers

to order fund transfers

computer used

RA 10175, Sec. 8;

RPC Estafa

imprisonment

Prison mayor + fine dump" via social

Finance officer

wires P5M to

"supplier" email

that was spoofed

Identity Theft for

Financial Gain

Using stolen personal

data to open accounts

or secure loans

RA 10175, Sec. 4(b)

Prisión mayor + fine

≥ P200k Loan approved

using hacked govt

ID data

Money Laundering

(linked to

cybercrime)

Concealing origins of

criminal proceeds via

e-transfers

RA 9160 (AMLA) as

amended РЗМ-P4M

7-14 yrs + fine

Routing hacked

bank funds through

online wallets

"Bank' email with

B. CYBERTERRORISM

- A premeditated use of cyberspace and digital tools to conduct attacks or threats that cause, or aim to cause

grave harm to life, property, critical infrastructure, or public order in pursuit of political, ideological, religious or

social objectives

- It merges the elements of terrorism: Coercion, Intimidation, Fear with cybercrime: Digital Methods or Network

Exploitation.

Figure 01 - Venn Diagram of Comparison of Cyberterrorism and Cybercrime

centrifuges

METHOD DESCRIPTION EXAMPLE

Distributed Denial of

Service (DDos)

Overwhelming a target's server

to disrupt services.

2007 Estonia attacks on

government and banks.

Estonia (2007) -

Massive DDos attack

on government, media

and banking systems.

Malware &

Cyberweapons Infiltrating systems to sabotage

or damage.

Stuxnet worm targeting Iran's

nuclear program.

Stuxnet (2010) -

Malware that

physically damaged

Iranian Nuclear

Jefacement &

Propaganda Hijacking websites to spread

Critical Infrastructure

Intrusion

Data Breach & Leak

extremist messages.

Jefacement &

Propaganda HiAccessing and manipulating

control systems.

Stealing sensitive data to

(2015-2016)

Terror hacked new sites. Ukraine Power Grid

Ukraine power grid attacks

group propaganda on

intimidate or destabilize.

Sony Pictures hack linked to

political retaliation.

(2015-2016) -

Cyberattacks causing

widespread blackouts

Sony Pcitures (2014)

Hack linked to political

retaliation over a film.

Comparison of Cybercrime and Cybertemorion

In the Philippine Legal Context, Cybercrime Prevention Act of 2012 does not

explicitly define cyberterrorism, such acts may be prosecuted under:

* Human Security Act of 2007 (RA 9372) or Anti-Terrorism Act of 2020

(RA 11479) - if the cyberattack meets the definition of terrorism

(Intent to cause death, serious injury or extensive damage to critical

infrastructure to intimidate the public or coerce the government).

* Cybercrime Act of 2012 (RA 10175) - for component offenses like

illegal access, system interference, or data interference.

Special Laws - RA 4200 (Anti-Wiretapping Law), RA 9995 (Anti-

Photo and Video Voyeurism Act), if relevant to the act.

Cybercine

C. CYBEREXTORTION

- Also known as Digital Blackmail or Ransomware.

- An offender gains unauthorized access to a victim's data, systems or networks and then demands payment or

other benefits to stop access, or prevent an attack, restore the release of sensitive information.

- Payment is often demanded in Cryptocurrency for anonymity. Even if paid, there is no guarantee the attacker

will honor the agreement.

Characteristics of Cyberextortion

1. Criminal Leverage - holding data, systems, or services hostage.

2. Threat of Harm - could be reputational, operational, financial, or physical.

3. Digital Delivery - Conducted entirely via online or networked systems.

TYPE 4. Anonymity Tools - Use of crypto wallets, TOR or anonymizing services.

HOW IT WORKS EXAMPLE Ransomware

Ransom DDos (RDDos)

Malware encrypts files;

attacker demands payment

for decryption key.

Flood with traffic; attacking a

Ransom DWannaCry (May 2017) DEFINITION

Ransomware+Worm

Hybrid - Self-spreading

worm, no user

interaction needed once

inside a network.

)

Malware encrypts fData Theft & Threat to Leak

) Ransomware+Worm

Hybrid - Self-site/server demands

payment to stop.

2020 attacks on NZ stock

exchange.

Trading halted for the

rest of the day.

Attacks resumed on

subsequent days,

forcing four days of

trading suspensions

with only intermittent

availability.

Stealing sensitive data and 2021 ACER breach. with Encrypted critical Acer

Email-based Extortion

unless paid

threatening Threatening to release

unless paid.

public release

$50million ransom

balances,

data unless paid.

Sext compromising extortion

scams targeting individuals.

family, friends,

— usually in

for anonymity.

files. cryptocurrency or cash

PENALTY (PH)

CYBEREXTORTION - PHILIPPINE CASE MATRIX

MODUS

leak the

datrecords).

Threatened toYEARICASE

2017 - Bicol

Businessman Case

ial wEmail-based

extortion (sextortion)

SUMMARY

Offender threatened

to release fabricated

obscene images

unless victim paid

P50,000 via

RA 10175 - Sec.

4(b)(3)(Computer-related

fraud), Sec. 4(a)(1)

(Illegal Access); RPC -

OUTCOME

Arrest of suspect in

entrapment; case

filed with DOJ

2018 - Cebu

Ransom DDoS

Attempt

Ransom DDoS site

flooded with

cease remittance center.

Local e-commerce

traffic; attacker

emailed demand for

attacks. $1,500 in Bitcoin to

extortion (sextortion)

OArt. 282 (Grave Threats)

RA 10175 - Sec. 4(a)(3)

4(a)(5) (System

Interference); RA 8484 if

(Data Interference), Sec.

used

cybercrime office

No payment made;

NBI Cybercrime

Division traced IP to

foreign actor.

Case under

2019 - Govemment

Attack

Data theft Agency

leak

Data Bre & threat Confidential

government

employee data

stolen; hackers

BTC to withhold

demanded P3M release.

payment instruments

RA 10175 - Sec. 4(a)(1)

(Illegal Access), Sec.

4(a)(3) (Data Interference); RA 9160

(Anti-Money Laundering

Act) for ransom

investigation;

CERT-PH involved in

response.

2020 - OFW

Sextortion Scam

Social engineering +

webcam recording

Of of OFW online,

recorded gained

trust intimate video

calls, then

demanded money to

avoid release.

proceeds

RA 10175, Anti-Photo

and Video Voyeurism Act

of 2009 (RA 9995); RPC

- Art. 294 (Robbery with

Violence/Intimidation) by

analogy

Victim reported to

PNP-ACG

cross-border

perpetrator identified

via INTERPOL.

2021 - Philippine

University

Ransomware

Academic ware

Attack

servers encrypted;

attacker demanded US$20,000 in crypto

for decryption key.

RA 10175 - Sec. 4(a)(3)

& 4(a)(5): RA 8484; RA

10173 (Data Privacy Act)

if personal data restored

backups compromised

University;

investigation

ongoing; no ransom

paid.

corporate data (bank

communications,

customer records).

Threatened to leak the

Victims are told the

material will be sent to

Stole sensitive

employers, or posted

online unless they pay

Note: Cyberextortion can be prosecuted under multiple laws:

Cybercrime Prevention Act of 2012 (RA 10175) - Computer-related fraud (Sec. 8) Ilegal access, data

interference, system interference (Sec. 4).

• RPC - Grave Threats, Coercion, Extortion (Art. 282-294)

3 Access Device Regulation Act (RA 8484) - i payment involved or if with ransom (Anti-Money Laundering). D.

CYBERWARFARE

It is the use of cyberattacks by a state or state-sponsored actors against another state's digital infrastructure.

With the intent to traditional warfare to cause harm comparable critical systems - such as disrupting, damaging

infrastructure or undermining national security.

Key Characteristics

1. State-Linked Actors - often military units, intelligence agencies or proxy hacker intent for strategic, military or

economic advantage.

2. Critical Infrastructure Grids, Financial Focus - power systems, defense networks, communications.

Potential Kinetic Link - cyber operation may accompany or trigger physical military action.

EXAMPLE

TYPE

Espionage

Sabotage DESCRIPTION

Stealing classified or sensitive data

from government or military systems. Damaging or disabling systems to

hinder operations.

DDos Attacks Overwhelming servers

Attacks on govemment infrastructure; power grid, transport

Targeting

attacks

2020 Solar Winds breach (suspected

state espionage)

Stuxnet worm targeting Iranian

Nuclear centrifuges.

2007 Estonia to disrupt services and

banks.

Ukraine power or water systems grid

outages (2015-2016)

Attacking financial and economy:

Disruption markets or payment

systems.

To influence public opinion.

2020 NZ stocks exchange DDos

extortion campaign

Proofreading; Disinformation

propaganda

Social campaigns during media

influence elections.

Note: Relevant provision to define cyberwarfare

* Illegal Access, Data Interference - attacks system interference, target Philippine Systems.

Misuse of Devices - for creating, distributing cyberweapons. If the act meets the definition of terrorism under

RA 11479 - Anti-Terrorism Act of 2020 (intent to cause death, serious injury, or extensive damage to critical

infrastructure to intimidate the public or coerce it may be prosecuted the goverment.

E. CYBER FRAUD

A form of fraud committed through ICT (computers, networks, mobile devices, or the internet) to deceive

individuals or organization for unlawful gain - usually financial, but sometimes involving data theft or

reputational harm.

TYPE MODUS OPERANDI EXAMPLE SCENARIO

Phishing/Spoofing

Business E-mail Compromise (BEC) Online Loan/Investment Scams

Fake E-mails, SMS or Websites to

steal credentials.

"Bank" e-mail asks you to log in via a

fake link.

Impersonating executives to request

fund transfers.

Fraudster poses as CEO instructs

Fake offers requiring "processing urgent payment.

Victim pays fess for a non-existent

loan.

fees

loan.

fees

E-Commerce Fraud

Digital Arrest Scam Identity Theft to coerce payment.

online

transactions.

Threats of arrest via fake police calls

Selling non-existent goods/services

erce payment.

fearing detention.

Buyer paUsing stolen personal data for

Senior citizen transfers millions

fearing detention.

Buyer pays; seller disappears

Fraudster opens bank accounts under

another name.

Penalties:

* RA. 10175 Cybercrime Prevention Act of 2012 - penalties for computer-elated fraud are prison mayor or fines

up to P500,000.00 higher if in relation to critical infrastructure.

* RA. 8792 Electronic Commerce Act of 2000 - Imprisonment up to 6 years and/or fines up to P1,000,000.00.

* Art. 315 RPC Estafa (Swindling) - Penalty depends on amount defrauded; can reach reclusion temporal.

F. OBSCENE OR OFFENSIVE CONTENT

- The content of websites and other electronic communication may be distasteful, obscene or offensive for a

variety of reasons.

Miler Test is used as a reference in the Philippines jurisprudence that help assess online videos, images or

texts. It depicts sexual conduct in a patently offensive way. (e.g. Pita Vs. Court of Appeals) - Here are some legal definitions:

a. Art. 201 of RPC - criminalizes the publication, exhibition and distribution of obscene materials, including

those offensives to race, religion or public morals.

b. RA 10175 Cybercrime Prevention Act of 2012 - Extends Art. 201 to acts committed through ICT like

uploading sharing or streaming obscene content online.

c. Customs Modemization and Tariff Act - Prohibits importation of obscene materials, including digital media.

Common Cybercrime (Obscene or Offensive Contents)

Uploading obscene videos to social media or adult sites accessible in the Philippines.

Live-streaming indecent show for paying viewers.

III.

Sharing obscene memes or deepfakes targeting individuals that may overlap with cyber libel or gender-based

online sexual harassment.

IV. Selling obscene digital content via encrypted messaging apps or dark web marketplaces.

Key Distinctions and Overlaps

- Victim Profile

Obscenity - may involve adults; focus on protecting public.

- Child Pornography - exclusively involves minors under 18 years old

- GBOSH - targets specific individuals, often to harassment context (Hate Crimes).

* Consent

- Obscenity - consent irrelevant if content meets obscene threshold.

- Child Pomography - consent invalid; minors cannot legally consent.

- GBOSH - revolves around lack of consent to receive/share sexual content.

- Protected Interests

- Obscenity - community morals and decency.

- Child Pornography - welfare and dignity of children.

GBOSH - dignity, safety and psychological well-being of individuals.