Introduction to Cybercrime and Environment Laws

INTRODUCTION TO CYBERCRIME AND ENVIRONMENT LAWS

  • Handouts 2025-2026
    Prepared By:
  • Maria Lourdes Camigla-Alviento, RCrim, MSCJ
  • Princess Beronica Esteban, RCrim, MSCJ

UNDERSTANDING CYBER CRIME

  • Cyber Crime: Described as the convergence of computer- and internet-based offenses, encompassing unlawful acts committed against individuals or groups with the intent to deliberately damage the victim's reputation or to inflict physical or psychological harm, whether directly or indirectly, through modern telecommunication channels such as the Internet and mobile devices.

    • A criminal activity that either targets or uses a computer, a computer network or networked device.

  • Cyber Criminology: Study of causation of crimes that occur in the cyberspace and its impact in the physical space.

GENERAL CATEGORIES OF CYBER CRIME

A. Computer as a Target

  • Definition: Offenses where the primary goal of the criminal act is to compromise the computer system itself (data, operation, or its availability) rather than simply using it as a tool to commit another crime.
  • Identification Criteria:
    1. Confidentiality - The purpose is to steal or expose protected data.
    2. Integrity - Altering or corrupting data or programs.
    3. Availability - Disrupting or denying access to systems or services.

B. Computer as a Weapon

  • Definition: When it is deliberately used to execute malicious actions against another system, network, or entity. In this role, it becomes the platform from which the attack originates.
  • Characteristics:
    1. Offensive Use - The computer serves as the launchpad for the crime.
    2. Remote Reach - Attacks can be carried out across borders without physical presence.
    3. Automation - Malicious software can run continuously without direct human input.
    4. Scalability - One system can target thousands or millions of victims at once.
  • Examples:
    • Distributed Denial of Service (DDoS): Flooding a target server with traffic from multiple compromised systems.
    • Cyberweapons: Malware, worms, Trojans.
    • Phishing Campaigns: Sending deceptive emails from a controlled system to harvest credentials.
    • Botnet Operations: Using infected computers for coordinated attacks.

COMPONENTS OF COMPUTER AS A WEAPON

A. Hardware
  • Definition: Physical components of the computer.
  • Input Devices: Allow users to enter data into the computer.
    1. Keyboard
    2. Mouse
    3. Scanner
    4. Microphone
    5. Digital Camera
    6. PC Video Camera
  • Output Devices: Components that give information to the users.
    1. Monitor
    2. Printer
    3. Speaker
B. Software
  • Definition: Instructions that tell the computer what to do and how to do it.
  • Main Categories of Software:
    1. System Software: Also known as Operating System (OS) that actually runs the computer. (e.g., iOS, Windows, Linux).
    2. Application Software: Programs that allow users to perform specific tasks on the computer. (e.g., Word Processing, Spreadsheet, E-Mail, Internet Applications).

CLASSIFICATION OF CYBERCRIME

A. Computer Fraud and Financial Crimes

  • Definition: Involves the use of computers, networks, or digital systems to unlawfully obtain money, property, or financial advantage through deception, manipulation, or breach of trust.

  • Types:

    • Computer-Related Fraud: Unauthorized input, alteration, or deletion of data to gain benefit or cause loss.
    • Phishing & Social Engineering: Deceiving victims into revealing credentials or financial info.
    • Credit/Debit Card Fraud: Using stolen card data for unauthorized purchases.
    • Online Investment & Ponzi Schemes: Fraudulent offers promising high returns.
    • Business E-mail Compromise (BEC): Impersonating executives to trick staff into wiring funds.
    • Identity Theft: Using stolen personal data for financial gain.

  • Legal Implications:

    • Any computer-related fraud and computer-related forgery are punishable offenses under the following laws:
    • RA 10175 (Cybercrime Prevention Act of 2012)
    • RA 8795 (Electronic Commerce Act of 2020)
    • Revised Penal Code - applies to estafa, swindling, and falsification when committed digitally.
    • RA 9160 (Anti-Money Laundering) - covers laundering of proceeds from cyber-enabled crimes.

B. Cyberterrorism

  • Definition: Intentional use of computer data to cause loss or gain, involving coercion, intimidation, fear.

  • Characteristics: Merging elements of terrorism with digital methods or network exploitation.

  • Methods:

    • DDoS Attacks: Overwhelming a target server to disrupt services.
    • Malware & Cyberweapons: Infiltrating systems to sabotage or damage.

  • Legal Context:

    • Cybercrime Prevention Act of 2012 does not explicitly define cyberterrorism; however, relevant acts may fall under laws such as the Human Security Act of 2007, or Anti-Terrorism Act of 2020 if it meets certain criteria.

C. Cyberextortion

  • Also known as Digital Blackmail or Ransomware.
  • Definition: An offender gains unauthorized access to a victim's data or systems and demands payment to stop access or restore data.
  • Types of Cyberextortion:
    1. Ransomware
    • Malware encrypts files; the attacker demands payment for the decryption key.
    • Example: WannaCry (May 2017).
    1. Ransom DDoS (RDDos)
    • Attacking a site/server and demands payment to stop.
    • Example: 2020 attacks on NZ stock exchange.

D. Cyberwarfare

  • Definition: Use of cyberattacks by state or state-sponsored actors against another state's digital infrastructure.
  • Characteristics:
    1. State-linked actors, often military units or intelligence agencies.
    2. Targeting critical infrastructure such as power systems and communications.
    3. Potential kinetic link where cyber operation may accompany traditional warfare.
  • Examples:
    • 2020 Solar Winds breach
    • Stuxnet worm targeting Iran's nuclear program.

E. Cyber Fraud

  • Definition: Fraud committed through ICT to deceive individuals or organizations for unlawful gain.
  • Types:
    • Phishing/Spoofing
    • Business E-mail Compromise
    • Online Loan/Investment Scams
    • Example Scenarios:
    • Fake e-mails asking to log in via a fake link.
    • Fraudster pretending to be a CEO instructing urgent payment.

F. Obscene or Offensive Content

  • Definition: The content of websites that may be distasteful or obscene.
  • Legal Framework:
    • Art. 201 of RPC criminalizes the publication of obscene materials.
    • RA 10175 extends this to acts committed through ICT.

G. Harassment

  • Definition: Use of ICT to target, intimidate, threaten or cause distress.
  • Common Forms: Cyberstalking, cyberbullying, doxxing, impersonation, and threats & intimidation.
  • Legal Framework: R.A. 10175 - Cybercrime Prevention Law; R.A. 11313 - Safe Spaces Act, etc.

H. Drug Trafficking

  • Use of digital technologies and online platforms to promote or facilitate illegal drug activities.
  • Platforms involve dark-net markets, encrypted messaging apps, and illicit e-commerce sites.

TYPES OF CYBER CRIMINALS

  1. Script Kiddies: Lacks technical expertise, uses prewritten tools.
  2. Scammers: Exploit technology and psychology for fraud.
  3. Hacker Groups: Create hacking tools; may be ethical or malicious.
    • Types of Hackers:
      • White Hat Hackers: Ethical hacking for security.
      • Black Hat Hackers: Malicious intent.
      • Gray Hat Hackers: Operate in the middle ground, exposing vulnerabilities.
  4. Phishers: Direct victims to fraudulent sites for information.
  5. Political/Religious Groups: Develop malware for political ends.
  6. Insiders: Attackers within an organization with access.
  7. Advanced Persistent Threat (APT) Agents: Organized state-sponsored cybercriminals.

LEGAL FRAMEWORK

  • Republic Act 10175: Cybercrime Prevention Act of 2012, defines and penalizes offenses.
  • Implementing Rules and Regulations (IRR): Set procedures for enforcement and compliance.
CONCLUSION
  • Understanding cybercrime categories and legal implications is essential for navigating digital laws and for protecting individuals and organizations from cyber threats.
  • Continuous learning and adaptation to legislation and emerging technologies are crucial for individuals, law enforcement, and legal practitioners.