Fundamentals of the Cybercrimes, Cyberthreats and CyberSecurity

CDI9 – Introduction to Cybercrime and Environmental Laws and Protection

PSSg Roy E Estillero, JD, RCrim, CSP, CST, CSMS
Cyber Investigation Training Course cucted by Korean National Police Agency

INTRODUCTION
Cybercrime is now commonplace and presents new challenges in the prevention and detection
of crime. 
Depiction on a broad introduction to the history, functions and technologies of the Internet, these
topics address the issues of prevention and regulation in Cybercrime and also to discuss the
differences between the Computer Programming Experts and the Bad Actors as well as their role in
Cyberspace.

Why WE MUST KNOW THE Cybercrime?

Because –
 Everybody is using COMPUTERS;
 From white collar criminals to terrorist organizations and from teenagers to adults;
 Conventional crimes like forgery, extortion, kidnapping etc. are being committed with the help of
computers, and
 New generation is growing up with computers.
MOST IMPORTANT – Monetary transactions are moving on to the INTERNET. (GCash/ PayMaya etc.)

CYBERCRIME
CYBER-relating to or characteristic of the culture of computers, information technology, and virtual
reality.
CRIME- an action or omission punishable by law.

CYBERCRIME- Any illegal behavior committed by means of, or in relation to, a computer system or
network, including such crimes as illegal possession, offering or distributing information my means of a
computer system or network. (UN Definition).

Offences that are committed against individuals or groups of individuals (Wikipedia)

WHAT IS Cybercrime IN the broad sense?

Any criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes that comes within the ambit of Cybercrime.
IN SHORT
Unlawful acts wherein the computer is either a:
- TOOL
- TARGET
- or Both
What makes Cybercrime Different?
 Cyberspace provides a target rich environment for criminals
 It is easy to carry out an attack, has lower risks associated with it, is hard to trace technically,
and hard to prosecute.
 Sophisticated/Intelligent tools are readily available on the Internet publicly.
 Access and attack can be from anywhere and anonymous.

World Wide Web and Cybercrimes

• The World-Wide Web is easy to access but hard to secure.
• Conventional web browsers can only access the Surface Web (shallow 20%).
• The Deep Web (80%) is anything that a search engine can’t find.
• The Dark Web is classified as a small portion of the Deep Web intentionally hidden,
inaccessible through standard web browsers. It is being used to propagate illegal activities like
selling illegal drugs online, money laundering in the advent of virtual currency (bit coins).

1
Profile of Cyber Criminals
 Children and adolescents between the age group of 6 – 18 years
 Organized Hackers (Political Hactivist)
 Black Hat Hackers/Crackers - is a hacker who violates computer security for their own personal
profit or out of malice.
 Disgruntled (angry or dissatisfied) employees
 Business Rival.
 Ex-Boy or Ex-Girl Friend.
 Divorced Husband. Etc

Victims
 Gullible - easily persuaded to believe something (uto-uto)
 Greedy people
 Unskilled and Inexperienced
 Unlucky people

Cybercrime are Vulnerable

Because of :
 Anonymity - the condition of being anonymous
 Weakness in Operation System
 Computer’s storage capacity
 Lack of user Awareness
 Negligence of user

Laws Relating Cybercrime

Republic Act 10175 (Cybercrime Prevention Act of 2012)

It aims to address legal issues concerning online interactions and the Internet in the Philippines.
Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child
pornography, identity theft, illegal access to data and libel

Cybersquatting - the practice of registering names, especially well-known company or brand names,
as internet domains, in the hope of reselling them at a profit.

Republic Act 8792 Electronic Commerce Act of 2000

This Act aims to facilitate domestic and international dealings, transactions, arrangements,
agreements, contracts and exchanges and storage of information through the utilization of electronic,
optical and similar medium, mode, instrumentality and technology to recognize the authenticity and
reliability of electronic documents related to such activities and to promote the universal use of
electronic transaction in the government and general public.

Section 33 of the law has two (2) provisions that enumerates and penalizes the following acts:
 Computer hacking,
 Introduction of computer virus, and
 Copyright infringement - the action of breaking the terms of a law or agreement

OTHER Laws Relating Cybercrime

 RA.8484 – Access Devices Regulation Act
 RA.9775 – Anti Child Porn of 2009
 RA.9995 – Anti Photo and Video Voyeurism

Cybercrime offences
The following acts constitute the offense of Cybercrime:

2
1. Offense against Confidentiality, Integrity, and Availability (CIA) of computer data and system: such
as;
 Illegal Access;
 Illegal Interception;
 Data Interference;
 System Interference;
 Misuse of Devices, and
 Cyber Squatting

2. Computer Related Offenses: such as;

 Computer-related Forgery;
 Computer-related Fraud, and
 Computer-related Identity Theft.

3. Content-related Offenses: such as;

 Cybersex;
 Child Pornography;
 Unsolicited Commercial Communications, and
 Libel.

WHAT IS Cybersecurity?
Refers to the collection of tools, policies, risk management approaches, actions, training, best
practices, assurance, and technologies that can be used to protect the cyber environment and
organization and user’s assets.
Cybersecurity is the prevention, protection, and restoration from cyber-attacks, to protect
networks, computers, programs and data from attacks, damage or unauthorized access. Involves
protecting information and systems from cyber threats.

Cybercrime
Is an all-encompassing/embracing legal topic.
Cybersecurity 
Strives/seek to ensure the attainment and maintenance of the security properties of the
organization and user’s assets against relevant security risks in the cyber environment.

Categories of Cyber Security

1. Network Security
2. Application Security
3. Information Security
4. Operational Security
5. Disaster recovery and business continuity
6. End-user education

Impact of Cyber security

Cybercrime can potentially seriously disrupt and damage a business
1. Economic cost of cyber attack
2. Reputational damage
3. Legal consequences of cyber breach/break

Major new threats:

1. Trojans and droppers are being re-used;
2. Multi-staged attacks are becoming the norm;
3. Crypto mining leads to other cyber threats; and
4. Pandemic topics open new attack routes
The world is changing, threats are changing, and you should be changing too.

Common channel for an attack

1. Web
2. Email and
3. Malicious files

WHAT IS cyber threat?

It is the possibility of a malicious attempt to damage or disrupt a computer network or system.
(Definitions from Oxford Languages)

Types of cyber threats

The threats countered by cyber-security are three-fold:
1. Cybercrime
2. Cyber-attack 
3. Cyberterrorism

Common Cyber Threats/ Information Security Risks

3
  Advanced Persistent threats;
 Insider Threats;
 Cryptojacking ;
 Distribution Denial of Service (DDoS);
 Ransomware; and
 Social Engineering attacks.

Different forms of Insider Threats

1. Turncloaks
2. Pawns

Various Cyber fraud/social engineering attacks:

1. Phishing - is the most common type of social engineering attack, the fraudulent practice of
sending emails to induce individuals to reveal personal/ financial info.
- It is technique of pulling out confidential information from the bank / financial institutional
account holders by deceptive means.

PHISHING EMAIL

From : *****Bank[mailto:support@****Bank.com]
Sent :08 June 2004 03:35
To : India
Subject: Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been randomly chosen for verification. To verify
your account information we are asking you to provide us with all the data we are requesting. Otherwise
we will not be able to verify your identify and access to your account will be denied. Please click on the
link below to get to the bank secure page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.isp
****** Bank Limited

EMAIL PHISHING TO GET BANK ACCOUNT INFORMATION

PHISHING
 Easier to identify
 Targets one person at a time
 Malicious email sent to the inbox

4
VISHING
 The fraudulent practice of making phone calls or leaving voice messages purporting to be from
reputable companies in order to induce individuals to reveal personal information, such as bank
details and credit card numbers.

2. VISHING ATTACK

3. Quid pro quo

 An attacks promise a benefit in exchange for information, the benefit usually assumes as a form
of service, whereas baiting frequently takes the form of a good.
 It can be considered as a request for your information in exchange for some compensation that
could be a free T-shirt or access to an online game or service in exchange for your login
credentials, or a researcher asking for your password as part of an experiment in exchange for
$100.
 If it sounds too good to be true, it probably is quid pro quo…
 One of the most common scenario of ‘quid pro quo’ attacks involve fraudsters who impersonate
IT service people and who spam call as many direct numbers that belong to a company as they
can find. These attackers offer IT assistance to each and every one of their victims. The
fraudsters will promise a quick fix in exchange for the employee disabling their AV program and
for installing malware on their computers that assumes the guise of software updates.
 Also, it’s not always sophisticated tricks or illusions, as real world examples have shown, people
are more than willing to give away their passwords for a cheap pen or even a bar of chocolate.

4. Whaling attack
 Also known as, whaling phishing or a whaling phishing attack is a specific type of
phishing attack that targets high-profile employees, such as the chief executive officer of
chief financial officer, in order to steal sensitive information from a company.

5. Hacking
 Is simple terms means illegal intrusion into a computer system without the permission of the
computer owner/user.
 The first phase is reconnaissance. As the name implies, the stage involves gathering
information about the target computer

6. SQL INJECTION
 An SQL (structured language query) injection is a type of cyber-attack used to take control of
and steal data from a database.
 Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a
databased via a malicious SQL statement. This gives them access to the sensitive information
contained in the database.

7. MAN-IN-THE-MIDDLE
 A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts
communication between two individuals in order to steal data.
 For example, on an unsecure WiFi network, an attacker could intercept data being passed from
the victim’s device and the network.

5
 8. MALWARE
THREATS ON POSTED OR SHARED LINKS

It’s usual that a malware is at the end of the link of the fake information

Common Security Threat caused by

1. Internal
2. External
3. Actors

DPA: ATTACKERS
 Hacker – A general term that has historically been used to describe a computer-programming
expert.
 More recently, this term is often used in a negative way to describe an individual that attempts
to gain unauthorized access to network resources with malicious intent.
 Cracker – A more accurate term to describe someone who tries to gain unauthorized access to
network resources with malicious intent.

TYPES OF HACKER
White hat – an individual who looks for vulnerabilities in systems or networks and then reports
these vulnerabilities to the owners of the system so that they can be fixed. They are ethically
opposed to the abuse of computer systems.
*A white hat generally focuses on securing IT systems*
Black hat – Another term for individuals who use their knowledge of computer systems to break
into systems or networks that they are not authorized to use, usually for personal or financial gain.
A cracker is an example of a black hat.
Gray hat – individual who works both offensively and defensively at various time
Red hat – Also called eagle-eyed or vigilante hackers, are similar to ethical hackers.
Blue hat – Also known as vengeful hackers, use hacking as a social weapon.
Green hat – are types of hackers who are learning the ropes of hacking.

Bad actors in Cybersecurity

 Bad Actors - may also be referred to as threat actors, cyber threat actors (CTA), and malicious
actors. Sometimes, they’re also labelled by the specific activity they conduct. For instance,
cybercriminals, hacktivists, etcetera.

Q: What is a bad actor in cybersecurity?

A: An entity that’s attempting to circumvent or breach computer security. They’re the adversary that’s
trying to shut down your system or steal your data. They’re the people you’re defending yourself
against when you put into place strong security protocols and practices.
Also known as…
Bad actors may also be referred to as threat actors, cyber threat actors (CTA), and malicious actors.
Sometimes, they’re also labelled by the specific activity they conduct. For instance, cybercriminals,
hacktivists, etcetera.

Bad Actor or Hacker?

The terms ‘bad actor’ and ‘hacker’ are often used interchangeably. But is a hacker a bad actor? It all
depends on how they use their skills.
A hacker is a person who uses their technical skills to achieve goals and overcome challenges or
problems.
Whether a hacker counts as a bad actor or not depends on the type of hacker they are. That is,
whether they’re a black hat hacker, or a white hat hacker.

Types of bad actor in cybersecurity

Bad actors can come from both external sources and internal ones. (Though it’s more common for a
bad actor to be based externally.) There are various types of bad actor, each with their own goals and
motivations.
Cybercriminals
Goal: Financial/personal gain
Usually, when the term ‘bad actor’ in cybersecurity appears, it’s relating to cybercriminals, the black hat
hackers that do what they do for financial gain. They may use malware, ransomware, or intercept
communications. But whatever they do, they do it to line their pockets and benefit themselv

6
Hacktivists
Goal: Exposing secrets and disrupting organisations they view as immoral
Hacktivists are bad actors that attack systems as part of their activism. They’ll seek unauthorised
access to systems to find incriminating information, disrupt systems, and spread social, political, or
ideological messages.
Insiders
Goal: Financial gain, revenge
An insider bad actor comes from within your business. They could be current or previous employees,
contractors, business partners, etcetera. They aim to get around cybersecurity defences by attacking
from the inside. From there, they may steal and sell data, or sabotage systems.

Hacktivists
Goal: Exposing secrets and disrupting organisations they view as immoral
Hacktivists are bad actors that attack systems as part of their activism. They’ll seek unauthorised
access to systems to find incriminating information, disrupt systems, and spread social, political, or
ideological messages.
Insiders
Goal: Financial gain, revenge
An insider bad actor comes from within your business. They could be current or previous employees,
contractors, business partners, etcetera. They aim to get around cybersecurity defences by attacking
from the inside. From there, they may steal and sell data, or sabotage systems.

Government/state-sponsored
Goal: Espionage, whether it’s political, economic or military
Some bad actors are actually spies. They’re funded by nations to discover sensitive information for
political gain.
Cyberterrorists
Goal: Cause harm and/or damage to critical services
Cyber terrorists are those that attack critical systems with the goal of causing harm to further their
cause. Think things like contaminating water supplies, messing with national electricity, and so on.

What is a bad actor in cybersecurity?

Whether they’re motivated by money, politics, or revenge, a bad actor is someone that maliciously
attacks and infiltrates your systems.
‘Bad actor’ is an umbrella term for various digital deviants – the villains of the cybersecurity world.

Script kiddies – novice hackers – reserved for the inexperience of black hats or other bad actors
Hacktivists - are security actors who aim TO USE THEIR POWERS FOR GOOD- use their skills to
uncover and draw public attention to things they find wrong.
Organized Crime Hackers- traditional organized crime in cyberspace
Insider actors gone rogue – an insider threat; Malicious activity by trusted insiders can be very hard
to catch, so look for these red flags.

Cyber Security – Privacy Policy:

 An internal statement that governs an organization or entity’s handling practices of personal
information. It is directed at the users of the personal information. A privacy policy instructs
employees on the collection and the use of the data, as well as any specific rights the data
subjects may have.
 Before submitting your name, e-mail, address, on a website look for the sites privacy policy.

Technical Cybersecurity Hygiene Kit

1. Keep your software and systems fully up to date
2. Install anti-malware software
3. Backup your data
4. Control access to your systems. Limit who can access to the system
5. Protect your network. Secure your WI-FI
6. Establish employee personal accounts
7. Access management.

Practical Cybersecurity Hygiene Kit

1. Be informed. Check the internet or social media/twitter for scams
2. Raise security awareness in your organization
3. Learn to spot fake websites and emails/messages
4. Common sense
5. Do not run unknown software
6. Scan all external media
7. Limit yourself from internet exposure

7
8