Cyber Crim

8/6/2019 Cyber Crim

http://slidepdf.com/reader/full/cyber-crim 1/72

CyberCyber--crime and Securitycrime and Security

Policy IssuesPolicy Issues

Rodolfo Noel S. QuimboResource Person

Information, Communication

and Space Technology DivisionUNESCAP

8/6/2019 Cyber Crim


Two Part PresentationTwo Part Presentation

CyberCyber--crimecrime

•• Internet and Security ConceptsInternet and Security Concepts•• Incidents/AttacksIncidents/Attacks

•• Improving SecurityImproving Security

CyberlawCyberlaw

•• Statutes, Laws, and PoliciesStatutes, Laws, and Policies ––

Challenges to enforcersChallenges to enforcers•• Substantive and Procedural LawSubstantive and Procedural Law

•• Efforts to Combat CyberEfforts to Combat Cyber--crimecrime

8/6/2019 Cyber Crim


--

Part I CyberPart I Cyber--crimecrime

8/6/2019 Cyber Crim


Internet and Security ConceptsInternet and Security Concepts The Internet and Its VulnerabilitiesThe Internet and Its Vulnerabilities

•• When it started as a project of the AdvancedWhen it started as a project of the Advanced

Research Project of the US DefenseResearch Project of the US DefenseDepartment in 1969, the system was designedDepartment in 1969, the system was designed

for openness and flexibility, not securityfor openness and flexibility, not security

•• The first publicized international securityThe first publicized international securityincident was identified in 1986. An attemptincident was identified in 1986. An attempt

was made to use the network to accesswas made to use the network to access

computers in the US to copy information fromcomputers in the US to copy information from

them.them.

•• In 1988, the network had its first automatedIn 1988, the network had its first automated

network security incident courtesy of a wormnetwork security incident courtesy of a worm

programprogram

8/6/2019 Cyber Crim


Internet and Security ConceptsInternet and Security Concepts The Internet and Its VulnerabilitiesThe Internet and Its Vulnerabilities

•• As a response to the worm threat, a computerAs a response to the worm threat, a computer

emergency response team was created (nowemergency response team was created (nowthe CERT Coordination Center)the CERT Coordination Center)

•• In 1989, the ARPANET Project officiallyIn 1989, the ARPANET Project officially

became the Internet. However, it has, forbecame the Internet. However, it has, formost part retained its inherent opennessmost part retained its inherent openness

•• The Internet being inherently open, extremelyThe Internet being inherently open, extremely

dynamic allows attacks, in general, to bedynamic allows attacks, in general, to bequick, easy, inexpensive and often timesquick, easy, inexpensive and often times

difficult to detect or tracedifficult to detect or trace

8/6/2019 Cyber Crim


Important Security ConceptsImportant Security Concepts

•• Confidentiality of InformationConfidentiality of Information

Confidentiality is lost when someone without authorityConfidentiality is lost when someone without authority

is able to read or copy informationis able to read or copy information

•• Integrity of InformationIntegrity of Information

Modifying information in unexpected ways makes itModifying information in unexpected ways makes it

lose its integritylose its integrity•• Availability of InformationAvailability of Information

The erasure of information makes it unavailable whenThe erasure of information makes it unavailable when

needed. Often, this is the most important attribute inneeded. Often, this is the most important attribute in

service oriented businessesservice oriented businesses

8/6/2019 Cyber Crim


Elements of a Secured NetworkElements of a Secured Network

EnvironmentEnvironment AuthenticationAuthentication

•• “ “I am who I Say I amI am who I Say I am” ”

AuthorizationAuthorization

•• “ “I am allowed to read the fileI am allowed to read the file” ” NonNon--repudiationrepudiation

•• “ “Yes, I sent the eYes, I sent the e--mailmail” ”

8/6/2019 Cyber Crim


Attack TrendsAttack Trends visvis aa visvis InternetInternet

GrowthGrowth Trend 1Trend 1 –– Automation; speed of AttackAutomation; speed of Attack

ToolsTools•• Scanning for Potential VictimsScanning for Potential Victims

•• Compromising vulnerable systemsCompromising vulnerable systems

•• Propagate the AttackPropagate the Attack

•• Coordinated Management of Attack ToolsCoordinated Management of Attack Tools

8/6/2019 Cyber Crim


Attack Trends (contAttack Trends (cont’’d.)d.)

Trend 2Trend 2 –– Increasing SophisticationIncreasing Sophistication

of Attack Toolsof Attack Tools

•• AntiAnti--forensicsforensics

•• Dynamic behaviorDynamic behavior

•• Modularity of attack toolsModularity of attack tools

8/6/2019 Cyber Crim



Trend 3Trend 3 –– Faster Discovery of vulnerabilitiesFaster Discovery of vulnerabilities

Year 1995 1996 1997 1998 1999

Vulnerabilities 171 345 311 262 417

8/6/2019 Cyber Crim



Trend 3Trend 3 –– Faster Discovery of vulnerabilitiesFaster Discovery of vulnerabilities

Year 2000 2001 2002 2003 2004 2005 2006

Vulnerabilities

1,090 2,437 4,129 3,784 3,780 5,990 8,064

Total Vulnerabilities reported (1995-Q2, 2006): 30,780

8/6/2019 Cyber Crim



Trend 4Trend 4 –– Increasing Permeability of Increasing Permeability of

FirewallsFirewalls

Trend 5Trend 5-- Increasing AsymmetricIncreasing Asymmetric

ThreatThreat

8/6/2019 Cyber Crim



Trend 6Trend 6 –– Increasing Threat fromIncreasing Threat from

Infrastructure AttacksInfrastructure Attacks

•• Attack 1Attack 1 –– Distributed Denial of Distributed Denial of

ServiceService

•• Attack 2Attack 2 -- WormsWorms

8/6/2019 Cyber Crim





•• Attack 3Attack 3 –– Attacks on the InternetAttacks on the Internet

Domain Name System (DNS)Domain Name System (DNS)

Cache PoisoningCache Poisoning Compromised DataCompromised Data

Denial of ServiceDenial of Service Domain HijackingDomain Hijacking

8/6/2019 Cyber Crim





•• Attack 4Attack 4 –– Attacks against or usingAttacks against or using

routersrouters

Routers as attack platformsRouters as attack platforms Denial of ServiceDenial of Service

Exploitation of Trust relationshipExploitation of Trust relationshipbetween routersbetween routers

8/6/2019 Cyber Crim


Sources of Incidents/ThreatsSources of Incidents/Threats

3

Vulnerabilities

External

Interception Spoofing, viruses, Trojans

Message modification,

Break – in

Transaction interception

Internal

LAN sniffing Trojans

Access behind firewalls

Back connection topublic Internet

Internet

Cable Modem,Firewall, LAN

Server

PC

Viruses,

Trojans

Sniffers,back door

Transaction

trapping,hackers

8/6/2019 Cyber Crim


Kinds of IncidentsKinds of Incidents

ProbeProbe•• Attempts to gain access into a systemAttempts to gain access into a system

ScanScan•• Large number of probesLarge number of probes

Account CompromiseAccount Compromise•• Unauthorized use of an account byUnauthorized use of an account by

someone other than the ownersomeone other than the owner

Root CompromiseRoot Compromise•• An account compromise where theAn account compromise where the

account has special privileges on theaccount has special privileges on thesystemsystem

8/6/2019 Cyber Crim



PacketPacket SnifferSniffer

•• A program that captures data asA program that captures data aspackets travel through the networkpackets travel through the network

Denial of ServiceDenial of Service

•• Preventing authorized users from usingPreventing authorized users from using

the systemthe system

Exploitation of TrustExploitation of Trust•• Forging of identity in order to gainForging of identity in order to gain

unauthorized accessunauthorized access

8/6/2019 Cyber Crim



Malicious CodeMalicious Code

•• Programs that, when executed,Programs that, when executed,cause undesired results such as losscause undesired results such as loss

of data, downtime, denial of serviceof data, downtime, denial of service

8/6/2019 Cyber Crim



Internet Infrastructure AttacksInternet Infrastructure Attacks

•• Rare but serious attacks on keyRare but serious attacks on keycomponents of the Internetcomponents of the Internet

structure such as network namestructure such as network name

servers and large archive sitesservers and large archive sites

8/6/2019 Cyber Crim


Improving SecurityImproving Security

Recommended Security Practices thatRecommended Security Practices that

can minimize network intrusions:can minimize network intrusions:•• Ensure all accounts have passwords that areEnsure all accounts have passwords that are

difficult to guess. One time passwords aredifficult to guess. One time passwords are

preferred.preferred.•• Use cryptographyUse cryptography

•• Use secure programming techniques when writingUse secure programming techniques when writing

softwaresoftware•• Regularly check for updates, fixes and patchesRegularly check for updates, fixes and patches

•• Regularly check for security alertsRegularly check for security alerts

8/6/2019 Cyber Crim


Improving SecurityImproving Security

Available technologiesAvailable technologies

•• One time passwordsOne time passwords•• FirewallsFirewalls

••

Monitoring ToolsMonitoring Tools

•• Security Analysis ToolsSecurity Analysis Tools

•• CryptographyCryptography

8/6/2019 Cyber Crim


PART II:PART II: CyberlawCyberlaw

8/6/2019 Cyber Crim


Countries withCountries with CybercrimeCybercrime StatutesStatutesCountry Law

ARMENIA Criminal Code (2003)

BANGLADESH Office of Law Commission approved the Law on IT

AUSTRALIA CRIMES ACT 1914 (PART VIA), Sections 76B, 76D

AUSTRIA Privacy Act 2000 (effective as of January 1, 2000)

BELGIUM Belgian Parliament in November 2000 adopted new articles in Criminal

Code (effective from February 13, 2001) Article 550(b)

BRAZIL Law no. 9,983 of July 14, 2000 Art. 313-A & B

CANADA Canadian Criminal Code Section 342.1

CHILE Law on Automated Data Processing Crimes no. 19.223, published June

7, 1993PEOPLES

REPUBLIC OF

CHINA

Decree No. 147 of State Council of the Peoples Republic of China,

February 18, 1994. Computer Information Network and Internet

Security, Protection and Management Regulations, (approved by

State Council December 11, 1997, and published December 30,1997)

HONG KONG Telecommunication Ordinance

8/6/2019 Cyber Crim



DENMARK Penal Code (Section 263)

ESTONIA Estonian Criminal Code (Sections 269 to 273)

FINLAND Penal Code Chapter 38 (Section 8)FRANCE New Penal Code, in effect since March 1, 1993 Chapter III

(Articles 323-1 to 323-4)

GERMANY Penal Code Section 202a, 303a, Section 303b

GREECE Criminal Code Article 370C§2

HUNGARY Penal Code (Section 300 C)

IRELAND Criminal Damage Act, 1991

ICELAND Penal Code (§ 228 Section 1)

INDIA Information Technology Act 2000 (No. 21 of 2000)

ISRAEL The Computer Law of 1995,

ITALY Penal Code (Article 615)JAPAN Unauthorized Computer Access Law Law No. 128 of 1999 (in

effect from February 3, 2000)

8/6/2019 Cyber Crim



LATVIA The Criminal Law (Section 241)

LUXEMBOURG The Act of July 15th, 1993, relating to the reinforcement of

the fight against financial crime and computer crime

MALAYSIA Computer Crimes Act 1997

MALTA ELECTRONIC COMMERCE ACT (Sections 337 (C) (1) to

337 (F) (1)

MAURITSIUS The Information Technology (Miscellaneous Provision) Act1998 (Act No. 18 of 1998) Penal Code (Section 369A)

MEXICO Penal Code Part 9 (Chapter II)

THE

NETHERLANDS

Criminal Code (Article 138a)

NEW ZEALAND Crimes Amendment (No 6) Bill is introduced (Section 305ZE

& 305ZF)

NORWAY Penal Code (§ 145, 151 b, § 261 & § 291)PAKISTAN Electronic Transactions Ordinance 2002

8/6/2019 Cyber Crim



POLAND The Penal Code (Article 267 to 269)

PORTUGAL Criminal Information Law of August 17, 1991

PHILIPPINES Republic Act No.8792 or the E-commerce LawSINGAPORE Computer misuse Act.

SOUTH AFRICA South African Law Commission published a Discussion Paper

on Computer-related crime.

SWEDEN The Data Act of 1973 (amendments in 1986 and 1990)

SWITZERLAND Penal Code (Article 143bis)

TURKEY Penal Code (Section 525/a)

UNITED KINGDOM Computer Misuse Act 1990

UNITED STATES Federal legislation (updated April 15, 2002) US CODE:

TITLE 18

VENEZUELA SPECIAL STATUTE AGAINST COMPUTER RELATED

CRIMES (Published in Official Gazette of Bolivarian

republic of Venezuela, October 30, 2001)

8/6/2019 Cyber Crim


Challenges toChallenges to CyberlawCyberlaw EnforcersEnforcers

Technological ChallengesTechnological Challenges

•• Technology allows for near absoluteTechnology allows for near absoluteanonymity of culpritsanonymity of culprits

Legal ChallengesLegal Challenges

•• Laws lag behind the changes in technologyLaws lag behind the changes in technology

Resource ChallengesResource Challenges

•• Lack of sufficient experts/budgetLack of sufficient experts/budget

8/6/2019 Cyber Crim


Substantive AspectsSubstantive Aspects

of the Proposedof the ProposedCybercrimeCybercrime PreventionPrevention

ActAct

Drafting Comprehensive Laws to Combat Cybercrime

“Cyberspace consists of transactions, relationships, and thought itself, arrayed

8/6/2019 Cyber Crim


Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that

is both everywhere and nowhere, but it is not where bodies live.

We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or

conformity.

Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter

here.

Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest,

and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our

constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot

accept the solutions you are attempting to impose.”

John Perry BarlowDeclaration of Independence of Cyberspace

8/6/2019 Cyber Crim


OutlineOutline

Why a NewWhy a New CybercrimeCybercrime Bill?Bill?Salient Substantive Features ofSalient Substantive Features of

CybercrimeCybercrime BillBillPunishable ActsPunishable Acts

Liabilities and PenaltiesLiabilities and Penalties

8/6/2019 Cyber Crim


Why a New Why a New Cybercrime Cybercrime Legislation? Legislation?

New ways of committing cyberNew ways of committing cyber--

crimes crop up every momentcrimes crop up every moment Need to factor in international effortsNeed to factor in international efforts toto

combat cybercombat cyber--crimescrimes

Most laws lack framework that takes intoMost laws lack framework that takes into

account theaccount the ““international facetinternational facet”” ofofcybercyber--crimescrimes

The ProposedThe Proposed CybercrimeCybercrime PreventionPrevention

8/6/2019 Cyber Crim


The Proposed The Proposed Cybercrime Cybercrime Prevention Prevention

Act Act

Aims at harmonizing existing penal Aims at harmonizing existing penal

laws/measures & pending cyberlaws/measures & pending cyber--crime billscrime bills

with the current cyberwith the current cyber--crime measures in thecrime measures in theU.S. and the European Union.U.S. and the European Union.

Models: Models: 1. Budapest Convention on Cyber1. Budapest Convention on Cyber--crimecrime

2. US Computer Fraud & Abuse Act of 19862. US Computer Fraud & Abuse Act of 1986

3. Philippine E3. Philippine E--Commerce ActCommerce Act

What isWhat is CybercrimeCybercrime??

8/6/2019 Cyber Crim


What isWhat is CybercrimeCybercrime??

Criminal JusticeCriminal Justice CybercrimeCybercrime Categories (ProfessorCategories (ProfessorDavid L. CarterDavid L. Carter – – 1979)1979)

1.1. Computer as the TargetComputer as the Target

Computer intrusion, data theft, technoComputer intrusion, data theft, techno--vandalism / trespassvandalism / trespass

2.2. Computer as the instrumentality of the CrimeComputer as the instrumentality of the Crime

Credit card fraud, telecommunications fraud,Credit card fraud, telecommunications fraud,thefttheft

3.3. Computer as Incidental to other CrimesComputer as Incidental to other Crimes

Drug trafficking, money laundering, childDrug trafficking, money laundering, child

pornographypornography4.4. Crimes associated with the Prevalence ofCrimes associated with the Prevalence of

ComputersComputers

Copyright violation, software piracy, componentCopyright violation, software piracy, componentthefttheft

Th C t T tTh C t T t

8/6/2019 Cyber Crim


The Computer as Target The Computer as Target

Illegal accessIllegal access ((§§4.1, proposed bill)4.1, proposed bill)

Punishable ActsPunishable Acts

Unauthorized access to a computer system/networkUnauthorized access to a computer system/network

for the purpose offor the purpose of obtaining or using a computerobtaining or using a computer

data or program or in pursuit of a dishonest intent.data or program or in pursuit of a dishonest intent.

Example: Example:

Hacking/cracking, computer trespassHacking/cracking, computer trespass

Source: Source: Art. 2, Budapest ConventionArt. 2, Budapest Convention

Th C t T tTh C t T t

8/6/2019 Cyber Crim



Illegal interceptionIllegal interception ((§§4.2, proposed bill)4.2, proposed bill)Punishable act: Punishable act:

Unauthorized interception through technical means of any nonUnauthorized interception through technical means of any non--

public transmission of computer data to, from, or within apublic transmission of computer data to, from, or within acomputer system or networkcomputer system or network

Exception: Exception:

Interception deemed necessary for the maintenance/protectionInterception deemed necessary for the maintenance/protection

of facilities of service providers (of facilities of service providers (i.e i.e ., service observing or., service observing orrandom monitoring for mechanical or service control qualityrandom monitoring for mechanical or service control qualitychecks)checks)

Example: Example: Using electronic eavesdropping devices in obtaining dataUsing electronic eavesdropping devices in obtaining data


Th C t T tThe Computer as Target

8/6/2019 Cyber Crim



System interferenceSystem interference ((§§4.4, proposed bill)4.4, proposed bill)Punishable acts: Punishable acts:

IIntentional & unlawful hindering with the properntentional & unlawful hindering with the properfunctioning of a computer system or network by using orfunctioning of a computer system or network by using orinfluencing computer data/program, electronic documentinfluencing computer data/program, electronic documentor data message, including the introduction oror data message, including the introduction or

transmission of viruses; also known as computertransmission of viruses; also known as computersabotagesabotage

Example: Example: Virus dissemination, denialVirus dissemination, denial--ofof--service attacksservice attacks


The Computer as TargetThe Computer as Target

8/6/2019 Cyber Crim



Data interferenceData interference ((§§4.3, proposed bill)4.3, proposed bill)Punishable acts: Punishable acts:

IIntentional & unauthorized damaging, deletion,ntentional & unauthorized damaging, deletion,deterioration, alteration or suppression of computer data,deterioration, alteration or suppression of computer data,electronic document, or electronic data message,electronic document, or electronic data message,including the introduction or transmission of virusesincluding the introduction or transmission of viruses

Example: Example: Inputting malicious codes, such as viruses, resulting inInputting malicious codes, such as viruses, resulting in

modification of datamodification of data


The Computer as Instrumentality The Computer as Instrumentality

8/6/2019 Cyber Crim


Misuse of devicesMisuse of devices ((§§4.5, proposed bill)4.5, proposed bill)Punishable acts: Punishable acts:

Use, production, sale, procurement, importation,Use, production, sale, procurement, importation,distribution, or making available, without right, ordistribution, or making available, without right, orpossession of any of the following:possession of any of the following:

1.1. Device primarily designed/adapted primarily forDevice primarily designed/adapted primarily forcommitting the crimes of (a) illegal access; (b) illegalcommitting the crimes of (a) illegal access; (b) illegalinterception; (c) data interference; and (d) systeminterception; (c) data interference; and (d) systeminterference, defined under the Act;interference, defined under the Act;

2.2. Computer password, access code, or similarComputer password, access code, or similardata by which a whole or part of a computerdata by which a whole or part of a computersystem or network is capable of beingsystem or network is capable of being

accessed.

p yp y

of the Crime of the Crime

accessed.

Th C t I t t litTh C t I t t lit

8/6/2019 Cyber Crim



of the Crime of the Crime Possession of any of the foregoing items with intent toPossession of any of the foregoing items with intent to

use them for the purpose of committing the crimes of (a)use them for the purpose of committing the crimes of (a)

illegal access; (b) illegal interception; (c) dataillegal access; (b) illegal interception; (c) datainterference; and (d) system interference, defined underinterference; and (d) system interference, defined under

the Act;the Act;


8/6/2019 Cyber Crim


p yof the Crime of the Crime

Exceptions: Exceptions:

1.1. Device, used for authorized testing of aDevice, used for authorized testing of a

computer system, program, or networkcomputer system, program, or network2.2. Production/creation of any of the devices is forProduction/creation of any of the devices is for

purely academic purposespurely academic purposes

Note: Note: In both instances, prior consent isIn both instances, prior consent isobtained from the owner of the computerobtained from the owner of the computer

system or network on which the device issystem or network on which the device is

to be used.to be used.Source: Source:

Art. 6, Budapest ConventionArt. 6, Budapest Convention

The Computer as Instrumentality The Computer as Instrumentality of the Crimeof the Crime

8/6/2019 Cyber Crim



Computer forgeryComputer forgery ((§§4.6, proposed bill)4.6, proposed bill)Punishable acts: Punishable acts:

1.1. Input, alteration, suppression, erasure orInput, alteration, suppression, erasure or

suppression of computer data/program orsuppression of computer data/program orelectronic document in a manner that wouldelectronic document in a manner that wouldconstitute the offense of forgeryconstitute the offense of forgery

2.2. Knowingly using a computer or electronicKnowingly using a computer or electronicdata which are products of computer forgerydata which are products of computer forgeryfor purposes of perpetuating fraudulentfor purposes of perpetuating fraudulent

design.design. Source: Source:



8/6/2019 Cyber Crim



Computer fraudComputer fraud ((§§4.7, proposed bill)4.7, proposed bill) Punishable acts: Punishable acts:

1. Intentional/unauthorized input, alteration, suppression,1. Intentional/unauthorized input, alteration, suppression,etc. of computer data/programs or electronic documentetc. of computer data/programs or electronic documentor data message, oror data message, or

2. Interference in the functioning of computer system or2. Interference in the functioning of computer system or

network.network. ElementsElements

1.1. One of the punishable acts committed;One of the punishable acts committed;

2.2. Act is committed with intent of procuring economic benefit forAct is committed with intent of procuring economic benefit forone self or for another, or for the perpetuation of a fraudulentone self or for another, or for the perpetuation of a fraudulentactivityactivity

3.3. Damage is caused therebyDamage is caused thereby

The Computer as InstrumentalityThe Computer as Instrumentality

8/6/2019 Cyber Crim




Examples: Examples:

Credit card fraud, identity theft/fraudCredit card fraud, identity theft/fraud

Source: Source:



8/6/2019 Cyber Crim



Offenses related to child pornographyOffenses related to child pornography((§§5, proposed bill)5, proposed bill)

Child pornographyChild pornography -- materials which visually depict amaterials which visually depict aminor engaged in a sexually explicit conduct or a personminor engaged in a sexually explicit conduct or a personappearing to be a minor engaged in sexually explicitappearing to be a minor engaged in sexually explicitconductconduct

Punishable ActsPunishable Acts Producing child pornography for distributionProducing child pornography for distribution

Offering/making available child pornographyOffering/making available child pornography

Distributing/transmitting child pornographyDistributing/transmitting child pornography

all through the medium of a computer systemall through the medium of a computer systemor networkor network


8/6/2019 Cyber Crim



-- Criminal liability is without prejudice toCriminal liability is without prejudice to

prosecution under Antiprosecution under Anti--Trafficking in PersonsTrafficking in Persons

Laws &Laws & Special Protection of Children AgainstSpecial Protection of Children AgainstChild Abuse, Exploitation and DiscriminationChild Abuse, Exploitation and Discrimination

LawsLaws

Source: Source:

Art.9, Budapest ConventionArt.9, Budapest Convention

The Computer as an Incident to the The Computer as an Incident to the

Commission of the CrimeCommission of the Crime

8/6/2019 Cyber Crim


Commission of the Crime Commission of the Crime

Violations of Penal Codes or rules & other existingViolations of Penal Codes or rules & other existing

penal lawspenal laws ((§§7, proposed bill)7, proposed bill)

-- Should an act punishable under the Criminal Code,Should an act punishable under the Criminal Code, thethe

Consumer Protection Act, or other existing penal laws beConsumer Protection Act, or other existing penal laws be

committedcommitted ““through the use of, aided by, or involvingthrough the use of, aided by, or involving

computer systems or networks or through transactionscomputer systems or networks or through transactions

covered by or using electronic documents or electroniccovered by or using electronic documents or electronic

data messagesdata messages””, said act shall be punishable and, said act shall be punishable andprosecuted under those laws .prosecuted under those laws .

-- Purpose: Purpose:

Fill in the gaps in existing penal laws & eradicate preconceivedFill in the gaps in existing penal laws & eradicate preconceivednotions that our existing laws only punishes crimes committed innotions that our existing laws only punishes crimes committed in

real world.real world.

-- Source: Source: §§33(c), Philippine E33(c), Philippine E--Commerce ActCommerce Act

Crimes Associated with the Prevalence of Computers

8/6/2019 Cyber Crim


Infringement of Intellectual Property RightsInfringement of Intellectual Property Rights ((§§6, proposed bill)6, proposed bill)

Punishable acts: Punishable acts:

Intentional copying, reproduction, dissemination, distribution,Intentional copying, reproduction, dissemination, distribution, oror

making available online by means of a computer system ormaking available online by means of a computer system or

networknetwork Of protected works (Of protected works (e.g e.g ., computer programs, systems and., computer programs, systems and

designs),designs),

without the knowledge and consent of the owners thereofwithout the knowledge and consent of the owners thereof

for his or another personfor his or another person’’s benefits benefit

Liability without prejudice to prosecution under the IntellectuaLiability without prejudice to prosecution under the Intellectuall

Property CodeProperty Code

Exception: Exception: Fair use, as defined in the Intellectual Property CodeFair use, as defined in the Intellectual Property Code

Source: Source:

Art.10, Budapest Convention

Prevalence of Computers

Art.10, Budapest Convention

Crimes Associated with the Prevalence of Computers

8/6/2019 Cyber Crim


Prevalence of Computers

Unsolicited commercial communicationsUnsolicited commercial communications

((§§4.8, proposed bill)4.8, proposed bill)Punishable acts: Punishable acts:

UnconsentedUnconsented transmission of voice or datatransmission of voice or data

messages which seek to advertise, sell, or offer formessages which seek to advertise, sell, or offer forsale products and servicessale products and services

Example: Example:

Spam eSpam e--mailmail

Liabilities and Penalties Liabilities and Penalties

8/6/2019 Cyber Crim


Prosecution under the proposed bill does notProsecution under the proposed bill does notbar prosecution under:bar prosecution under:

Criminal CodeCriminal Code

Consumer Protection LawsConsumer Protection LawsOther Relevant LawsOther Relevant Laws


8/6/2019 Cyber Crim


Who are liableWho are liable::Persons whoPersons who directly committeddirectly committed any of theany of the

punishable acts (punishable acts (§§8, proposed bill)8, proposed bill)

CoCo--conspirator(s)conspirator(s) in the commission of any ofin the commission of any of

the punishable acts (the punishable acts (§§10, proposed bill)10, proposed bill)

Persons whoPersons who aid/abetaid/abet in the commission ofin the commission ofany of the punishable acts (any of the punishable acts (§§11, proposed bill)11, proposed bill)


8/6/2019 Cyber Crim


Who are liableWho are liable::In case ofIn case of juridical entities juridical entities ((§§9, proposed bill)9, proposed bill)

a. Officers, board members, & employee(s) whoa. Officers, board members, & employee(s) whodirectly participated or knowingly authorizeddirectly participated or knowingly authorized

the commission of the unlawful act in behalfthe commission of the unlawful act in behalf

& for the benefit of the juridical entity& for the benefit of the juridical entityb. Officers & board members if the commissionb. Officers & board members if the commission

of the offense was due to lack of supervisionof the offense was due to lack of supervision

control, either willfully or through grosscontrol, either willfully or through grossnegligencenegligence


8/6/2019 Cyber Crim


Imposable penaltiesImposable penalties ((§§8, proposed bill)8, proposed bill)-- Jail sentence of between 6 months & 1 day to 6Jail sentence of between 6 months & 1 day to 6

yearsyears or a fine ranging from $ 2000or a fine ranging from $ 2000 -- $ 12000, or$ 12000, or

both fine & imprisonmentboth fine & imprisonment

-- Offenses related to child pornography: 6 years &Offenses related to child pornography: 6 years &

1 day to 12 years imprisonment or a $ 40001 day to 12 years imprisonment or a $ 4000 -- $$16000 fine, or both fine & imprisonment16000 fine, or both fine & imprisonment

-- Subsidiary penalty of imprisonment in case theSubsidiary penalty of imprisonment in case the

offender does not have enough property to satisfyoffender does not have enough property to satisfythe fine.the fine.

Civil liabilities for loss or damageCivil liabilities for loss or damage

Procedural AspectsProcedural Aspects

8/6/2019 Cyber Crim


Procedural AspectsProcedural Aspects

of the Proposedof the Proposed

Cybercrime PreventionCybercrime PreventionActAct

Drafting Comprehensive Laws to Combat Cybercrime

OutlineOutline

8/6/2019 Cyber Crim


OutlineOutline

JurisdictionJurisdiction

JointJoint CybercrimeCybercrime Investigation UnitInvestigation Unit

•• FunctionsFunctions•• CompositionComposition

•• PowersPowers

Enforcement and ImplementationEnforcement and Implementation•• Collection of Computer DataCollection of Computer Data

•• Search and Seizure of Computer DataSearch and Seizure of Computer Data

International CooperationInternational Cooperation RemediesRemedies

Some IssuesSome Issues

Extra Extra - - Territorial Application of the Territorial Application of the

Proposed Cybercrime Prevention ActProposed Cybercrime Prevention Act

8/6/2019 Cyber Crim


JurisdictionJurisdiction-- Sec. 21, proposed bill:Sec. 21, proposed bill:

““The Competent Court shall have jurisdiction over anyThe Competent Court shall have jurisdiction over anyviolation of the provisions of this Act committed within theviolation of the provisions of this Act committed within the

territory. In case any of the offenses herein defined isterritory. In case any of the offenses herein defined is

committed outside the territorial limits, and by suchcommitted outside the territorial limits, and by suchcommission any damage is caused to a computer system orcommission any damage is caused to a computer system or

network situated within the territory, or to a natural ornetwork situated within the territory, or to a natural or

juridical person who, at the time the offense was committed, juridical person who, at the time the offense was committed,

is in the territory, the proper Court in the Territory shall havis in the territory, the proper Court in the Territory shall havee jurisdiction. jurisdiction.”

Proposed Cybercrime Prevention Act Proposed Cybercrime Prevention Act

”



8/6/2019 Cyber Crim




-- Two approaches in establishingTwo approaches in establishing jurisdiction: jurisdiction:

1.1. Where the crime is committedWhere the crime is committed

2.2. Where the effects of the crime areWhere the effects of the crime are

feltfelt-- If the answer to any of the foregoing isIf the answer to any of the foregoing is

the country, then the proper court maythe country, then the proper court maytake cognizance of the cybercrime case.take cognizance of the cybercrime case.



8/6/2019 Cyber Crim




-- This is without prejudice to the filingThis is without prejudice to the filing

appropriate actions in courts/tribunals ofappropriate actions in courts/tribunals of

other countries which, under theirother countries which, under theirrespective laws, may properly acquirerespective laws, may properly acquire

jurisdiction . jurisdiction .

8/6/2019 Cyber Crim


Joint Cybercrime Investigation UnitJoint Cybercrime Investigation Unit

((““JCIUJCIU””))

8/6/2019 Cyber Crim


Composition of the JCIUComposition of the JCIU§§14, proposed bill:14, proposed bill:

1.1. National Bureau of InvestigationNational Bureau of Investigation – – AntiAnti--Fraud and Computer Crimes DivisionFraud and Computer Crimes Division

2.2. Centers for TransnationalCenters for Transnational

CrimeCrime3.3. National PoliceNational Police – – Crimes Investigation and DetectionCrimes Investigation and Detection

GroupGroup Headed by an Executive Director to be appointed byHeaded by an Executive Director to be appointed by

the respective member organizations.

(( JCIUJCIU ))

the respective member organizations.

Joint Cybercrime Investigation UnitJoint Cybercrime Investigation Unit((““JCIUJCIU””))

8/6/2019 Cyber Crim


(( JCIUJCIU ))

Powers §§15, proposed bill:15, proposed bill:

1.1. Prepare/implementPrepare/implementmeasures to suppressmeasures to suppresscybercrimescybercrimes

2.2. Investigate & conduct infoInvestigate & conduct info

gathering activities togathering activities toidentify & prosecute cyberidentify & prosecute cyber--offendersoffenders

3.3. Effect searches/seizuresEffect searches/seizures

4.4. Refer cases to proper govRefer cases to proper gov’’ttagency for prosecutionagency for prosecution

5.5. Formulate programs for intFormulate programs for int’’ll

cooperation

6.6. Solicit/coordinate privateSolicit/coordinate private

sector participationsector participation

7.7. Recommend enactment ofRecommend enactment of

appropriate laws &appropriate laws &

measuresmeasures

§§29, proposed bill:29, proposed bill:

-- Formulate/implementFormulate/implement

special & continuingspecial & continuing

training course for lawtraining course for law

enforcersenforcers

cooperation

Enforcement & Implementation

8/6/2019 Cyber Crim


Role of service providers (Role of service providers (§§17 & 19, proposed bill):17 & 19, proposed bill):

1.1. Preserve computer data & traffic record up toPreserve computer data & traffic record up to

a maximum period of 6 months from date ofa maximum period of 6 months from date of

transactiontransaction

-- 66--month period, extendible uponmonth period, extendible upon JCIUJCIU’’ss orderorder

(reasonable belief that the computer data may(reasonable belief that the computer data may

have been used in committinghave been used in committing cybercrimecybercrime))

2.2. Cooperate in the disclosure of computer data &Cooperate in the disclosure of computer data &

traffic record covered by a lawful courttraffic record covered by a lawful court order/writ,order/writ,and to keep confidential info regarding theand to keep confidential info regarding the

execution by JCIU of such court order/writexecution by JCIU of such court order/writ


8/6/2019 Cyber Crim


Search, Seizure, & Collection of Computer Data (Search, Seizure, & Collection of Computer Data (§§16, 18, &16, 18, &

19, proposed bill):19, proposed bill):

-- Can only be done by virtue of a court order/writ,Can only be done by virtue of a court order/writ,upon finding probable causeupon finding probable cause

-- JCIU, by virtue of a court order/writ, can requireJCIU, by virtue of a court order/writ, can require

a person/service provider to submit specifieda person/service provider to submit specifiedcomputer data & subscriber info, & to collect andcomputer data & subscriber info, & to collect and

record traffic data associated with specifiedrecord traffic data associated with specified

communicationscommunications


8/6/2019 Cyber Crim


Search, Seizure, & Collection of Computer Data (Search, Seizure, & Collection of Computer Data (§§16, 18, &16, 18, &

19, proposed bill):19, proposed bill):

-- JCIU can perform/require the following by virtue of aJCIU can perform/require the following by virtue of awarrant:warrant:

1. Conduct surveillance operations

2. Secure computer system/network or portions thereof

3. Make/retain copy of computer data secured

4. Maintain integrity of the relevant stored computer data

5. Remove/render in accessible those computer data inthe accessed computer system/network

International Cooperation International Cooperation ((§§22 to 26, proposed bill)22 to 26, proposed bill)

8/6/2019 Cyber Crim


((§§ , p p ), p p )

Treaty/International Agreement (Treaty/International Agreement (§§22 to 26, proposed bill)22 to 26, proposed bill)

The government may undertakes to cooperate withThe government may undertakes to cooperate withother nations in the detection, investigation, &other nations in the detection, investigation, &

prosecution of cyberprosecution of cyber--crimes & also in the collection ofcrimes & also in the collection ofevidence relating thereto.evidence relating thereto.

-- Condition: Formal request for cooperation orCondition: Formal request for cooperation or

assistance, made by a duly authorizedassistance, made by a duly authorizedrepresentative of the foreignrepresentative of the foreign govgov’’tt pursuant to apursuant to atreaty/agreementtreaty/agreement

ReciprocityReciprocity In the absence of treaty/agreement, mutual assistanceIn the absence of treaty/agreement, mutual assistance

or cooperation shall be based on the principle ofor cooperation shall be based on the principle of

reciprocity.reciprocity.

International Cooperation International Cooperation (§22 to 26, proposed bill)

8/6/2019 Cyber Crim


(§ , p p )

Grounds for refusal to cooperate:Grounds for refusal to cooperate:

1. Offence punishable under country1. Offence punishable under country’’s laws & courtss laws & courts

have acquired jurisdiction over the person of thehave acquired jurisdiction over the person of theaccusedaccused

2. Info requested is privileged/protected under2. Info requested is privileged/protected undercountrycountry’’s laws or that which affects nationals laws or that which affects nationalsecuritysecurity

3. Production of requested info, unreasonable3. Production of requested info, unreasonable

4. Requesting government has previously refused4. Requesting government has previously refused

similar request by requested government withoutsimilar request by requested government without justifiable reason justifiable reason

5. Prior breach by the requesting government5. Prior breach by the requesting government

8/6/2019 Cyber Crim


--

Efforts to Combat CyberEfforts to Combat Cyber--crimescrimes

Innovative Practices to CombatInnovative Practices to Combat

8/6/2019 Cyber Crim


CybercrimesCybercrimes AntiphishingAntiphishing JapanJapan

OnGuardOnGuard Online in the USOnline in the US Video Campaigns to educate consumersVideo Campaigns to educate consumers

International CooperationInternational Cooperation

8/6/2019 Cyber Crim


pp

Council of Europe Convention on CyberCouncil of Europe Convention on Cyber--

crime criminalizes:crime criminalizes:•• Offenses against confidentiality, integrityOffenses against confidentiality, integrity

and availability of computer dataand availability of computer data

•• Computer related offenses like computerComputer related offenses like computerrelated forgeryrelated forgery

••

Content related offenses like childContent related offenses like child

pornography; andpornography; and

•• Copyright related offensesCopyright related offenses

International CooperationInternational Cooperation

8/6/2019 Cyber Crim


p

The Asia Pacific Economic CooperationThe Asia Pacific Economic Cooperationendorses the following action items to combatendorses the following action items to combat

CyberCyber--crime:crime:•• Immediate enactment of substantive, proceduralImmediate enactment of substantive, procedural

and mutual assistance laws;and mutual assistance laws;

•• Making cyberMaking cyber--crime laws as comprehensive ascrime laws as comprehensive asthose proposed in the Council of Europe;those proposed in the Council of Europe;

•• Assistance between and among economies;Assistance between and among economies;

•• Security and Technical guidelines that can be usedSecurity and Technical guidelines that can be usedby governments and corporationsby governments and corporations vsvs cybercrimecybercrime

•• Outreach programs to economies and consumersOutreach programs to economies and consumersregarding cyberregarding cyber--security and cyber ethicssecurity and cyber ethics

8/6/2019 Cyber Crim


8/6/2019 Cyber Crim


@@

Thank YouThank You

Cyber Crim

Documents

Transcript of Cyber Crim