House bill filed vs ‘identity theft’ from Internet

Publishing a person's personal data retrieved from the Internet might soon be a crime, if a bill filed Thursday at the House of Representatives would be passed.

Under HB 3828, a stiff penalty will be imposed against "identity theft" and the "malicious" disclosure of personal information by the media without the consent of the subject.

In a statement, Camarines Norte Representative Liwayway Vinzons-Chato, who authored the bill, said the "increasing sophistication" of information technology has eased the access to other people's personal information.

"Computers linked together by high-speed networks with advance processing systems can create comprehensive dossiers on any person without the need for a single central computer system," she said.

If enacted into law, the reporter, editor-in-chief, publisher, manager, and president of a newspaper found guilty shall face a penalty of two years imprisonment and pay a fine of not more than P500,000.

People who reveal false information -- either obtained from a data controller or unknowingly transferred to them -- shall be jailed for six months and be fined for not more than P500,000.

Meanwhile, people who process the data without the consent of the persons concerned shall be charged with a 12-year imprisonment and a fine of not more than P3 million.

She also cited a survey that showed the call to enforce penalties for violating data privacy rights.

The bill includes the creation of National Data Protection Commission (NDPC) that shall register data controllers and processors and monitor the country's compliance with international standards on data protection.

Among the functions of the NDPC are: overseeing and monitoring the processing of personal data, stopping any breach in the data protection, ensuring that the rights of the data subject are upheld, and monitoring the compliance of other government agencies with security and encryption measures.

Rachel Hermosura - INQUIRER.net

Computer crimes rising, say police

Crimes committed via computer rose sharply last year, the Philippine National Police (PNP) said Sunday.

A briefing paper on cyber crimes by the Criminal Investigation and Detection Group (CIDG) said that PNP's 1,843 crimes involving computers were reported to police in 2007, almost triple the 527 crimes reported in 2006.

Overall, a total of 2,624 computer crimes were reported from 2003 to 2007. From only 37 in 2003, the number of computer crimes rose to 56 in 2004. It surged to 161 in 2005.

Between 2004 and 2006, the PNP's cyber crime unit investigated 195 cases requiring computer forensics.

The online crimes consist of, among others, credit card fraud, cyber pornography, copyright infringement, and computer crimes defined as in Republic Act No. 8792 or the E-Commerce Act, and RA 8484 or the Access Devices Regulation Acts.

CIDG commander Chief Supt. Raul Castañeda said they were going "full blast" against cyber crimes.

"We are really focusing on cyber crimes. We have to be prepared because this is the wave of the future," Castañeda told the Philippine Daily Inquirer (parent company of INQUIRER.net).

The CIDG's efforts have resulted in the conviction in 2005 of JJ Maria Giner, the first conviction of a hacker in the country. Giner was convicted under the E-Commerce Act for hacking into government websites.

The CIDG has also disabled 21 "phishing" sites based in the country. Phishing is an attempt to fraudulently obtain sensitive information like user names, passwords and credit card details by passing oneself as friendly and trustworthy through electronic communication.

Computer and cell phone forensics were also used in other cases like the one against members of the Communist Party of the Philippines-New People's Army (CPP-NPA), the murder of former Abra Rep. Luis Bersamin, the cases against Magdalo soldiers, the Batasan blast as well as other bombing incidents, and the Peninsula Manila siege.

Castañeda revealed that training and procurement of equipment was ongoing to beef up their capabilities in computer forensics and cyber crime investigation.

He noted that computer forensics as well as cell phone forensics were becoming vital in antiterrorism and anti-criminality operations.

Castañeda said efforts to fight cyber crime were mostly concentrated in Metro Manila. But he said they would put up satellite units in Davao, Zamboanga, Cebu and Baguio cities.

At present, the CIDG's computer crimes unit only has nine operatives. But 200 CIDG personnel have received training in cyber crime investigation.

Most of the equipment being used by the CIDG came from the US Anti-Terrorism Assistance Program.

To boost its campaign against cyber crimes, the CIDG is forging closer ties with the National Bureau of Investigation, the Police Anti-Crime Emergency Response unit, Interpol, National Intelligence Coordinating Agency, Anti-Money Laundering Council and Microsoft.

The Philippines is also tying up with other countries with cyber crime units like China, India, Indonesia, Korea, Malaysia, Singapore, Thailand, Japan and Hong Kong. By Alcuin Papa - Philippine Daily Inquirer

Criminal intent becoming more pervasive in web attacks

Criminal intent is clearly becoming the motivation behind most web attacks and malicious software caught by companies like Trend Micro, an expert said recently.

In an interview, David Perry, global director of education for Trend Micro Inc., said that in his 33 years of computer experience, he has seen more malicious attacks and software launched by people with "largely financial gain" in mind.

In the United States, he said that identity fraud has become a profitable business, as “phishing” or the act of stealing of sensitive information from users with the intent of selling or using it, has become a greater concern among security companies.

He said that the Federal Bureau of Investigation has reported that about 15 million identities were stolen in the US alone.

The Trend Micro executive also noted that computers worldwide are also being hijacked using computer malware to generate so-called "click frauds." Click frauds are now used by fake affiliates to trick online advertising services of Google and Amazon to generate fraudulent traffic to certain websites.

Using hijacked computers, these fake affiliates are now able to generate fraudulent advertising revenue by driving more traffic or "clicks" to target websites, Perry said.

The executive said that click fraud is now a headache in the web advertising world.

"It is wreaking havoc to the rest of the Internet advertising world. Advertising clicks are generated by malware. It is now very common," he said.

He stressed that this is one way that malicious groups are now defrauding users and online services.

Citing a few more examples on how criminal intent is now pervasive in web attacks and phishing activates, Perry said that a Trojan program that intends to steal online account information can fetch anywhere from $1,000 to $5,000 in the underground market. A credit card number with a personal identification number can sell for about $500. These figures, he added, were culled from "cybercrime forums."

TrendLabs has been reporting about 3,000 malware and 17,000 blocked web addresses a day, Perry said. He added that he has also seen more spam activities increasing in China.

"I'm seeing more activities in China. I've seen the 'make money spam' and the 'illicit software spam' and the 'promised of jobs.' There has also been a rise of phishing in China," he said.
By Erwin Oliva - INQUIRER.net