Organized Crime 4
Organized Crime 4
Organized Crime 4
By far the most popular incidence of cyber crime in the Philippines is the
�ILOVEYOU Virus� or the LOVE BUG. The suspect in the case, a 23-year old student
from a popular computer university in the Philippines drafted the virus with the
vision of creating a program that is capable of stealing passwords in computers,
ultimately to have free access to the internet.
During the height of the LOVE BUG incident, Reuters has reported: "The
Philippines has yet to arrest the suspected creator of the 'Love Bug' computer
virus because it lacks laws that deal with computer crime, a senior police officer
said". The fact of the matter is that there are no laws relating to Cybercrime in
the Philippines. The National Bureau of Investigation is finding it difficult to
legally arrest the suspect behind the 'Love Bug' computer virus.
RA 8792
- legislated because of I love you virus
- This Act shall be known and cited as the "Electronic Commerce Act.�
1. HACKING / CRACKING
2. MALICIOUS EMAIL SENDING
3. INTERNET PORNOGRAPHY
4. LAUNCHING OF HARMFUL COMPUTER VIRUSES
5. DISTRIBUTED DENIAL OF SERVICE ATTACKS (DOS)
6. WEBSITE DEFACEMENT
7. ACQUIRING CREDIT CARD INFORMATION FROM AN E-COMMERCE WEBSITE
8. INTERNET SHOPPING USING FRAUDULENTLY ACQUIRED CREDIT CARDS
9. WIRE TRANSFER OF FUNDS FROM A FRAUDULENTLY ACQUIRED CREDIT CARD
10. ON-LINE AUCTION FRAUD
WHAT ARE COMMON METHODS AND STANDARD TERMS USED TO DESCRIBE CYBER CRIME?
Hacking
- is the act of illegally accessing the computer system/network of an
individual, group or business enterprise without the consent or approval of the
owner of the system
Cracking
- is a higher form of hacking in which the unauthorized access culminates with
the process of defeating the security system for the purpose of acquiring money or
information and/or availing of free services
Internet Pornography
- The trafficking, distribution, posting, and dissemination of obscene material
including children�s nude pictures, indecent exposure, and child sex slavery posted
into the internet, live streaming videos aired through the internet
A computer virus
- is a computer program that can copy itself and infect a computer without
permission or knowledge of the user
1. Virus
2. Worm
3. Trojan Horse
Worm
- spread itself to other computers without needing
to be transferred as part of a host
Trojan horse
- is a file that appears harmless until executed. Trojan horses do not insert
their code into other computer files
Logic bomb
- a set of instructions secretly inserted into a program that is designed to
execute if a particular program is satisfied
- the bomb lies dormant until a particular date is reached or command entered
Identity theft
- defined as the criminal act of assuming person�s name, address, social
security number, and date of birth in order to commit fraud
Phishing
- sending fraudulent e-mails or website pop-ups, to get victims to divulge
sensitive financial information such as credit card numbers or social security
numbers
- When you shop online, the most convenient way to pay for the items you order
is through your credit card. When you pay thru your credit card, you need to
disclose information such as your complete name, your postal address, zip code,
state, phone number credit card account number, its expiration date and its
security code/pin. Upon entering the above-mentioned information, it will be
verified �real-time� by the site merchant. It usually takes a minute to verify
whether the credit card is valid or invalid. If valid, the information you entered
will be stored in the website�s database server. Hackers look for the file
containing the credit card information of all the customers who bought from a
certain e-commerce site. Upon acquisition thereof, it will be decrypted to make it
readable and all the information of the transactions will be made available.Hackers
prefer VISA, AMERICAN EXPRESS and MASTERCARD when filtering credit card
information. It is because VISA and MASTERCARD are widely accepted by almost ALL
Internet Shopping Sites. American Express on the other hand has no CREDIT LIMIT
- Credit card numbers of American Express start with the number 3, MasterCard
credit cards start with the number 5 while VISA Credit cards start with the number
4
- American Express credit cards have 15 digits Account Number while Visa and
Mastercard credit cards contain 16.
Hackers, upon acquiring the desired credit card information now conducts
�window shopping�, hopping from one shop site to another, looking for cellphones,
gadgets, apparels, computer peripherals, softwares etc. When he finds what he wants
to buy, he then add/s his desired item/s to the shopping cart and checkouts. He
will then supply the Credit Card information of the fraudulently acquired credit
card such as the Complete name of the cardholder, address, zip code, state, email
address, credit card number and expiration date. Other pertinent information such
as shipping address of the items ordered will have to be supplied too.
When a hacker knows your complete credit card information, he can extract CASH from
the acquired credit/debit card online. By signing up with Western Union Money
Transfer (http://www.westernunion.com) using the fraudulently acquired credit card
information, he can pretend that he will just send money to his relative and
western union will directly debit the credit card and it will reflect on the
billing statement of the original credit card holder. Wire transfer of funds using
credit cards require the credit card security number.
- First, the fraudster should sign up for an account at an online auction site
such as e-bay, yahoo auctions or U-Bid
- The fraudster falsifies all information that he enters on the signup page.
The only true information is his email address, for he will be contacted by
interested bidders by means of email.He will be asked to provide a credit card.
This is where he will need the fraudulently acquired credit card. When all of the
required fields are signed up, his application will be approved and he will be a
registered member of the said auction site. He is now then allowed to bid, and
auction any item. A fraudster will auction expensive items such as laptops,
cellphones, PDA�s (handheld devices), desktop computers, camcorders and hard to
find memorabilias. He will then sell it at a lower price for legitimate bidders to
bid immediately. An online fraudster only accepts payments thru personal checks,
money order, wire transfer and western union money transfer. It is bluntly
stipulated in his auction page.
TECHNICAL TERMS
Dynamic IP Address � a type of IP Address that changes everytime the internet user
accesses his Internet Service Provider. It is usually assigned to dial-up or base
speed broadband service subscribers (eg. ISP Bonanza, Surfmaxx, PLDT myDSL 128kbps
service etc.)
The INTERNET PROTOCOL (IP) ADDRESS is the anchor of the investigation of all crimes
committed via the internet. The identification of the IP Address leads to the
identity of the Internet Service Provider (ISP) used to access the internet and
eventually the subscriber of the account where the internet activity was performed.
The IP Address as given by the ISP depends on the type of internet account a
subscriber maintains, whether it is a DYNAMIC IP or STATIC IP.
If Static:
Subscriber information (name, billing address, installation address, type of
internet account, usage and costs etc.) if applicable
If Dynamic
log reports indicating telephone number used to make �dial-up� access
VERY IMPORTANT:
The address of the subscriber as given by the ISP or Phone Company should be
analyzed to determine whether it is a Billing Address or an Installation Address.
For purposes of a search warrant application, the Installation Address is the
more important matter to consider. The purpose of a Search Warrant application/
implementation in a cyber crime investigation, as with any other offense is to
confiscate and seize the instruments/implements, tools used in the commission of
the offense. Since the crime was committed with the aid of a computer, the same and
its peripherals are the instruments used in its commission.
TOP TEN SECURITY TIPS FOR COMPUTER USERS
1. Never send an e-mail that you wouldn't let your wife or boss to read.
2. Turn off your computer when you are not using it. It is the only sure way to
keep the hackers out.
3. Use a password to log onto your computer. Most operating system let you set a
password and to change it regularly.
4. Don�t accept cookies. If you have to, delete them when you are finished surfing.
5. Use the latest versions and software patches for your e-mail and your browser.
New security loopholes are constantly being discovered.
6. Keep your antivirus up to date. Hackers never rest. Every email attachment can
contain a virus, so scan it before you open it.
8. Don�t use the same password over and over. Make new variations.
9. Use a paper shredder. Don�t just throw out unsolicited credit card application.
Shred them.
10. Never give out your social security number, online or off. This information in
a wrong hand is license to steal.