Module 10: Confidentiality and Availability of Computer Data Systems

Question 1

Cybercrimes are primarily those that target what?

Answer 1

Systems, networks, and data

Question 2

Cybercrimes tend to seek to compromise:

Answer 2

confidentiality, integrity, and availability of systems, networks, and data

Question 3

Systems, networks, and data when they are protected and only authorized users can access them

Answer 3

Confidentiality

Question 4

Data is accurate and trustworthy and has not been modified

Answer 4

Integrity

Question 5

Data, services, and systems are accessible on demand

Answer 5

Availability

Question 6

Cybercrimes that target systems, networks, and data usually include:

Answer 6

Hacking; malware creation, possession, and distribution; denial of service (DoS) attacks, Distributed Denial of Service (DDoS) attacks; and website defacement

Question 7

A type of cybercrime regarding the access to the whole or any part of a computer system without right

Answer 7

Illegal Access

Question 8

Any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data.

It covers any type of computer device including devices with data processing capabilities (i.e., mobile phones and computer networks)

The device consisting of hardware and software may include input, output and storage facilities which may stand alone or be connected in a network or other similar devices.

It also includes computer data storage devices or media (Section 3(g) of RA 10175).

Answer 8

Computer system

Question 9

Elements of a Computer System

Answer 9

There must be a device or a group of interconnected or related devices

At least one of the device perform automatic processing of data pursuant to a program

The device need not be connected in a network as long as it consists of both hardware and software, with input, output and storage devices.

Question 10

Elements of the Offense for Illegal Access

Answer 10

There must be an intentional access in whole or in part of a computer system.

The person who attempts to, or is accessing, or had already accessed the data has no right of access to the system.

Question 11

An example of Illegal Access that describes unauthorized access to systems, networks, and data (hereafter target)

Answer 11

Hacking

Question 12

The Penalty for Illegal Access

Answer 12

Prision mayor (imprisonment of six years and 1 day up to 12 years)

A fine of at least Two hundred thousand pesos (P200,000) up to a maximum amount commensurate to the damage incurred or BOTH.

Question 13

The Penalty for Illegal Access if committed against critical infrastructure

Answer 13

Reclusion temporal (imprisonment for twelve years and one day up to twenty years)

A fine of at least Five hundred thousand pesos (P500,000) up to a maximum amount commensurate to the damage incurred or BOTH.

Question 14

Evaluate the target system’s security and report back to the owners the vulnerabilities they found in it and give instructions for how these can be remedied.

Answer 14

Ethical hackers

Question 15

A type of cybercrime regarding the interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data.

Answer 15

Illegal Interception

Question 16

Refers to listening to, recording, monitoring, or surveillance of the content of communications, including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.

Answer 16

Interception

Question 17

Elements of Illegal Interception

Answer 17

It must be intentional

It must be by technical means

The person involved is without any to do the interception

The transmission of computer data to, from, or within a computer system is non-public

Question 18

Penalty for Illegal Interception

Answer 18

Similar to Illegal Access

Question 19

An examples of Illegal Interception which enables an offender to eavesdrop on communications between the sender and receiver and/or impersonate the sender and/or receiver and communicate on their behalf.

Answer 19

Man-in-the-middle attack

Question 20

A man-in-the-middle attack compromises what?

Answer 20

The confidentiality of data (through eavesdropping) and integrity of data (by impersonating sender and/or receiver)

Question 21

The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.

Answer 21

Data Interference

Question 22

Refers to the modification or change, in form or substance, of an existing computer data or program (Sec. 3(b)).

Answer 22

Alteration

Question 23

Authorized action can also be covered by the provision Data Interference if:

Answer 23

The action of the person went beyond agreed scope resulting to damages stated in this provision

Question 24

Data interference is directed against what?

Answer 24

The data itself

Question 25

In data interference, Alteration only involves what?

Answer 25

Data

Question 26

Penalty for Data Interference

Answer 26

Same with Illegal Access

Question 27

Data Interference can include:

Answer 27

Suppressing, modifying, adding, transmitting, editing, deleting or otherwise damaging data, systems, and services.

Question 28

The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network

Answer 28

System Interference

Question 29

The interference in system interference is directed against what?

Answer 29

The functioning of a computer system.

Question 30

In System interference, alteration involves what?

Answer 30

Both data and computer program

Question 31

Penalty for System Interface

Answer 31

Same with Illegal Access

Question 32

Example of System Interference wherein this attack interferes with systems by overwhelming servers and/or intermediaries (e.g., routers) with requests to prevent legitimate traffic from accessing a site and/or using a system.

Answer 32

Denial of Service (DoS) attack

Question 33

A type of DoS attack wherein there is the use of multiple computers and other digital technologies to conduct coordinated attacks with the intention of overwhelming servers and/or intermediaries to prevent legitimate users’ access.

Answer 33

Distributed Denial of Service Attack (DDoS attack)

Question 34

The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of a device, a computer password.

The possession of an item referred to in paragraphs 5(i)(aa) or (bb) above with intent to use said devices for the purpose of committing any of the offenses under this section.

Answer 34

Device Misuse

Question 35

In device misuse, (i) The use, production, sale, procurement, importation, distribution, or otherwise making available, without right, of:

Answer 35

(aa) A device, including a computer program, designed or adapted primarily for the purpose of committing any of the offenses under this Act; or

(bb) A computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing any of the offenses under this Act.

Question 36

Penalty for Device Misuse

Answer 36

Same with Illegal Access except fine should me no more than Five hundred thousand pesos (500,000)

Question 37

Used to infect target systems in order to monitor them, collect data, take control of the system, modify system operation and/or data, and damage the system and/or data.

Answer 37

Malware

Question 38

Standalone malicious software that spreads without the need for user activity.

Answer 38

Worm

Question 39

Malware that requires user activity to spread (e.g., an executable file with virus spreads when opened by the user).

Answer 39

Virus

Question 40

Malware designed to look like legitimate software in order to trick the user into downloading the programme, which infects the users’ system to spy, steal and/or cause harm.

Answer 40

Trojan Horse

Question 41

Malware designed to surreptitiously monitor infected systems, and collect and relay information back to the creator and/or user of this type of malware

Answer 41

Spyware

Question 42

Malware designed to take users’ system, files, and/or data hostage and relinquish control back to the user only after ransom is paid.

Answer 42

Ransomware

Question 43

A form of ransomware. is malware that infects a user’s digital device, encrypts the user’s documents, and threatens to delete files and data if the victim does not pay the ransom.

Answer 43

Cryptoransomware

Question 44

A form of cryptoransomware that perpetrators use against victims that releases the user’s data (i.e., makes it public) if ransom is not paid to decrypt the files and data.

Answer 44

Doxware

Question 45

The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same

Answer 45

Cybersquatting

Question 46

Elements of the offense of Cybersquatting

Answer 46

There must be an acquisition of a domain name over the internet;

The acquisition is done in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same;

In case of a juridical person, the domain name is similar, identical or confusingly similar to an existing trademark registered with the appropriate government agency at the time of the domain name registration;

Identical or in any way similar with the name of a person other than the registrant in case the domain name involves a natural person.

Question 47

Penalty for Cybersquatting

Answer 47

Same with Device Misuse