Do
you still remember the widespread of the “ILOVEYOU” outbreak in the world wide
cyberspace in 2005 was later estimated to have
caused US $5.5 billion in damages? Even The Pentagon, CIA, the British
Parliament, and most large corporations were forced to completely shut down
their mail systems just to dodge this most virulent virus (as for the world record) that completely destroying
the database of a computer.
 |
| Cyber Crime: the silent killer
This ILOVEYOU was a computer worm that attacked tens of millions of
Windows personal computers on and after 5 May 2000 local time in the
Philippines when it started spreading as an email message with the subject line
"ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.".
The first file extension 'VBS' was most often hidden by default on Windows
computers of the time, leading unwitting users to think it was a normal text
file. Opening the attachment activated the Visual Basic script. The worm did
damage on the local machine, overwriting image files, and sent a copy of itself
to the first 50 addresses in the Windows Address Book used by Microsoft Outlook.
The
virus was received in e-mail inboxes in Hong Kong on 4 May, 2000, with subject
“I LOVE YOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs.”. It erases or
blurs the graphics and data in the computer and gets the contact addresses in
the computer directory, and sends the same email to all contacts listed in that
directory. Once received and opened in another computer, it replicates all that
it did previously. The replication went on and on, sweeping all computers where
the email was received and opened, from Hong Kong, to Europe, to the United
States, infecting and damaging computers and networks of small and big
companies, private and government institutions.
To catch the culprit, An international manhunt was
conducted; the investigators traced the origin of the virus to its creator, a
programming student (Onel de Guzman) at the AMA Computer University in Manila.
new breed of danger
It happened that on 5 May 2000 two young Filipino computer
named Reomel Ramores and Onel de Guzman became the target of a criminal investigation by the Philippines' National
Bureau of Investigation (NBI)
agents. The NBI received a
complaint from Sky Internet, a local Internet service provider (ISP). The ISP
claimed that they have received numerous calls from European computer users,
complaining that malware in
the form of an "ILOVEYOU" worm was sent to their computers through
the said ISP.
After several days of surveillance and investigation
spearheaded by Darwin Bawasanta, systems development manager of Sky Internet,
the NBI was able to trace a frequently appearing telephone number which turned
out to be that of Ramores' apartment in Manila. His residence was searched by the NBI and
Ramores was consequently arrested and placed on inquest investigation before
the Department
of Justice (DOJ). Onel de Guzman was likewise arrested in absentia.
At that point, the NBI were at a loss as to what felony or crime to charge them with. There
were some agents who suggested they might be charged with violation of Republic
Act 8484 or the Access Device Regulation Act, a law designed mainly to penalise credit card fraud, the reason supposedly
being that both used, if not stole, pre-paid Internet cards which enabled them
to use several ISPs. Another school of thought within the NBI suggested Ramores
and de Guzman could be charged with malicious mischief, a felony involving
damage to property under the Philippines Revised Penal Code enacted in 1932.
But the drawback with a charge of malicious mischief is that one of its
elements, aside from damage to property, was intent to damage, and de Guzman
and Igi Gando claimed during custodial investigation that de Guzman may have
merely unwittingly released the worm.
To show intent, the NBI investigated AMA Computer
College where de
Guzman dropped out at the very end of his final year. They found that de Guzman was not only
quite familiar with computer viruses but had in fact proposed to use one. For
his undergraduate thesis, de Guzman proposed the implementation of a trojan to
steal Internet login passwords. de
Guzman proposed that users would finally be able to afford an Internet connection.
The proposal was rejected by the College of Computer Studies board, prompting de Guzman to cancel his
studies the day before graduation.
When arrested (11 May 2000), the suspect apologized to
the public and said he had no intention of causing such great harm. Government
prosecutors filed cases against him, but even at the first stage, the
indictment was dismissed as there was no law penalizing the act at the time
(May 2000) in the Philippines.
By this phenomenon,
it points to the need for a domestic law to address a particular
criminal act, and international/bilateral legal instruments to give “no-safe
haven” to cyber-criminals (or would-be cyber-terrorists).
The Philippine Congress
subsequently passed a law that penalizes computer/cybercrimes, although it
didnot cover cyber-terrorism.
"Cybercrime Prevention Act of 2012"
Then the birth
of Republic Act (RA) 8792, otherwise known as the “Electronic Commerce Act of
2000” was reenacted by the Philippine Congress. RA 8792 provides for the legal
recognition and admissibility of electronic data messages, documents and
signatures. This was signed into law on 14 June 2000. The salient features of
the Act are as follows:
•
Provides for the admissibility of electronic documents in court cases;
•
Penalizes limited online crime, such as hacking, introduction of viruses and
copyright violations of at least Php100,000 and a maximum commensurate to the
damage incurred, and imprisonment of six
months to three
years, among others;
•
Promotes e-commerce in the country, particularly in business-to-business and
business-to-consumer
transactions
whereby business relations are enhanced and facilitated and consumers are able
to find
and purchase
products online;
•
Aims to reduce graft and corruption in government as it lessens personal
interaction between
government
agents and private individuals.
RA
8792 is considered the landmark law in the history of the Philippines as a
legitimate player in the global marketplace. It has placed the Philippines
among the countries penalizing cybercrime. Likewise, the Supreme Court drafted
the Rules on Electronic Evidence, which took effect on 1 August 2000, to
emphasize the admissibility of evidence in electronic form, subject to its
authenticity and reliability.
This
restriction intends to safeguard against accepting evidence of doubtful
character. We have also the Access Devices Regulation Act of 1998 (RA 8484)
which regulates the issuance and use of access devices, prohibiting fraudulent
acts committed and providing penalties and for other purposes; and, Philippine
Central Bank Circular 240 dated 7 April 2000 regulating the electronic banking
services of financial institutions.
While
RA 8792 is already in place, it was found to have failed to address all forms
of cybercrime that are enumerated in the Budapest Convention on Cybercrime of
2001, namely:
•
Offences against confidentiality, integrity and availability of computer data
and systems which
include illegal
access, illegal interception, data interference, system interference, misuse of
devices;
•
Computer-related offences which include computer-related forgery and
computer-related fraud;
•
Content-related offences such as child pornography;
•
Offences related to infringement of copyright and related rights.
Furthermore,
enforcing the law with the use of the existing guidelines embodied in the
Revised Penal Code, as amended, may not work for cybercrime. Unlike the
traditional and terrestrial crimes which deal with corporeal evidence,
cybercrime involves more electronic data which are intangible evidence. In
order to cope with the daunting problem of cybercrime, the Department of
Justice (DOJ) created the Task Force on E-Government, Cyber-security and
Cybercrime in 2007 to deal with cyber-security issues in relation to
legislation and investigation. It was created to pursue the e-government
agenda, institutionalize a cyber-security regime and implement laws. The said
task force worked closely with the Council of Europe, a private organization,
and local experts composed of IT practitioners and other stakeholders.
Since there were no laws in the
Philippines against writing malware at the time, both Ramores and de Guzman and
Igi Gando were released with all charges dropped by state prosecutors.
|
No comments:
Post a Comment