CHAPTER 1 Print
-
Upload
independent -
Category
Documents
-
view
1 -
download
0
Transcript of CHAPTER 1 Print
CHAPTER 1
THE BACKGROUND AND ITS SETTING
Introduction
In a world where “cloud”, “web applications” and “bring your
own device” are becoming general trends, it’s time to dive into
the mind of a cyber criminal. We live in a world where IT
becomes a general availability. Where people want to have their
freedom, their own space, their own identity and especially their
own tools. In that same world “consumerization” started a growing
tendency for new IT to emerge first in the consumer market and
then spread into business and government organizations.
With the phenomenal growth of the Internet, more and more
people enjoy and depend onthe convenience of its provided
services. The Internet has spread rapidly to almost all over
theworld. Up to June 2008, the Internet has distributed to over
233 countries and world regions,and has more than 1.46 billion
users. Unfortunately, the wide use of computer and Internet also
has opened doors to cyber attackers. There are different kinds of
attacks that an enduser of a computer or Internet has to face.
For instance, there may be various viruses on thehard disk, there
may be several backdoors opened in the operating system, and
there may be lot of phishing e-mails in his/her mailbox. Also,
more and more fraud activities appear in online advertising
networks and online auction systems. According to the 2008 CSI
computer crime& security survey by Computer Security Institute
(CSI), cyber attacks cause a lot of money losses each year.
Network attackers can easily hide their identities through IP
spoofing, stepping stones, network address translators (NATs),
Mobile IP or other ways, and thereby reduce the chance of being
captured. The current IP network infrastructure lacks measures
and cannot effectively deter and identify motivated and well-
equipped attackers. Therefore, innovative trace back schemes are
required to attribute the real attackers. By the way, network
traffic always comes with high rate in distributed format without
obvious beginning and ending.1
These properties make network traffic much different
compared with traditional data sets, and data stream model is
1Linfeng Zhang (Effective Techniques For Detecting and Attributing Cyber Criminals, 2008)
Page | 2
more feasible to analyse network traffic. In our research, we
study and design efficient and effective techniques for detecting
and attributing cyber criminals. We generally consider two kinds
of fundamental techniques:2forensics-soundattack monitoring and
trace back, and forensics-sound online fraud detection. We hope
that our work may serve as fundamental components which can be
widely applied innetwork security and many other domains.
Computers are used to commit crime and are the target of
crime every day. Besides the magnitude and scope of the threat,
one of the greatest challenges in fighting computer crime resides
in the fundamental nature of the computing world. Cyber space is
dynamic and changes often at a rapid pace. A computer’s
increasing sophistication, in terms of power capacity and
communication speed, increases the criminal opportunity for
motivated offenders as well as the availability of suitable
targets. Moreover, the worldwide computer network has transformed
computer crime from a local problem to an international security
issue.
Cyber threats are currently significant enough to become a
national security priority in several western countries including
Page | 3
the United States. In order to better understand the challenges
that the United States‟ cyber infrastructures are facing, it is
necessary to examine how government agencies are addressing the
threats posed by those who perpetrate computer-based crimes and
attacks. On one hand, we know that computer crimes are often a
“hi-tech” version of more traditional crimes such as theft,
espionage, sabotage, and fraud. On the other hand, the
ramification of cyber crimes are so extensive and technologically
complex that they require specific knowledge to better understand
the evolving nature of the threats as well as the tactics and
strategies to investigate them.
Cybercrime goes beyond the technical, transnational
dimension and involves offenders who deliberately fashion their
attacks to exploit the potential weaknesses present in the
infrastructure’s transnational nature. It threatens the
substantial and growing reliance of commerce, governments, and
the public upon theinformation infrastructure to conduct
business, carry messages, and process information. Cybercrime is
one of the fastest growing non-violent crimes in the Asian
region. It takes a great deal of technical expertise and co-
Page | 4
operation, both local and foreign, in order to address such
problems. This crime affects different countries in varying
degrees, depending on the extent of the legislative enactment of
each country. In the Philippines, as technical and electronic
landscapes change, there is a need to enact laws or amend
existing laws to fully address cyber threats.
The public is aware of the importance of legislation that
supports police efforts against computer crimes. Onel de Guzman,
the Philippine dropout who, in August 2000, created and unleashed
a remarkably dangerous computer virus called “I LOVE YOU”, cost
several companies, governments, and citizens billions of US
dollars in damages. In August of the same year, charges against
him in our country were dismissed, mainly because we had not yet
passed legislation addressing the crimes he had committed. The
public around the world is justifiably outraged.
Legal Basis
Computers are used to commit crime and are the target of
crime every day. Besides the magnitude and scope of the threat,
one of the greatest challenges in fighting computer crime resides
Page | 5
in the fundamental nature of the computing world. Cyber space is
dynamic and changes often at a rapid pace. A computer’s
increasing sophistication, in terms of power capacity and
communication speed, increases the criminal opportunity for
motivated offenders as well as the availability of suitable
targets. Moreover, the worldwide computer network has transformed
computer crime from a local problem to an international security
issue.
An act providing for the recognition and use of electronic
commercial and non-commercial transactions and documents,
penalties for unlawful use thereof and for other purposes. Be it
enacted by the senate and house of representatives of the
republic of the Philippines in Congress assembled:
Republic Act No. 8792 of Philippines Electronic Commerce Act
of 2000, An act providing for the recognition and use of
electronic commercial and non-commercial transactions and
documents, penalties for unlawful use thereof and for other
purposes Be it enacted by the senate and house of representatives
of the republic of the Philippines in congress assembled:The
State recognizes the vital role of information and communications
Page | 6
technology (ICT) in nation-building; the need to create an
information-friendly environment which supports and ensures the
availability, diversity and affordability of ICT products and
services; the primary responsibility of the private sector in
contributing investments and services in telecommunications and
information technology; the need to develop, with appropriate
training programs and institutional policy changes, human
resources for the information technology age, a labor force
skilled in the use of ICT and a population capable of operating
and utilizing electronic appliances and computers; its obligation
to facilitate the transfer and promotion of technology; to ensure
network security, connectivity and neutrality of technology for
the national benefit; and the need to marshal, organize and
deploy national information infrastructures, comprising in both
telecommunications network and strategic information services,
including their interconnection to the global information
networks, with the necessary and appropriate legal, financial,
diplomatic and technical framework, systems and facilities.
Page | 7
Figure 1: Map of National Capital Regions
Background of the Study
This study covers the National Capital Region which includes
different law enforcement agencies that handle and investigate
cybercrime in the Philippines this includes the Philippine
National Police, Criminal Investigation and Detection Group and
the National Bureau of Investigation. The Philippine National
Police (Filipino: PambansangPulisyangPilipinas and abbreviated
as PNP) is the civilian national police force of the Republic of
the Philippines. To The Philippine National Police, which was a
result of a merger of the Philippine Constabulary and
the Integrated National Police, was activated on January 29,
Page | 9
1991. Its national headquarters are based at Camp Crame in Quezon
City. It has a manpower of 140,000.
The Criminal Investigation and Detection Group, widely known
as the CIS, came into existence out of the great necessity of the
Philippine Constabulary to organize a unit that would primarily
handle the investigation of major crimes. This move aimed to free
other constabulary units of the time consuming and highly
specialized investigative works.
The Criminal Investigation and Detection Group (CIDG) has
its beginnings in 1901 with the creation of the Information
Section of the Insular Constabulary pursuant to Section 2 of Act
253 of the Philippine Commission. It was given the task of
investigating crimes against the security of the state. Before
the outbreak of World War II, it was renamed Information Division
and later Police Affairs Division.
On January 19, 1953 it was formally christened as the Criminal
Investigation Service (CIS) under the C-2 Division of the
Philippine Constabulary. It was given the task to "detect,
investigate and prosecute major crimes in coordination with other
law enforcement bodies." Sometime in 1960, CIS was placed under
Page | 10
the C-3 Division. With the upsurged of criminality during the
early 70's, it became necessary for all field units of the CIS to
be placed under the direct command and control of a CIS Chief
based in Camp Crame. The reorganization was contained in General
Order Number 132, HPC dated January 1, 1971.
In line with the reorganization of the PC into 12 Regional
Commands, the CIS also underwent another change in its
organizational set-up. Pursuant to GO Nr 135 HPC dated August 9,
1978. Twelve (12) CIS Regional Offices were created to provide
investigative support to the PC/INP Regional Commands all over
the country.
When RA 6975 was enacted into law in 1991, CIS continued to
be the primary investigating arm of the Philippine National
Police charged with the following missions: 1) Undertake the
monitoring, investigation, and prosecution of all crimes
involving economic sabotage, and other crimes of such magnitude
and extent to indicate their commission by highly placed or
professional criminal syndicates and organizations; and 2)
Investigate all major cases involving violations of the Revised
Penal Code and operate against organized crime groups, unless the
Page | 11
President assigns the case exclusively to the National Bureau of
Investigation. From then on, CIS was renamed Criminal
Investigation Service Command (CISC) then to Criminal
Investigation Command (CIC), Criminal Investigation Group in 1996
and finally renamed to PNP Criminal Investigation and Detection
Group (CIDG) pursuant to NHQ LOI 49/96 code name "Detektib".
The National Bureau of Investigation (NBI) saw its inception
on November13, 1936. Upon approval of the commonwealth act no.181
on the legislature. It was the brain child of the late president
Manuel L. Quezon and Jose A. Yulo, then secretary of justice.
Tasked with organizing a division of investigation or DI
patterned after the United States Federal Bureau of Investigation
where Thomas Dugan, a veteran American police from New York
Police Department and Flaviano C. Guerrerro, the only Filipino
member of the Federal Bureau of Investigation. On the basis of
stiff Physical, Moral and Mental standard, 45 men were selected
as agent from among 300 applicants. To compliment this
investigative force was a civilian staff composed of doctor,
chemist, fingerprint technician, photographers, stenographers’
and clerk.
Page | 12
During the Japanese occupation, the DI is affiliated
with Bureau of Internal Revenue and the Philippine Constabulary
known as bureau of Investigation (BI). Subsequently, during the
post liberation period, all available DI were recruited by the US
army CIC as investigator.
Since then, the bureau assumed an increasingly significant
role. Thus on June 19, 1947, by virtue of Republic Act No.157 it
was recognize as to the Bureau of Investigation, later it was
amended by executive order No. 94 issue on October 4, 1947
renaming it to what it is presently known, the National Bureau of
Investigation.
Theoretical Framework
Cyberspace presents an exciting new frontier for
criminologists. Virtual reality and computer mediated
communications challenge the traditional discourse of
criminology, introducing new forms of deviance, crime, and social
control. Since the 1990s, academics have observed how the
cyberspace has emerged as a new locus of criminal activity, but
in general, criminology has been remiss in its research into the
Page | 13
phenomena of cyber crime and has been slow to recognize the
importance of cyberspace in changing the nature and scope of
offending and victimization. As such, very few theoretical
explanations of cyber crime exist.
Some researchers have tried to explain cyber crimes with
traditional theories, such as Social Learning Theory (Skinner and
Fream 1997; Rogers 1999; 2001), Kohlberg’s Moral Development
Theory and Differential Reinforcement Theory (Rogers 2001),
Cohen’s Strain Theory (O'Connor 2003), Deindividuation Theory
(Demetriou and Silke 2003), Gottfredson and Hirschi’s General
Theory of Crime (Foster 2004), Routine Activities Theory (Adamski
1998; McKenzie 2000; Grabosky 2001; Pease 2001; Yar 2005) and
multiple theories (McQuade 2005; Taylor et.al 2005; Darin et. al
2006). However, these theoretical explanations were found to be
inadequate as an overall explanation for the phenomenon of cyber
crimes, because cyber crimes are different from crimes of
physical space.
There is a need for a theory for cyber crimes. Therefore,
this paper is directed at theory building for the explanation of
criminal behavior in the cyberspace, and presents the Space
Page | 14
Transition Theory. Atheory called ‘Space Transition Theory’ in order
to explain the causation of crimes in the cyberspace. I felt the
need for a separate theory of cyber crimes because the general
theoretical explanations were found to be inadequate as an
overall explanation for the phenomenon of cyber crimes. "Space
Transition Theory” is an explanation about the nature of the behavior
of the persons who bring out their conforming and non-conforming
behavior in the physical space and cyberspace. Space transition
involves the movement of persons from one space to another. Space
transition theory argues that, people behave differently when
they move from one space to another.
The postulates of the theory are:
1. Persons, with repressed criminal behavior (in the physical
space) have a propensity to commit crime in cyberspace,
which, otherwise they would not commit in physical space,
due to their status and position.
2. Identity Flexibility, Dissociative Anonymity and lack of
deterrence factor in the cyberspace provides the offenders
the choice to commit cyber crime
Page | 15
3. Criminal behaviour of offenders in cyberspace is likely to
be imported to Physical space which, in physical space may
be exported to cyberspace as well.
4. Intermittent ventures of offenders in to the cyberspace and
the dynamic spatio-temporal nature of cyberspace provide the
chance to escape.
5. (a) Strangers are likely to unite together in cyberspace to
commit crime in the physical space. (b) Associates of
physical space are likely to unite to commit crime in
cyberspace.
6. Persons from closed society are more likely to commit
crimes in cyberspace than persons from open society.
7. The conflict of Norms and Values of Physical Space with the
Norms and Values of cyberspace may lead to cyber crimes.
Since criminology has started viewing the emergence of
cyberspace as a new locus of criminal activity, a new theory is
needed to explain why cyber crime occurs. The space transition
theory presented above provides an explanation for the criminal
behaviour in the cyberspace.
Page | 16
Routine activity theory was outlined by Clarke and Felson
(1993) and attempts to define criminal events in terms of the
common actions of offend-ers and victims. In the initial theory,
Clarke and Felson suggested that a criminal event required three
variables to occur simultaneously. These included a motivated
offender, a suitable target and an absence of guardians. With
regard to a property offence, such as a burglary, the theory
suggests that if a suitably motivated offender (perhaps one
seeking funding to buy drugs) finds a house which appears to have
objects of value in it, which is unattended by its owners, then
there is a heightened probability that an offence will take
place. Routine activity theory has some overlap with geographical
theories as criminal events are more likely to occur in
geographical areas which are described by the factors in routine
activity theory.
From a cyber criminological perspective, there may be some
evidence for routine activity theory. Several types of cybercrime
are more likely to be carried out by individuals with
considerable, unsupervised access to technology. Certainly, it is
difficult to surreptitiously carry out certain cybercrimes, such
Page | 17
as the collection of child pornography, without a personal
computer that other individuals do not have access to. Similarly,
a complex computer virus is more easily developed if the
individual has unlimited access to a privately held computer.
Hackers who attempt to develop botnets (a network of controlled
per-sonal computers) are possibly the best example of a
cybercriminal application of routine activity theory. They are
motivated to enhance their computing power, perhaps to disable a
specific website (what is known as a distributed, denial, of
service, attack). Suitable targets involve any Internet user’s
computer whose resources can be employed to complete the desired
act. A lack of suitable guardians in this case would refer to a
computer which has not been adequately protected through the use
of anti-virus software and a firewall. In a similar way, routine
activity theory can be applied to almost all types of cybercrime
and malicious online behavior, and as such it is a useful
addition to our understanding of cybercriminal events.
Rational choice theory states that committing a crime is a
rational choice made because the benefits outweigh the potential
negative consequences.
Page | 18
Conceptual Framework
Page | 19
1.IdentifyingtheExtent of the issuesAnd challenges In cybercrime Investigation inTerms of:1.1. Investigator’s
competency1.2. Facilities and
logistics1.3. Systems and
procedures1.4. Legal parameters
2.Identifying themeasures may be
1. Survey Questionnaires
2. Interview3. Statistics
1.Revision of the survey instruments based on the result of the pre- test conducted. 2. Reproduced enough copies of the survey instruments incorporating all suggestions received.3.Adequate amount of copies of the revised survey instruments are distributed to the three groups of respondents5.Data are collected
Figure 2: Conceptual Paradigm
EFFECTIVE COMPUTERCRIME BUSTING
Enhancement of theIssues
and Challengesin CybercrimeInvestigation
This paradigm of the study shows how to attain goals and
objectives of the research entitled Issues and Challenges in
Cybercrime Investigation: An Assessment towards an Effective
Computer Crime Busting which uses Space Transition Theory that
explains about the nature of the behaviour of the persons who
bring out their conforming and non-conforming behaviour in the
physical space and cyberspace. The rectangle at the top
represents the main objective of the study that can be achieved
through the input-process-output located right below the center
square which is the enhancement of the issues and challenges in
cybercrime investigation to attain the effective computer crime
busting. It is a one-way process from the bottom up to the top.
The first box below which is the Input represents the raw data
needed throughout the whole Process which is the second box.
These processes are namely; survey questionnaires, documentation,
interview and statistics. After the process is put into action,
the Output which is the third box can be obtained. The outputs
are the data collected from the respondents that will allow the
researchers to obtain the main objective and achieve the
effectiveness of computer crime busting.
Page | 20
Statement of the Problem
The main objective of the study is to identify and address
the issues and challenges in cybercrime investigation.
The study, therefore, seeks to answer the following sub-
problems:
1. To what extent are the issues and challenges encountered
in the investigation of cybercrime in terms of:
1.1. Investigator’s competency;
1.2. Facility and logistic;
1.3. Systems and procedures; and
1.4. Legal parameters?
Page | 21
2. Is there any significant difference on the assessment of
the groups of respondents on the issues and challenges
encountered in cybercrime investigation in terms of the above-
cited variables?
3. What measures may be proposed to strengthen the
cybercrime investigation in the Philippines?
Hypothesis of the Study
There is no significant difference on the assessment of the
respondents with regards to the issues and challenges encountered
in the investigation of cybercrime.
Scope and Limitation of the Study
Page | 22
The Setting
The setting of the study will be in Philippine National
Police, Criminal Investigation and Detection Group (CIDG) Camp
Crame and National Bureau of Investigation Cybercrime Division
Taft Avenue, Manila.
The Subject
The study will be concentrated on the issues and challenges
encountered by the law enforcement sector in the investigation of
cybercrime; including also the measures that may be proposed in
order to strengthen the conduct of cybercrime investigation.
The Respondents
There will be 3 groups of respondents. The first group of
respondent will be twenty (20) of the investigators of the
Philippine National Police Camp Crame. The second group will be
twenty (20) of the Crime Detection and Investigation Group
Investigators that handle cybercrime cases and the third group
will be twenty (20) of Cybercrime Investigators of the National
Bureau of Investigation.
The Time Frame
The study will cover the year of 2013-2014.
Page | 23
Significance of the Study
The results of the study will be deemed significant on the
following:
Law Enforcement Officers. This study will be beneficial to
them for it will give them better understanding in conducting
cybercrime investigation.
Courts. This study willbe beneficial to them for it will
give them information on the technical aspect of crime
investigation involving the use of computer and cyberspace.
Law Making Body. This will be beneficial to them for it will
give them insights on the pertinent laws needed to further
strengthen the fight against cybercrime.
Faculty and Students of Criminology. This study will be
beneficial to them for it will give them necessary information
with regard to the technicalities involve in cybercrime
investigation and to strengthen their knowledge in cyber world.
Definition of terms
Page | 24
Challenges. It refers to the problems encountered in
investigating cybercrimes by the cybercrime investigators of PNP,
CIDG and NBI.2
Computer. It refers to the gadget or device that uses
information communication technology and process information
which is the most used in committing cybercrimes.3
Cracking. It refers to the higher form of hacking in which
the unauthorized access culminates with the process of defeating the
security system for the purpose of acquiring money or information and/or availing
of free services.4
Crime Busting. It refers to the action taken by the law
enforcement agencies to fight criminality especially heinous
crimes.5
Cybercrime. It refers to thecrime accomplished through
special knowledge of computer technology or any crime where
computer is used as a tool or as a target or incidental to the
commission of a crime it.6
2P.B. Gove, Ph. D. (Webster’s Third New International Dictionary)3 Ibid.4Ibid.5Ibid.6Ibid.
Page | 25
Facilities. It refers to the something designed and created
to provide service in an investigation of crime.7
Framework. It refers to the set of ideas, principles,
agreements or rules that provides the basis or outline for
cybercrime busting intended to be more fully developed at later
stage.8
Hacking. It refers to the act of illegally accessing the
computer system/network of an individual, group or business
enterprise without the consent or approval of the owner of the system.9
Internet. It refers to the global system of
interconnected computer networks that use the standard Internet
protocol suite (TCP/IP) to serve billions of users worldwide. It
is a network of networks that consists of millions of private,
public, academic, business, and government networks, of local to
global scope, that are linked by a broad array of electronic,
wireless and optical networking technologies.10
Investigation. It refers to the art of locating, tracing and
identifying criminal in order to bring him before the court.11
7Ibid.8Ibid.9Ibid.10Ibid.11Ibid.
Page | 26
Investigator. It refers to a law enforcement officer
designated to investigate and provide inquiry on a crime
committed, he is either a member of the Philippine National
Police, Criminal Investigation and Detection Group or National
Bureau of Investigation.12
Investigator competency. It refers to the degree of
knowledge and ideas possessed by the investigator regarding the
laws, principles of investigation, and established rules in the
conduct of investigation especially knowledge about information
technology, in connection to cybercrime investigation.13
IP Address. It refers to the series of numbers assigned by an
Internet Service Provider to an internet user when it connects to
the Internet.14
Issues. It refers to the topic which is being discussed in
connection to cyber crime investigation.15
Logistics. It refers to the planning and control of the flow
of goods, and materials through an organized and manufacturing
12Ibid.13Ibid.14Ibid.15Ibid.
Page | 27
process in a law enforcement agencies to maintain a quality
service in responding and investigation of a crime.16
Legal Parameters. It refers to those set of laws and rules
that will facilitate and serve as a basis in an effective
cybercrimes investigation. 17
Phishing. It refers to sending fraudulent e-mails or website
pop-ups, to get victims to divulge sensitive financial
information such as credit card numbers or social security
numbers.18
Systems and procedure. It refers to the set of rules and
regulations to be followed by the investigator in investigating
crimes and the system of law enforcement agencies being used to
maintain a well organized process of investigation and rules
inside a department.19
ACRONYMS
CIDG. It refers to the Criminal Investigation and Detection
Group
16Ibid.17Ibid.18Ibid.19Ibid.
Page | 28
ICT – Information communication technology
NBI. It refers to National Bureau of Investigation
PNP. It refers to Philippine National Police
RA 8792. It refers to thelegislated because of I love you
virus, This Act shall be known and cited as the "Electronic
Commerce Act. “ Approved June 14, 2000.
Page | 29