Cyber Intelligence, Investigation and Cyber Warrants

Introduction to Cyber Intelligence and Cyber Investigation

-Cyber intelligence and cyber investigation are critical components of modern
cybersecurity efforts, playing pivotal roles in detecting, mitigating, and
preventing cyber threats and criminal activities. These fields have evolved
significantly in response to the growing complexity and frequency of
cyberattacks.
CYBER INTELLIGENCE
- Involves gathering, analyzing, and interpreting data related to cyber threats.
CYBER INVESTIGATION
- Involves examining the devices, online communications, and digital
transactions to identify perpetrators, gather evidence, and ultimately bring
criminals to justice.

PHILIPPINES Ranks 53rd in the United Nations Global Cybersecurity Index

Agencies that handle Cybercrime Cases

1. Cybercrime Investigation and Coordinating Center (CICC)
POWER and FUNCTIONS:
a.) To formulate a national security plan and extend immediate assistance for
the suppression of real-time commission of cybercrime offenses through a
computer emergency response team.
b.) To coordinate the preparation of appropriate and effective measures to
prevent and suppress cybercrime activities.
c.) To monitor cybercrime cases being bandied by participating law enforcement
and prosecution agencies.
d.) To facilitate international cooperation on intelligence, investigations, training
and capacity building related to cybercrime prevention, suspension and
prosecution;
e.) To coordinate the support and participation of the business sector, local
government units and nongovernment organizations in cybercrime
prevention programs and other related projects;
f.) To recommend the enactment of appropriate laws, issuances, measures and
policies;
g.) To call upon any government agency to render assistance in the
accomplishment of the CICC’s mandated tasks and functions; and
h.) To perform all other matter related to cybercrime prevention and
suppression, including capacity building and such other functions and duties
as may be necessary for the proper implementation of R.A. 10175.
2. Office of the cybercrime under Department of Justice (DOJ)
POWER and FUNCTIONS:
a.) Designated it as the Central Authority in all matters relating to
international mutual assistance and extradition for cybercrime and cyber-
related matters.
b.) It acts as the focal agency in formulating and implementing law
enforcement investigation and prosecution strategies in curbing
cybercrime and cyber-related offenses nationwide.
3. Cybercrime division under National Bureau of Investigation (NBI)
POWERS and FUNCTIONS:
a. Investigate all cybercrimes where computer systems are involved;
b. Conduct data recovery and forensic analysis on computer systems and
other electronic evidence seized;
 c. Formulate guidelines in investigation, forensic evidence recovery, and
forensic data analysis consistent with industry standard practices;
d. Provide technological support to investigating units within the PNP and
NBI including the search, seizure, evidence preservation and forensic
recovery of data from crime scenes and systems used in crimes, and
provide testimonies;
e. Develop public, private sector, and law enforcement agency relations
in addressing cybercrimes;
f. Maintain necessary and relevant databases for statistical and/or
monitoring purposes;
g. Develop capacity within their organizations in order to perform such
duties necessary for the enforcement of RA 10175;
h. Support the formulation and enforcement of the national cybersecurity
plan; and
i. Perform other functions a may be required by RA 10175.
4. Philippine National Police- Anti Cybercrime Group
POWERS and FUNCTIONS:
a. Investigate all cybercrimes and other crimes in which information and
communications technology (ICT) is used in the commission of criminal
acts;
b. Conduct data recovery and forensic analysis on all computer, computer
peripherals, and storage devices, and other digital devices seized by
the PNP units.

Number of cybercrime cases in the PHILIPPINES

The number of cybercrime cases in the country dropped by 36 percent in the first
half of this year, the Philippine National Police (PNP).
Citing the latest data, the PNP Anti-Cybercrime Group logged a total of 8,177
complaints from January to June 30, from 12,808 in the same period last year.
"The significant decrease in cybercrime complaints from January 1 to June 30, 2024,
compared to the same period in 2023, reflects the effectiveness of cybersecurity
measures implemented by businesses and government agencies," the ACG said.
Challenges encountered by the NBI and PNP-ACG in handling Cybercrime
cases:
1. With a lack of trained agents
There are only two forensic examiners in the National Bureau of Investigation
(NBI) who specialize in cybercrime.
2. Limited advanced forensic tools and techniques
Digital forensic tools are needed to conduct data recovery and forensic
analysis on computer devices and other ICT- related devices that were seized
by the PNP. The techniques were also limited since one of the recorded
challenges is on the tracking or tracing dummy account users.
3. Legal Impediments
With this law, Republic Act No. 10173 also known as Data Privacy Act of
2012, it become the foremost challenge of personnel are facing. As stated,
“the law on data privacy is a law that gives too much protection on the part
of the culprits”.

A. Types of Cyber Warrants

1. WARRANT TO DISCLOSE COMPUTER DATA (WDCD)
- It is a type of warrant that authorizes law enforcement agencies to compel
individuals or services providers to disclose or submit specific computer data
relevant to an investigation. This data may include subscriber information, traffic
data, or any other relevant digital information within the possession or control of
the person or service provider.
2. WARRANT TO INTERCEPT COMPUTER DATA (WICD)
- Is a type of warrant that authorize law enforcement agencies to monitor records or
surveil the content of electronic communications in real-time. It also enables
authorities to conduct electronic tapping on communication channels, such as
emails, instant messages, or online chats, while the communication is occurring.
3. WARRANT TO SEARCH, SEIZE, AND EXAMINE COMPUTER DATA (WSSECD)
- Is a type of warrant that grants law enforcement agencies the authority to search
specific location for seizing and examining computer-related evidence.
4. WARRANT TO EXAMINE COMPUTER DATA (WECD)
- A Warrant to Examine Computer Data (WECD) is a warrant authorizing the LEA
who have acquired possession of computer device or computer system via a lawful
warrantless arrest, or by any other method to conduct forensic examination on the
computer data contained therein.