Friday, March 11, 2011

Cybercrime in PH: A new breed of menace

Around 10 years ago, people opened their emails one day and found these words in their inboxes. It wasn’t even Valentine’s Day. However, the phrase was not an expression of affection. It was, to everyone’s utter disbelief and consternation, a deadly computer virus.

“I Love You” ripped through computers and network systems all over the world, from Hongkong to Europe to the US, infecting and corrupting important files of small and big business establishments, as well as private and government institutions, causing damage estimated between $5.5 to $10 billion.

The virus was traced to an unlikely source – the Philippines. The culprit: a computer science student at the AMA Computer University by the name Onel de Guzman. He was arrested but charges were dropped. The reason: Philippine laws penalizing cybercriminals did not exist.

Thus, the need for a law prosecuting computer hackers and other such criminals presented itself.

Cybercrime in the current Philippine context

However, cybercrime forms have evolved through the years with the continued growth and popularity of the Internet.

Before, cybercrime involved hacking, online or phishing scams, copyright violations, unauthorized stealing of data and information and email spoofing among others.

In intervening years however, e-commerce has gained a foothold, websites have increased tenfold while online shopping sites, blogs and social networking sites like Friendster, Twitter, MySpace and Facebook which has a following of around 20 million in the Philippines, have grabbed the attention of Internet surfers and tech-savvy individuals all over the world, pushing cybercriminals to modify their act or wear a new hat altogether.

Hence, cyberspace in its current state, is tainted with illegal activities ranging from website defacements, libel, cyber stalking, computer forgery, malware invasion in which a harmful software gains access to a computer system without the user’s knowledge and consent, illegal uploading of indecent material such as photos, music, and videos, online pornography, child prostitution and cybersex which mostly involve foreigners operating in the country.

The past few months alone have seen the proliferation of lewd Internet activities in the country involving Facebook.

Last year, it was reported on TV that a man blackmailed a woman who refused to have sex with him, by uploading nude photos of her in his Facebook account.

More recently, a 21-year-old woman sought assistance from the Manila Police District (MPD) after discovering her picture and personal profile, lifted from her Facebook account without her knowledge, posted on

She told police she had been receiving text messages and phone calls from Filipino and foreign men, asking her for escort and sexual services to the tune of $500.

Since the MPD lacks the expertise to deal with such cases, the woman was directed to the Criminal Investigation and Detection Group (CIDG) of the Philippine National Police (PNP) or the National Bureau of Investigation (NBI).

Another recent case involved a cop recruit in Bacolod City who posted a nude picture of another male recruit in his Facebook page. The case is now under investigation and could lead to the young police trainee’s dismissal from the police force.

Perhaps, the most famous cybercrime committed in the country in recent years is the much-publicized and talked about Hayden Kho-Katrina Halili sex video.

A rash of phishing scams has also hit the country, as reported by computer security vendor Trend Micro, attacking some of the country’s leading banks and credit card companies in recent years, such as the United Coconut Planters Bank (UCPB), Bank of the Philippine Islands, and Equitable PCI Bank.

Trend Micro reported even more alarming news: previously independent cybercrime groups are now joining forces to unleash even more dangerous crimes in cyberspace. These partnerships include ZeuS-SpyEye, Dogma-Koobface, and Koobface-BeeCoin. Among others, they have laid siege on commonly used search engines worldwide to spread malware.

In the Philippines, online searches for boxing icon Manny Pacquiao and other high-profile celebrities as well as headline-grabbing news stories have led local Internet surfers to download what they believe to be a useful antivirus software or a related news article.

What they don’t know is they are actually fake virus-killing tools or harmful sites which turn these people up as unwilling targets for lurking cybercriminals.

The ploy of convincing an Internet surfer to install software and allow cybercriminals to earn, is called Pay-Per-Install. They have other underground ploys as well: Pay-Per-Click wherein criminals earn income whenever surfers click on advertising links put up by these cyber partnerships, and Credential Theft, wherein confidential information such as credit card numbers and banking credentials are stolen. Credential Theft also pertains to the use of money mules and pack mules.

According to senior threat researcher Nart Villeneuve, “The default lifeblood of cybercrime is theft and the Philippines is an emerging market when it comes to online banking and purchasing. With the boom of BPOs and medical tourism, cybercrime is sure to follow the monetary breadcrumbs here.”

E-Commerce Law

Following the cyberterror sowed by De Guzman’s “I Love You” virus, Congress enacted Republic Act (RA) 8792, otherwise known as the “Electric Commerce Act” or “E-Commerce Act”, signed into law in June 2000.

The law provides for the recognition and admissibility of electronic data messages, documents, and signatures on court cases and penalizes online criminal acts particularly hacking, virus attacks and copyright infringements. Accordingly, the Supreme Court drafted the Rules on Electronic Evidence which took effect in August 2000.

But, if De Guzman went scot-free, JJ Maria Giner did not. Convicted under Section 33a of the E-Commerce Law in September 2005, Giner was sentenced from 1 to 2 years of imprisonment and fined P100,000. However, he applied for probation which was eventually granted by the court. Giner is the first Filipino to be convicted of a cybercriminal act, namely the hacking of government portal “” and other government websites.

Herein lies the problem. The E-Commerce Law is limited in scope. Some of the Internet and computer-related crimes enumerated in the 2001 Budapest Convention on Cybercrime are not covered by the law, such as:

* Offenses against confidentiality, integrity and availability of computer data and systems which include illegal access, illegal interception, data interference, system interference, misuse of devices
* Computer-related forgery and fraud
* Content-related offenses such as child pornography

Gov’t efforts against cybercrime

To help solve the growing threat of cybercrime in the country, the Department of Justice (DOJ) formed a Task Force on E-government, Cyber-security and Cybercrime in 2007 which worked closely with the Council of Europe, local I.T. practitioners and other stakeholders.

Records from the Task Force indicate that as of 2007, more than 30 cases, ranging from website defacements, privacy issues, libel, forgery, cyber-stalking and pornography, had been filed before Philippine courts.

For its part, the PNP continues to battle cybercrime with its Anti-Transnational Crime Division (ATCD) under the Criminal Division and Detection Group (CIDG).

Established in 2003, the ATCD has handled 2,624 cases of computer crimes from both government agencies and private individuals, as of 2007. Its staff has undergone 67 training sessions, both local and overseas, from 2003-2008.

In Congress, a bill on Cybercrime Prevention by Sen. Edgardo J. Angara, is now pending. Speakers at the recent 2nd International Conference on Cybercrime held in Makati City, lobbied for the immediate passage of the bill which aims to penalize a wider range of cybercrime offenses to include illegal access to computers, misuse of devices, alteration of data, unauthorized interception of information, child pornography, and aiding a cybercriminal in the commission of the crime. Once enacted into law, it will require guilty parties to pay between P100,000 to P10 million in penalties.

Another bill awaiting passage aims to protect children from cyber-based crimes like child abuse or child pornography. There are around seven other pending House bills addressing the problem of cybercrime in the country.

As it is, no other law on Internet activity, aside from the E-Commerce Law, has been enacted in the Philippines. Other factors worsen the situation: measly budget earmarked for cybercrime prevention, non-existence of an umbrella agency mandated to address the problem, lack of cooperation and coordination between government and private sector, ill-trained law enforcers, and lack of public awareness.

Indeed, the situation has become a “silent epidemic,” as termed by Effendy Ibrahim, Internet safety advocate and consumer business division head of Symantec Asia, another security software firm, as he lamented Filipinos’ lack of concern about escalating cybercrime issues in the country.

Clamping down on cybercrime

Still, government continues to take significant steps toward a more positive direction. For its part, the DOJ plans to open a national cybercrime office linking up law enforcement agencies and government entities engaged in criminal investigation such as the NBI and PNP.

Talks on budget and funding have commenced between the DOJ and the Department of Budget and Management, revealed Justice secretary Leila de Lima.

The justice department is also considering the creation of a digitized notary system and various social media accounts, as well as the National Justice Information System (NJIS) equipped with a database of criminals. The NJIS is envisioned to replace the National Crime Information System established during the Arroyo administration.

The DOJ’s latest plan is to require computer laptop owners to register their devices in order to track down cybercriminals more quickly and effectively in the face of mushrooming Wi-Fi facilities in offices, malls, and other public places.

The headquarters of the DOJ itself is now Wi-Fi enabled. The office also now boasts of an “electronic case monitoring system,” allowing prosecutors and the public in general to monitor pending criminal cases while learning the modus operandi of cybercriminals both here and abroad.

As did the rest of the world, the Philippines observed “World Safer Internet Day” last February 8 with the theme “Our Virtual Lives: It’s More Than a Game, It’s Your Life.”

Hopefully, this annual celebration will make Filipinos more aware of negative activities rampant in cyberspace, as the judicial system, legislature, and law enforcement agencies try their best to craft and implement laws against a new menace called cybercrime.

No comments:

Post a Comment


Blog Archive