CYBERCRIME

Refers to either: conduct undertaken without or in excess of authority; or (ii) conduct not covered by established legal defenses, excuses, court orders, justifications, or relevant principles under the law.

refers to a computer or a computer network, the electronic medium in which online communication takes place.

refers to a computer or a computer network, the electronic medium in which online communication takes place.

Refers to the collection of tools, policies, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyber environment and organization and user’s assets.

Refers to a representation of information, knowledge, facts, concepts, or instructions which are being prepared, processed or stored or have been prepared, processed or stored in a formalized manner and which are intended for use in a computer system.

Refers to listening to, recording, monitoring or surveillance of the content of communications, including procuring of the content of data, either directly, through access and use of a computer system or indirectly, usin

Refers to code that causes damage to computer system. This broad-based category includes (a) back doors, (b)Trojan horses, (c)viruses, (d) worms, (e) denial of service.

Is a type of malware that is used to get unauthorized access to a website by the cybercriminals. The cybercriminals spread the malware in the system 2 |Pa g e through unsecured points of entry, such as outdated plug-ins or input fields.

type of malware that tricks the computer user into thinking that it is legitimate software but contains hidden functions. When the computer user downloads and installs the program, these hidden functions are executed along with the software.

is a software program that is designed to spread itself to other computers and to damage or disrupt a computer, such as interrupting communications by overwhelming a computer’s resources.

The first person ever prosecuted for writing a computer virus was

Are unique form of malware that can spread autonomously, though they do not necessarily have a payload. Instead, they use system memory to spread, self-replicate, and deteriorate system functionality.

Are written as stand- alone programs in that they do not need to attach to existing system files or modify any code. Once activated, it copies itself into the system memory and attempts to spread to other systems through email address books or other mechanisms.

Malware which is hidden inside what appears to be legitimate software or download. Containers often include gaming software, freeware, image or audio files, or screensavers.

An attempt to prevent users of a particular service from effectively using that service. Typically, a network server is bombarded with authentication requests; the attack overwhelms the resources of the target computers, causing them to deny server access to other computers making legitimate requests

Occur when a perpetrator seeks to gain control over multiple computers and then uses these computers to launch an attack against a specific target or targets

They are often used in large batches, and most owners of zombie computers are unaware of their usage. Their use is increasingly common as they effectively camouflage the perpetrator and the operating costs of their criminal operation associated with bandwidth.

A person who controls a botnet

Are compromised computers attached to the Internet which are often used to remotely perform malicious or criminal tasks.

A type of malware that enables the remote monitoring of a computer user’s activities or information on an individual’s computer where this software has been installed. It may also secretly gather information on users without their knowledge and relay it to interested third parties

Can also secretly gather information on users (e.g., passwords, credit card details) without their knowledge and relay these data to interested third parties.

Means the solicitation of information via e-mail or the culling of individuals to fake Web sites.

Often occurs when a potential victim receives a cautioning e-mail from a fraudster which impersonates an ISP, merchant, and/or a financial institution. Such messages contain solicitations for account or personal information. Normally alarming in some manner, request is made to update or service an account” or to provide additional information

Is a type of scam in which criminals attempt to obtain someone’s personal information by pretending to be a legitimate business, a neighbor, or some other innocent party

is an advanced form of phishing, which redirects the connection between an IP address (i.e., consumer seeking legitimate site) and its target serve (i.e., legitimate site). It can be accomplished at the DNS server through either cache poisoning or social engineering; or through the local machine through a Trojan which modifies the host file. This is accomplished when the link is altered so that consumers are unwittingly redirected to a mirror site.

Are malicious programs which redirect users’ network traffic to undesired sites. According to the Anti-Phishing Working Group, utilization of traffic redirectors and phishingbased keyloggers is on the increase. They further report that the most common form of malicious code is designed to modify DNS server setting or host files so that either specific or all DNS lookups are directed to a fraudulent server, which replies with “good.”

Some individuals will willingly divulge personal and financial information to strangers if they believe that a large financial windfall will soon follow. This fraud is accomplished when an e-mail message is distributed to a victim which asks the recipient for his claiming “found” money.

Phishers may place floating windows over the address bars in Web browsers. Although the site appears to be legitimate, it is a site designed to steal personal information. Traditionally, potential victims could protect themselves by identifying URL anomalies. However, phishers have become more sophisticated and have t replicas that appear to be variations of the legitimate URLs.

Is the formal process whereby a State requests the enforced return of a person accused or convicted of a crime to stand trial or serve a sentence in the requesting State.

Otherwise known as the Cybercrime Prevention Act of 2012.

The access to the whole or any part of a computer system without right.

The interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data.

The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses.

The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name

The input, alteration, or deletion of any computer data without right resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible;

The unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage thereby with fraudulent intent: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) degree lower.

The intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right: Provided, That if no damage has yet been caused, the penalty imposable shall be one (1) degree lower.

The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration.

The unlawful or prohibited acts defined and punishable by Republic Act No. 9775 or the Anti-Child Pornography Act of 2009, committed through a computer system: Provided, That the penalty to be imposed shall be (1) one degree higher than that provided for in Republic Act No. 9775.

The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited

The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future.

Any person who willfully abets or aids in the commission of any of the offenses enumerated in this Act shall be held liable.

Any person who willfully attempts to commit any of the offenses enumerated in this Act shall be held liable.

The CICC shall be headed by the ——— of the Information and Communications Technology Office under the Department of Science and Technology (ICTO-DOST) as Chairperson with the Director of the NBI as Vice Chairperson; the Chief of the PNP; Head of the DOJ Office of Cybercrime; and one (1) representative from the private sector and academe, as members.

All relevant international instruments on international cooperation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the purposes of investigations or proceedings concerning criminal offenses related to computer systems and data, or for the collection of evidence in electronic form of a criminal, offense shall be given full force and effect.

There is hereby created, within —-days from the effectivity of this Act, an inter-agency body to be known as the Cybercrime Investigation and Coordinating Center (CICC), under the administrative supervision of the Office of the President, for policy coordination among concerned agencies and for the formulation and enforcement of the national cybersecurity plan.

The CICC shall be manned by a —-of selected existing personnel and representatives from the different participating agencies.