Posted by Jaime Raphael Licauco, CISSP, GSEC on August 10, 2009
In case you’d like to see the current draft bill being deliberated in Congress, you can find it here.
Articles in the end of May with relation to the Cybercrime bill:
(Newsbreak) Latest sex video scandal highlights need for cyber crime law
(Computerworld Philippines) National ICT Month
Posted in Legal, Philippines | Tagged: act, Cybercrime, legislation, Philippines | 2 Comments »
Posted by Jaime Raphael Licauco, CISSP, GSEC on March 12, 2009
For around two years now, Information Security Professionals have been saying that cybercrime is on the rise because of the change from ego-centric (i.e. malware that begs for attention) to financial motivation (i.e. malware that accumulates/sends data, silently evading detection). This financial motivation has led to cyber markets/exchanges wherein hackers and their cohorts transact, and in a more recent development, now specialize on a certain aspect of their trade, which in turn has increased efficiency. For example, some specialize on retrieving credit card numbers and other personal information, others specialize on printing the fake cards, while others use the cards, whether they be an ATM (Citibank hack in NYC) or a credit card (Malaysian’s arrested in Australia for fake credit card use). The current worldwide economic environment has only made matters worse.
The question here is, where is the Philippine version of the Cybercrime bill? Around two months ago, it was still on its second reading in Congress. It’s already taken more than eight years, I could be wrong, but I doubt its finally passed.
From what I’ve seen and experienced, I find it hard to believe that barely any cybercrime happens here. There are far too many good Filipino hackers and scammers, for nothing to be happening. Maybe audit logs aren’t turned on, maybe no one regularly checks the logs, maybe when people get scammed, they just let it go (feel free to blame the culture). UK’s BERR and PWC InfoSec Breaches Survey of 2008 states that there are fewer incidents reported in 2008 than 2004, however it may be because they’ve been understated since they found out that “companies that carry out risk assessment are four times as likely to detect identity theft as those that do not.” Which begs the question, do Philippine organizations with confidential information actually undertake risk assessments and take appropriate actions and implement controls to protect their assets? Just because an organization doesn’t have “incidents” doesn’t mean that confidential information doesn’t leak. How does one report an information security incident when one isn’t aware on how to identify it? Secondly, would the company in question have a process in place to accommodate what an employee finds suspicious? Third, would that company then have a process and resources (i.e. competence in IT Forensics) to investigate the report? I’m sure that if it happens to more security conscious countries, it must be happening here, we just aren’t aware of it or it isn’t reported… especially with all the useless WEP encryption found in coffee shops, keyloggers found in internet cafes, surreptitious card reader machines used to read credit card information, to stories of scammers at Philippine online auction sites.
Maybe it will take a high profile hacking on one of our few promising industries that is heavily dependent on IT: one of our BPOs. Or maybe even the hacking of private files of one of our lawmakers (Obama, Palin, and McCain got hacked last year) for there to be any progress on this bill. Whether that happens or not, I find it indefensible to wait for something bad to happen to impel lawmakers to do what’s right, and give the country and its people what there’s obviously a need for.
References:
(InfoSec Philippines) Nov 11, 2008 (note: has links to Philippine Cybercime bill news articles)
(TechRepublic, Sep 2007) Cybercrime tools market maturing, and crimes are on the rise
(Newsweek, Dec 2008) The Rise of Black Market Data
(Univ of Mannheim, Germany, Dec 2008) Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones
(Wired, Oct 2008) Cybercrime Supersite ‘DarkMarket’ Was FBI Sting, Documents Confirm
(Symantec, Nov 2008) New Symantec Report Reveals Booming Underground Economy
(ihotdesk Outsourcing News, Dec 2007) Cyber crime market threatens data
(ContactCenterWorld.com, Feb 2009) Japanese Cybercrime at Record Levels as Hackers Crack Web sites
(Computer Crime Research Center, Oct 2008) Recent Stock Market Decline Causes Economic Cybercrime to Hit All Time High
(CBCNews Canada, Mar 2009) Fraud artists, security experts fight sophisticated battle
(ArticSoft, 2004) How Do You Deal With Internet Fraud
(Credit Cards Web UK, Mar 2009) Card fraud refunds being refused by more banks
Posted in Awareness, Compliance, ISMS, Legal, Opinion, Philippines | Tagged: ATM, Citibank, Cybercrime, darkmarket, fbi, Opinion, philippine, underground economy, wired | Leave a Comment »
Posted by Jaime Raphael Licauco, CISSP, GSEC on November 11, 2008
Maybe we should revisit our Cybercrime Bill, which hasn’t been approved and is in our congress for a second reading after a scant 8 years. Why? because Pakistan’s version of the bill, includes cyber-terrorism being punishable by death.
If you’re interested on articles on the Philippine version of the Cybercrime bill, there’s one from MB.com.ph from Nov 2007 by Melvin Calimag, “Cybercrime Law for RP long overdue.” Another article by the same author came out in April of this year on, “NBI exasperated over delay of cybercrime bill, hits CICT.”
News about the former Intel employee who works for AMD, that stole information with an estimated cost of over $1 billion in R&D development, can be found in CNET, and USA Today.
“A New York man has been charged with aiding the alleged leader of the hacking gang accused of stealing more than 40 million credit and debit card numbers from stores owned by TJX Companies and other companies.” reports this article from The Register.
On the Mobile Security front, a researcher says Google’s Android may not need antivirus software. Btw, older versions of G1’s software were vulnerable to an exploit that allows telnet root access discussed here and here.
The New York Times reports that DDOS attacks have been growing more potent, increasing from around half a megabit 7 years ago, to around 40 gigabits.
Three people pleaded guilty to hacking Citibank ATM cards who were able to steal $2 million in a span of four months. Maybe Manny Pacquiao should think about learning how to hack when he retires, especially since the Philippines has no Cybercrime bill, hehehe 🙂
Two Los Angeles traffic engineers admitted to hacking related to contract negotiations. Aren’t we just happy in Manila that our traffic light system uses 60’s technology? 🙂
The Financial Times and SC Magazine US, have reported to computers that were breached in the White House. The prime suspect are Chinese hackers.
Other News:
Posted in News, Philippines | Tagged: 27002:2005 A.11.7.1, AMD, Antivirus, ATM, Bill, Chinese, Citibank, Cybercrime, DDOS, Hackers, Inmate, Intel, los angeles, Mobile Security, NBI, Prison, traffic, White House, Wireless, wpa | 1 Comment »
Posted by Jaime Raphael Licauco, CISSP, GSEC on November 5, 2008
Infosecurity magazine will have an upcoming webinar on “Advancements in eCrime and their implications on web security” on Tuesday, November 11, 2008 at 11pm Philippine Standard Time. Duration of the Webinar will be an hour.
Description:
Modern Crimeware is a term coined to describe recent web-related attacks. In the ‘old’ days of virus and malware, the primary motive was fame. Modern crimeware is fuelled by financial motives and has evolved into an intricate economy of supply and demand, distributors, affiliations, and pricing models.
For more details, click here.
Wednesday, November 05 at 2:00 PM EST (1900 UTC/GMT) Note: This would be November 06 at 3:00 AM Philippine Time.
SANS is happy to bring you the latest in our complimentary series of Webcasts. Join us as SANS presents:
Featuring: Chima Njaka
For more details, click here.
WhiteHatWorld.com will have Webinars on
Posted in Webinars | Tagged: Cybercrime, data leakage, Free, Infosecurity magazine, log management, SANS, siem, Webinar, whitehatworld.com | Leave a Comment »
InfoSec Philippines 