Electronic Crime

Cyber / Electronic Crime
Sequence of Presentation
I. Introduction to Cyber Crime
II. E-Commerce Act of 2000
III. Access Device Act
IV. Classification of Cybercrime

and
Presentation of Relevant Cases.
I. Introduction to Cyber /
Electronic Crime
Anti-Cybercrime Law
[ Republic Act No. 10175 ]
AN ACT DEFINING CYBERCRIME, PROVIDING FOR

THE PREVENTION, INVESTIGATION, SUPPRESSION
AND THE IMPOSITION OF PENALTIES THEREFOR
AND FOR OTHER PURPOSES
• A. acts prohibited by the law as
cybercrime offense; and
• B. those penalized under the RPC and
SPLs, if committed by, through, and with
the use of information and
communications technologies
5
Cybercrime Offenses
• The cybercrime offenses provided in Sec.4

are of three kinds:
a. offenses against confidentiality,
integrity and availability of computer data
and systems;
b. computer-related offenses; and
c. content-related offenses.
6
Offenses against the confidentiality, integrity and
availability of computer data and systems:
• (1) Illegal Access. – The access to the whole or any part of a

computer system without right.
• (2) Illegal Interception. – The interception made by technical

means without right of any non-public transmission of computer data
to, from, or within a computer system including electromagnetic
emissions from a computer system carrying such computer data.
• (3) Data Interference. — The intentional or reckless alteration,

damaging, deletion or deterioration of computer data, electronic
document, or electronic data message, without right, including the
introduction or transmission of viruses.
7
• (4) System Interference. — The intentional alteration or reckless

hindering or interference with the functioning of a computer or
computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program,
electronic document, or electronic data message, without right or
authority, including the introduction or transmission of viruses.
• (5) Misuse of Devices.
• (i) The use, production, sale, procurement, importation, distribution,

or otherwise making available, without right, of:
8
• (aa) A device, including a computer program, designed or adapted

primarily for the purpose of committing any of the offenses under
this Act; or
• (bb) A computer password, access code, or similar data by which

the whole or any part of a computer system is capable of being
accessed with intent that it be used for the purpose of committing
any of the offenses under this Act.
• (ii) The possession of an item referred to in paragraphs 5(i)(aa) or

(bb) above with intent to use said devices for the purpose of
committing any of the offenses under this section.
9
• (6) Cyber-squatting. – The acquisition of a domain name over the

internet in bad faith to profit, mislead, destroy reputation, and
deprive others from registering the same, if such a domain name is:
• (i) Similar, identical, or confusingly similar to an existing trademark

registered with the appropriate government agency at the time of the
domain name registration:
• (ii) Identical or in any way similar with the name of a person other
than the registrant, in case of a personal name; and
• (iii) Acquired without right or with intellectual property interests in it.

10
Computer-related offenses
• (1) Computer-related Forgery. —
• (i) The input, alteration, or deletion of any computer data without

right resulting in inauthentic data with the intent that it be considered
or acted upon for legal purposes as if it were authentic, regardless
whether or not the data is directly readable and intelligible; or
• (ii) The act of knowingly using computer data which is the product of
computer-related forgery as defined herein, for the purpose of
perpetuating a fraudulent or dishonest design.
11
Computer-related offenses
• (2) Computer-related Fraud. — The unauthorized input, alteration,

or deletion of computer data or program or interference in the
functioning of a computer system, causing damage thereby with
fraudulent intent: Provided, That if no damage has yet been caused,
the penalty imposable shall be one (1) degree lower.
• (3) Computer-related Identity Theft. – The intentional acquisition,

use, misuse, transfer, possession, alteration or deletion of identifying
information belonging to another, whether natural or juridical, without
right: Provided, That if no damage has yet been caused, the penalty
imposable shall be one (1) degree lower.
12
Content-related offenses
• (1) Cybersex. — The willful engagement, maintenance, control, or

operation, directly or indirectly, of any lascivious exhibition of sexual organs
or sexual activity, with the aid of a computer system, for favor or
consideration.
• (2) Child Pornography. — The unlawful or prohibited acts defined and

punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of
2009, committed through a computer system: Provided, That the penalty to
be imposed shall be (1) one degree higher than that provided for in
Republic Act No. 9775.
• (3) Unsolicited Commercial Communications. — The transmission of

commercial electronic communication with the use of computer system
which seek to advertise, sell, or offer for sale products and services are
prohibited 13
Content-related offenses
• (4) Libel. — The unlawful or prohibited

acts of libel as defined in Article 355 of the
Revised Penal Code, as amended,
committed through a computer system or
any other similar means which may be
devised in the future.
Introduction to Computer 14
Hardware and Storage Devices
• “Without right” means either:
a.) conduct undertaken without or in
excess of authority; or
b.) conduct not covered by established
legal defenses, excuses, court orders,
justifications, or relevant principles under the
law.
15
• Aiding or Abetting in the
Commission of Cybercrime.
– Any person who willfully abets or aids in
the commission of any of the offenses
enumerated in this Act shall be held liable.
16
• Attempt in the Commission of
Cybercrime.
• — Any person who willfully attempts to
commit any of the offenses enumerated in
this Act shall be held liable.
17
• All crimes defined and penalized by the Revised
Penal Code, as amended, and special laws, if
committed by, through and with the use of
information and communications technologies
shall be covered by the relevant provisions of
this Act: Provided, That the penalty to be
imposed shall be one (1) degree higher than
that provided for by the Revised Penal Code,
as amended, and special laws, as the case
may be.
18
• Real-Time Collection of Traffic Data.
Law enforcement authorities, with due

cause, shall be authorized to collect or
record by technical or electronic means
traffic data in real-time associated with
specified communications transmitted by
means of a computer system.
ENFORCEMENT AND
IMPLEMENTATION
Law Enforcement Authorities. — The

National Bureau of Investigation (NBI) and
the Philippine National Police (PNP)
shall be responsible for the efficient and
effective law enforcement of the provisions
of this Act. The NBI and the PNP shall
organize a cybercrime unit or center
manned by special investigators to
exclusively handle cases involving
violations of this Act.
ENFORCEMENT AND
IMPLEMENTATION
Duties of Law Enforcement Authorities. — To ensure

that the technical nature of cybercrime and its prevention
is given focus and considering the procedures involved for
international cooperation, law enforcement authorities
specifically the computer or technology crime divisions or
units responsible for the investigation of cybercrimes are
required to submit timely and regular reports including pre-
operation, post-operation and investigation results and
such other documents as may be required to the
Department of Justice (DOJ) for review and monitoring.
Preservation of Computer
Data.
• The integrity of traffic data and subscriber information relating to

communication services provided by a service provider shall be
preserved for a minimum period of six (6) months from the date of
the transaction. Content data shall be similarly preserved for six (6)
months from the date of receipt of the order from law enforcement
authorities requiring its preservation.
• Law enforcement authorities may order a one-time extension for
another six (6) months: Provided, That once computer data
preserved, transmitted or stored by a service provider is used as
evidence in a case, the mere furnishing to such service provider of
the transmittal document to the Office of the Prosecutor shall be
deemed a notification to preserve the computer data until the
termination of the case.
• The service provider ordered to preserve computer data shall keep
confidential the order and its compliance.
II. E-Commerce Act of
2000
E-Commerce Act of 2000
ELECTRONIC COMMERCE ACT (RA8792) - AN

ACT PROVIDING FOR THE RECOGNITION AND
USE OF ELECTRONIC COMMERCIAL AND NON-
COMMERCIAL TRANSACTIONS AND
DOCUMENTS, PENALTIES FOR UNLAWFUL USE
THEREOF AND FOR OTHER PURPOSES.
signed into law last June 14, 2000, is a

landmark law in the history of the Philippines.
25
E-Commerce Act of 2000
Salient features of Republic
Act 8792
 It gives legal recognition of electronic data messages,
electronic documents, and electronic signatures.
(section 6 to 13)
 Allows the formation of contracts in electronic form.
(section 16)
 Makes banking transactions done through ATM
switching networks absolute once consummated.
(section 16)
 Parties are given the right to choose the type
and level of security methods that suit their needs.
(section 24)
Act 8792
 Provides the mandate for the electronic

implementation of transport documents to facilitate
carriage of goods. This includes documents such as,
but not limited to, multi-modal, airport, road, rail,
inland waterway, courier, post receipts, transport
documents issued by freight forwarders,
marine/ocean bill of lading, non-negotiable seaway
bill, charter party bill of lading. (section 25 and 26)
 Mandates the government to have the capability to do
e-commerce within 2 years or before June 19, 2002.
(section 27) Introduction to Computer 27
Act 8792
 Mandates RPWeb to be implemented. RPWeb is a

strategy that intends to connect all government offices to
the Internet and provide universal access to the general
public. (section 28)
 Made cable, broadcast, and wireless physical
infrastructure within the activity of telecommunications.
(section 28)
 Empowers the Department of Trade and Industry to
supervise the development of e-commerce in the
country.. (section 29)
Act 8792
 Provided guidelines as to when a service provider

can be liable. (section 30)
 Authorities and parties with the legal right can only

gain access to electronic documents, electronic data
messages, and electronic signatures. For
confidentiality purposes, it shall not share or convey
to any other person. (section 31 and 32)
Act 8792
 Hacking or cracking, refers to unauthorized access

including the introduction of computer viruses,
is punishable by a fine from 100 thousand
to maximum commensurates to the damage.
With imprisonment from 6 months to 3 years.
(section 33)
 Piracy through the use of telecommunication
networks, such as the Internet, that
infringes intellectual property rights is punishable.
The penalties are the same as hacking. (section 33)
Act 8792
 All existing laws such as the Consumer Act of

the Philippines also applies to
e-commerce transactions. (section 33)
What is computer refers
to?
“Computer” refers to any device or
apparatus singly or interconnected which,
by electronic, Transmit,
electro-mechanical, Store,
optical and/or magnetic Process,
impulse, Correlate,
or other means with the analyze,
same function, Project,
can receive, retrieve and/or produce
record, information,
data,
What is computer refers
to?
“Computer” refers to any device or
apparatus singly or interconnected which,
text,
graphics,
figures,
voice,
Video,
symbols or other modes of
expression or perform any
one or more of these
functions.
33
What is a Computer?
Note that the previous slide is merely an elaboration of

the term “Information and Communications System”
which includes computers. The definition is likewise
broad enough to include all types of electronic equipment
including:
Desktop, credit cards video equipment,
mobile computers, smart cards, audio equipment,
fax machines, credit cards personal digital
scanners, ATM cards, assistants (“PDAs”),
Printers, mobile phones, answering machines,
computer monitors, Pagers, and telephones.
card readers, Radios,
VCRs, 34
What is a Computer?
In the near future, even ordinary household

appliances such as the refrigerator and washing
machine may be deemed computers as devices
allowing them to communicate over the Internet,
among others, are developed.
35
Acts that penalized by fine
and/or imprisonment
Hacking or cracking which refers to unauthorized
access into or interference in a computer
system/server or information and communication
system;
or any access in order to corrupt

alter,
steal,
or destroy using a computer or other
similar information and communication
devices,
without the knowledge and consent of the
owner of the computer
36
and/or imprisonment
Continuation…
or information and communications
system,
including the introduction of computer
viruses and the like,
resulting in the corruption,
destruction,
Alteration,
theft or loss of electronic data messages
or electronic document
shall be punished by a minimum fine of one hundred
thousand pesos (P100,000.00) and a maximum
commensurate to the damage incurred and a mandatory
37
imprisonment of six (6) months to three (3) years;
and/or imprisonment
Continuation…
Piracy or the Storage,

unauthorized Uploading,
copying, downloading,
reproduction, communication,
Dissemination, making available to the
Distribution, public,
Importation, or broadcasting of protected
Use, material,
Removal, electronic signature or
Alteration, copyrighted works including
Substitution, legally protected sound
Modification, recordings 38
and/or imprisonment
Continuation…
or phonograms or information
material on protected works,
through the use of
telecommunication networks,
such as,
but not limited to,
the internet,
in a manner that infringes
intellectual property rights
shall be punished by a minimum fine of one hundred

thousand pesos (P100,000.00) and a maximum
commensurate to the damage incurred and a mandatory
39
imprisonment of six (6) months to three (3) years;
and/or imprisonment
Continuation…
Violations of the Consumer Act or Republic Act

No. 7394 and other relevant or pertinent laws
through transactions covered by or using
electronic data messages or electronic
documents, shall be penalized with the same
penalties as provided in those laws;
40
and/or imprisonment
Continuation…
Other violations of the provisions of this Act, shall

be penalized with a maximum penalty of one
million pesos (P1,000,000.00) or six (6) years
imprisonment.
41
III. Access Device Act
ACCESS DEVICE ACT
REPUBLIC ACT NO. 8484 AN ACT

REGULATING THE ISSUANCE AND USE OF
ACCESS DEVICES, PROHIBITING
FRAUDULENT ACTS COMMITTED RELATIVE
THERETO, PROVIDING PENALTIES AND FOR
OTHER PURPOSES.
43
ACCESS DEVICE ACT
For purposes of this Act, the terms:
Access Device — means any card, plate, code, account
number, electronic serial number, personal identification
number, or other telecommunications service, equipment, or
instrumental identifier, or other means of account access
that can be used to obtain money, good, services, or any
other thing of value or to initiate a transfer of funds (other
than a transfer originated solely by paper instrument)
Counterfeit Access Device — means any access device that

is counterfeit, fictitious, altered, or forged, or an identifiable
component of an access device or counterfeit access device;
44
ACCESS DEVICE ACT
Unauthorized Access Device — means any access device

that is stolen, lost, expired, revoked, canceled, suspended, or
obtained with intent to defraud;
Access Device Fraudulently Applied for — means any access

device that was applied for or issued on account of the use of
falsified document, false information, fictitious identities and
addresses, or any form of false pretense or
misrepresentation;
45
ACCESS DEVICE ACT
Consumer — means a natural person;
Credit Card — means any card, plate, coupon book, or

other credit device existing for the purpose of obtaining
money, goods, property, labor or services or anything of
value on credit;
Device Making or Altering Equipment — means any

equipment, mechanism or impression designed or primarily
used for making or altering or re-encoding an access
device or a counterfeit access device;
46
ACCESS DEVICE ACT
Finance Charges — represent the amount to be

paid by the debtor incident to the extension of credit
such as interest or discounts, collection fees, credit
investigation fees, and other service charges;
Open-end-credit plan — means a consumer credit

extended on an account pursuant to a plan under
which:
47
ACCESS DEVICE ACT
Open-end-credit plan — means a consumer credit

extended on an account pursuant to a plan under
which:
the creditor may permit the person to make
purchase or obtain loans, from time to time,
directly from the creditor or indirectly by use of
credit card, or other service;
the person has the privilege of paying the

balance; or
a finance charge may be computed by the

creditor from time to time on an unpaid balance. 48
ACCESS DEVICE ACT
Penalty Charges — means such amount, in addition

to interest, imposed on the credit card holder for
non-payment of an account within a prescribed
period;
Produce — includes design, alter, authenticate,
duplicate or assemble; and
Trafficking — means transferring, or otherwise

disposing of, to another, or obtaining control of, with
intent to transfer or dispose of.
49
ACCESS DEVICE ACT
Prohibited Acts (Section 9).
The following acts shall constitute access device fraud

and are hereby declared to be unlawful:
producing, using, trafficking in one or more

counterfeit access devices;
trafficking in one or more unauthorized
access devices or access devices fraudulently
applied for;
using, with intent to defraud, an unauthorized
access device;
using an access device fraudulently applied
for;
50
ACCESS DEVICE ACT

possessing one or more counterfeit access

devices or access devices fraudulently applied
for;
producing, trafficking in, having control or
custody of, or possessing device-making or
altering equipment without being in the
business or employment, which lawfully deals
with the manufacture, issuance, or distribution
of such equipment; 51
ACCESS DEVICE ACT

inducing, enticing, permitting or in any

manner allowing another, for consideration
or otherwise to produce, use, traffic in
counterfeit access devices, unauthorized
access devices or access devices
fraudulently applied for;
52
ACCESS DEVICE ACT

multiple imprinting on more than one transaction record,

sales slip or similar document, thereby making it appear that
the device holder has entered into a transaction other than
those which said device holder had lawfully contracted for,
or submitting, without being an affiliated merchant, an order
to collect from the issuer of the access device, such extra
sales slip through an affiliated merchant who connives
therewith, or, under false pretenses of being an affiliated
merchant, present for collection such sales slips, and similar
documents; 53
ACCESS DEVICE ACT

disclosing any information imprinted on the access

device, such as, but not limited to, the account number
or name or address of the device holder, without the
latter's authority or permission;
obtaining money or anything of value through the use
of an access device, with intent to defraud or with intent
to gain and fleeing thereafter;
54
ACCESS DEVICE ACT

having in one's possession, without authority from

the owner of the access device or the access device
company, an access device, or any material, such as
slips, carbon paper, or any other medium, on which the
access device is written, printed, embossed, or
otherwise indicated;
55
ACCESS DEVICE ACT

writing or causing to be written on sales slips,

approval numbers from the issuer of the access
device of the fact of approval, where in fact no such
approval was given, or where, if given, what is written
is deliberately different from the approval actually
given;
56
ACCESS DEVICE ACT

making any alteration, without the access device

holder's authority, of any amount or other
information written on the sales slip;
effecting transaction, with one or more access
devices issued to another person or persons, to
receive payment or any other thing of value;
57
ACCESS DEVICE ACT

without the authorization of the issuer of the

access device, soliciting a person for the purpose
of:
a) offering an access device; or
b) selling information regarding or an
application to obtain an access device; or
58
ACCESS DEVICE ACT
Penalties (Section 10)
Any person committing any of the acts constituting
access device fraud enumerated in the immediately
preceding section shall be punished with:
a fine of Ten thousand pesos (P10,000.00) or twice

the value obtained by the offense, whichever is
greater and imprisonment for not less than six (6)
years and not more than ten (10) years, in the case of
an offense under Section 9 (b)-(e), and (g)-(p) which
does not occur after a conviction for another offense
under Section 9;
59
ACCESS DEVICE ACT
Penalties (Section 10)
Any person committing any of the acts constituting
access device fraud enumerated in the immediately
preceding section shall be punished with:
a fine of Ten thousand pesos (P10,000.00) or twice

the value obtained by the offense, and imprisonment
for not less than ten (10) years and for not more than
twelve (12) years, in the case of an offense under
Section 9 (a), and (f) of the foregoing section, which
does not occur after a conviction for another offense
under Section 9; and
60
ACCESS DEVICE ACT
Conspiracy to commit access device fraud under Section 11
If two (2) or more persons conspire to commit any of the

offenses listed in Section 9 and one or more of such persons
does any act to effect the object of the conspiracy, each of
the parties to such conspiracy shall be punished as in the
case of the doing of the act, the accomplishment of which is
the object of such conspiracy.
61
ACCESS DEVICE ACT
Frustrated and attempted access device fraud (Section 12)
Any person who performs all the acts of execution which

would produce any of the unlawful acts enumerated in
Section 9 of this Act, but which nevertheless does not
produce it by reason of causes independent of the will of
said person, shall be punished with two-thirds (2/3) of the
fine and imprisonment provided for the consummated
offenses listed in said section.
62
ACCESS DEVICE ACT
Frustrated and attempted access device fraud (Section 12)
Any person who commences the commission of any of the

unlawful acts enumerated in Section 9 of this Act directly by
overt acts and does not perform all the acts of execution
which would produce the said acts by reason of some cause
or accident other than said person's own spontaneous
desistance, shall be punished with one-half (1/2) of the fine
and imprisonment provided for the consummated offenses
listed in the said section.
63
ACCESS DEVICE ACT
Accessory to access device fraud (Section 13).
Any person who, with intent to gain for himself or for another,
buy, receives, possesses, keeps, acquires, conceals, sells,
or disposes of, shall buy and sell, or in any manner deal in
any article, item, object or anything of value which he knows
or should be known to him, to have been acquired through
the use of counterfeit access device or an unauthorized
access device or an access device known to him to have
been fraudulently applied for,
64
ACCESS DEVICE ACT
Accessory to access device fraud (Section 13).
Continuation…
shall be considered as an accessory to an access device
fraud and shall be punished with one-half (1/2) of the fine
and imprisonment provided for the applicable consummated
offenses listed in Section 9 of this Act. Said person shall be
prosecuted under this Act or under the Anti-Fencing Law of
1979 (Presidential Decree No. 1612) whichever imposes the
longer prison term as penalty for the consummated offense.
65
ACCESS DEVICE ACT
Presumption and prima facie evidence of intent to

defraud under section 14 of this Act — the mere
possession, control or custody of:
an access device, without permission of the

owner or without any lawful authority;
a counterfeit access device;

access device fraudulently applied for;
any device-making or altering equipment by
any person whose business or employment does
not lawfully deal with the manufacture, issuance,
or distribution of access device; 66
ACCESS DEVICE ACT

an access device or medium on which an access

device is written, not in the ordinary course of the
possessor's trade or business; or
a genuine access device, not in the name of the
possessor, or not in the ordinary course of the
possessor's trade or business, shall be prima facie
evidence that such device or equipment is intended
to be used to defraud.
67
ACCESS DEVICE ACT

A cardholder who abandons or surreptitiously leaves the

place of employment, business or residence stated in his
application or credit card, without informing the credit card
company of the place where he could actually be found, if at
the time of such abandonment or surreptitious leaving, the
outstanding and unpaid balance is past due for at least
ninety (90) days and is more than Ten thousand pesos
(P10,000.00), shall be prima facie presumed to have used
his credit card with intent to defraud.
68
ACCESS DEVICE ACT
Loss of access devices (Section 15).
In case of loss of an access device, the holder thereof must

notify the issuer of the access device of the details and
circumstances of such loss upon knowledge of the loss. Full
compliance with such procedure would absolve the access
device holder of any financial liability from fraudulent use of
the access device from the time the loss or theft is reported
to the issuer.
69
IV. CLASSIFICATION OF
CYBERCRIME
AND
PRESENTATION OF
RELEVANT CASES.
CLASSIFICATION OF
CYBERCRIME
AND
PRESENTATION OF
RELEVANT CASES.
CLASSIFICATION OF CYBER CRIME AND
PRESENTATION OF RELEVANT CASES.
CLASSIFICATION OF CYBER CRIME
Cybercrime against individual

Cybercrime against property
Cybercrime against organization
Cybercrime against society
Cybercrime against individual
Email spoofing
Spamming
Cyber Defamation
Harassment & Cyber stalking
Cybercrime against property
Credit Card Fraud

Intellectual Property crimes.
These include:
Software piracy:
illegal copying of programs,
distribution of copies of software.
Copyright infringement
Trademarks violations
Theft of computer source code
Internet time theft 74
Cybercrime against organization
Unauthorized Access of Computer

Denial Of Service
Internet time theft
Virus attack
Email Bombing
Salami Attack
Logic Bomb
Trojan Horse
Data diddling
75
Cybercrime against Society
Forgery
Cyber Terrorism
Web Jacking
76
Presentation of JJ Maria G. Gener case
( Website Defacement)
Chronology of events:
• April 28, 2004 – Complaint from The Journal

Group to Mr. Wilson Chua regarding the
extremely slow download connection.
• April 29, 2004 – Mr. Wilson Chua informed Journal

Group that the machine hard drive containing
www.gov.ph, www.sanmiguel. com.ph and
www.journal.com.ph web pages crashed.
Cont’… Chronology of events:
• April 30, 2004 – Bitstop Network Services

transferred the www.journal.com.ph web
pages to another web server computer.
• May 1, 2004 – Mr. Wilson Chua sent an e-mail
to Globe Telecom and Infocom Technologies
with attached intrusion logs.
• May 3, 2004 – Complaint from Mr. Wilson
Chua re Network Intrusion.
Cont’… Chronology of events:
• May 5, 2004 – Case conference with ASec Edna

Belleza, Mr. Bobby Capco, Softrigger
representatives and Mr. Wilson Chua.
• Mr. Chua initially identified 6 suspected IP

addresses who were allegedly involved in
the coordinated Denial of Service (DOS)
Attack to the websites www.gov.ph and
www.journal.com.ph respectively.
Complaint Letter From Journal
Group
Complaint Letter From Bitstop
Network Services
Start of Investigation
• ATCD- CCU conducted analysis on the log files

submitted by Mr. Chua.
• Log files from the IDS indicates that there are
series of scan attempts for vulnerability exploit.
• Issuance of various “SUBPOENA DUCES
TECUM” to concerned TELCO’s and Internet
Service Provider (ISP).
Joint Affidavit of Online Staff
of Employees of PJI
Affidavit of
MR WILSON CHUA
Complaint-Affidavit of
USEC PURUGGANAN
Subpoena to
GLOBE TELECOM
Result of Subpoena from
GLOBE TELECOM
Subpoena to IT Officer
OFFICER U.P VISAYAS
Press Release
IP Addresses of the Attacker
Name of Company IP Address
PLDT
a. PLDT dial-up subscriber 203.177.73.162

Infocom Technologies Inc.
b. Infocom dial-up subscriber 203.131.73.96

c. SSS Diliman Quezon City 202.163.226.140
d. Amellar Corporation 203.131.73.96
Globe Telecom Inc.
e. Mercury Interactive/Singtel 202.52.161.137

f. U.P Miagao Iloilo City 203.177.73.162
PLDT DIAL-UP SUBSCRIBER
INTERNET
BITSTOP
NETWORK
PLDT
(Telco Gateway Provider) SERVICES
Dial-up Subscriber WebHosting Server

Bitstop Network Services
May 3, 2004
IP Address: 202.91.163.2
Start: 07:34:35 PM
Location: Dagupan City, Pang
End: 07:49:35 PM
Www.gov.ph
IP Address: 210.14.24.122
Www.journal.com.ph
Phone Number: 033-3202011
“Victim Computer”
Bartolome L Delantar:, Ruste Drv.,
Brgy. San Jose, Zamboanga City
Type of Attack: Scripting
INFOCOM SUBSCRIBER
INTERNET
DSL connection
April 30, 2004
Start: 10:11:39 AM
BITSTOP
End: 10:11:39 AM
IP Address: 202.131.71.94 INFOCOM NETWORK
Amellar Solutions
(Internet Service SERVICES
Provider)
April 26, 2004
Start: 10:29:36 AM
End: 11:59:39 AM
IP Address: 202.131.71.94
WebHosting Server
Amellar Solutions
IP Address: 202.91.163.2
April 23, 2004
Dial-up Subscriber
Location: Dagupan City, Pang
Start: 11:55:41 AM
Www.gov.ph
End: 11:55:53 AM
Www.journal.com.ph
IP Address: 202.131.71.94 April 29, 2004 “Victim Computer”
Amellar Solutions
Start: 11:49:23 PM
End: 11:53:56 PM
IP Address: 203.131.73.96
April 29, 2004 April 30,2004 Phone number : 034-4346417
Start: 07:28:07 AM 09:03:58 AM
End: 08:35:31 AM 09:07:47 AM Mr. Omad Sayd S. Kanaan
Start: 08:11:51 AM
748 Makiling St., Brgy Villamonte,
End: 10:22:21 AM
Bacolod City, Negros Occidental
DSL connection
IP Address: 202.163.226.140
SSS Diliman, Quezon City
Type of Attack: Large ICMP Packet Type of Attack: Scripting
GLOBE SUBSCRIBER
INTERNET
BITSTOP
NETWORK
GLOBE SERVICES
(Telco Gateway Provider)
WebHosting Server
Dedicated Line IP Address: 202.91.163.2
May 3, 2004 May 7, 2004 Location: Dagupan City, Pang

Start: 04:48:10 PM 04:48:10 PM Www.gov.ph
End: 04:57:38 PM 04:57:38 PM
Www.journal.com.ph
IP Address: 203.177.73.162, 203.177.73.181, April 28, 2004
203.177.73.182, 203.177.73.183, Start: 07:27:37 PM
203.177.73.184, 203.177.73.185, End: 07:39:37 PM
203.177.73.186, 203.177.73.187, IP Address: 202.52.161.137
203.177.73.188, 203.177.73.189 Mercury Interactive/Singtel
University of the Philippines, Miagao Iloilo Type of Attack: Large ICMP Packet
Globe Internet Data Center

Official User: Mr. JJ Maria Glomo Giner
ENTIRE PICTURE OF THE
NETWORK INTRUSION
May 3, 2004
Start: 07:34:35 PM
End: 07:49:35 PM
IP Address: 210.14.24.122
ATTACKER GATEWAY INTERNET
Phone Number: 033-3202011 TARGET
Bartolome L Delantar:, Ruste Drv.,
Brgy. San Jose, Zamboanga City
Type of Attack: Scripting PLDT
(Telco Gateway Provider) BITSTOP
April 30, 2004
Start: 10:11:39 AM NETWORK
End: 10:11:39 AM
IP Address: 202.131.71.94 SERVICES
Amellar Solutions
Type of Attack: Scripting INFOCOM
April 26, 2004 (Internet Service
Start: 10:29:36 AM
Provider)
End: 11:59:39 AM
IP Address: 202.131.71.94
WebHosting Server
Amellar Solutions
IP Address: 202.91.163.2
April 23, 2004
Start: 11:55:41 AM
End: 11:55:53 AM
GLOBE Location: Dagupan City, Pang
Www.gov.ph
IP Address: 202.131.71.94 (Telco Gateway Provider) Www.journal.com.ph

Amellar Solutions
April 29, 2004

Start: 11:49:23 PM
End: 11:53:56 PM
IP Address: 203.131.73.96
Phone number : 034-4346417
April 28, 2004 May 3, 2004 May 7, 2004
Mr. Omad Sayd S. Kanaan
April 29, 2004 April 30,2004 Start: 07:27:37 PM Start: 04:48:10 PM 04:48:10 PM
748 Makiling St., Brgy Villamonte,
Start: 07:28:07 AM 09:03:58 AM End: 07:39:37 PM End: 04:57:38 PM 04:57:38 PM
Bacolod City, Negros Occidental
End: 08:35:31 AM 09:07:47 AM IP Address: 202.52.161.137 IP Address: 203.177.73.162
Start: 08:11:51 AM Mercury Interactive/Singtel University of the Philippines, Miagao Iloilo
End: 10:22:21 AM Type of Attack: Large ICMP Packet Official User: Mr. JJ Maria Glomo Giner
IP Address: 202.163.226.140 Type of Attack: Scripting
SSS Diliman, Quezon City
Type of Attack: Large ICMP Packet
OTHER IP ADDRESSES THAT SCANNED THE
TARGET FOR VULNERABILITY EXPLOITS
Basic Internet Tuguegarao

INTERNET San Fernando City ‘202.91.170.42’
‘202.91.169.38’ ‘202.91.170.3
202.91.169.55'
202.91.171.47' Cavite
United States
‘202.91.168.198’
202.91.168.253'
202.91.168.254'
202.91.168.172'
202.91.168.163'
202.91.168.205'
202.91.168.164'
202.91.168.250'
Hongkong
Bitstop Dagupan City
‘202.91.161.44'
Philippines China ‘202.91.167.21’
‘202.91.172.61’
VMU
‘202.91.160.216’
San Carlos City
‘202.91.160.106'
‘202.91.175.130’
‘202.91.160.39’
U.P Visayas
On-Site Investigation
• Set of IP addresses identified and
analyzed by ATCD-CCU came from
U.P.Visayas Linux Gateway computer.
U.P Visayas
Cont’…
On-Site Investigation
(Photo taken during the on-site investigation at

U.P Visayas.
Result of U.P Visayas
Administrative Investigation
• Mr. Reniel Cambel, Systems and Network Admin of U.P Visayas

revealed that the source of the intrusion attack came from the
Information and Publications Office (IPO) on the computer being
used by a certain Mr. JJ Maria Glomo Giner.
• Professor Villareal discovered that there were several instances that

the hard drive of the subject computer was taken out by Mr. Giner
without clearance from U.P.V Administrators and further brought
home as evidenced by the letter of explanation of Mr. Giner dated
May 31, 2004.
• Suspected hard drive was seized by U.P.V officials and was turned-
over to ATCD-CIDG.
Cont’… CASE REFERRAL TO
DOJ
RESOLUTION BY THE STATE
PROSECUTOR
Cont’… RESOLUTION
BY THE
STATE PROSECUTOR
Cont’… RESOLUTION
BY THE STATE
PROSECUTOR
Press Release
Warrant of Arrest
Press Release
106
Judgment
THE FIRST FILIPINO
CONVICTED HACKER
The conviction of JJ Maria G.

Giner was considered a
landmark case, as he is the
first local hacker to be
convicted under Section
33(a) of R.A. No. 8792 (E-
Commerce Act ) which was
investigated by ATCD-CCU.
PRESS RELEASE
Question

Electronic Crime

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Electronic Crime

Încărcat de

Drepturi de autor:

Formate disponibile

Cyber / Electronic Crime

I. Introduction to Cyber Crime

II. E-Commerce Act of 2000

III. Access Device Act

IV. Classification of Cybercrime

[ Republic Act No. 10175 ]

AN ACT DEFINING CYBERCRIME, PROVIDING FOR

• The cybercrime offenses provided in Sec.4

• (1) Illegal Access. – The access to the whole or any part of a

• (2) Illegal Interception. – The interception made by technical

• (3) Data Interference. — The intentional or reckless alteration,

• (4) System Interference. — The intentional alteration or reckless

• (5) Misuse of Devices.

• (i) The use, production, sale, procurement, importation, distribution,

• (aa) A device, including a computer program, designed or adapted

• (bb) A computer password, access code, or similar data by which

• (ii) The possession of an item referred to in paragraphs 5(i)(aa) or

• (6) Cyber-squatting. – The acquisition of a domain name over the

• (i) Similar, identical, or confusingly similar to an existing trademark

• (iii) Acquired without right or with intellectual property interests in it.

• (1) Computer-related Forgery. —

• (i) The input, alteration, or deletion of any computer data without

• (2) Computer-related Fraud. — The unauthorized input, alteration,

• (3) Computer-related Identity Theft. – The intentional acquisition,

• (1) Cybersex. — The willful engagement, maintenance, control, or

• (2) Child Pornography. — The unlawful or prohibited acts defined and

• (3) Unsolicited Commercial Communications. — The transmission of

• (4) Libel. — The unlawful or prohibited

Law enforcement authorities, with due

Law Enforcement Authorities. — The

Duties of Law Enforcement Authorities. — To ensure

• The integrity of traffic data and subscriber information relating to

ELECTRONIC COMMERCE ACT (RA8792) - AN

signed into law last June 14, 2000, is a

 Provides the mandate for the electronic

 Mandates RPWeb to be implemented. RPWeb is a

 Provided guidelines as to when a service provider

 Authorities and parties with the legal right can only

 Hacking or cracking, refers to unauthorized access

 All existing laws such as the Consumer Act of

Note that the previous slide is merely an elaboration of

In the near future, even ordinary household

or any access in order to corrupt

Piracy or the Storage,

shall be punished by a minimum fine of one hundred

Violations of the Consumer Act or Republic Act

Other violations of the provisions of this Act, shall

REPUBLIC ACT NO. 8484 AN ACT

Counterfeit Access Device — means any access device that

Unauthorized Access Device — means any access device

Access Device Fraudulently Applied for — means any access

Consumer — means a natural person;

Credit Card — means any card, plate, coupon book, or

Device Making or Altering Equipment — means any

Finance Charges — represent the amount to be

Open-end-credit plan — means a consumer credit

Open-end-credit plan — means a consumer credit

the person has the privilege of paying the

a finance charge may be computed by the

Penalty Charges — means such amount, in addition

Trafficking — means transferring, or otherwise

The following acts shall constitute access device fraud

producing, using, trafficking in one or more