A computer system is a collection of interconnected devices that process, store, and input data and

information. At least one optical processing unit is used in today's computer systems. The creation,
management, or use of systems, especially computer systems, applications, and networks for storing,
retrieving, and transmitting information, is known as information technology. The process of electronically
connecting two or more computing devices to share information through data connections is known as
computer networking.
People's lifestyles have changed all over the world as a result of information technologies and computer
networking. All has access to a computing system, whether it's a smartphone, tablet, or personal computer.
People can function from any location on the planet. Companies may hold video conferences from several
locations at the same time, exchanging information, software, and experience without wasting time and
resources on travel. At the click of a mouse, you can find information about any topic.
There is a downside to the fast-paced, everchanging world of technology and communications: hackers.
Hackers attempt to breach personal and corporate networks on a regular basis; ransomware, identity fraud,
data loss/manipulation, and denial of service attacks are only a handful of the methods employed. As a
result, professional data networking professionals are increasingly being called upon to secure personal,
corporate, and government information through ever-changing security mechanisms.
Computerization and Information System
Computerization may refer to:
 Equipping something with or the usage of and associated automation by computers and software.
 Business process re-engineering that converts a manual process into one done by a computer.
 Equipping with a general-purpose computer, embedded computer, or computer system.
 Inputting data(computing) into computers.
 Digitizing information for computers.
 Creating computer-generated content.

Components of Information Systems

Erik Gregersen a senior editor at Encyclopedia Britannica, specializing in the physical sciences and
technology described the five components of Information System as follows:
1. Computer Hardware
This is the information-processing technology in physical form. Hardware may be as small as a
pocket-sized smartphone or as big as a supercomputer that occupies an entire house. Keyboards, optical
disk drives, and routers are examples of peripheral machines that interact with computers. Sensors that
communicate with machines are pervading the human world with the advent of the Internet of Things, in
which everything from home appliances to vehicles to clothes would be able to receive and send data.
2. Computer Software
 The function of software is to inform the hardware as to what it can do. There are two kinds of
applications: device software and program software. The operating system, such as Windows or iOS, is the
most important piece of system software since it controls how the hardware works. Application software is
created to do particular functions, such as working on a spreadsheet, writing a script, or constructing a
website.
3. Telecommunications
This part forms a network by connecting the hardware together. Wired connections, such as
Ethernet cables or fiber optic cables, or wireless connections, such as Wi-Fi, are available. Via a local area
network (LAN), a network may be built to connect computers in a particular area, such as an office or a
school. The network is referred to as a wide area network (WAN) because the computers are spread out
over a large arca. The Internet is a network of networks in and of itself.
4. Databases and data warehouses
The "data" that the other components deal with is stored in this component. A database is a
collection of information that can be accessed by querying it with one or more unique parameters. A data
warehouse stores all of an organization's data in whatever format it is needed. With the rise of "big data," a
term for the absolutely vast volumes of data that can be processed and analyzed, databases and data
centers have become much more important in information systems.
5. Human Resources And Procedures
The last, and perhaps most significant, part of information systems is the human element: the
individuals who must operate the system and the processes they must obey in order for the facts stored in
huge databases and data warehouses to be transformed into learning that can translate past events and
direct future actions.
THE COMPUTER
Computer is an electronic device that can be programmed to take user input, process it, and output
data.

TYPES OF COMPUTERS
Since the invention of the first compute, various kinds and sizes of machines have been used to
provide various services. In handheld and embedded devices computers may be as massive as a large
building or as compact as a laptop or a microcontroller(bynotes.com)
1.Supercomputer - These are the most powerful and largest computers available. Huge companies employ
these devices, which are unique high capacity computers. Usually, they are used to process large volumes
of data, such as in weather forecasts. Supercomputers are very costly and large in scale. It can be housed
in big, airconditioned rooms; certain supercomputers can take up an entire building.
2. Mainframe Computer - These computers are big and powerful, but not quite as powerful as
supercomputers. These can process and store large amounts of data at the same time. A mainframe, for
example, would capture all of the sales data from a large department store. While Mainframes are not as
powerful as supercomputers, they are still very costly, and many large businesses and government
agencies rely on them to operate their operations. Because of their size, mainframe computers can be
housed in huge, air-conditioned spaces.
3. Minicomputer- Small companies and corporations use minicomputers. Midrange computers are another
name for minicomputers. Servers are another name for these. These machines are compact and can fit on
a disk, but they lack the computing and data storage capacities of supercomputers and mainframes.
Servers are used to store data in a single location and to exchange basic devices such as printers and
scanners. A server cluster is a set of servers housed in a single location. Minicomputers are used by
particular divisions of a multinational corporation or organisation for various purposes. Minicomputers, for
example, may be used in a manufacturing department to track specific production processes.
4. Microcomputer- Microcomputers include desktop machines, notebooks, personal digital assistants
(PDAs), tablets, and smartphones. Microcomputers are the most common and fastest-growing computers.
Of the three kinds of machines, these are the least expensive. Microcomputers are designed specifically for
general purposes such as entertainment, education, and function.

THE SOFTWARE
Software is a collection of instructions for a program. The entire collection of programs,
procedures, and routines involved with the operation of a computer system is referred to as software. The
term was coined to distinguish these instructions from the actual elements of a computer machine, which
are known as hardware. A program, or software program, is a series of instructions that tells a computer's
hardware how to execute an operation (www.britannica.com).
TYPES OF SOFTWARE
A software comprises two major categories:
1. System Software
2. Application Software

1. SYSTEM SOFTWARE
The interface, or intermediary, is system software. It allows you to connect with other devices as well as
hardware. Device software is divided into five categories. They are designed to automate the relationship
between software, hardware, and the user by controlling and coordinating the roles and procedures of
computer hardware.
Types Of System Software
1. Operating system (OS):
It is a system software kernel that must be installed first on a computer in order for programs and
computers to be recognized and usable. – time a device is turned on, the first layer of software is loaded
into memory. Real-time operating systems, single-user and single-task operating systems, network
operating systems, and mobile operating systems are examples of operating systems.
2.Device Drivers:
These are what bring electronic peripherals and gadgets to life. Device drivers allow components
and external add-ons to communicate with one another and execute their intended functions. The operating
system will be unable to delegate any tasks without the pilot. Drivers are needed for the operation of
devices such as the mouse, keyboard, speakers, and printer.
3. Firmware:
It is the organizational program that allows the operating system to recognize a ROM, flash, or
EPROM memory chip. It explicitly monitors and oversees all of the operations of a single piece of
hardware. Firmware can be quickly upgraded without the need to replace semiconductor chips
4. Programming language translators:
There are intermediate programs that convert source code written in a high-level language to
computer code. Assemblers, compilers, and interpreters are examples of common language translators.
They can be used to do full program code translation or to translate each instruction one at a time.
5. Utilities:
It is designed to help with device diagnostics and repairs. Their responsibilities could include
anything from computer protection to disk drive defragmentation.
2. APPLICATION SOFTWARE
A computer program that performs a particular purpose, whether educational, personal, or
business related, is known as application software. It's also known as a productivity program or an end-user
program. Consider system software to be a cake, and program software to be the icing on top. When
dealing with applications, it is the device software (frosting) that you, the user, see up front.
Any of the computer application software programs is intended to aid you in a particular process,
such as creativity, competition, or better communication. It helps you complete tasks such as taking notes,
doing online research, setting an alarm, managing your accounts, and even playing games. Unlike
computer software, computer application software systems have their own set of features and execute the
purpose for which they were designed. For example, a browser is a software that allows you to navigate the
Internet. MS PowerPoint, on the other hand, is a presentation specific software. Application software is
another term for non-essential technology.
Choosing the right software for personal or company use will boost functionality and performance.
If you don't educate yourself about your choices, you could end up with something that isn't beneficial to
your business, costing you time and money while reducing efficiency. Knowing what kinds of program
software are available will assist you in making an educated decision.

THE APPLICATION SOFTWARE INCLUDES:

1. Presentation Software:
Using graphic information, presentation software allows you to easily and clearly present
your views and ideas. It allows you to present data in the form of slides. Html, photographs, diagrams and
videos will all be used to make the slide more insightful and engaging. It is made up of four components:
a. Text editor to input and format text.
b. Insert graphics, text, video, and multimedia files
c. Slideshow to display the information.
2. Web Browsers:
These automated programs are used to search the Internet, allowing you to find and download
information from various sources. Google chrome and internet Explorer are the most common.
3. Multimedia software:
You may use this to make capture images, as well as audio and video files. This program is widely
used in the fields of animation, graphics, image, and video editing. VLC media player and Windows media
player are two common examples.
4. Education and Reference software:
This application program, also known as academic software, is designed to assist students in
studying a specific topic. This group includes various types of instructional apps. JumpStart games,
MindPlay games, and Kid Pix games are among them.
5. Graphic Software:
You may use graphics tools to modify or alter visual data or photographs. It includes tools for
drawing and editing pictures. Graphic tools includes Adobe Photoshop and PaintShop Pro, to name a few.
6. Spreadsheet Software:
Calculations are done using spreadsheet tools. Data is stored in a table format in this software.
The intersecting space, referred to as cells, is divided into fields that include text, date, time, and number. It
enables users to enter formulas and functions into the program to execute calculations. Spreadsheet
applications like Microsoft excel is a clear example.
7. Database software:
A database is created and managed using database software. It lets you structure your data and is
also known as a DBMS (Database Management System). As a result, when you run an application, data is
retrieved from the database, updated, and then returned to the database. Some common databases
include Oracle, MySQL, Microsoft SQL Server, PostgreSQL, MongoDE, and IBM Db2.
8. Word Processing Software:
It’s used to create memos, emails, faxes and records by formatting and manipulating text. The text
is often formatted and beautified using word processing tools. Aside from thesaurus, synonyms and
antonyms, it has a number of other characteristics. The font option, in addition to Word features, allows you
to customize font color, effect, and design. To search for mistakes, grammar and spell- checker options are
also available.
9. Simulation Software:
Engineering, education, testing and video gaming, among other areas, use simulation tools. It’s
used while working on the individual device isn’t feasible, inconvenient, or even risky. It’s a program that
allows you to stimulate an operation or phenomena in order to analyze or experience it without ever doing
it. The best modeling examples are in the fields of automation, flight systems, and weather forecasting, to
name a few.
Aside from these, there are a variety of other types of application that are used for various
purposes. Application software, on shareability and availability.
Freeware:
It is available for free, as the name implies. It is available for free download and use on the Internet.
This app, on the other hand, would not encourage you to change it or charge a fee for distributing it.
Examples of this app include Adobe Reader and Skype.
Shareware:
This is given away to consumers for free as a demo, normally with a limited time bid. If consumers
wish to keep using the app, they would have to pay. WinZip and Adobe Acrobat are two examples of
shareware.
Open Source:
This type of program comes with the sources code, allowing you to tweak it and even add new
functionality. These may be offered for free of for a fee. Any examples include Mooodle and Apache Web
Server.
Closed Source:
This division includes the majority of the apps you use. This are normally chargeable, and the
source code is usually protected by intellectual property rights or patents. It normally comes with a set of
restrictions.

FUNCTIONS OF AN APPLICATION SOFTWARE

Application development applications are created to help with a wide range of tasks. Managing
records, creating graphics, processing details, organizing resources, and estimating figures are just a few
examples.
COMPONENTS OF COMPUTER SYSTEM
Computer System — Is a system that can process a collection of inputs and produce a set of outputs. A
combination of hardware and software is used to do this. It is equipped with data input modules. After that,
the data is interpreted in a specific manner. The processing result is either sent to an output computer or
stored in a storage device before a triggering event causes it to be output.

THE FOUR (4) CATEGORIES OF COMPUTER SYSTEM

Multiple electronic components make up a computer system, each of which plays a separate role in the
information processing cycle:
1. Input - Components such as the keyboard and mouse that assist users in entering data into the screen
2. Processing - Within the device, components that trans er and process data. This includes the
motherboard, as well as the processor and memory chips.
3. Output – Components that provide the production results to consumers, such as monitor and printer.
4. Storage – Components such as hard drives that hold software and data before they are required.

THE COMPUTER DEVICES

Peripheral
A peripheral is a system that is used to input or output data into or from a computer.
COMMON PERRIPHERALS
INPUT
a) Keyboard
b) Computer mouse
c) Graphic tablet
d) Touchscreen
e) Barcode reader
f) Image scanner
g) Microphone
h) Webcam
i) Game controller
j) Light pen
k) Scanner
l) Digital camera

OUTPUT
a) Monitor
b) Printer
c) Projector
d) Speaker
e) Storage devices
f) Floppy disk drive
g) Flash drive
h) Smartphone or Tablet computer storage interface
i) CD/DVD drive

INPUT/OUTPUT
a) Modern
b) Network interface controller (NIC)

THE DIFFERENT TECHNOLOGIES USED TO INPUT DATA

1. Keyboard Entry — The keyboard allows the user to type details. The keyboard transforms human
readable data into electrical signals. The system unit receives and processes these signals.

FOUR (4) BASIC CATEGORIES OF KEYBOARDS

a. Traditional keyboards — On desktops and bigger computers, these are used.
Function keys, navigation keys, and a numeric keypad are also used on these
keyboards.
b. Laptop keyboards — On laptop computers, these are commonly used. Laptop
keyboards have fewer buttons, no numeric keypad, and the control and navigation
keys are not all in the same place.
c. Virtual keyboards - These keyboards are mainly used for mobile devices. The keys
are displayed on a tablet, and they can be selected by touching their image.

2. Pointing Devices - By accepting physical motions or expressions, these provide a natural interaction with
the device object. The mouse, touch screen, game. pad, and stylus are only a few examples of pointing
instrument.

3. Mouse – This is used to guide a pointer on the board. One (1) or more buttons can be found on a cursor,
and they are used to select command options and monitor the mouse pointer on the keyboard.
THE DIFFEERENT DESIGNS OF MOUSE
a. Optical Mouse
b. Cordless or Wireless Mouse
c. Touch Pad
4. Touch Screen – Touching the screen with a finger or a pen-like interface helps users to choose actions
or command. Touching a multi-touch screen with more than one (1) finger is possible. Tablets and
smartphones, as well as some laptops and desktop computers, frequently use them.
5. Game Controller – These are devices that provide input to computer games.
Four (4) Specialized Game Controllers
a. Joysticks
b. Gaming mouse
c. Gamepads
d. Motion-sensing devices
6. Stylus – A stylus is a pen-like interface that is often used on tablets and smartphones. Handwriting
recognition software converts interfaces with the device using a stylus; this software converts notes into a
format that the machine unit can read.
7. Scanning Device – Translate scanned text and photograph into a format that can be processed by the
machine unit.
FIVE (5) TYPES OF SCCANNING DEVICES
1. Optical Scanners – Scanners are another name for these devices. These accept text and/or image-
based documents and translate them to machine-readable format. Specific letters or pictures are
 not recognized by these instruments. Instead, they distinguish between the light, dark, and colored
areas that make up individual letters or pictures.
FOUR (4) BASIC TYPES OF OPTICAL SCANNERS
a) Flatbed Scanner
b) Document scanner
c) Portable scanner
d) 3D Scanner
2. Card Readers – These decode the data stored on credit cards, debit cards, entry cards, and other
forms of identification. The most common form of card reader is the magnetic card reader. On the
back of the card, there is aa thin magnetic strip that stores the encoded data. The details are read
as the card is swiped into the magnetic card reader.
3. Barcode Readers – Handheld wand readers or platform scanners are the machines in question.
Photo-electric cells are used to search or display bar codes.
4. RFID Readers – From several yards away, these will read radio-frequency identification (RFID)
tags. RFID tags are small chips that can be inserted into almost any time. These chips store data in
an electronic format. RFID tags are used on driver’s licenses, visas, and other documents.
5. Character and Mark Recognition Devices – Scanners that can distinguish unique characters and
marking are known as these. These are specialized instruments that are used for specific tasks.

THE THREE (3) TYPES OF CHARACTER AND MARK RECOGNITION DEVICES

1. Magnetic-Ink Character Recognition (MICR) – This technology is commonly used to
search the odd numbers found on the bottom of checks and deposit slips.
2. Optical Character Recognition (OCR) – This technology is used to scan typed characters
such as those found on utility bills.
3. Optical Mark Recognition (OMR) – This is a technique for scanning bubbles pads.
Image Capturing Devices – These devices are used to collect new information or material. A capture
system can take still photographs or videos in motion. Digital cameras and webcams are examples of these
devices.
Audio-Input Devices – These translate sounds into a format that the system device can understand. The
microphone, a sound card, and special applications are used in a speech recognition machine. Users may
use voice commands to control computers and other equipment, as well as to generate documents.

OUTPUT
The term “output” refers to data or information that has been processed.
Devices for Output – All hardware that is used to provide or generate output falls into this category. They
convert the information that has been interpreted by the system device into a human-readable format.

THE DIFFERENT TECHNOLOGIES USED TO PRODUCEED AN OUTPUT

1. Monitors – also known as display screens, monitors display text and icons in digital images. Soft copy is
the term used to describe the performance of a display.
2. Printers – these devices take the information that has been processed by the system unit and print it out.
The hard copy is the term used to describe the recording of a printer.
3. Audio-Output System – theses devices convert audio data from a computer into audible signals that
people can hear. Speakers and headphones are the most popular audio output instruments.

STORAGE
1. Primary Storage – data and program instructions for data processing are stored in primary storage. It
also stores stored data before it is output. Main storage is referred to as RAM.
2. Secondary Storage – which is long-term storage that is used to keep programs and records after the
devices has been switched off. Hard disk drives, solid state drives, CDs, DVDs, and network and cloud-
based computing are also examples of secondary storage.
Data can be saved after the computer has been turned oof by using secondary storage units. Writing and
reading files from recording systems are used to do this. Writing is the act of transferring data from a
primary storage unit to a secondary storage device. Reading is the act of retrieving data from a secondary
storage unit.
DATA STOARGE BASICS
a) Volumes – Volumes are used to store data such as files and directories. Each volume begins with a
letter and ends with a colon, such as (C:) or (D:) (D:).
b) Disk – a platter or collection of platters on which data is stored is referred to as aa disk. A hard disk drive
(HDD) and a DVD are two examples.
c) Drive – the mechanical components that read and write data on a disk are referred to as drives.
STORAGE MEDIUM (STORAGE MEDIA)
A storage medium in a computer is any hardware, including devices and materials, that is used to
store, hold, and retrieve electronic data. It’s a physical unit or component of a computer that collects and
stores information about programs and users. Storage media is the plural from of this word.
Computer paper tape was one of the first types of storage medium. A single piece of data was
represented by a hole punched in the paper. Each punched hole will be interpreted by a paper taper reader
and converted to a number. Magnetic tape later replaced paper tape, leading to the creation of magnetic
floppy disks.

THE DIFFERENT TYPES OF STORAGEE MEDIA

HARD DISK
A hard disk is a high-capacity storage medium that is an alternative to magnetic storage media. It
has metal platters with a magnetic coating on them. When a machine is turned on, the platters normally
rotate constantly, storing data in various sectors on the magnetic disk.
 For backup storage appliances, active files, and long-term preservation, magnetic disk remains the
most used media. Interface in a disk-based backup appliance enable data backups, such as clones and
snapshots, to be replicated to tertiary devices or a hybrid cloud.

THE TWO (2) BASIC TYPES OF HARD DISKS

a. Internal Hard Disks- Inside the system unit, these are installed/located. Programs and data
files are stored on them. A personal computer, for example, stores the operating system
and main programs on its internal hard disk. Internal hard disks provide quick entry, a set
amount of storage, and are difficult to uninstall from the system device.
b. External Hard Drives These hard disks are wired to a USB port outside the system unit
and have slower access. These removable hard disks are used to backup the contents of
the main hard disk.
RAID
RAID improves efficiency by distributing data across many disks and allowing input/output (I/0)
operations to overlap in a balanced manner. In the case that one of the drives crashes, the data is secured
by the data on the drives. Since several disks extend the mean time between faults (MTBF), saving data
redundantly improves fault tolerance.
OPTICAL DISK
Write once, read many (WORM) data is stored on optical disks using lasers. High-density optical
disks can hold more data than magnetic HDDs thanks to the use of lasers. Blu-ray discs, DVDs, and CD-
ROMs are examples of optical storage media for read-only data.
FLASH MEMORY
Moving mechanical parts are not needed for flash memory. This gives flash devices an edge over
standard disks in terms of performance. Blocks of data in flash memory must be removed before fresh data
can be written to the microchip.
NAND and NOR are the two major forms of flash memory. The names are determined by the logic
gates that they control. In SSDs, these memory types are used as storage media.
NOR flash memory reads and writes bytes individually, while NAND flash memory writes and reads
in blocks smaller than the chip. Both types of flash are used in consumer electronics as well as some
medical and automotive applications. NAND flash has a greater capacity and longevity than NOR flash,
making it ideal for use in enterprise mass storage. Random access memory (RAM) and read-only memory
(ROM) drives are mostly replaced with NOR.
One bit of data is stored per flash cell in single level cell NAND, which can be programmed (0) or
erased (1). NAND flash memory with multi-level cells (MLC) contains more than one bit of data per flash
cell. Consumer-grade MLC has been enhanced to accommodate more write cycles than enterprise MLC.
Three data bits are stored in a triple-level cell.
User flash storage memory devices and corporate flash storage memory devices are separated,
with some overlap. Memory cards for smartphones, laptops, and other consumer electronics come in a
variety of capacities and prices.

SOLID-STATE DRIVE (SSD)

In x86 machines, an SSD is built to enable businesses to use server-side flash as a supplement
following replacement for networked storage arrays. The are some of the type factors:
Add-on cards with a serial port on the Peripheral Component Interconnect Express (PCIe). Disk on
module flash boot drives that attach to the motherboard of a computer.

As a speed cache, dual inline memory modules (DIMMS) mount flash next to the motherboard in
dynamic random-access memory (DRAM) slots. In slim laptops, MiniSATA drives and their subsequent
replacement, m.2 SSDs, are included.

SSDs were originally created to work with the Serial-Attached SCSI (SAS) and Serial-Advanced
Technology Attachment (SATA) protocols.

USB FLASH DRIVES

These are portable storage devices otherwise known as "Nearline Storage. This refers to a storage
device that is not constantly linked to network servers or the internet, such as USB flash drives. Many
portable files, such as encrypted cartridges or SATA drives, are now immune to Trojan horses, malware,
and worms as a result of this.
The storage media in a USB flash drive is internal flash built as an integrated memory circuit,
similar to the concept of SSDs though on a smaller scale. These thumb-shaped units, also known as gum
sticks keychain drives, and jump drives, slide into any USB port to transfer or copy files.
While USB drives are common among customers because of their simplicity, they can pose a
security risk in businesses. For security concerns, most businesses prohibit workers from bringing personal
USB drives to work unless they are expressly allowed to do so.
Other portable flash storage media include the Secure Digital card/microSD card, Secure Digital
High Capacity card, CompactFlash card, SmartMedia card, Sony Memory Stick, MultiMediaCard, and xD
Picture card, which are all commonly used in consumer electronics.

TAPE
Until the 1990s, tape was the most popular backup storage medium, but magnetic disk eventually
moved it aside. Tape services are still in operation, but the emphasis is now on high-capacity archiving for
data preservation. Because of advancements in the Linear Tape-Open (LTO) format, tape systems have
continued to increase in density and resilience. LTO-8 increases compressed bandwidth per tape to 32 TB
and uncompressed data capacity to approximately 13 TB.
Tape libraries are made up of hundreds of physical tapes that are organized in a structure that
allows users to connect and delete tapes, monitor the location of tapes, and set mount points for accessing
data on tape.

COMPUTER COMMUNICATION

Computer communications refers to the exchange of data, commands, and information between
two or more computers or devices.
Electronic systems that relay data from one (1) location to another are known as communication
systems. E-mail, phone calls, video conferencing, electronic banking, and other technologies are supported
by communication networks.

FOUR (4) BASIC ELEMENTS OF COMMUNICATION SYSTEM

Any communication system, whether wired or wireless, has the following components:

1. Sending and Receiving Devices - a computer or specialized networking system is commonly used for
this. They send (send) and receive (receive) data, information, and instructions in the form of messages.
2. Connection Devices - these devices serve as a link between transmitting and receiving devices as well
as the contact medium. They convert incoming messages into packets that can be sent over a network. For
incoming messages, they even reverse the operation.
Telephone lines were used in almost all computer communications. Telephones, on the other
hand, commonly transmit and receive analog signals, which are steady electric waves. In comparison,
computers transmit and receive digital signals. The presence or absence of an electrical pulse (on/off
binary signals) is represented by these. The modem transforms optical signals into analog signals and vice
versa.
3. Data Transmission Specifications-These are the rules and procedures that coordinate the transmitting
and receiving devices by specifying how the message can be transmitted through the transmission channel
precisely.
4. Communication channel- this is the actual connecting or transmission medium that carries the message
from one computer to another.

TWO (2) CATEGORIES CHANNELS OF COMMUNICATION

1. Physical Connections - These link transmitting and receiving devices through a solid medium.
Twisted-pair, coaxial, and fiber-optic cables are examples of these links.
2. Wireless Connections - The majority of wireless connections communicate through radio waves.
Bluetooth, Wi-Fi, microwave, WiMax, telephone, and satellite connections are the most popular wireless
technology.
THE SENDING DEVICE, to compose and send the letter. The message would be modified and formatted
into packets by your modem, a CONNECTION DEVICE, so that it could migrate easily through
COMMUNICATION CHANNELS including telephone lines and Wi-Fi.
The DATA TRANSMISSION SPECIFICATIONS will explain the particulars of how the message is updated,
reformatted, and delivered. Your message will be reformatted by the receiver's modem, a connection unit,
after it had passed through the channel, so that it could be viewed on your friend's screen, the receiving
device.

NETWORKS
A computer network is a networking device that links two (2) or more computers so they can share
resources and exchange information. The most popular method of connecting computers is via cabling,
such as an Ethernet cable, or wirelessly through radio waves.

THE MAJOR TERMINOLOGIES USED IN COMPUTER

NETWORKING WAN It stands for Wide Area Network and refers to a network that spans a large area, as a
city. (LAN) It stands for Local Area Network which refers to a network that serves a specific area, such as a
home or a small office. It binds all of the computers in the building physically.
Internet
It is a virtual network infrastructure that links all of the worlds’ computers. It is usually connected via WAN
and LAN.
Intranet
It's a near room computer network infrastructure since it only spans a limited space and can only be used
by registered users.
Extranet
It's also a kind of Internet to which only a few have access. The World Wide Web (WWW) is a service that
allows you to browse and scan content on the Internet (in the form of web-pages).
Instant Messaging (IM)
It is an online service that allows one to connect or communicate with one another. Skype, Google Talk,
Windows Live Messenger, Yahoo Messenger, among other services offer this feature.
Voice over Internet Protocol (VoIP)
It is a protocol that is used to transmit voice over an IP network. It also allows people to make phone calls
over the internet.
Really Simple Syndication (RSS)
It is a method of disseminating content, articles, and other materials. In order to receive news,
users typically subscribe to the RSS channel. Users do not need to access the website after subscribing;
instead, they will receive notifications about the same.
Web log.
 It is a kind of online inventory that consists of a collection of entries (normally on a specialized
topic). These items are listed in reverse chronological order. The person who runs the blog updates it on a
daily basis with new content.
Podcast
It's a digital file that usually includes an audio or video recording that can be accessed through the
Internet.

Social networking websites

It refers to websites that provide users with a shared medium for sharing their messages (in text,
audio, or even video form), pictures, videos, and other media. Facebook, Google+, Twitter, LinkedIn,
MySpace, and other social media sites are examples.

Chat Rooms
It's a section of the Internet devoted to allowing people to connect with one another.

Public Switched Telephone Network (PSTN)

It's a scientific term for a public telephone network.

Integrated Services Digital Network (ISDN)

It is a system of connectivity protocols that allows for simultaneous transmission of audio, video,
data, and other network services.

Asymmetric Digital Subscriber Line (ADSL)

It's a wireless subscriber line (DSL)-like technology that allows for faster data transfer.

DOWNLOAD.
It is a method of saving data from the Internet to a server.

Upload
It is a method of transferring saved data from a device to an Internet server.

Dial-up
It is a method of connecting to the Internet by the use of a phone line.

Broadband
It is a high-speed data transfer that transports a variety of signals and traffic modes.

Node
 Any computer that is attached to a network. That may be anything from a machine or a printer to a
data storage unit.

Client
A node that asks for and receives services from other nodes. A client is usually a user's personal
computer.

Server
A node that collaborates with other nodes to exchange services. Dedicated servers are dedicated
to completing complex activities. They can be referred to as an application server, contact server, storage
server, file server, printer server, or web server, depending on the role at hand.

Directory Server
A dedicated server that handles a network's infrastructure, such as user accounts

Host
A computing device that is linked to a network that allows users to use its services.

Router
A node that forwards or routes data packets from one network to another network's destination. For
instance, there are two (2) distinct classes of computers, each of which is connected to its own switch.
Instead of using a button, these two (2) sets of computers would be able to connect with one another
through a router. Data packets from the other party would be able to pass through the routers.

SWITCH
A central node that directs messages between sender and receiver nodes to manage data flow.
NETWORK INTERFACE CARDS (NICs)
Are expansion cards that link the device to a network and are stored inside the machine unit.
NETWORK OPERATING SYSTEM (NOS)
The operations of all computers and other machine on a network are regulated and coordinated by
the network operating system (NOS). Electronic networking and the exchange of knowledge and resources
are examples of these practices.
NETWORK ADMINISTRATOR
A network administrator is a technical expert who is in charge of ensuring the networks run
smoothy and that new networks are set up.
A network can be made up entirely of personal computers which can include personal computers
and other machines as well as larger computers. Both nodes can operate together equally to manage a
network or specialized nodes can coordinate and supply all resources.
NETWORK TYPES
Computer networks come in variety of shapes and sizes. The geographic scopes as well as the
function of these networks can be identified. Each can have different hardware configurations, such as
personal computers, mainframes, various peripheral devices, and so on.
NETWORK SECURITY
Large organizations face the task of ensuring that only registered users have access to network
services, which can be accessed from different locations or across the internet. Securing vast computing
networks necessitates the use of sophisticated equipment.
a. Firewall – connections to a company’s intranet and other internal networks is controlled by
hardware and software. All messages between the company’s internal networks and the outside
world are routed via a proxy server, which is a special device. The proxy server determines
whether it is secure to let a single messages or file, flow into or out of the organization’s network by
analyzing the source and quality of each contact.
b. Intrusion Detection systems (IDS) – this is used in conjunction with firewalls to secure a company’s
network. These programs measure both incoming and outgoing network traffic using mathematical
techniques. An IDS can detect signs of a network intrusion and block access before an attacker
can do harm using sophisticated pattern matching and heuristics.
c. Virtual Private Networks (VPN) – Establish a protected private link between a remote user and the
network of an enterprise. Between a user’s home or desktop computer and a business server,
special VPN protocols create the equivalent of a dedicated thread. The link is strongly encrypted,
and from the user’s viewpoint, the workstation seems to be connected to the corporate network.
THE SOCIAL MEDIA
People can connect with each other via social media by building online communities where
they can exchange information, thoughts, messages, and other material, such as images, audio, and
video.
Social Networking Platforms
A social networking website brings together internet users to form an online community
that allows them to overcome challenges such as time, space, and cultural differences. It enables
people to communicate with one another over the internet by sharing their thoughts, ideas,
knowledge, hobbies, and experiences. Members of an social network will use it to communicate
with their peers, families and co-workers. They can engage with people they already know in order
to forge new personal and professional bonds. Facebook, twitter, YouTube, and LinkedIn are all
popular social networking sites.
SOCIAL NETWORKING ETHICAL ISSUES
Online violence, intimidation, stalking, cyber bullying, experiences with sexual predators, the
sharing of pornographic content, and employee involvement in social networking are some of the ethics
challenges that user of social networking sites face.
 1. CYBERBULLYING – Harassment, torment, ridicule, or threats directed at a minor by another minor
or a group of minors over the internet or by phone. Females and 15 to 16 years old are most likely
to be victims of cyberbullying. Cyberbullying has also escalated to the point that some children
have attempted suicide as a result of it.
2. CYBER ABUSE – Any physical or mental mistreatment or lack of care caused by the use of an
electronic communications system that causes damage or pain to others. Cyber bullying includes
both cyber assault and cyber stalking, a wide range of activities in which someone behaves in a
manner that causes others hurt or anxiety. Cyberbullying isn’t necessarily obvious, harmful, or
otherwise harmful to a person or group of people, causing significant emotional distress.
3. CYBER STALKING – Is a form of cyber bullying that consists of a long-term pattern of unwelcome,
continuous pursuit and disruptive activity (involving the use of an electronic communications
device) directed at another user, causing fear and anxiety in the victim. For victims, cyber stalking
may be a major issue, frightening them and inducing emotional trauma. Cyber harassment often
leads to aggressive or excessive phone call, threatening or obscene letters, trespassing,
vandalism, actual stalking, and even physical violence.
4. ENCOUNTERS WITH SEXUAL PREDATORS – By incorporating sex talk and then planning to
visit youth in person for sexual encounters, sexual offenders use online messaging to build trust
and faith in their victims, who are usually teenagers. Any social networking sites have been
chastised for failing to protect minors from sexual predators.
5. UPLOADING OF INAPPROPRIATE MATERIAL – Most social networking sites have terms of
service agreements, privacy policies, or material codes of ethics that summarize the platform’s
core legal aspects. In most cases, the terms specify that the sites reserve the right to remove
content and terminate user accounts that breach the platform’s policies. These initiatives can be
challenging to implement. Non-consensual posts that contain private images or videos of people
without their consent are often referred to as “revenge porn”. Ex-partners often share this sort of
material in order to shame, embarrass, and/or annoy their former spouse.
6. EMPLOYEE PARTICIPATION ON SOCIAL MEDIA NETWORKS – To minimize compliance
problems and to set consistent rules and standards for workers, business should implement a
social media strategy. Employees will be encouraged to voice their views and practice imagination
with a framework in place, knowing that what they post on social media would not have a direct
effect on their careers.
7. CYBER HARASSMENT – The abusive behaviors, which includes the use of electronic media, is a
type of cyber harassment.
COMPUTER PRIVACY AND CYBERSECURITY
Cybersecurity awareness encourages basic knowledge of cyber vulnerabilities and risks, as well as
cyber hygiene and effective solution options. When people are faced with cyber threats, it educates them
on pest practices and preventive steps. Cyber understanding about cyber-related risks should be promoted
among the general populations, businesses, and government employees.
A global repository will help improve the number and quality of national cybersecurity awareness
programs by streamlining and facilitating them. The archive should be preserved and revised on a regular
basis to incorporate recent technical advancements and perspectives.
 People benefit greatly from technology, but is often necessary to consider the negative, or possibly
negative, effects. Computer technology must be implemented in such a way that its positive effects are
maximized and its negative effects are minimized.
The following are the most pressing concerns:
1. Digital Data – what are the risks to our privacy, and how do we safeguard our identities?
2. Security – How do we keep track of who has access to confidential data and protected hardware
and software?
PRIVACY
Technology makes it possible to collect and use data of all kids, including information about
people.
THE TECHNOLOGIES THAT HAVE IMPACTS ON PRIVACY
1. LARGE DATABASES
Large corporation are continually collecting data on their employees. Every day, information about
us is collected and held in huge databases. Credit card providers, for example, keep track of cardholder
transactions, transfer, and credit histories in costumer directories.
Such personal data is collected, analyzed, and sold by a data gathering industry known as
information resellers or information brokers. Data resellers create electronic identities or extremely
informative and customized accounts of people using publicly accessible datasets and, in many cases,
non-public databases.
You almost definitely have an electronic profile with your name, address, phone number, social
security number, bank account details, and other information. These electronic profiles are sold by
information resellers to targeted advertisers, fund-raisers, and others. Many websites provide these
services for free or at a low discount. This presents a number of critical questions, including:
1. Collecting public, but personally identifying, information.
2. Spreading information without personal consent.
3. Spreading inaccurate information.

2. PRIVATE NETWORKS - any companies use a device called employee-monitoring software to log
a practically everything their computers. An employee, for example, used this company's E-mail to
send a highly personal letter to a neighbor, but his supervisor read it.
3. THE INTERNET AND THE WEB - IP address is used to identify any device on the internet. IP
addresses can be used to track internet activity back to the source, encouraging information
security professionals and law enforcement agents to look at violations like illegal network access
and exchanging copyright data without authorization.
When a user browses the internet, his browser saves important information to his
computer's hard drive without him realizing it. The following items are included in this data, which
provides details of person's online activities:
a. History files contain the location (or addresses) of places accessed recently activities:
 b. Temporary Internet archives, also known as the browser cache, store the content of web
pages as well as instructions for viewing them. The browser saves these files if a user
visits a website. These files are used to automatically redisplay. Web content if a user
leaves a site and returns later.
c. Cookies are small data files that websites leave on the user's hard drive when he enters
them. Cookies are often used to save website preference, such as the user's preferred
language or location.

Several other risks could jeopardize personal information. Web bugs are images or HTML code
that are concealed on a web page or in an E-mail address. These are used to send data without the user's
permission. When a user opens an E-mail that might contain a web error, for example, information is
forwarded back to bug's source. This E-mail address is now active, according to the receiving server.
Companies that offer active mailing lists to spammers use web vulnerabilities. Many E-mail services now
reject images and HTML code from anonymous senders as a result of this scam. The user must choose
whether or not to allow such material to be reflected in current and future communications.
Spyware is the most vulnerable kind of privacy attack. Spyware is a term that refers to a variety of
services that are intended to secretly monitor and report an individual's online activities. Unfortunately,
many spyware applications go undetected, owing to users' lack of knowledge of their infection. Spyware
can be installed and run in the background. Spyware is often disguised as practical software, like a
protection application.
Using care accessing unfamiliar websites and installing malware from an undisclosed source is
one (1) of the strongest protections against spyware. Another defense is to use anti- spyware or spy
removal system, which are programs that are programmed to identify and eliminate different forms of
privacy attacks.
MEASURES TO PROTECT COMPUTER SECURITY
Computer networks and data can be hacked in a variety of ways, and there are several ways to
guarantee computer security. Restricting access, encrypting files, forecasting events, and avoiding data
failure are all important steps in ensuring computer security.
RESTRICTING ACCESS
Biometric scanning systems and passwords, as well as code words and phrases, may be used to
limit access. A dictionary attack is form of program that tries thousands of terms to obtain entry. To assist
with compliance activities, use security suites, firewall, and password managers.
ENCRYPTING DATA
Unauthorized access is a risk if information is transmitted over a network or stored on a computer
server. The alternative is cryptography, which encrypts data so that only anyone with a secret piece of
knowledge known as an encryption key, or just a key, can read it.
COMMON USES OF ENCRYTION
 a. Hypertext Transfer Protocol Secure (https) requires browsers and websites to encrypt all
messages.
b. Virtual Private Networks (VPNs) encrypt connections between company networks and remote
users.
c. WPA2 (wi-fi protected Access) is the most widely used wireless network encryption for home
wireless networks.
ANTICIPATING DISASTERS
Companies and individuals can prepare for disasters by implementing a disaster response strategy
that ensures physical and computer protection. Protecting hardware from human and natural hazards is the
focus of physical defense. Data protection is concerned with preventing unwanted tampering or harm to
information and data. Most large businesses have crisis recovery programs in place that outline how to
keep processes running before regular computer operations can be restored.
Preventing Data Loss
Data backups can be performed on a regular basis to avoid data failure. To secure data in the event of
burglary, arson, flood, or other events, backups are often kept off-site. Incremental backups save several
copies of data at various points of time to protect against data destruction due to unintentional deletion or
adjustments.

TRUSTWORTHY COMPUTING
Based on sound business practices, trustworthy computing is a form of computing that provides secure,
private, and consistent computing experiences. Any machine or network's protection is a mix of technology,
regulation, and individuals. To be successful, it necessitates a wide variety of activities. A effective
protection policy starts with an assessment of threats to the organization's computers and network, the
identification of measures to fix the most critical vulnerabilities, and the education of end users about the
risks involved and the steps they must take to avoid a security incident. Microsoft has committed to
delivering on a trustworthy computing initiative that will boost confidence its digital products, as shown
below:

MICROSOFT'S FOUR PILLARS OF TRUSTWORTHY COMPUTING

These refers to the actions taken by Microsoft to support trustworthy computing again
1st PILLAR: SECURITY
Invest in the knowledge and technologies needed to provide a secure environment. To develop
and implement safe computing, collaborate with law enforcement authorities, industry leaders, academia
and the private sector. Consumers should be educated on safe computing to build credibility.

2ND PILLAR: PRIVACY

Make privacy a top priority in product design, production and testing. Contribute to the
development of industry, organisation, and government practices and policies. Enable people to have a
sense of control over their personal data.

3RD PILLAR: RELIABILITY

 Build a device that can continue to deliver service in the midst of internal or external disruptions; in
the case of a failure, they can be quickly restored to a previously established state with no data loss; they
provide reliable and timely service as needed; necessary modifications and enhancements do not interrupt
them on release; they have limited technological bugs; and they perform as intended or promised.

4TH PILLAR: BUSINESS INTEGRITY

Be sensitive by accepting blame for issues and taking steps to resolve them. Keep intentions
straight, keep promises, and make sure clients know where they are in dealings with the company by being
honest in dealings with them.

ACTIVITIES FOR IMPLEMENTING TRUSTWORTHY COMPUTING

1. CONDUCT RISK ASSESSMENT
Which is the method of determining the security challenges posed by both internal and external
threats to an organization's computers and networks. Its aim is to determine which time and capital
expenditures can help defend the company against the most possible and significant threats. An asset is
any hardware, software, computer system, network, or database that is used by the enterprise to
accomplish its business objectives in the light of IT risk assessment.

STEPS IN SECURITY RISK ASSESSMENT

PROCESS
Step 1.
Determine which IT properties the company is most worried with. Resources that support the organization's
mission and the achievement of its key objectives are usually given priority.

Step 2.
Identify the potential failure cases or risks/threats, such as a DDoS attack or insider theft.

Step 3.
Examine the number of incidents or the risk of each imminent threat; certain risks, such as insider theft, are
more likely to occur.

Step 4.
Determine the impact of each threat occurring.

Step 5.
Determine how each hazard can be mitigated so that it is less likely to occur or has a smaller impact on the
organization if it does.

Step 6.
Assess the feasibility of implementing the mitigation options.

Step 7.
Perform a cost-benefit analysis to ensure that one's efforts will be cost-effective.
Step 8.
Decide whether or not to implement a particular counter- measure.

2. ESTABLISH SECURITY POLICY

A security strategy lays out an organization's security criteria, as well as the safeguards and
sanctions that must be in place to fulfil such requirements. Documented protocols should be in place for the
following:
a. Using an electronic framework (password guidelines).
b. Using e-mail attachments.
c. Using cellular computers to view company e-mail, store classified data, and run sensitive
applications.
3. EDUCATE EMPLOYEES, CONTRACTORS, AND PART-TIME WORKERS
They must be trained about the value of security in order to be motivated
to comprehend and adhere to security policies. Users must recognize that they are an important
part of the protection mechanism and that they have duties such as:
a. Protecting their credentials to prevent unwanted access to their accounts;
b. preventing anyone from using their passwords;
c. implementing stringent access restrictions (file and directory permissions) to prevent data
leakage or destruction; and
d. reporting any suspicious behavior to the organization's IT protection group.

Preventative Measures
Implementing layered-security solution will give difficulty to an attacker to break-in into a computer until
giving-up eventually.
The following are the layers of protective measures:
a. Installing A Corporate Firewall
A firewall protects an organization's internal network from the outside world. It also restricts
network connectivity according to the corporation's access policies.

b. Intrusion Prevention Systems (IPSs)

This deter attacks by preventing malware, malformed packets, and other threats from entering the
secure network.

c. Installing Antivirus Software on Personal Computers

Antivirus program looks for a virus signature, which is a fixed sequence of bytes that signals the
existence of specific viruses. If antivirus software detects a virus, it notifies the user and can disinfect,
erase, or quarantine any files, folders, or disks that have been infected by the malicious code.

d. Implementing Safeguards Against Attacks By Malicious Insiders

Organizations must carefully identify staff duties and separate main tasks so that no one worker is
responsible for completing a high security mission.
 e. Addressing The Most Critical Internet Security Threats
Installing a known patch to the program and maintaining programs and operating systems up date
are two steps that must be taken to resolve these problems. Those in charge of information protection must
make preventing attacks based on these flaws a top priority.

f. Conducting Periodic IT Security Audits

A compliance audit is a preventative measure that assesses whether a company has a well
thought-out security protocol in place and is following it (e.g., password policy, system access, and level of
authority).

3. INSTALL DETECTION SYSTEM

An intrusion detection system (IDS) detects system and network resources and operations using
software and/or hardware. When it detects potential intrusions from the outside or misuse from inside the
enterprise, it alerts network security staff.

4. CREATE RESPONSE PLAN

A contingency strategy should be formulated well ahead of any incident and approved by both the
legal department and senior management of the organisation.
The following items should be included in the response plan:
1. Incident Notification - Which specifies who should be notified and who should not.
2. Evidence Protection And Activity Logs -It records the aspects of a security issue when working to
fix it.
3. Incident Containment- It responds immediately to mitigate and assault to prevent a terrible
condition from worsening.
4. Eradication Before beginning the eradication campaign, the IT protection team must gather and log
any available illegal information from the device. It must then ensure that all required backups are
present, accurate, and virus-free.
5. Incident Follow-Up - An essential part of follow-up is to determine how the organization's security
was compromised so that it does not happen again.

CYBERCRIME PREVENTION
Protecting operating infrastructure and networks from threats is the first step in combating
cybercrime. While no device can be entirely safe, the purpose of defense is to provide a strong enough
barrier to deter most-if not all-attackers. For any form of device, the components or problems that must be
resolved to build a stable environment are generally the same. However, the details of how to enforce a
security strategy and make individual security improvements varies by operating environment, and various
technology, such as broadband, mainframe systems, and cellular networks, raise their own set of problems.
With the increased use of low-cost high-speed wireless networks, more home and business
devices are vulnerable to long-term Internet threats than ever before. To secure these links from Internet
threats, proper security measures must be taken. Antivirus software should be installed, secure passwords
should be used, file and print sharing should be disabled, and a firewall should be used.
 When it comes to encryption, you must understand not just how Internet connectivity is provided to
a device, but also the software programs that are used to communicate with Internet-based services.

CHAPTER 1
THE COMPUTER AND THE INTERNET
“Ever since men began to modify their lives by using technology they have found themselves in a series of
technology traps”- Roger Revelle
The computer was born not for entertainment or email but out of a need to solve a serious number-
crunching crisis. BY 1880, the US population had grown so large that it took more than seven years to
tabulate the US Census results. The government sought a faster way to get job done, giving rise to punch-
card based computers that took up entire rooms.
Today, we carry more computing power on our smartphones than was available in these early
models. The following brief history of computing timeline of how computers evolved from their humble
beginnings to the machines of today that surf the internet play games and stream multimedia in addition to
crunching numbers.
HISTORY OF THE COMPUTER
The computer as we know it today had its beginning with a 19th century English mathematics
professor named Charles Babbage. He designed the analytical engine and it was this design that the basic
framework of the computers of today are based on.
Generally speaking, Computers can be classified into three generations. Each generation lasted
for a certain period of time, and each gave us either a new and improved computer or an improvement to
the existing computer.
First Generation 1937 - 1946 - In 1937 the first electronic digital computer was built by Dr. John V.
Atanasoff and Clifford Berry. It was called the Atanasoff-Berry computer (ABC). In 1943 an electronic
computer named Colossus was built for the military. Other developments continued until in 1946 the first
general-purpose digital computer, the Electronic Numerical Integrator and Computer (ENIAC) was built. It is
said that this computer weighed 30 tons and had 18,000 vacuum tubes which was used for processing.
When this computer was turned on for the first-time lights dim in sections of Philadelphia. Computer of this
generation could only perform single task, and they had no operating system.
Second Generation 1947- 1962 - This generation of computers used transistors instead of vacuum
tubes which were more reliable. In 1951 the first computer first commercial use was introduced to the
public; the Universal Automatic Computer ( UNIVAC 1). In 1953 the International Business machine (IBM)
650 and 700 series Computers made their mark in the computer world .During this generation of computer
over 100 computer programming languages were developed ,computers had memory and operating
system. Storage media such as tape and disk were in use also were printers for output.
Third Generation 1963 - Present - The invention of integrated circuit brought us the third generation
of computer. With this invention computers became smaller, more powerful, more reliable and they are able
to run many different programs at the same time. In 1980 Microsoft Disk Operating System (MS-Dos) was
born and in 1981 IBM introduce the Personal Computer (PC)for home and office use. Three years later
Apple gave us the Macintosh computer with is icon driven interface and the 90s gave us windows operating
system.
As a result of the various improvement to the development of the computer we have seen the
computer being used in all areas of life. It is a very useful tool that will continue to experience new
development as time passes.
What does Computer Mean?
A computer is a machine or device that performs processes, calculations and operations based on
instructions provided by a software or hardware program. It is designed to execute applications and
provides variety of solutions by combining integrated hardware and software components
A computer is made up of multiple parts and components that facilitate user functionality .A
computer has two primary categories:
1. HARDWARE:
Physical structure that houses a computers processor, memory, storage, communication ports and
peripheral devices.
2. SOFTWARE:
Include Operating System (OS) and software application.
A computer works with software programs that are sent to its underlying hardware architecture for
reading, interpretation and execution. Computers are classified according to computing power capacity ,
size, mobility, and other factors , as personal computers (PC), desktop, minicomputers, handheld
computers and devices ,mainframes or supercomputers.
COMPUTER FUNDAMENTALS
A computer is an electronic machine that accepts data, stores and processes data into information.
The computer is able to work because there are instruction in its memory directing it. The parts of the
computer that you can see and touch, such as the keyboard, monitor, and the mouse are called hardware.
The instructions that direct the computer are called software or computer program.
Data which is raw facts that the user enters into the computer is called input. These includes;
words, numbers, sound and pictures When the data is entered into the computer, the computer processes
the data to produce information which is output. For example, you enter 2+2 into the computer as data, the
computer processes it and the result is 4 which is information.
Computers are usually categories into three general categories:
1. Supercomputer - The fastest, largest, most powerful and most expensive computer.
2. Mainframe Computer - This is a little smaller and less powerful than the supercomputer, but, like
the supercomputer it is also expensive.
3. Personal Computer (PC)- This is the computer that most people use in their daily lives. This
computer is much smaller, less powerful and less expensive than the supercomputer and the
mainframe computer.
There are two main types of personal computers. Macintosh (Macs) and the PC compatibles (PC). The
main difference between the two is the operating systems and the processors they use. This category of
computer has two additional types of computers. These are mobile computer and handheld computer. The
most popular type of mobile computer is the notebook or laptop computer, and the handheld computer is a
very small PC that you can hold in your hand.
It is important to note that, any computer; regardless of its size has an input device, output device and a
system unit.
Computer Hardware
You learned earlier that a computer has electronic and mechanical parts known as hardware. Hardware
also includes input devices, output devices, system unit, storage devices and communication devices.
Without these components we would not be able to use the computer.
Input Devices - An input device is any hardware component that allows you the user to enter data into the
computer. There are many input devices.
Six of the most widely used input devices are:
1. Keyboard -- You use the keyboard to type letters, numbers. and symbols into the computer.
2. Mouse-the mouse is the pointing device that has a pointer that changes into different shapes as you use
the mouse. You click the mouse by pressing and releasing the button. This action allows you to enter data
when using a mouse.
3. Scanner-this input device copies from paper into your computer.
4. Microphone- the microphone is usually used for voice input into the computer.
5. Digital Camera-the digital camera allows you to take pictures that you can input into your computer.
6. PC Video Camera- the PC video camera allows you to take both video and still images that you can
input unto your computer.

Output Devices- An to output device is any hardware component that gives information to the user.
Three commonly used output devices are as follow:
1. Monitor - This output device displays your information on a screen.
2. Printer -- This output device prints information on paper.
 This type of printed output is called a hard copy
3. Speaker -- Sound is the type of output you will get from a speaker.
Computer Software
The computer will not work without software. Software also call programs. These are the
instructions that tell the computer what to do and how to do it. The two main categories of software are
system software and application software. The system software also called the operating system (OS)
actually runs the computer. This software controls all the operations of the computer and its devices. All
computers use system software and without the system software the application software will not work. The
most common OS on a PC is the Windows operating system and for the Mac computer it would be the Mac
operating system.

Application software is a program that allows users to a specific task on the computer. There are a number
of different types of application software available to do many of the tasks we do daily.

Four examples of common application software and what they are used for are:
1. Word Processing Application: One word processing program is Microsoft Word. This program
allows you to type letters, assignments and do any other written activity on the computer.
2. Spreadsheet Application: Microsoft Excel is an example of a spreadsheet program. One can use
this program to create charts and do calculations.
3. E-mail Application: Outlook Express is an e-mail program that allows you to receive and send e-
mails.
4. Internet Application: Internet Explorer is a program that allows you to get connected to the Internet
and look at Web sites like the one you are reading now.

It is important to note that when you buy a computer the computer comes with the operating system and
some software already installed. You may have to buy more software and install them on the computer.
Install means to load the software onto the hard disk of the computer so that you can run or use the
software.

Like any other equipment the computer needs to be cared for; let us discuss how we should go about
caring for our computer.

Storage Media
Storage keeps data, information and instructions for use in the future. All computers use storage to keep
the software that makes the hardware work.
As a user you store a variety of data and information on your computer or on storage media. Storage media
are the physical materials on which data, information and instructions are kept. When a user saves
information or data to a storage medium he or she is storing a file, and this process is called writing. When
the file is opened the process is called reading.
Common storage media are:
 1. Hard Drive: This storage medium which looks like the one below, is a hard drive. This medium
comes with the computer and is always inside the computer. It stores all the programs that the
computer needs to work. In addition, users store their data and information on the hard drive.
2. Floppy Disk: This storage medium is considered to be a portable storage medium. You put it into
the computer save your information on it, take it out, and take it with you wherever you go.
3. CD &DVD: these types of storage media hold much more information than a floppy disk. They are
also considered portable storage. These type of storage media come in different forms. This
means there are CD's and DVD's that you can only save information on but you cannot erase the
information. In addition there are those can both save information on and erase the information you
have saved.
4. USB Flash Drive: This it is a storage medium that is very easy to carry around and it also holds
more data than a floppy disk. As you can see from the picture below it is very small when
compared with the others.
Computer Care
Taking care of your computer is just as important as taking care of your books. Both the internal
and the external parts of the computer have to be cared for. Scanning, defragging and reformatting are
some of the activities performed to clean up the hard drive. These activities are best left to a grown up and
such you should not attempt them.
However, there are certain tasks you can perform to ensure your computer is clean; here are a few:
1. Keep Dust Away: Dust your computer to keep it free of dust and dirt.
2. Keep Food Away: Do not eat or drink while working on the computer.
3. Use Clean Hands: Make sure your hands are clean before you type on the keyboard of click the
mouse.
4. Treat With Respect: If you are having problems with your computer, ask for help. Do not bang or hit
the computer.
5. Keep Off: Seeing that the computer is connected to electricity, this means that lightning could be
conducted to yourcomputer through the electrical connection. For this reason it is best not to use
your computer during a storm.
6. Stop Virus Attack: A computer virus is a program written by a person on purpose to harm other
one peoples' computer. A computer virus is passed from one computer to another when you share
and download files without protection.

HISTORY OF INTERNET
The Internet Timeline begins in 1962, before the word "Internet" is invented. The world’s 10,000
computers are primitive, although they cost hundreds of thousands dollars. They have only a few
thousands words of magnetic core memory, and programming them is far from easy.
Domestically, data communication over the phone lines id an AT&T monopoly. The "Picturephone"
of 1939, shown again at the New York World's Fair in 1964, is still AT&T's answer to the future of worldwide
communications.
 But the four-year old Advanced Research Projects Agency (ARPA) of the U.S Department of
Defense, a future-oriented funder of high-risk, high-gain research, lays the groundwork for what becomes
the ARPANET and, much later, the Internet.
ARPANET adopted TCP/IP on January 1,1983, and from there researchers began to assemble the
"network of networks" that became the modern Internet. The online world then took on a more recognizable
form in 1990, when computer scientist Tim Berners-Lee invented the World Wide Web.
Vint Cerf, widely known as a "Father of the Internet", Cerf is the co-designer of the TCP/IP
protocols and the architecture of the Internet. In December 1997, President Bill Clinton presented the U.S
National Medal of Technology to Cerf and his colleague, Robert E. Kahn, for founding and developing the
Internet.
Michael Bauer, the original owner of Internet.org before Facebook founder and CEO Mark
Zuckerberg, discovered what became of his treasure domain just like anyone else: while watching Chris
Cuomo on CNN.
MEANING OF INTERNET
The Internet, sometimes called simply "the Net", is a worldwide system of computer networks-a
network of networks in which users at any one computer can, if they have permission, get information from
any other computer (and sometimes talk directly to users at other computers).
It is also a means of connecting a computer to any other computer anywhere in the world via
dedicated routers and servers. When two computers are connected over the Internet, they can send and
receive all kinds of information such as text, graphics, voice, video and computer programs.
Basically, the way the Internet works is by connecting billions of computers together in things called
networks. Networks ("Net" for short) are clusters of computers linked together so that they can send data to
each other. That is the ISP', network you are on. The Internet grew out of the Advanced Research Projects
Agency's Wide Area Network (then called ARPANET) established by the US Department Of Defense in
1960s collaboration in military research among business and government laboratories.
Later universities and other US institutions connected to it. This resulted in ARPANET growing
beyond everyone's expectations and acquiring the name "Internet". The development of hypertext-based
technology (called World Wide Web, WWW, or just the Web) provided means of displaying text, graphics,
and animations, and easy search and navigation tools that triggered Internet's explosive worldwide growth.

DIFFERENT TYPES OF INTERNET CONNECTIONS

There are many ways a personal electronic device can connect to the internet. They all use
different hardware and each has a range of connection speeds. As technology changes, faster internet
connection are needed to handle those changes. I thought it would be interesting to list some of the
different types of internet connections that are available for home and personal use, paired with their
average speeds.
1. Dial-Up (Analog 56K).
 Dial-up access is cheap but slow. A modem (internal or external) connects to the Internet after the
computer dials a phone number. This analog signal is converted to digital via the modem and sent over a
landline serviced by a public telephone network. Telephone lines are variable in quality and the connection
can be poor at times. The lines regularly experience interference, and this affects the speed, anywhere
from 28K to 56K. Since a computer or other device shares the same line as the telephone, they can't be
active at the same time.
2. DSL.
DSL stands for Digital Subscriber Line - It is an internet connection that is always "on". This uses 2
lines, so your phone is not tied up when your computer is connected. There is also no need to dial a phone
number to connect. DSL uses a router to transport data and the range of connection speed, depending on
the service offered, is between 128K to 8 Mbps.
3. Cable
Cable provides an internet connection through a cable modem and operates over cable TV lines.
There are different speed depending on if you are uploading data transmissions or downloading. Since the
coax cable provides a much greater bandwidth over dial-up or DSL telephone lines, you can get faster
access. Cable speed range from 512K to 20 Mbps.
4. Wireless
Wireless, or WI-FI, as the name suggests does not use telephone lines or cables to connect to the
internet. Instead, it uses radio frequency. Wireless is also an always on connection and it can be accessed
from just about anywhere. Wireless networks are growing in coverage areas by the minute so when I mean
access from just about anywhere, I really mean it. Speeds will vary, and the range is between 5 Mbps to 29
Mbps.
5. Satellite
Satellite accesses to internet via a satellite in Earth's orbit. The enormous distance that a signal
travels from earth to satellite and back again, provides a delayed connection compared to cable and DSL.
Satellite connection speeds and around 512K to 2.0 Mbps.
6. Cellular
Cellular technology provides wireless Internet access through cellphones. The speeds vary
depending on the provider, but the most common are 3G and 4G speeds, A 3G is a term that describes a
3rd generation cellular network obtaining mobile speeds of around 2.0 Mbps. 4G is the fourth generation of
cellular wireless standards. The goal of 4G is to achieve peak mobile speeds of 100 Mbps but the reality is
about 21 Mbps currently.
The Internet is one of the fastest-growing areas of technical infrastructure development. Today,
information and communication technologies (ICTs) are omnipresent and the trend towards digitization is
growing. The demand for Internet and computer connectivity has led to the integration of computer
technology into products that have usually functioned without it, such as cars and buildings. Electricity
supply, transportation infrastructure, military services and logistics - virtually all modern services depend on
the use of ICTs.
Although the development of new technologies is focused mainly meeting consumer demands in
western countries, developing countries can also benefit from new technologies. With the availability of
long-distance wireless communication technologies such as WiMAX and computer systems that are now
available for less than USD 2006, many more people in developing countries should have easier access to
the Internet and related products and services.
The influence of ICTs on society goes far beyond establishing basic information infrastructure. The
availability of ICTs is a foundation for development in the creation, availability and use if network-based
services. E-mails have displaced traditional letters online web representation in nowadays more important
for businesses than printed publicity materials; and Internet-based communication and phone services are
growing faster than landline communications.
The availability of ICTs and new network-based services offer a number of advantages for society
in general, especially for developing countries. ICT applications, such as e-government, e-commerce, e-
education, e-health and e-environment, are seen as enablers for development, as they provide an efficient
channel to deliver a wide range of basic services in remote and rural areas.
ICT applications can facilitate the achievement of millennium development targets, reducing
poverty and improving health and environmental conditions in developing countries. Given the right
approach, context and implementation processes, investments in ICT applications and tools can result in
productivity and quality improvements. In turn, ICT applications mar release technical and human capacity
and enable greater access to basic services. In this regard, online identity theft and the act of capturing
another person's credentials and/or personal information via the Internet with the intent to fraudulently
reuse it for criminal purposes is now one of the main threats to further deployment of e-government and e-
business services.
The costs of Internet services are often also much lower than comparable services outside the
network. E-mail services are often available free of charge or cost very little compared to traditional postal
services. The online encyclopedia Wikipedia can be used free of charge, as can hundreds of online hosting
services. Lower costs are important, as they enable services to be used by many limited financial resources
of many people in developing countries, the Internet enables them to use services they may not otherwise
have access to outside the network.

ADVANTAGES AND RISK OF INFORMATION AND COMMUNICATIONS TECHNOLOGIES (ICTs)

The introduction if ICTs into many aspects of everyday life has led to the development of the
modern concept of the information society. Thus development of the information society offers great
opportunities. Unhindered access to information can support democracy, as the flow of information is
taken out of the control of state authorities (as has happened, for example, in Eastern Europe and North
Africa). Technical developments have improved daily life for example, online banking and shopping, the
use of mobile data services and voice over Internet protocol (VoIP) telephony are just some examples of
how far the integration of ICTs into our daily lives has advanced.
 However, the growth of the information society is accompanied by new and serious threats.
Essentials services such as water and electricity supply now rely on ICTs. Cars, traffic control, elevators, air
conditioning and telephones also depend on the smooth functioning of ICTs. Attacks against information
infrastructure and Internet services now have the potential to harm society in new and critical ways. Attacks
against information infrastructure and Internet services have already taken place. Online fraud and hacking
attacks are just some examples of computer-related crimes that are committed on a large scale every day.
The financial damage caused by cybercrime is reported to be enormous.
In 2003 alone, malicious software caused damages of up to USD 17 billion. By some estimates,
revenues from cybercrime exceeded USD 100 billion in 2007, outstripping the illegal trade in drugs for the
first time. Nearly 60 per cent of businesses in the United States believe that cybercrime is more costly to
them than physical crime. These estimates clearly demonstrate the above-mentioned attacks against
computer infrastructure are not necessarily targeting critical infrastructure. However, the malicious software
"Stuxnet" that was discovered in 2010 underlines the threat of attacks focusing on critical infrastructure.
The software, with more than 4,000 functions, focused on computer systems running software that is
typically used to control critical infrastructure.
Committing a cybercrime automatically involves a number of people and businesses, even if the
offender acts alone. Due to the structure of the internet, the transmission of a simple e-mail requires the
service of a number of providers. In addition to the e-mail provider, the transmission involves access
providers as well as routers who forward the e-mail to the containing child pornography. The downloading
process involves the content provider who provider who provided the storage media for the website, the
router who forwarded the flies to the user, and finally the access provider who enabled the user to access
the Internet. Because of this involvement by multiple parties, Internet service providers have long since
been at the center of criminal investigations involving offenders who use the ISPs services to commit an
offence.
One of the main reasons for this development is that, even when the offender is acting from
abroad, the providers located within the country's national border are a suitable subject for criminal
investigations without violating the principle of national sovereignty. The fact that, on the hand, cybercrime
cannot be committed without the involvement of providers, and on the other hand, provided often do not
have the ability to prevent theses crime.
The answer to the question is critical for economic development of the ICT infrastructure. Providers
will only operate their services if they are able to avoid criminalization within their regular mode of
operation. In addition, law enforcement agencies also have a keen interest in this question. The work of
law-enforcement agencies very often depends on cooperation of, and with, Internet providers. This raises
some concern, since limiting the liability if Internet providers for acts committed by their user could have an
impact on the ISPs cooperation and support for cybercrime investigations, as well as on the actual
prevention of crime.
WHAT IS CYBERCRIME?

- Cybercrime is an activity done using computers and the internet. We can say that
it is an unlawful act wherein the computer either as a tool or target or both
 - Cybercrime is any crime that takes place online or primarily online. That can run
the gamut from the aforementioned identity theft and other security breaches to
things like "revenge porn." cyber-stalking, harassment, bullying, and even child
sexual exploitation Terrorists are collaborating more on the Internet, moving that
most terrifying of crimes into cyberspace.

HISTORY OF CYBER CRIME

The first recorded cyber-crime took place in 1820. That is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a
computer, has been around since 3500 B.C. In India, Japan, and China, the era of the
modern computer, however, began with the analytical engine of Charles Babbage. The
first spam email took place in 1976 when it was sent out over the ARPANT. The first
virus was installed on an Apple computer in 1982 when a high school student, Rich
Skrenta, developed the EIK Cloner.

Cybercrime first started with hackers trying to break into computer networks.
Some did it just for the thrill of accessing high-level security networks, but others sought
to gain sensitive, classified material. Eventually, criminals started to infect computer
systems with computer viruses, which led to breakdowns of personal and business
computers.

Banks and other financial institutions were amongst the first large-scale computer
users in the private sector, to automate payroll and accounting functions. Therefore,
fraud in a computer scheme emerged. One of the first cases cited as an instance of the
computer fraud involved an equity-funding Corporation in the US, fraud was simple.

The frauds succeed because the auditors and regulators accepted computer
printouts as definitive evidence of policies and did not ask for original documentation.
When the fraud was discovered some 64,000 out of 97.000 policies allegedly issued by
the company proved to be false, almost 1 billion pounds estimated to be the loss.

Therefore, with technological advancements, the number of cybercrime cases

increased. There are no reliable and precise statistics on the losses the victims gain as
the fact that victims do not detect many of these crimes. Therefore, fights against
computer crime.

Several individuals have engaged in the fight again computer crime from its early
development. The founder and father of the knowledge of computer crimes are by
many observers considered to be Donn B. Parker, USA. He was involved in the
research of computer crime and security since early 1970.

He served as a Senior Computer Security Consultant at the SRI International

(Stanford Research Institute) and was the main author of the first basic federal manual
for law enforcement in the USA: "Computer Crime -Criminal Justice Resource Manual
(1979). This manual became soon an encyclopedia also for law enforcement outside
the US.
DEVELOPMENT OF COMPUTER CRIME AND CYBERCRIME

The criminal abuse of information technology and the necessary legal response are
issues that have been discussed ever since the technology was introduced. Over the last 50
years, various solutions have been implemented at the national and regional levels. One of the
reasons why the topic remains challenging is the constant technical development, as well as the
changing methods and ways in which the offenses are committed.

In the 1960s, the introduction of transistor-based computer systems, which were

smaller and less expensive than vacuum tube-based machines, led to an increase in the use of
computer technology. At this early stage, offenses focused on physical damage to computer
systems and stored data. Such incidents were reported, for example, in Canada, wherein in
1969 a student riot caused a fire that destroyed computer data hosted at the university. In the
mid-1960s, the United States started a debate on the creation of a central data-storage
authority for all ministries. Within this context, possible criminal abuse of databases-related
risks to privacy was discussed. Such incident e in 1969 a student a hosted at the related risk to
privacy were discussed.

In the 1970s, the use of computer systems and computer data increased further, At the
end of the decade, an estimated number of 100 000 mainframe computers were operating in
the United States. With falling prices, computer technology was more widely used within
administration and business, and by the public. The 1970s were characterized by a shift from
traditional property crimes against computer systems that had dominated the 1960s, to new
forms of crime. While physical damage continued to relevant forms of criminal abuse against
computer systems, new forms of computer crime were recognized. They included the illegal use
of computer systems and the manipulation of electronic data. The shift from manual to
computer-operated transactions led to another new form of crime computer-related fraud.
Already at this time, multimillion-dollar losses were caused by computer-related fraud.
Computer-related fraud, in particular, was a real challenge, and law enforcement
agencies were investigating more and more cases. As the application of existing legislation in
computer-crime cases led to difficulties, a debate about legal solutions started in different parts
of the world. The United States discussed a draft bill designed specifically to address
cybercrime. Interpol discussed the phenomena and possibilities for a legal response.
In the 1980s, personal computers became more and more popular. With this
development, the number of computer systems and hence the number of potential targets for
criminals again increased. For the first time, the targets included a broad range of critical
infrastructure. One of the side effects of the spread of computer systems was an increasing
interest in software, resulting in the emergence of the first forms of software piracy and crimes
related to patents. The interconnection of computer systems brought about new types of
offenses. Networks enabled offenders to enter a computer system without being present at the
crime scene. In addition, the possibility of distributing software through networks enabled
offenders to spread malicious software, and more and more computer viruses were discovered.
Countries started the process of updating their legislation to meet the requirements of a
changing criminal environment. International organizations also got involved in the process.
OECD and the Council of Europe set up study groups to analyze the phenomena and evaluate
possibilities for a legal response.
The introduction of the graphical interface ("WWW") in the 1990s which was followed
by rapid growth in the number of Internet users led to new challenges. Information legally
made available in le country was available globally - even in countries where the publication of
such information was criminalized. Another concern associated with online services that turned
out to be especially challenging in the investigation of the transnational crime was the speed of
information exchange. Finally, the distribution of child pornography moved from a physical
exchange of books and tapes to online distribution through websites and Internet services.
While computer crimes were in general local crimes, the internet turned electronic crimes into
transnational crimes. As a result, international, the international community tackled the issue
more intensively. UN General Assembly Resolution 45/121 adopted in 1990 and the manual for
the prevention and control of computer-related crimes issued in 1994 are just two examples.
As in each preceding decade, new trends in computer crime and cybercrime continued
to be discovered in the 21st century. The first decade of the new millennium was dominated by
new, highly sophisticated methods of committing crimes, such as “phishing” and "botnet
attacks", and the emerging use of technology that is more difficult for law enforcement to
handle and investigate, such as "voice-over-IP (VoIP) communication and “cloud computing”. It
is not only the methods that changed but also the impact. As offenders became able to
automate attacks, the number of offenses increased. Countries and regional and international
organizations have responded to the growing challenges and given response to cybercrime high
priority.

DEFINITION OF CYBERCRIME
WHAT IS CYBERCRIME?

Cybercrime or computer crime is an offense that involves a computer and a network.

Cybercrimes can take various forms including the creation of malicious programs, denial of
service attacks, rogue Wi-Fi hotspots, Data manipulation, identity theft, Internet scams, and
cyberbullying.

Below are some of the aspects that computer criminals can be dangerous:
a. Human Threat
b. Organizational Threat
c. Group threat
d. National Security Threat
 Have you ever received an email saying you have inherited five million dollars from a
prince in another country? According to the email, all you need to do is provide the sender with
your bank account number, and he'll put the money in your account, making you an instant
millionaire! Sometimes, this scheme works. As a result, unfortunate individuals who provided
the prince with their bank account numbers later discovered that their accounts had been
cleaned out.
Cybercrime consists of illegal activity conducted on a computer. Traditional crimes may
be committed while using a computer, but cybercrime consists of more specific types of crimes
such as phishing schemes and viruses.

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network.

The computer may have been used in the commission of a crime, or it may be the target.

Cybercrimes can be defined as "Offenses that are mitted against individuals or groups of
individuals with a criminal motive to intentionally harm the reputation of the victim or cause
physical or mental harm, or loss, to the victim directly or indirectly, using modem
telecommunication networks such as the Internet (networks including but not limited to Chat
rooms emails notice boards and groups) and mobile phones (Bluetooth/ SMS/ MMS)".

Cybercrime may threaten a person or a nation's security and financial health. Issues
surrounding these types of crimes have become high-profile, particularly those surrounding
hacking, copyright infringement, unwarranted mass surveillance, sextortion, child pornography,
and child grooming. There are also problems of privacy when confidential information is
intercepted or disclosed, lawfully or otherwise,

Debarati Halder and K. Jaishankar further define cybercrime from the perspective of
gender and defined cybercrime against women as “Crimes targeted against women with a
motive to intentionally harm the victim psychologically and physically, using modern
telecommunication networks such as internet and mobile phones. Internationally, both
governmental and non-state actors engage in cybercrimes, including espionage, financial theft,
and other cross-border crimes. Cybercrimes crossing international borders and involving the
actions of at least one nation-state are sometimes referred to as cyberwarfare.
A report (sponsored by McAfee) estimates that the annual damage to the global
economy is at $445 billion; however, a Microsoft report shows that such survey-based
estimates are "hopelessly flawed” and exaggerate the true losses by orders of magnitude.
Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In
2016, a study by Juniper Research estimated that the costs of cybercrime could be as high as
2.1 trillion by 2019.

There has been confusion on the criteria used to determine the definition of the term
Cyber Crimes or computer crimes. Some argued that it is any crime that involves the use of a
computer some argued that it is a crime in the presence of a computer. However, some have
criticized the categorization of cybercrime.
 Donald Gotternbarn argued that there is nothing special about the crimes that happen
to involve a computer. Is it possible for a crime to be categorized in accordance to a tool,
equipment, mechanism, or means through which was committed? if that's so, how many
categories of crime we would be there? How about the crime committed through using a
television, automobiles, scalpel, scissors, and others categorized of them as individual crimes?

CONCEPT OF CYBERCRIME (GOTTERNBARN)

In arguing against Gotternbarn, indeed, we may not, categorize other crimes in

accordance to tools, equipment, mechanism, or means through which they were committed.
However, the nature and features of Cyber Crimes that differentiate, between the traditional
universe and the cyber universe, led the traditional universe to tremble like an earthquake,
making crime more difficult to control than they were before, this initiates the concept these
crimes were necessarily categorized as Cyber Crimes.

Therefore, let Cyber Crimes be Cyber Crimes. Foreste and Morrison argued that
cybercrime is a criminal act in which a computer is used as a principal tool. In that matter, the
theft of a computer hardware device, would not qualify as a computer crime.

Is it true by using a computer as the principal tool to commit a crime will amount to a
computer or cybercrime? For instance, in taxable transactions, in the case of data entry, can't a
person commit fraud by just filling the wrong data into a hardcopy version of tax forms which
are the same available in electronic forms?

Roy Girasa (2002) argued that cybercrime is a generic term covering the multiplicity of
crimes found in penal codes or legislation having the use of computers as a central component.
To him Ubiquity, global reach, universal standards, information richness, interactivity,
information density, personalization customization, and social technology. As a result of these
features, it achieves unprecedented reach and makes available vast amounts of information of
varying degrees of quality. Internet users cannot be regarded as a homogenous group.
Cybercrime is a crime as long as the penal codes and other legislation stipulate it as
involving not only the computers but the use of computers as the center component.

At the Tenth United Nations Congress on the Prevention of Crime and Treatment of
Offenders, in a workshop devoted to issues of crimes related to computer networks, cyber a
broken into two categories and defined thus:

1. Cybercrime in a narrow sense (computer crime)

Any illegal behavior directed utilizing electronic operations that target the
security of computer systems and the data processed by them.

2. Cybercrime in a border sense (computer-related crime)

 Any illegal behavior committed utilizing or concerning a computer system or
network, including such crimes as illegal possession and offering or distributing
information through a computer system or network.

Even though this definition is not completely definitive, however, it gives us a good starting
point, for determining just what cybercrime means, by incorporating computer crime and
computer-related crime.

Computer crime has two elements:

1. Computer
2. Crime

Therefore, it involves a crime in a relationship with a computer. The relationship could

involve the direct usage of a computer by the criminal as one of the first famous computer
criminals did.

However, the relationship can also be indirect, the criminal can not only use a computer
to commit his crime but can also use someone to make changes in a computer system, by
manipulating a key computer user. Thus, one is the exploitation of weaknesses in the technical
IT infrastructure, the other is an exploitation of trust in the social fabric of IT users within the
organization.

WHY COMPUTER INCIDENTS ARE PREVALENT

 Increasing Complexity Increases Vulnerability

Increasing the level of complexity Vulnerability is heightened. As more devices are
connected to a network, the number of potential entry points grows, raising the risk of security
breaches.

 Higher Computer User Expectations

Money equals time. The most involved active computer users can be, the sooner they can
solve a problem. As a result, tech service desks are under tremendous pressure to respond to
customer inquiries as quickly as possible.

 Technological Advancement Introduces New Risk

Today, knowledge is exchanged on networks with millions of other machines due to
increased market demands, globalization, distributed working, and recent technical
breakthroughs.

 Increase Reliance on Commercial Software with Known Vulnerabilities

Many companies' software is heavily reliant on proprietary software that has known flaws.
Some corporate IT companies opt to use already developed applications “as is” rather than
introduce security fixes that make software difficult to use or delete "nice-to-have functionality
recommended by existing or future buyers, which help market the software.

 Bringing your own device (BYOD) policy

Employees access company data using personal devices such as cellphones, smartphones,
and notebook computers to stay connected and available at all times, posing a security risk.

 Delay in software updates

Most companies are unaware of the looming dangers and defer program upgrades for a
variety of reasons, including a lack of time, additional costs, or simple indifference, leaving the
organization's computer vulnerable to attack.

CYBERSECURITY AND CYBERCRIME

Cybersecurity is the collection of tools, policies, security concepts, security safeguards,

guidelines, risk management approaches, actions, training, best practices, assurance, and
technologies that can be used to protect the cyber environment and organization and user's
assets. Organization and user's assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunication systems, and the totality of
transmitted and/or stored information in the cyber environment.
Cybersecurity strives to ensure the attainment and maintenance of the security
properties of the organization and user's assets against relevant security risks in the cyber
environment.

Cyber Security - Privacy Policy:

Before submitting your name, and e-mail address, on a website look for the site's
privacy policy. Keep Software Up to Date. If the seller reduces patches for the software
operating system of your device, install them as soon as possible. Installing them will prevent
attackers from being able to take advantage. Use a good password that will be difficult for
thieves to guess. Do not choose options that allow your computer to remember your
passwords.

DISABLE REMOTE CONNECTIVITY

Some PDA's and phones are equipped with wireless technologies, such as Bluetooth,
that can be used to connect to other devices or computers. You should disable these features
when they are not in use.

ADVANTAGES OF CYBER SECURITY

Cyber security will defend us from critical attacks.
1. It helps us to browse the site, and website.
2. Internet Security processes all the incoming and outgoing data on your computer.
 3. It will defend us from hacks and viruses.
4. Application of cyber security used in our PC needs an update every week

SAFETY TIPS TO CYBERCRIME

1. Use Antivirus Software
2. Insert Firewalls
3. Uninstall unnecessary software
4. Maintain backup
5. Check security settings

Cybercrime and cybersecurity are issues that can hardly be separated in an

interconnected environment. The fact that the 2010 UN General Assembly resolution on
cybersecurity addresses cybercrime as one major challenge underlines this. Cybersecurity plays
an important role in the ongoing development of information technology, as well as Internet
services. Enhancing cybersecurity and protecting critical information infrastructures are
essential to each nation's security and economic well-being. Making the Internet safer (and
protecting Internet users) has become integral to the development of new services as well as
government policy.

Deterring cybercrime is an integral component of national cybersecurity and critical

information infrastructure protection strategy. In particular, this includes the adoption of
appropriate legislation against the misuse of ICTs for criminal or other purposes and activities
intended to affect the integrity of national critical infrastructures. At the national level, this is a
shared responsibility requiring coordinated action related to prevention, preparation, response,
and recovery from incidents on the part of government authorities, the private sector, and
citizens. At the regional and international level, this entails cooperation and coordination with
relevant partners. The formulation and implementation of a national framework and strategy
for cybersecurity thus require a comprehensive approach. Cybersecurity strategies-for example,
the development of technical protection systems or the education of users to prevent them
from becoming victims of cybercrime can help to reduce the risk of cybercrime. The
development and support of cybersecurity strategies are vital elements in the fight against
cybercrime.

The legal, technical, and institutional challenges posed by the issue of cybersecurity are
global and far-reaching, and can only be addressed through a coherent strategy taking into
account the role of different stakeholders and existing initiatives, within a framework of
international cooperation. In this regard, the World Summit on the Information Society (WSIS)
recognized the real and significant risks posed by inadequate cybersecurity and the
proliferation of cybercrime. The provisions of SS 108-110 of the WSIS Tunis Agenda for the
Information Society including the Annex, set out a plan for multi-stakeholder Understanding of
cybercrime: Phenomena, challenges, and legal response implementation at the international
level of the WSIS Geneva Plan of Action, describing the multi-stakeholder implementation
process according to eleven action lines and allocating responsibilities for facilitating the
implementation of the different action lines. At WSIS, world leaders and governments
designated ITU to facilitate the implementation of WSIS Action Line C5, dedicated to building
confidence and security in the in this regard, the ITU Secretary-General launched the G

Cybersecurity Agenda (GCA) on 17 May 2007, alongside partners from governments,

industry, regional and international organizations, and academic and research institutions. The
GCA is a global framework for dialogue and international cooperation to coordinate the
international response to the growing challenges of cybersecurity and enhance confidence and
security and security in the information society. It builds on existing work, initiatives, and
partnerships to propose global strategies to address today's challenges related to building
confidence and security in the use of ICTs. Within ITU, the GCA complements existing ITU work
programs by facilitating the implementation of the three ITU Sectors' cybersecurity activities,
within a framework of international cooperation.
The Global Cybersecurity Agenda has seven main strategic goals, built on five work
areas:
1. Legal measures;
2. Technical and procedural measures;
3. Organizational structures;
4. Capacity building; and
5. International cooperation.

The fight against cybercrime needs a comprehensive approach. Given that technical
measures alone cannot prevent any crime, it is critical that law-enforcement agencies are
allowed to investigate and prosecute cybercrime effectively. Among the GCA work areas. "Legal
measures" focus on how to address the legislative challenges posed by criminal activities
committed over ICT networks in an internationally compatible manner. "Technical and
procedural measures" focus on key measures to promote the adoption of enhanced
approaches to improve security and risk management in cyberspace, including accreditation
scheme protocols and standards. "Organizational structures" focus on the prevention
detection, response to, and crisis management of cyberattacks, including the protection of
critical infrastructure systems. "Capacity building" focuses on elaborating strategies for
capacity-building mechanisms to raise awareness, transfer know-how, and boost cybersecurity
on the national policy agenda. Finally. "International cooperation focuses on international
cooperation, dialogue, and coordination in dealing with the cyber threat

TOP 10 MOST VALUABLE INFORMATION TO CRIMINALS

(Global Information Security Survey 2018-2019)
According to EY Global Information Security Survey 2018-2019, customer
information, financial information, and strategic plans make up the Top Three (3) most
valuable information that organizations would like to protect as shown in the table
below.
 VALUABLE INFORMATION %
CUSTOMER INFORMATION 17%
FINANCIAL INFORMATION 12%
STRATEGIC PLANS 12%
BOARD MEMBER INFORMATION 11%
CUSTOMER PASSWORD 11%
RESEARCH AND DEVELOPMENT 9%
(R&D) INFORMATION
MERGERS AND ACQUISITION 8%
(M&A) INFORMATION
INTELLECTUAL PROPERTY 6%
NON- PATENTED 5%
SUPPLIER INFORMATION 3%

In the same survey, the table below shows that the most successful cybercrimes contain,
phishing and malware as starting points. Attacks focused on disruption and stealing money
ranked third and fourth.

TOP 10 BIGGEST CYBER THREATS TO ORGANIZATIONS

(Global Information Security Survey 2018-2019)

RANK CYBER THREATS %

1 PHISHING 22
2 MALWARE 20
3 CYBER-ATTACKS (TO DISRUPT) 13
4 CYBER-ATTACKS (TO STEAL MONEY) 12
5 FRAUD 10
6 CYBER-ATTACKS (TO STEAL IP) 8
7 SPAM 6
8 INTERNAL ATTACKS 5
9 NATURAL DISASTER 2
10 ESPIONAGE 2

HACKING SKILLS
As an ethical hacker, there is a need to understand various hacking techniques, which
are as follows:
a) Password guessing and cracking
b) Session hijacking
 c) Session spoofing
d) Network traffic sniffing
e) Denial-of-service attacks
f) Exploiting buffer overflow vulnerabilities
g) Structured Query Language (SQL) injection

BASIC SKILLS
Computer hacking is both a technology and an art form. To gain experience and become
an experienced hacker, one must put in a lot of work. Once on track, further work is needed to
stay current with emerging technology, bugs, and exploitation techniques. An ethical hacker
must be a computer systems expert and needs to have very strong programming and computer
networking skills.
a. An ethical hacker must have a great deal of courage, determination, and perseverance
in order to attempt again and again before the desired outcome is obtained.
b. To use social engineering exploits, the ethical hacker must be clever enough to consider
the scenario and the attitude of other people.
c. A decent ethical hacker is also a perfect problem-solver.

CLASSIFICATION OF PERPETRATORS OF COMPUTER CRIME

1. HACKERS
- They do it out of scientific curiosity and see how they can get access to information
systems and how far they can go. They have a limited knowledge of formation systems
and security features, and their motives are largely guided by a willingness to learn
more.
2. CRACKERS
- They hack into other people’s network and systems to do things like deface websites,
crash computers, distribute malicious programs or hateful messages and write scripts
and automated program enable others to do the same.
3. MALICIOUS INSIDERS
- Since they are often granted access to the networks they misuse, they are incredibly
difficult to track or avoid. They are familiar with specific programs which also require
protocols for obtaining login IDs and passwords.
4. Industrial Spies
- They procure trade secrets from their sponsor’s rivals by fraudulent means. Insiders,
such angry employers and ex-employees, are the most common thieves of trade secrets.
Competitive intelligence gathers material that is publicly accessible through legitimate
methods. Financial accounts, trade publications, corporate filings, and printed
interviews with company executives are used to compile and interpret information.
Theft of innovative product ideas, manufacturing records, marketing documents, or new
tech source code are all examples of industrial espionage.

5. CYBER CRIMINALS
 - The opportunity for material gain motivates cyber criminals. They rob by breaking into
company servers and converting funds from one account to another, leaving a
hopelessly confusing path for law enforcement to trace. They stole and resold credit
card numbers, personal names, and cellphone IDs, among other type of computer fraud.

6. CYBERTERRORISTS
- In order to advance such political or social objectives, a cyberterrorist conducts a
computer-based assault against other computer or networks in an effort to intimidate
or coerce a nation. Cyber terrorists employ tactics to destroy or interrupt a network in
order to inflict damage rather than gather information. They are extremely risky, since
they regard themselves as at war, have a high-risk tolerance and pursue full effects.

CLASSIFICATION OF HACKERS

Hackers are divided into groups based on their motivation for breaking into a structure.
Both words are derived from old spaghetti westerns in which the bad guy wears black cowboy
hat and the good guy wears a white cowboy hat

1. White Hat Hackers -They're often referred to as “ethical hackers." As part of

intrusion testing and risk assessments, they never plan to damage a device;
rather, they aim to discover vulnerabilities in a computer or network system.
Ethical hacking is not a crime, and it is one of the most difficult jobs in the IT
industry. For penetration testing and risk tests, often businesses employ ethical
hackers.

2. Black Hat Hackers - These hackers, also known as "crackers," attempt to obtain
unauthorized access to a device in order to disrupt its activities or steal classified
information. Because of its bad intent, black hat hacking is still illegal, like
stealing corporate data, breaching privacy, causing server damage, blocking
network connectivity, and so on.

3. Gray Hat Hackers - These hackers are a mix of black and white. They behave
without malice, just or the sake of amusement, they exploit a security flaw in a
computer device or network without the consent or knowledge of the owner.
They want put the flaw to the notice of the owners in exchange for gratitude or a
small reward. Have note. Hackers, whether gray or grey, are the same

4. Miscellaneous hackers
There are other types of hackers depending on what they hack and how hack, in addition to the
well-known ones mentioned above. The following are some of them:
a. Red Hat Hacker - Is a combination of black and white hat hackers. They normally
operate at the level of hacking government departments, top-secret intelligence hubs,
and everything else that pertains to classified data.
 b. Blue Hat Hacker - Is a person who works independently of computer security
consultancy companies and is responsible for bug-testing a device prior to its release.
They search for flaws in the system that can be used and work to plug them. The word
"Blue Hat” is used by Microsoft to refer to a series of security briefings.

c. Elite Hacker - Is a hacker's social standing that is used to identify the most experienced
hacker.

d. Script Kiddie - Is a non-expert who breaks into computer systems using pre-packaged
programmed tools written by others and no knowledge of the underlying definition,
hence the name "kiddie."

e. Green Hat Hacker (Neophyte, "n00b," "Newbie) – Is someone who is new to hacking or
phreaking and has little to no understanding about how computers and hacking work.

f. Hacktivist - Is a hacker who uses computers to spread a message that is psychological,

ideological, moral, or governmental. The majority of hacktivism entails defacing
websites or launching denial-of-service attacks.

TYPES OF COMPUTER ATTACKS

1. Viruses
- there are applications that travel through networks and operating systems, attaching
themselves to a variety of other programs and databases. These disruptive viruses can
modify and/or erase files after they have been enabled. It is a serious offense to
intentionally distribute a virus. Unfortunately, new viruses emerge on a regular basis.
The best way to remain up to date is to subscribe to utilities that monitor viruses on a
regular basis

For example, Symantec, McAfee, and Microsoft all tract the most serious virus threats

2. Worms
- There are programs that repeatedly reproduce themselves. The self-replicating activity
computers and networks until it becomes involved in a network, slowing or stopping
their operations. A new worm spread around the globe in hours, shutting down tens of
thousands of machines in the process. A worm, unlike a virus, does not bind itself to a
computer or alter or erase files. Worms, on the other hand, can bear a virus If a worm
has dropped a virus into an unwitting operating device, the virus will either activate
right away or remain inactive until a later date.

Notes: Viruses and worms are usually spread through e-mail attachments and programs
downloaded from the Internet. Since viruses are so dangerous, computer users are cautioned
to never open an e-mail attachment from an unknown sender and to take extreme caution
when installing new programs or data from any source.
The Antivirus software warns users as viruses and worms infiltrates their operating system.
Unfortunately, new viruses emerge on a regular basis, and not all of them can be identified.

3. Trojan Horses
There are applications that tend to be harmless, but they actually contain malicious
code, Trojan horses aren't the same as viruses. they, like worms, can, however, carry
viruses. Trojan horses are most often seen in the form of free video games and
screensaver applications that can be downloaded from the Internet. When user runs
one of these applications, the trojan horse often installs a virus on the operating system
without the user's knowledge. The virus then starts causing problems. One of the most
Trojan horse forms claims to provide free antivirus software.

4. Denial of Service
By overwhelming a computer system or network with requests for information and
data, a denial of service attack aims to delay or stop it. When a malicious hacker takes
control of computers on the Internet, they spam a target server with requests for data
and other minor activities. It does not entail gaining access to the targeted device.
Instead, it leaves the target so busy responding to a torrent of automatic requests that
legitimate users are unable to access the site - the Internet equivalent to constantly
dialing a phone number so that all other callers get a busy signal. Once the ISP or
website has been hacked, the computers at the ISP or website become overburdened by
demands for service and are unable to respond to legitimate users. As a result, the
internet service provider (ISP) or website is effectively shut down. Internet Service
Providers (ISPs) and individual websites are typically the targets of these attacks.

5. Rogue WI-FI Hotspots

From libraries and fast-food chains and coffee shops, there are free Wi-Fi networks
nearly everywhere. This open network is imitated by rogue Wi-Fi hotspots. These rogue
networks are mostly found near legal free hotspots and send out stronger signals, which
many users unwittingly link to. Once linked, the rogue networks collect all information
submitted to legitimate sites by users, including user names and passwords.

6. Identity Theft
Identity stealing is the fraudulent use of another person's identity for financial gain.
When a person's identity is taken, the suspect obtains new credit cards under the
victim's name. From Social Security numbers and dates of birth to account records and
passwords, identity hackers search for something that can help them steal someone's
identity. They often get this information from social networking sites, where people
often share personal details such as birth dates, family member names, home
addresses, and so on. The easiest way to protect yourself from identity hackers is to
take discretion when providing information on social networking sites and to make use
of the privacy settings and controls available.
 7. Internet Scams
A scam is a misleading or unethical act or activity that entices people into sharing
personal information or wasting time and resources with little or no benefit. An Internet
fraud is basically a con that takes place over the internet. Almost all Internet scams
begin with a mass mailing to unwitting recipients.

Notes: Phishing is a common scam tactic used by con artists. Phishing is a method of deceiving
Internet users into believing a false yet official-looking website or e-mail is genuine. Phishing
has advanced to the point that it now replicates whole websites, such as PayPal, in an attempt
to trick users into divulging their financial details.

8. Rootkits
A rootkit is a collection of programs that allows its user to obtain administrator-level
access to a device without the permission or knowledge of the end user. The rootkit
allows attackers to execute files, access logs, track user behavior, and alter the
computer's configuration.

9. Spam
Spam e-mail is the practice of sending unsolicited e-mail to vast groups of individuals
using email services. The majority of spam is low-cost promotional advertisements,
mostly for dubious goods like pornography, bogus get-rich-quick schemes, and useless
stock.

10. Phishing
Phishing is the malicious use of e-mail to try to get the user to share personal
information. In a phishing scam, a con artist sends out e-mails that appear to be from a
reputable source, encouraging the user to take action in order to avert undesirable
repercussions or to earn a payout. Spear-phishing is a form of phishing in which the
phisher sends phony e-mails to employees of a specific company.
11. Adware - It's a piece of software that forces pre-selected advertisements to appear on a
computer.
12. Attack - It is a procedure for gaining access to a device and extracting confidential data.
13. Back Door - This hidden access to a computer system or app, also known as a "trap
door," bypasses authentication mechanisms such as logins and password defenses.
14. Botnet - It's a program that automates a task so that it can be carried out at a much
faster pace and over a longer period of time than a human operator might. Sending
HTTP, FTP, or Telnet at a faster rate, or calling script to generate objects at a faster rate,
for example. A botnet, also known as a "zombie army," is a collection of computers that
are managed without the knowledge of their users. Botnets are used to deliver spam
and launch distributed denial-of-service attacks.
15. Brute Force Attack - It is the easiest and most automatic way of gaining access to a
device or website. It repeatedly attempts various combinations of usernames and
passwords before it succeeds.
16. Buffer Overflow - If more data is written to a block of memory or a buffer than the
buffer is allocated to contain, this is a mistake.
17. Clone Phishing - It is the addition of a false connection to an actual, valid e-mail in order
to dupe the receiver into sharing personal information.
18. Exploit Kit - It's a software framework that runs on Web servers to find software flaws
in client computers that communicate with it, then exploits those flaws to upload and
execute malicious code on the client.
19. Exploit - It's a piece of software, a block of code, or a series of commands that exploits a
flaw or loophole in a device or network device to undermine its protection.
20. Firewall - A firewall is a security device that keeps unauthorized intruders out of a
computer system or network while allowing secure contact between devices and users
on the inside.
21. Keystroke Logging - This is the procedure for keeping track of the keys pressing on a
monitor (and which touchscreen points are used). It's nothing more than a
computer/human interface map. Gray and black hat hackers use it to keep track of login
IDs and passwords. A Trojan sent via phishing e-mail is typically used to install key
loggers on a computer.
22. Logic Bomb - It is a virus that is secreted into a device and when those requirements are
met, it performs a malicious operation. The time bomb is the most popular variation of
this.
23. Malware - It's a catch-all word for a wide range of malicious malware, from computer
viruses, worms, Trojan horses, malware, spyware, adware, scareware, and other
malicious programs.
24. Master Program - This is the software that a black hat hacker uses to send orders to
infected zombie drones over the internet, usually to carry out DoS or spam attacks.
25. Phreakers - These was thought to be the first computer hackers. They are those who
unlawfully gain access to the mobile network in order to make free long-distance calls or
tap phone lines.
26. Shrink Wrap Code - This is the process of finding flaws in unpatched or incorrectly
designed applications and exploiting them.
27. Social Engineering - This entails deceiving others in order to obtain confidential and
personal data such as credit card numbers, usernames, and passwords.
28. Spoofing - It's a method of gaining unwanted access to computers in which an attacker
sends messages to a device with an IP address that indicates the message came from a
trustworthy host.
29. Spyware - This is software that collects information about an individual or organization
without their permission and may transmit that information to another party without
their consent, or that asserts authority over a device without their knowledge.
30. SQL Injection - This is a SQL code injection technique for targeting data-driven
applications in which malicious statements are inserted into an entry field for execution
(for example, to dump the database contents to the attacker).
31. Threat -It is a potential threat that can undermine the protection of a device or network
system exploiting an internal flaw or weakness.
 32. Vulnerability - This is a flaw that helps a hacker to break through a computer or network
system's safe.
33. Cross-site Scripting (XSS) - This is a common form of computer security flaw found in
Web applications. Attackers may use XSS to insert client-side script into Web pages that
are being used by other users.
34. Zombie Drone - It is described as a computer that has been hacked and is being used
anonymously as a soldier or "drone" for malicious purposes, such as sending unwanted
spam e-mails,

PHASES OF CYBERSECURITY ATTACK

Six (6) Phases of Cybersecurity Attack
1. Reconnaissance – the attacker gathers information about a goal by active or passive
means during this process. Google Dorks and Maltego are two commonly used methods
in this process.

2. Scanning – during this process, the attacker deliberately probes a target computer or
network for exploitable vulnerabilities. Nessus or Nexpose are the methods used in this
phase.

3. Gaining Access – the vulnerability is discovered during this operation. The attacker tries
to use it to gain access to the device. Metasploit is the most important method in the
operation.

4. Maintaining Access – when a hacker has already obtained access to a device, this is the
method. After obtaining entry, the hacker sets up some backdoor to allow him access to
the device in the future if he wants it. In this method, Metasploit is the preferred tool.

5. Clearing Tracks – this is a morally reprehensible procedure. It has to do with the

removal of all logs of all events that occur during the hacking process.

6. Reporting – this is the last move in the ethical hacking procedure. The ethical hacker
compiles a paper detailing his or her discoveries and the job that was completed,
including the methods used, progress rate, bugs discovered, and exploit processes.

TYPOLOGY OF CYBERCRIME
In traditional means, the term crime covers a broad range of offenses. It is from this
broad range the typology or classification of cybercrime became difficult.
A good example of an international instrument that tried to categorize types of
cybercrime is the Council of Europe the History of Global Harmonization on Cyber Crime
Legislation, The Road to Geneva, December 2008.

The Convention on Cyber Crime distinguishes between four different types of offenses.
 1. Offenses against the confidentiality, integrity, and availability of computer data and
systems, such as illegal access, illegal interception, data interference, system
interference, and misuse of devoicing.
2. Computer-related offenses, such as computer-related forgery and computer-related
fraud.
3. Content-related offenses, such as offenses related to child pornography; And
4. Copyright-related offenses, such as offenses related to copyright infringements and
related rights.

Even though this typology of cybercrime is not wholly consistent the fourth category does
not focus on the object of legal protection but on the method, which in turn brings about the
overlap between categories. Nonetheless, the categories serve as a useful basis for discussing
the phenomena of cybercrime globally.

The term “cybercrime” is used to cover a wide variety of criminal conduct. As recognized
crimes include a broad range of different offenses. It is difficult to develop a typology or
classification system for cybercrime.

One approach can be found in the Convention on Cybercrime, which distinguishes between
four different types of offenses.

1. Offenses against the confidentiality, integrity, and availability of computer data and
systems;
2. Computer-related offenses;
3. Content-related offenses;
4. Copyright-related offenses.

The typology is not wholly consistent, as it is not based on a sole criterion to differentiate
between categories. Three categories focus on the object of legal protection “offenses against
the confidentiality, integrity and availability of computer data and system”, “content-related
offences; and copyright-related offenses. The fourth category of “computer-related offences”
109 does not focus on the object pf legal protection, but on the method used to commit the
crime. This inconsistency leads to some overlap between categories.

TYPES OF CYBERCRIME

1. FINANCIAL CRIMES
Credit Card Frauds, Money Laundering
2. CYBER PORNOGRAPHY
Pornographic Websites, Online distribution
3. ONLINE GAMBLING
Millions of websites, all hosted on servers abroad. offer online gambling.
4. IP CRIMES
 Software Piracy: Copyright Infringement; Trademarks Violations; Theft of
Computer Source Code,
5. EMAIL SPOOFING
A spoofed email one that appears to originate from one source but actually has
been sent from another source.

6. CYBER DEFAMATION
This occurs when defamation takes place with the help of computers and/or the
internet. E.g. someone publishes defamatory matter about another on a website.
7. CYBER STALKING
This involves following a person's movements across the Internet by posting
messages (sometimes threatening) on bulletin boards frequented by the victim,
entering chat-rooms frequented by the victim, constantly bombarding the victim with
emails etc.
8. UNAUTHORIZED ACCESS
Also known as Hacking. Involves gaining access illegally to a computer system or
network and in some cases making unauthorized use of this access. Hacking is also the act
by which other forms of cyber-crime (e.g., fraud, terrorism) are committed.
9. THEFT
Theft of any information contained in electronic form such as that stored in
computer hard disks. removal storage media, etc. Can extend to identity theft.
10. EMAIL BOMBING
This refers to sending a large number of emails to the victim resulting in the victim's
email account (in case of an individual) or mail servers (in case of a company or an email
service provider) crashing

11. SALAMI ATTACKS

These attacks are often used in committing financial crime and are based on the idea
that an alteration, so insignificant, would go completely unnoticed in a single case. E.g. a
bank employee inserts a program, into the bank's servers, that deducts a small amount of
money (say 5 cents a month) from the account of every customer This unauthorized debt is
likely to go unnoticed by an account holder.

12. DENIAL OF SERVICE (DNS) ATTACK

This involves flooding a computer resource with more requests than it can handle,
causing the resource (e.g. a web server) to crash thereby denying authorized users the
service offered by the resource, Another variation to a typical denial of service attack is
known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many
and are geographically widespread. It is very difficult to control such attacks and is often
used in acts of civil disobedience.

13. VIRUS/WORM
Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network They usually affect
 the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need
the host to attach themselves to. They merely make functional copies of themselves and do
this repeatedly till they eat up all the available space on a computer's memory.

14. LOGIC BOMBS

These are event dependent programs where programs kick into action only when a
certain event (known as a trigger event) occurs. Some viruses may be termed logic bombs
because they le dormant throughout the year and become active only on a particular date
(e.g. Chernobyl virus).

15. TROJAN ATTACKS

An unauthorized program which functions from inside what seems to be an
authorized program, thereby concealing what it is actually doing.

16. WEB JACKING

This occurs when someone forcefully takes control of a website (by cracking the
password and later changing it).

17. CYBER-TERRORISM
Hacking designed to cause terror. Like conventional terrorism, e-terrorism' is utilizes
hacking to cause violence against persons or property, or at least cause enough harm to
generate fear.

Classification of Computer Crimes

Computer crime encompasses a broad range of activities.
1. Financial fraud crimes
-Financial fraud can be broadly defined as an intentional act of deception
involving financial transactions for purpose of personal gain. Fraud is a crime,
and is also a civil law violation.
2. Internet fraud
- means trying to trick or scam someone else using the Internet. This
usually means that the person who is being tricked loses money to the people
scamming them. Internet fraud can take place on computer programs such as
chat rooms, e-mail, message boards, or Web sites.

3. Computer fraud
- is any dishonest misrepresentation of fact intended to let another to do or
refrain from doing something which loss. In this context, the fraud will result in
obtaining a benefit by:
a. Altering in an unauthorized way. This requires little technical expertise and is a
common form of theft by employees altering the data before entry or entering
 false data, or by entering unauthorized instructions or using unauthorized
processes:
b. Altering, destroying, suppressing, or stealing output. usually to conceal
unauthorized transactions. This is difficult to detect;
c. Altering or deleting stored data; 4. Other forms of fraud may be facilitated using
computer systems, including

4. Other forms of fraud may be facilitated using computer systems, including

 BANK FRAUD - is the use of potentially illegal means to obtain money, assets,
or other property owned or held by a financial institution, or to obtain money from
depositors by fraudulently posing as a bank or other financial institution. For this
reason, bank fraud is sometimes considered a white-collar crime.
 CARDING - is a form of credit card fraud in which a stolen credit card is used to
charge pre-paid cards. Carding typically involves the holder of the stolen card
purchasing store-branded gift cards, which can then be sold to others or used to
purchase other goods that can be sold for cash
 IDENTITY THEFT - also known as identity fraud, is a crime in which an imposter
obtains key pieces of personally identifiable information, such as Social Security
or driver's license numbers, in order to impersonate someone else.
 EXTORTION - (also called shakedown, outwrestling and exaction) is a criminal
offense of obtaining money, property, or services from an individual or institution,
through coercion
 THEFT OF CLASSIFIED INFORMATION
Classified information is sensitive information to which access is restricted by
law or regulation to particular classes of people. A formal security clearance is
required to handle classified documents or access classified data. The operation of
assigning the level of sensitivity to data is called data classification.

A variety of internet scams, many based on phishing and social engineering, target
consumers and businesses.

CYBERTERRORISM
Government officials and information technology security specialists have
documented a significant increase in Internet problems and server scans since early
2001. But there is a growing concern among government agencies such as the Federal
Bureau of Investigations (FBI) and the Central Intelligence Agency (CIA) that such
intrusions are part of an organized effort by cyberterrorists, foreign intelligence services,
or other groups to map potential security holes in critical systems. A cyberterrorist is
someone who intimidates or coerces a government or an organization to advance his or
her political or social objectives by launching a computer-based attack against
computers, networks, or the information stored on them.

Cyberterrorism in general can be defined as an act of terrorism committed

through the use of cyberspace or computer resources (Parker 1983). As such, a simple
propaganda piece in the Internet that there will be bomb attacks during the holidays can
be considered cyberterrorism. There are also hacking activities directed towards
individuals, families, organized by groups within networks, tending to cause fear among
people, demonstrate power, collecting information relevant for ruining peoples' lives,
robberies, blackmailing etc.

CATEGORIES OF CYBER CRIME

We can categories cybercrime into two ways.

1. THE COMPUTER AS A TARGET

- Using a computer to attacking another computer, e.g. Hacking, virus/ worms’
attacks, Docs attack. Etc.

2. THE COMPUTER AS A WEAPON

- Using a computer to operate real world crime e.g. cyber terrorism, credit card
fraud and pornography etc.

METHODOLOGY OF CYBERCRIME INVESTIGATION

There are many ways for cybercrime to take place, and investigation tend to start
with an IP Address trace, however that is not necessarily a factual basis upon which
detectives can solve a case. Different types of high-tech crime may also include
elements of low-tech crime, and vice versa, making cybercrime investigators an
indispensable part of modern law-enforcement. Methodology of cybercrime detective
work is dynamic and is constantly improving, whether in closed police units, or in
intentional cooperation framework.

STALKING DEFINED
The definition for stalking is when a perpetrator singles out a specific person and
causes the person emotional distress and causes the individual to fear his or her life,
safety, or safety of others. A stalker can be a former boyfriend or girlfriend, an
acquaintance or a stranger.

Sample scenario:
Carrie walks back to her dorm, but she cannot shake the feeling that she’s being
watched. Over the last two weeks, she has received several blocked calls to her
cellphone. Sometimes she will answer the calls, and other times she lets it go to
voicemail. When she answers, no one speaks, and whoever it is does not leave a
voicemail message. Carrie has also been getting emails to her school account. The
emails her that she is pretty, and there will be comments about the pants or shirt she
wore that day. Tonight, Carrie feels she needs to talk to the police because she feels
someone is stalking her.

In order for stalking to be a crime, there has to be two or more occasions of visual or
physical proximity; non-consensual communication, either written or verbal; threats; or a
combination of any of these occasions. In the example, Carrie has had a combination of
these occasions and is being subjected to several types of stalking.

TYPES OF STALKING
Stalking can occur in several forms.

1. WHEN THE PERPETRATOR FOLLOWS AN INDIVIDUAL AND WATCHES

THEM. (SURVEILLANCE STALKING)
Sample scenario:
Maria is being watched while she is walking back to her home. Her stalker is
using surveillance stalking to track and follow her. With surveillance staking, the
perpetrator is known to sit outside the home, place of work, school, or other places
that the individual usually go to regularly.

2. CYBERSTALKING
Maria is also a victim of cyberstalking, which is the use of electronic means, such
as the Internet or cellphones, to stalk victims. Cyberstalking is also considered
unsolicited contact from the perpetrator to the victim. The difference between
cyberstalking and surveillance stalking is done in physical sense, and
cyberstalking is done through technology and electronic means. The perpetrator
has not made physical contact, so the stalking is not considered aggravated
stalking.

3. AGGRAVATED STALKING
Occurs when the perpetrator restrains the victim, causes bodily harm to the
victim, or violates an order of protection. Maria has not had any of these happen
to her, so her stalker is using surveillance stalking and cyberstalking.

TYPES OF STALKERS
Actions define the type of stalking, but personalities combined with the actions
define the type of stalkers:

1. REJECTED STALKER
- This type of stalker becomes upset when the friendship or romantic relationship
has ended. The rejected stalker is not only self-centered and jealous but also
over-dependent and persistent.

2. RESENTFUL STALKER
- The resentful stalker feels humiliated that the relationship has ended and seeks
revenge upon the victim. Resentful stalkers are often irrationally paranoid and
are known to verbally assault their victims.
 3. PREDATORY STALKER
- It seeks power and sexual gratification. They will not make physical contact but
will use surveillance to track the victim.

4. INTIMACY SEEKER
- It seeks an intimate and romantic relationship with the victim. When the stalker is
rejected by the victim, he or she will continually phone the victim, write the victim
letters, and become jealous and violent if the victim enters into a relationship with
someone else.

5. INCOMPETENT SUITOR.
- It is usually having inadequate social skills. They want a relationship with the
victim but do not have the ability to realize he or she is not meant to be with the
victim.

6. EROTOMANIA AND MORBIDLY INFATUATED

- It feels that the victim loves them even though they may not have had any
contact with the victim. The stalker is usually paranoid, prefer suitors in a higher
social class, and will repeatedly approach the victim.

CYBERSTALKING
Is the use of the Internet or other electronic means to stalk or harass an
individual, group, or organization. It may include false accusations, defamation, slander
and libel. It may also include monitoring identity theft, threats, vandalisms, solicitation
for sex, or gathering information that may be used to threaten, embarrass or harass.
Also, it is often accompanied by real time or offline stalking in many jurisdictions
such as California, both are criminal offenses. Both are motivated by a desire to control,
intimidate or influence a victim. A stalker may be an online stranger or a person whom
the target knows. They may be anonymous and solicit involvement of other people
online who do not even know the target.

Then, cyberstalking is a criminal offense under various state anti-stalking,

slander and harassment laws. A conviction can result in a restraining order, probation,
or criminal penalties against the assailant, including jail. Online harassment, sometimes
referred to as “cyber harassment” usually pertains to threatening or harassing emails,
instant messages or website entries. To be considered cyberstalking the behavior
must pose a credible threat of harm to the victim. All states have anti-stalking
laws, but the legal definitions vary.

HOW TO PROTECT YOURSELF AGAINST CYBERCRIME

 Keep software and operating system updated

When you upgrade your software and operating system, you gain access to the
latest up-to-date security patches for your computer.
 Use anti-virus software and keep it updated
Anti-virus protection or a strong internet security strategy are also effective ways
to keep the system secure from attacks. Anti-virus software searches for threats,
tracks them, and eliminates them before they become an issue. This protection
keeps your laptop and data safe from cybercriminals, giving you peace of mind.
Be sure the anti-virus program is up to date if you want to get the best out of it.

 Use strong passwords

Don’t write down the passwords and then use strong passwords that no one can
guess. Using a reputable password generator to generate strong
passwords at random to make it easier.

 Never open attachments in spams emails

Spam email attachments are a popular way for machine to be infected with
malware and other forms of cybercrime. Never open an attachment from a link
you don’t recognize.

 Do not click on links in spam emails or untrusted websites

Another way for people to become victims of cybercrime is by clicking on links in
spam emails or other blogs, or visiting unknown websites. Avoid doing this if you
want to stay safe online.

 Do not give out personal information unless secure

Never give out personal information over the phone or by email unless you know
the line or email is secure. Be certain you’re conversing with the person you
believe you’re conversing with.

 Contact companies directly about suspicious request

When you are asked for details from an agency that has called you, hang up.
Call them back using the number listed on their official website to guarantee
you’re working with them and not a cybercriminal. It’s better to use a
different phone because cybercriminals can keep the link open. When you think
you’ve re-dialed, they’ll pretend to be with the bank or some other agency you’re
talking to.

 Be mindful of which website URLs you visit

Keep an eye on the website you’re using. Is it possible for them to appear
genuine? Avoid clicking on URLs that seem to be unfamiliar. Be sure the internet
security product will secure online transactions before making financial
transactions electronically.

 Keep an eye on your bank statements

 Our suggestions should assist you in avoiding being a victim of cybercrime.
When everything that fails, it’s important to acknowledge that you’ve become a
victim or cybercrime as soon as possible. Keep an eye on your financial accounts
and report any suspicious activities to the bank. The bank will investigate them
and see if they are genuine.

INCIDENT RESPONSE AND ITS IMPORTANCE

Incident response, also known as an IT incident, computer incident or security incident,

is a coordinated approach to handling or managing the aftermath of a security breach or
cyberattack. The aim is to deal with the situation in a manner that limits harm and decreases
recovery time and costs.

Ideally, incident response operations are handled by the Computer Security Incident
Response Team (CSIRT) of a company, a category that has previously been chosen to include
information security and general IT personnel as well as member of the C-suite level.
Representatives from legal, human resources and public relations divisions can also be included
in the team. The incident response team follows the Incident Response Plan (IRP) of the
company, which is a series of written guidelines that detail the response of the organization to
network events, security incident and verified violations.

Incident response is about making and having a flight plan. Instead of being an IT-centric
process, it is an overall business function that helps ensure that an organization with reliable
information can make quick decisions. Technical personnel from the IT and security
departments are not only involved, but also representative from other core aspects of the
company.

IMPORTANCE OF INCIDENT RESPONSE

Any incident activity that is not properly contained and handled can, and will usually,
escalate into a greater issue that can ultimately lead to a damaging breach of data, a large cost
or a collapse of the system. Rapidly responding to an incident will help an organization
minimize losses, mitigate vulnerabilities exploited, restore services and procedures, and reduce
the risks posed by future incidents (techtarget.com).

FIVE MEASURES IN INCIDENT RESPONSE

The response to incidents is a process, not an isolated event. Teams should take a
coordinated and organized approach to any incident in order for incident response to be
successful. In order to effectively address the wide range of security incidents that a company
might experience, there are five important steps that every response program should cover:
1. Preparation
2. Detection and Reporting
3. Triage and Analysis
4. Containment and Neutralization
5. Post-Incident Activity

1. PREPARATION
The secret to efficient incident response is planning. Without predetermined protocols,
even the best incident management team cannot handle an incident effectively. To support the
team, a strong strategy must be in place. These features should be included in an incident
response plan in order to resolve security incidents successfully:
a. Development of incident response policies and documentation
Develop protocols, procedures and agreements on incident response management.
b. Definition of Guidelines on Communication Guidelines
Create standards and guidelines for communication to allow for seamless
communication during and after an incident.
c. Threat Intelligence Feeds Incorporation
Continuously capture, evaluate, and synchronize the feeds for threat intelligence.
d. Conduct of Cyber Hunting Exercises
To identify incidents occurring within your community, perform organizational hazards
hunting exercises. This encourages more proactive reaction to incidents.
e. Threat Identification Capability Evaluation
Review the existing capacity threat identification and upgrade systems for risk
management and development.

2. DETECTION AND REPORTING

In order to identify, warn and report possible security incident, the aim of this process is
to track security events.
a. Monitor - Using firewalls, intrusion prevention systems, and prevention of data loss,
tracks security events in your network.
b. Detect- Detect possible security events in a SIEM (Security Information and Event
Management) solution by correlating warnings.

SIEM is an acronym for Security Information and Event Management. It’s a piece of
software that gathers logs and event data from on organization’s application, security
equipment and host systems and consolidates it into a single unified platform
(http://www.fireeye.com/). It’s a term coined by gartner in 2005 to describe software
that tracks and helps manage user and service privileges, directory resources, and other
improvements in device configuration, as well as log auditing and review and incident
response (www.netsurion .com).

c. Alert - Analysis create a ticket for an incident, record initial observation and allocate an
initial classification of an incident.
d. Report for regulatory reporting escalations. The reporting process should include
accommodations.

3.TRIAGE AND ANALYSIS

 During this point, the bulk of the effort is made to correctly scope and interpret the
security incident. To collect data from instruments and systems for further study and to
recognize signs of compromise, resources should be used. In depth expertise and a
comprehensive understanding of live device responses, digital forensics, memory analysis, and
malware analysis should be accessible to individuals.
Analysis should concentrate on THREE KEY AREAS as information is gather ed:
1. Endpoint Analysis
a. Determine what traces the actor of the threat may have left behind
b. Gather the appropriate objects for creating a timeline of events.
c. To decide what happened on a computer examine perspective and capture RAM
to parse through and identify key, objects.

RAM stands for Random Access Memory

RAM is the short-term data storage for your system.it stores the data that your computer is
currently using so that it can be accessed easily. The more memory you use.

2. Binary Analysis
Examine malicious binaries or devices leveraged by the attacker and record the features of
such programs. This analysis is performed in two ways.

a. Behavioral Analysis:
Execute the, malicious program in a VM to monitor its behavior VM stands for a virtual
machine. it is a programming tool that uses software to run programs and execute
applications instead of a physical computer VM’s are primarily intended to run several
operating systems from the same piece of hardware at the same time.

b. Static analysis:
To check out the entire functionality, reverse engineer the malicious software.

3. Enterprises Hunting
To assess the scope of compromise, evaluate the current structures and event log
technologies all compromised accounts, computers, etc., are also resisted so that efficient
containment and neutralization can be carried out.

4. CONTAINMENT AND NEUTRALIZATION

This is one of the most important incident response levels, the containment and
neutralization strategy is based on the intelligence gathered during the review process and the
compromise indicators. Normal operations will resume after the system is restored and security
is checked.

 Coordinated Shutdown
 After all systems inside the setting that have been compromised by a threat actor have
been detected, evacuate a coordinated shutdown of these devices. To ensure proper
timing, a message must be sent to all IR (Incident Response) team members.

 Wipe and Rebuild

Wipe the infected computers from, the ground up, and restore the operating systems.
Change all compromised accounts passwords.

 Threat Mitigation Requests

If you have established domains or IP addresses known to be leveraged for command

and control by threat actors issue requests for threat mitigation to block contact from all
egress channels linked to these domains

IP stands for Internet Protocol address: it is and identification number connected with a
particular network of machines or computers. The IP address allows the machines to send and
receive data while connected to the internet.

5. ACTIVITY FOR POST-INCIDENTS

After the incident is settled, there is more work to be done. Make sure that any details
that can be used to avoid similar events from occurring again in the future is properly recorded.
a. Complete a report on Incidents
Documenting the incident would help strengthen the response plan for the incidents
and increase additional security measures to deter potential security incidents of this
nature.
b. Monitor Post – incident
Strong monitoring of post – incident activities as threat actors can re-appear again. For
any indications of triggering indicators that may have been associated with the prior
incident, we suggest a security, log hawk analyzing SIEM data

c. Threat Intelligence Update

Update feeds of threat information for the organization
d. Identify Protective Acts
Establish new technology measures to avoid accidents in the future
e. Gain Cross-functional Buy-In
For the proper implementation of new security policies, communications around the
organization is important

5 MAIN PRINCIPLES IN DEVELOPING A PLAN FOR INCIDENT RESPONSE

 When more organizations become victims of cyber-attacks, renewed emphasis is being
placed on responding to incidents, here are five main factors for the creation of a successful
incident response plan
Organization have discovered that there is no magic bullet to avoid cybersecurity threat
developing rapidly, for years, however, many have continued to struggle to find the necessary
data and scope to be able to developed and IR strategy that works just right for their
organization. Even those that have an IR plan in place most are underdeveloped and
underfunded, and when an event eventually happens, they fall short in terms of performance.
To Withstand and attack and reduce the consequence and cost of rehabilitation
regardless of the scale of the organization it is critical to have a holistic approach the incident
response most importantly the IR flan should be pragmatic enough for the company to respond
swiftly and effectively in the event of an agreement.

CRITERION FOR AN APPROPRIATE INCIDENT RESPONSE PLAN

1. BE SIMPLE BUT ACCURATE

To make a rapid and thorough determination of what, how when, and why, The IR
plan should be straightforward easy and direct the incident response team the strategy
should also provide detailed instruction so that the organization can identify the under-
attack structure and data and take step to protect vital assets

a. HAVE COMPREHENSIVE ROLES AND RESPONSIBILITIES

The functions and duties of all the stakeholders are clearly set out. Businesses,
and each individual employee in particular, must have a clear understanding of their
tasks to be performed in the event of an incident, and adequate steps must be taken to
minimize the effect and protect the loss of confidential data.

b. BRING PROFESSIONAL AND NON-TECHNICAL STUFF TOGETHER

The IR plan should not be confined only to the department of IT or security

department only If both the technical and non-technical teams, such as legal,
compliance, human resource, public relation, etc., are dedicated and participate in the
implementation of the IR plan is the IR plan successful. take the time to establish
internal and external stop relationship.

c. PROVIDE A SYSTEM CLASSIFICATION

Establish a system for incident classification so that you can prioritize the task of
incident response properly. For future remediation purpose, classification will also assist
you to extract meaningful metrics Such as form, intensity, attack vector, effects, And
root cause.

2. UNDERSTAND THE PRIORITY OF THE ORGANIZATION

Finally, the IR strategy should be compatible with the organizational goals. Identify
what matters most to the Organization and we’ve those priorities into the IR activities.
For instance, ensuring the safety of patients is your first priority if critical medical device
is under attack During your search, if you are a producer and your phase production is
interrupted, then resuming operation is your top priority.

The Do’s and Don’ts Answer Of Incident

5THINGS NOT DO DURING THE INCIDENT

When there is an incident in your organization. It is easily to get stressed out, and
this can lead to making rash decision out of haste this is the worst thing during a
security incident that you can do. Many times, individuals make this rash decision and
do not know their adverse effect until the issue there were initially attempting to control
worsens. Here are the things not to do during the incident

1. Not to panic - It is the hardest thing during the incident that you can do you can
keep calm and it will help to do just That to have and IR strategy an IR plan will
give you a preplanned direction that explained the best course of action To take
during the incident to ensure that the protocols are thorough and specific, It is
extremely necessary to establish a strong plan before an incident occurs.
2. Do not shut down the infected systems. - You should lose volatile data
containing significant forensic information by shutting it down, in evaluating the
timeline of what occurred, this knowledge can be vital. It will also inform you what
data is actually stolen after this timeline so that you can select the best way to
treat the stolen data.

3. Unless otherwise instructed, do not discuss the incident with anyone-

Being selective about the audiences you want to interact with about an event that
has just begun to unfold is critical. It is best to share only with those who really
need to know information about the breach, otherwise the situation could get
worse.

4. When accessing a device environment, do not use domain administrative

credentials. - Threat actors are eagerly waiting to log in to a user with
enterprise-wide access so that they can catch the password to the obtain
maximum environmental power. Using login admin credentials may potentially
provide a hacker with an easier way to access your confidential information.

5. Do Not Execute Any Software Non-Forensic on the Infected System. -This

will overwrite the timelines associated with the attack in the Master file Table.
Again, it is imperative to not tamper with the timeline so that you can follow
exactly what occurred during the incident.

THINGS TO DO DURING AN ACCIDENT.

Instead of making hasty decisions during an incident, individual should take

several actions to mitigate the incident and repair it. It is incredibly helpful to collect as
much data about the incident as possible while containing an incident. To correctly fix
an incident, here are the things to do.
1. Use the forensic tools to extract volatile data and others essential objects
from the device. – Forensic tools are capable of connecting to the system
without altering any timestamps on the computer.

2. Gather external intelligence base on known compromise indicators (IOC). -

Check the web for details you found during your initial incident report about
MD5's, IP addresses, and domains. you are trying to find.

3. Safeguard System and Other Media For Forensic Collection.

4. Collect Suitable Logs. - Windows Events, Proxy, NetFlow, Anti-Virus, Firewall,

etc. may include this. At both the network and the endpoint stages, it is vital to
display the story.

PNP CYBERCRIME INCIDENT RESPONSE PROCEDURE

CYBERCRIME RESPONSE
- Cybercrime response is the actual police interference in a cybercrime incident
where inside the hardware, software, and network of the device the acquisition of
evidentiary value issues is traceable.

GUIDELINES FOR CYBERCRIMES INCIDENT FIRST RESPONDER

a. When responding to a cybercrime incident or a crime scene where computers (or
electronic devices, digital media and other similar devices) are present, the first
responder (FR) must be able to secure, capture and scan the same and be able
to locate possible evidence using the following questions as a guideline to
determine its role in the commission of the crime;

1) Is it a contraband or is it the product of a crime?

2) Is it an instrument used to commit a crime?
3) Is it just incidental to the crime, that is to be used to store proof of the crime?
4) Is it offense and a holding device for evidence both instrumental?

b. After defining the theories about the role of the machine in the commission of the
crime, the first responder should consider the following questions that are
necessary for any further police intervention:

1) Is there any probable cause for the hardware to be seized?

2) Is there any probable cause for the software for the software to be seized?
3) Is there any probable cause for the data to be seized?
4) Where will be search and confiscation be performed?
 c. A Warrant issued by the court includes the search of computers (or electronic
devices, digitals media, and other similar devices) and the seizure of data from
them.
d. Reasonable collection techniques shall be used in order to retain the confiscated
data sought.

e. The evidence obtained is subject to forensic analysis by professional staff.

During the trial, the findings of the forensic specialist would be made available.

SEARCH AND SEIZURE OF COMPUTER

The following are the criteria for the operations of search and seizure upon
determination of how the computer was used in the commission of the crime and after
the legal specifications have been complied with:

a. SECURE THE SCENE

1) The protection of officers is always paramount.
2) For potential fingerprints, conserve the place.
3) Restrict access to the device immediately.
4) Isolate yourself from phone lines

b. SECURE THE COMPUTER AS EVIDENCE

1) if you have a “off” computer, do not turn it on.
2) If the computer is ON, do not turn it OFF. Nor do you touch either your mouse or
your keyboard.
c. FOR STAND-ALONE CONNECTIONS OR SINGLE AREA CONNECTION
COMPUTER
1) Consult a computer specialist.
2) Is a specialist being not available;

a) Photograph and detach all power sources and connections, including those at
the back of computer;
b) Over each drive slot, put proof tape:
c) Photograph (or draw a diagram) and mark pieces, including their links, located at
the back of the computer:
d) Mark all connectors and cable ends to allow reassembly as needed.
EXAMPLE: “Socket” marked “A” and the cable end “also marked A”;

a. If transport is required pack the components prior to transport as “fragile cargo”:

b. Keep away from magnets radio transmitters and any other environment that is
hostile:
c. Ensure that the search for any evidence found in the computer hardware is
performed only by a computer hardware is performed only by a computer
forensic expert; and
d. Ensure that the hard disk of the device is duplicated by the forensic specialist
and that the original is retained for possible court presentation by the proof
custodian. Using only the imaged disk, further search and analysis is carried out.
d. FOR NETWORKED COMPUTERS (Or business computers)
1) For help. Consult a computer expert
2) Do not pull the plug automatically to stop.

a. significant machine damage.

b. the disturbance of a legitimate company and
c. potential responsibility for police.
GUIDELINES IN THE TREATMENT OF OTHER ELECTRONIC DATA STORAGE
DEVICES.

The FR should recognize that it is possible for other electronic devices to

produce viable evidence related to crime. The FR must make sure that the computer
cannot be accessed unless an emergency occurs. If access to the device is required,
the FR should ensure that any acts relevant to the misuse of the device are recorded. in
order to record the chain of custody and to ensure that it is accepted as evidence in
court.

SEARCH AND SEIZURE OF WIRELESS TELEPHONES

The following are the criteria for the operation of search and seizure after
deciding how the wireless telephone system was used in the commission of the crime,
and once the legal specification have been complied with;

a. If the system is ‘ON” then do not turn “off” on it;

1) It could trigger the lockout function by turning “OFF”

2) Write down all the details on show and secure a photograph if necessary.
3) Powering down before transport (bring all power supply cords found at the
scene).

b. Leave “OFF” if the system is “OFF”;

1) Turning it on could change the evidence in the system.

2) Take it to an expert as soon as possible after a seizure or call the nearest service
provider.
3) Make an effort to find some manual instructions specific to the unit.

ELECTRONIC PAGING DEVICES SEARCH AND SEIZURE

The FR should note that only when incidental to a lawful arrest, when permission
has been granted and when a warrant has been released, will be search for stored data
an electronic paging system be performed.

FACSIMILE OR FAX MACHINES SEARCH AND SEIZURE

 If the fax machine is “ON”, the FR should note that powering it down will cause
the last number dialed or other stored fax numbers to be lost. The FR should also note
that the header line should be the same as the telephone line, and that all the manuals
and the computer should be confiscated if necessary.

CALLER ID DEVICES SEARCH AND SEIZURE

a) Potential proof found in called id systems, such as phone numbers and
subscriber information from incoming phone calls, should be known by the FR.
b) The FR should note that disruption of the caller id devices power supply can
cause date loss if the internal battery backup is not secured.
c) The FR must also ensure that all stored data is registered before the computer is
confiscated or there could be data loss. All confiscated electronic equipment shall
be transferred to the anti- cybercrime group (ACG) and to the local
regional/provincial crime laboratory (R/PCLO) in the absence of ACG in the city.

CHAPTER 3
DEPARTMENT OF JUSTICE (DOJ) OFFICE OF CYBERCRIME AND THE PNP ANTI-CYBERCRIME
GROUP
The office of the Cybercrime (OOC) was established within the DOJ by the Republic Act No. 10175
or the Cybercrime Prevention Act of 2012 and named it as the Central Authority for all matters relating to
international mutual assistance and extradition for cybercrime and cyber-related matters.
In formulating and implementing law enforcement investigation and prosecution strategies to curb
cybercrime and cyber-related crimes nationally, it also serves as the focal agency.

POWERS AND FUNCTIONS

a) Act as a competent authority for all request for assistance for investigation or proceedings concerning
cybercrimes, facilitate the provision of legal or technical advice, preservation and production of data,
collection of evidence, giving legal information and location of suspect;
b) Act on complaint/ referral, and caused the investigation and prosecution of cybercrimes and other
violation of the act;
c) Issue preservation orders addressed to service providers;
d) Administer oaths, issues subpoena and summon witnesses to appear in an investigation at proceedings
for cybercrime;
e) Require the submission of timely and regular report including pre-operational, post operational and
investigation results, and such other documents from the PNP and NBI for monitoring and review;
f) Monitoring the compliance of the service providers with the provision of chapter lV of the act, in rule 7 and
8 hereof;
g) Facilitate international cooperation with other law enforcement agencies on intelligence, investigations,
training and capacity building related by cybercrime prevention, suppression and prosecution.
h) Issue and promulgate guidelines, advisories and procedures in all matters related to cybercrime
investigation, forensic evidence recovery and forensic data analysis consistent with industry standard
practices;
i) Prescribe forms and templates, including, but not limited to, those for preservation orders, chain of
custody, consent to search, consent to assume account/ online identity, and request for computer forensic
examination;
j) Undertake the specific roles and responsibilities of the DOJ related the cybercrime under the
implementing rules and regulation of republic act no. 9775 or the anti- child pornography act of 2009"; and
k) Perform such other act necessary for the implementation of the act.

THE PNP ANTI CYBERCRIME GROUP (ACG)

As the Philippines discover the wonders and advantages the cyberspace has to offer, it is
increasingly reliant on it. Nevertheless, with the growing focus on the internet comes the possibility of
exposure to rapidly changing threat and risk. It is therefore critical that the government of the Philippines
establish irrational intelligible and strategic response to the security challenges that may arise.
The Philippine National Police (PNP) pressed for the activation of the PNP anti-cybercrime group
(ACG) on 20 March 2013 as a proactive response to all cyber security problems, knowing the dangers of
cybercrime and the security risk raised in our cyberspace.
The PNP-ACG conceptualized and believed that there must be a synergy between the following
components in order to combat cybercrime and to improve cyber security;
Organization and staff competence and capacity building
1. Private and public collaboration
2. Strong international relationship
3. Public awareness and advocacy and;
4. Implementation of rules, policies and regulation that are strong
The PNP conducted consultations and networks with various foreign law enforcement agencies,
ICT industries, academies and other stakeholders in order to create a credible cybercrime unit within CIDG.
The government information security incident response team (GCSIRT) was launched on August 5,
2004 in line with the program of the task force for the security of critical infrastructures (TFSCI) under the
office of the president of the Philippines.
 Via CIDG's Anti Transnational Crime Division, GCSIRT became the focal point for reporting on all
internet-related security breaches and organize support structure across all government departments to
respond to such threats.

ORGANIZATIONAL FUNCTIONS
DIRECTOR
PGBEN ROBERT T RODRIGUEZ, Current Director PNP Anti-Cybercrime Group
 Guide supervises and monitors the ACG of the PNP, including tactical and strategic movements
the deployment and use of its resources for the performance of the task specified.
 Conduct intensive and sustained cybercrime operation by organized crime groups, syndicated
groups, high-profile internet using celebrities and computer-related device as the key component of
their illegal activities;
 Strengthen its capability and capacity to enforce investigates and digitally analyzes anti-cybercrime
operation
 Performing other duties as directed by the PNP Chief

DEPUTY DIRECTOR
PCOL ARMEL S GONGONA, Current Deputy Director for Administration
 Assist the PNP ACG Director in monitoring, directing and organizing the activities of the PNP ACG
in the management and operations of the group;
 Advising and supporting the PNP ACG Director in implementing the Group's policies and
programs; and
 Perform other duties in the PNP ACG as second in command, or act in the absence of the latter.

CHIEF of STAFF
 Guide oversee and manage the group's administrative affairs, as well as encourage cooperation
among the various PNP ACG divisions and units; and
 To perform other duties as directed by the PNP ACG Director.

ADMINISTRATIVE & RESOURCES MANAGEMENT DIVISION (ARMD)

 Advising the Director, PNP ACG on staff and service support matters;
 Supervising, preparation and coordination of the group's administrative functions;
 Formulate and execute plans and programs relating to the personnel matters, organizational,
financial, maintenance and other administrative needs; and
  Perform other assignments as directed.

INVESTIGATION MANAGEMENT DIVISION (IMD)

 Oversees the conduct of the division’s intelligence, procedures and investigative activities;
 Formulate policies on PNP ACG information, operations & investigations;
 Create and maintain the PNP ACG database, including data from evidence;
 Monitoring all incidence of cybercrime;
 Conduct digital forensic research on confiscated evidence
 Recommend steps to work with law enforcement authorities to increase the admission of digital
forensic evidence to the courts
 Coordinates on issues to resolve digital forensic analysis issues with other agencies;
 Attend trials in court;
 Perform advanced training and workshop on cybercrime activities (in conjunction with the PNP
Training Service)
 Send to the Director, PNP ACG, periodic reports; and
 Perform other assignments as directed.

CYBER SECURITY UNIT (CSU)

 Planning and coordinating the execution of the Group's cyber security research conduct analysis
and research to strength PNP ACG ability to proactively address cybercrime's and cyber threats
 Recommend policy amendment steps to strengthen the functioning, investigation and prosecution
of cybercrimes;
 Coordinating on issues to combat cybercrime and improve cyber protection with other agencies;
 To manage the website of the PNP ACG and other associated public web service; and
 Perform other assignments as directed

PNP ANTI-CYBERCRIME FIELD UNITS

 Carrying out information, programs, operations and inquiries in the AOR against cybercrime and
cyber security;
 To enforce PNP ACG plants, orders, directives and programs in the AOR;
 Ensure the submission of regional level periodic reports and case monitoring;
 Collaborate with other regional level agencies to discuss issues of cybercrime and cyber security in
the region;
 Digital Forensic Analysis of the facts provided in the AOR;
 Perform the required regional level training.
 Perform other assignments as directed.

 KEY OFFICERS

COMMAND GROUP

PBGEN ROBERT T RODRIGUEZ

Director
 PCOL ARMEL S GONGONA
Deputy Director for Administration

PCOL BERNARD R YANG

Deputy Director for Operation

PCOL REYNALDO S CELESTINO

Chief of Staff

DIVISION CHIEFS

PCOL MARLO A CASTILLO

Chief, Administrative and Resources Management Division

PCOL FIDEL B FORTALEZA JR

Chief, Operation Management Division

PCOL ALBERTO D GARCIA JR

Chief, Investigation Division

PCOL NOVA G DE CASTRO-AGLIPAY

Chief, Legal Affair Division

CYBER UNIT CHIEFS

PLTCOL IRENE C CENA

OIC, Women and Children Cybercrime Protection Unit

PCOL FROILAND B LOPEZ

Chief, Cyber Patrolling and Intelligence Unit

PCOL ARLENE G CASTOR

Acting Chief, Cyber Security Unit

PLTCOL ROBERT D BONGAYON JR

OIC, Cyber Financial Fraud Crime Unit

PCOL FERDINAND S RAYMUNDO

Chief, Cyber Response Unit

PLTCOL BERNARD B MADRID

OIC, Digital Forensic Unit
 PEMS Jenny W Allaga
Group Executive Senior Police Officer

REGIONAL ANTI-CYBERCRIME UNITS

PCOL DOMINGO D SORIANO

Chief, Regional Anti-Cybercrime Unit 1

PLTCOL CHRISTOPHER N LUYUN

OIC, Regional Anti-Cybercrime Unit 2

PCOL TIRSO D MANOLI

Chief, Regional Anti-Cybercrime Unit 3

PCOL MARY IVY E SALAZAR

Chief, Regional Anti-Cybercrime Unit 4A

PCOL JOSEPH G TALENTO

Chief, Regional Anti-Cybercrime Unit 4B

PCOL DENNIS R RELLATA

Chief, Regional Anti-Cybercrime Unit 5

PCOL ELMER V MORA

Chief, Regional Anti-Cybercrime Unit 6

PCOL FERDINAND S RAYMUNDO

Chief, Regional Anti-Cybercrime Unit 7

PCOL COLUMBO ALLAN A ABERIA

Chief, Regional Anti-Cybercrime Unit 8

PLTCOL ALLAN D DOCYOGEN

OIC, Regional Anti-Cybercrime Unit 9

PLTCOL LEMUEL B GONDA

OIC, Regional Anti-Cybercrime Unit 10

PCOL BENBO P JUMALON

Chief, Regional Anti-Cybercrime Unit 11
 PCOL JUNNY S BUENACOSA
Chief, Regional Anti-Cybercrime Unit 12

PCOL DYAN V AGUSTIN

Chief, Regional Anti-Cybercrime Unit 13

PLTCOL ABDULWAHID U PEDTUCASAN

OIC, Regional Anti-Cybercrime Unit BARMM

PLTCOL MA THERESA G PUCCAY

Chief, Regional Anti-Cybercrime Unit Cordillera

DISTRICT ANTI-CYBERCRIME TEAM

PMAJ JAQUELINE G TA-A

TL, Quezon City District Anti-Cybercrime Team

PMAJ REYNALDO T SALIM

TL, Manila District Anti-Cybercrime Team

PCPT FRANKLIN A LACANA

TL, Southern District Anti-Cybercrime Team

PMAJ ELY D COMPUESTO

TL, Eastern District Anti-Cybercrime Team

PMAJ ARVIN S CREENCIA

TL, Northern District Anti-Cybercrime Team

CAPABILITIES OF PNP ANTI CYBERCRIME GROUP (ACG)

CYBER RESPONSE
 Investigating cybercrime
 Cybercriminal Arrest
 Seizure of digital evidence
CYBER SECURITY
 Perform vulnerable assessment
 Carrying out penetration testing
 Post bulletins on cyber security
  Carrying out seminars on cyber security
DIGITAL FORENSIC
 Computer forensic exam output
 Performance of forensic analysis of mobile phones
 Conducting a video forensic exam

LOCATION DIGITAL FORENSIC OF THE PNP LABORATORIES SIX (6) FULLY FUNCTIONAL
These PNP officers are capable of performing computer, mobile, audio, and video forensic
examinations and may react within their geographical areas of responsibility to investigate the occurrence
of cybercrime operations.
1) Camp Crame
2) Cebu City
3) Davao City
4) General Santos City
5) Legazpi City
6) Zamboanga City

NOTABLE ANTI-CYBERCRIME OPERATIONS

Source: Excerpt from the Country Report On Cybercrime: The Philippines, Police Senior Superintendent
Gilbert C. Sosa, PESE, EnCE, MCSE. PNP-ATCCD-CIDG Accomplishment Report from CY 2003 to CY
2012.

Terrorist Financing "Telecom Fraud Scam"

With the support of the FBI and the US Embassy in Manila, the PNP conducted a search and
seizure operation against an alleged gang of telecom hackers who had targeted a US telecom in sales firm
on November 24, 2011. More than $2 million in sales was wasted. The criminal organization is reportedly
linked to an international militant for fund raising the organization that was responsible for funding the 2008
terrorist attack in Mumbai, India.

Transnational Telecom Fraud Scam "Chinese & Taiwanese Fraud Ring"

In separate raids in Manila on May 26, 2012, the PNP, working with Chinese & Taiwanese police,
detained 37 alleged activities members of foreign telecom fraud. Assorted ICT devices used by the
syndicate in their criminal activities was searched and confiscated.
The defendants were charged with violating the Access Device Regulation Act of 1988 (RA, 8484).
Transnational Telecom Fraud Scam "Chinese & Taiwanese Fraud Ring"
PNP-CIDG, PAOCC, NISF, BID, DOJ, China and Taiwan Embassies conducted joint search and
seize warrant operations in Manila and Rizal on August 23, 2012, resulting in the confiscation of numerous
electronic and telecom equipment and the arrest of 380 people, the majority whom were Chinese and
Taiwanese nationals. The defendants were charged with violating the Access Device Regulation Act of
1998 (R.A. 8484).
✓ Presidential Anti-Organized Crime Commission (PAOCC)
✓Naval Intelligence and Security Force (NISF)
✓Bureau of Immigration Philippines (BID)
✓Department of Justice (DOJ)
✓Philippine national Police - Criminal Investigation and Detection Group (PNP-CIDG)
To be specific in the location, suspected members of a cybercrime and human trafficking syndicate
were arrested in simultaneous raids in Quezon City, Marikina City, and Cainta and Antipolo City in Rizal
province. The Criminal Investigation and Detection Group (CIDG) said among those arrested were the two
suspected financiers of a group involved in credit card fraud and human smuggling in Taiwan and China.
According to Director Samuel Pagdilao Jr., CIDG chief, this is the biggest and most resolute
operation carried out by law enforcement units in the history of anti-cybercrime drive [in the Philippines.
Arrested during the operations, which were covered by search warrants issued by Manila Regional Trial
Court Judge Marino de la Cruz Jr., were Chinese-Filipino Maria Luisa Tan and Jonson Tan Co, said to be
the financiers of the group, Pagdilao said in a statement.
Using the Internet, members of the syndicate would claim to represent [the Chinese] police,
prosecutor’s office, courts, insurance companies, banks and other financial institutions when they call their
victims.
The suspects would tell their unsuspecting victims that their personal bank accounts were under
investigation for supposedly being used in money laundering and terrorist activities.
After threatening them, the syndicate would order their victims to deposit their money in a “safe
account that the syndicate would provide.”

According to the CIDG’s deputy director for operations, Senior Supt. Keith Singian, the group’s
modus operandi “is a classic example of the operations of criminal syndicate in China, only this time, the
suspects who are foreigners have used the Philippines as base of operations.”

ATM / Credit Card Fraud Syndicate

 Three Malaysian nationals were detained by police in Iloilo City on April 20, 2013, on suspicion of
stealing money from ATM card holders. ATM booths are equipped with a small camera and a skimming kit.
Credit card details is intercepted and used to steal money from the victim's bank account using advanced
card software. The defendants were charged with violating the Access Device Regulation Act of 1998 (R.A.
8484).
Chief Insp. Efren Lozada, head of the Mandurriao police station, said mall guards saw the
Malaysians acting suspiciously near ATM machines at the mall a day before their arrest.
The Malaysians have been identified as Ching Seng Jun, 25, Chang Yong Siang, 32, and Tan
Boon Fooi, 24.
Police recovered from them skimming devices, P10,990 in peso and different currencies, three
ATM cards and five mobile phones.
Skimming involves the installation of devices, including ATM card readers and surveillance
cameras, on ATM machines.
The devices secretly gather card information and record the personal identification number (PIN) of
ATM card owners. The stolen information is transferred to another ATM card enabling access to the hacked
bank account.

Internet Fraud /Scam "WakaNetwork.com"

PNP-ACG and Mabolo Police Station executed a search and seizure warrant at Interface Techno-
Phil Cebu city on May 15, 2013. The aforementioned call center was selling fraudulent waka gift cards to
US people. Suspects is charged with violating R.A. 8484, the "Access Device Regulation Act of 1998, as
well as Article 212 of of the Public Revised Officials. "Penal Code, which deals with "Corruption of Public
Officials."
The call center company operated by a certain Sylvia Norton is allegedly deceiving their
international customers through a dubious package deal. The allegation however was denied by the
company’s legal counsel, Glenn Villariza.
The police claimed to have received a tip from two agents about the centers alleged scam. It is
said that the center through its agents call potential members based in the United States and convince
them to be a member of the Waka Network Savings and avail of their discount freebies that include 100
dollars worth of gasoline and a gift certificate from Walmart.

Potential members register for a charge of US$2.99 online. However, unexplained additional
charges are subtracted from the member’s credit card. The tipsters said that their customers failed to get
freebies and would often complain to the agency, which they could not also explain since what they do is
just make outbound calls.
 During the raid, 400 units of computers were confiscated while 120 agents have been invited for
questioning. The center’s operator was not around during the raid because she is based in another country.
Lynevie Cabanilla, a call center agent, said that their company has been operating for over a year.
She said she had no idea that their center is operating a scam. Cabanilla said she did not also know that
additional charges are being incurred upon online registration.

Illegal Internet Pharmacy Operation

On July 11, 2012, ATCCD-CIDG executed a search and seizure warrant at Subangdaku, Mandaue
City, Cebu's "724 Care Call Center" for allegedly promoting and selling fake Viagra and counterfeit Pfizer
drugs to US citizens. Representatives of the pharmaceutical company Pfizer went to the CIDG national
headquarters in Manila to report the alleged activity. Lawyer Dominador Cafe, the call center’s legal
counsel, denied that the company sells fake Viagra and other medicines.
The call center reportedly belongs to a Canadian national married to a Filipina. Café said the call
center has been operating for five years. According to its website (www.pfizer.com), Pfizer Global Security
conducted a survey in May last year to find out how many online pharmacies in the United States were
selling fake Viagra. Viagra (sildenafil citrate) is a prescription drug for men with erectile dysfunction.
The search warrant authorized the confiscation of hardware used in the alleged transactions.
These included a router, hard drives, modems, desktops, keyboards, servers, LAN cables, and storage
hardware devices. The confiscated items were forwarded to the Anti-Transnational Cyber Crime Division in
Lahug, Cebu City for investigation. Charges of violating Republic Act 8484 or the Access Devices
Regulation Act of 1998 may be filed against the call center company, if the evidence warrants it.

Corporate Illegal System Hacking

Shin Un-Sun (recidivist Korean hacker) who is wanted by both the PNP and the Korean National
Police Agency for large scale Internet fraud was apprehended by ATCCD-CIDG in Batangas Province on
October 4, 2011, pursuant to an Interpol and KNP international warrant for allegedly breaking into the
Hyundai. customer database, stealing about 420,000 customer accounts, and extorting money from
Hyundai Capital Corp. Sun, the perpetrator, was handed over to the Immigration Bureau and will be
deported to South Korea.

CHAPTER 4
INTERNATIONAL DIMENSIONS OF CYBERCRIME
Cybercrime often has an international dimension. E-mails with illegal content often pass through a
number of countries during the transfer from sender to recipient, or illegal content is stored outside the
country. Within cybercrime investigations, close cooperation between the countries involved is very
important. The existing mutual legal assistance agreements are based on formal, complex and often time-
consuming procedures, and in addition often do not cover computer-specific investigations. Setting up
procedures for quick response to incidents, as well as requests for international cooperation, is therefore
vital. A number of countries base their mutual legal assistance regime on the principle of "dual criminality".
Investigations on a global level are generally limited to those crimes that are criminalized in all participating
countries. Although there are a number of offenses such as the distribution of child pornography that can
be prosecuted in most jurisdictions regional differences play an important role. One example is other types
of illegal content, such as hate speech. The criminalization of illegal content differs in various countries.
Material that can lawfully be distributed in one country can easily be illegal in another country. The
computer technology currently in use is basically the same around the world. Apart from language issues
and power adapters, there is very little difference between the computer systems and cellphones sold in
Asia and those sold in Europe. An analogous situation arises in relation to the Internet. Due to
standardization, the network protocols used in countries on the African continent are the same as those
used in the United States. Standardization enables users around the world to access the same services
over the Internet. The question is what effect the harmonization of global technical standards has on the
development of the national criminal law. In terms of illegal content, Internet users can access information
from around the world, enabling them to access information available legally abroad that could be illegal in
their own country.
Theoretically, developments arising from technical standardization go far beyond the globalization
of technology and services and could lead to the harmonization of national laws. However, as shown by the
negotiations over the first Protocol to the council of Europe Convention on cybercrime (the "Convention on
Cybercrime"), the principles of national law change much more slowly than technical developments.
Although the Internet may not recognize border controls, there are means to restrict access to certain
information. The access provider can generally block certain websites and the service provider that stores a
website can prevent access to information for those users on the basics of IP-addresses linked to a certain
country ("IP-targeting"). Both measures can be used to retain territorial differences in global network. The
Open Net initiative reports that this kind of censorship is practiced by about two dozen countries.
Cybercrimes and International Organizations
From a legal perspective, the following conventions have tackled the issue of cybercrime, where
the UN has a draft a treaty on an international Court or Tribunal for cyber space. The convention took place
in Mumbai in November 2016. In the treaty mentions who has jurisdiction over internet crimes, and who is
considered a cybercriminal and thus must be liable to punishment The Council of Europe Convention on
Cybercrime (2001) states types of cybercrimes, and declares that any person liable to these actions is
sanctioned through deprivation of liberty, however to what extent, is not mentioned. The CECC has met
every year since and added more definitions to what is considered as cybercrimes.
The League of Arab States Convention on Combating Information Technology Offences states that
each member state of the convention should be committed to fulfill its obligations arising states interior
affairs. The convention clearly stated that no state should respect the sovereignty of others states.
Moreover, the Convention also endows with the imposition of sanctions on the lives, withholding some
information, amendment, mail fraud, or posting obscene material.
 The Commonwealth of Independent States agreement on Cooperation in combating Offenses
related to computer Information (2007) define the type of criminal acts, who are the competent authorities,
forms of cooperation to combat cybercrime, and how to request their assistance in case of being victimized.
The Shanghai Cooperation Organization Agreement in the Field of International Information Security (2008-
2012) states that the members are "firmly convinced that terrorism separatism and extremism, as be
justified under any circumstances, and that the perpetrators of such acts should be prosecuted under the
law. The African Union Convention of Cyber security and Personal Data Protection (June 27, 2014) state
the online activities should be exercised freely except:
 Gambling, even in the form of legally authorized betting and lotteries;
 Legal representation and assistances activities;
 Activities exercised by notaries or equivalent authorities in application of extant texts.
Scholars and Cybercrimes
Many Scholars have written about cybercrimes, but have approached the problem in many ways.
Due to the different types of cybercrimes, some focused on categorizing them and others focused on
specific types of crimes. Kit Burden stated that there are two types of cybercrimes, the ones that are "e-
enabled", meaning crimes that were known to the world before the internet, but are facilitated through the
World Wide Web, and "true" cybercrimes, meaning crimes that would not exist outside the online
environment.
The Cyber-Criminal- Understanding the behavioral analysis of the criminal:
For some time now, forensic psychologist and behavioral scientist have been working in
collaboration with law enforcement agencies to incorporate psychological science into criminal profiling. But
what is criminal profiling?.
Criminal profiling seeks to identify criminals by analyzing their behavior after they have engaged in
crime. The fundamental rational is simple; If a certain behavior and evidence in a crime are found to be in
common with other crimes, then there is a big probability that it is the same criminal activity because
behavior is related to the psycho-socio characteristics of offender.
Behavior is shaped by the choices criminals make while committing a crime. This could include the
method of the crime, the location of the crime, and the choice of the targeted victims i.e, victimology, etc.
This data is then combined with physical evidence collected from the crime scene of the crime. Once the
data has been collected, it is then compared with the characteristics of recognized personality types of
mental abnormalities. This process later develops a practical working description of an offender, for
example when a baby is kidnapped, but a body has not been found, it usually signifies that the kidnapper
may be a female between the age of 30 and 40 who had recently lost a child of her own. The lack of body
signifies that the baby will substitute for the "lost baby" of the kidnapper. If the baby was a child or if the
baby was murdered then the whole profile would be completely different.
Criminal profiling emerged as a new tool for investigation at the beginning of the 20th century,
starting with the case of the infamous Jack, the Ripper killings in England. However it has only been recent
that this science has caught the eye of the public, after TV shows such as a CSI, Criminals minds, the
Mentalist, Lie to me and so on included studying the mind of a killer in their plot. However, what can
profiling contribute to when dealing with cybercrimes? Research has proved that the criminal profiling is
estimated to have a success rate of 83 percent when assisting traditional investigations. Moreover, due to
the fact that cybercrime is a new unpaved addition to the "new world", officials would seek all the help they
can get in order to catch the invisible criminal, especially when physical evidence is lacking in a cybercrime.
The world of cybercrime restructures the rules of criminal investigation. Unlike traditional crime
scenes, the evidence found mostly exists only in the cyber-world; in a network, computer, or the internet.
Moreover, it is this faceless aspect of cybercrime that complies its challenge. However, if cyber criminals
depend on the pseudo- anonymous nature of the internet and need this technology to camouflage their true
identities, then it is up to security leaders to use this to their advantage. Fortunately, a cybercriminal's
facelessness is considered as a signature behavior, a motivation, and an MO (modus operandi). Criminal
profiling relies heavily on such clues because not all cyber criminals have the same maturity in technique,
behavior, characteristics and motives, making every cybercrime unique. This means that the hackers are
not the same as traffickers, furthermore hackers also aren't all the same.
Modus Operandi
Modus Operandi - (Latin: “operating method”) in criminology, refers to a method of operation or
pattern of criminal behavior so distinctive that separate crimes or wrongful conduct are recognized as the
work of the same person.
If, for example, a burglar begins his career by entering houses from the roof, he will, in all
probability, continue this method for as long as he is able to work. Some burglars become so attached to
their modus operandi that they burglarize the same places or people again and again.
At a minimum, every Modus Operandi will contain three basic elements namely:
 Ensure success of the crime;
 Protect identity; and
 Facilitate effective escape.
There are various modus operandi usually adopted by cyber criminals for the successful commissioning of
their crime. Common forms of them are described in this module:
Sending Annoying Messages - With the advent of technology and globalization smartphones and
computers have become very handy. But each and every coin is two faced. The beneficiary side of
technology is better communication, time harvesting and many more but at the same time often people are
exploited by others by sending annoying and harassing messages either in the form of text i.e. SMS or in
the form of multimedia content i.e. MMS.
Data theft - stands for the alteration of form of data by entering, suppressing or corrupting the
original data by unscrupulous means so as to gain undue advantage. These can be done in various forms
such as:
 Data Didling: - It involves changing data with malicious intention during or before
processing it into the computer.
  Data Leakage: - It pertains to illegally copying the master file information from a computer
for ransom, blackmailing, or any other fraudulent purpose.
 Data Spying: - It refers to accessing the files or digital data from a remote location by using
legitimate password or cracking the password. This data is then sold to others for a profit.
 Scavenging: - It refers to obtaining and reusing the information which have been left over
processing in or around the computer system.
Identity Theft
 It involves stealing the identity of a person by dishonest use of someone’s electronic signature,
password, or other unique identifying features.
 It includes credit card fraud, Online Share trading scams, e-banking crimes, fraudulent
transactions, etc.
Intellectual Property Theft - It involves the duplicating the original and genuine work of a person
without his proper consent and without any accreditation to him.
 Patent & Copyright Infringement: - This is a traditional type of intellectual property theft where one
produces copied material or process from another for profit.
 Software Piracy: - One gets a copy of original software & duplicates it for the purpose of selling it
for a profit.
 Reseller Piracy: - Original Hardwares are sold with pirated property.
Financial Attack - Offenders often clones the web page of a bank or any organizing or social site in
the name of enhancing their security or updating their services or creating a fake webpage in the place of
genuine, which is a look alike page of original, in order to collect personnel information at various stage and
abuses the information and abuse the information for causing wrongful loss, fraudulent transfer of funds in
internet banking. These can be operated in following ways:
 Spoofing: - Spoofing of sites normally happens in banks official page with an intention of financial
fraud. Other sites are spoofed either for personnel pleasure or misleading the audience or for
causing embracement to a particular group of people.
 Phishing: - This involves creating a fake page which is very similar to the genuine page for secretly
capturing the credentials of the victims.
 Online Fraud: - This is the next step after phishing or spoofing. Once the culprit gets the valuable
credentials of the victim he can use it for online shopping, e-banking, etc.
 Online Gambling: - This is much worse than real life gambling as such pages are deliberately made
to lure the victim and fall a prey to the tricks of a cybercriminal/expert, causing them to lose a good
amount of wealth.
 Cyber Laundering: - Black money is transformed into white money through various portals of online
gambling or online shopping
WEB Page Hacking - Hacking can be termed as unauthorized access to any electronic media of
communication. In this method the genuine page of a web site is mutilated by altering the content of the file
and appearance causing embarrassment to any reputed firm an may lead to denial of service, causing a
heavy loss. These can be achieved through following ways:
  Web Jacking - This is another phishing technique that can be used along with social
engineering. Attackers create a fake website and when the victim opens the link a page
appears with the message that the website has moved and they need to click another link.
If the victim clicks the link that looks real he will redirected to a fake page
 Click Jacking - it occurs when a scam artist or a cyber-expert places an invisible button or
other user interface element over top of a seemingly innocent web page button or interface
element using a transparency layer, which one can't see. In other words it can also be
defined as altering the proper functioning of any key and harassing the victim. For example
the functioning of right mouse button can be interchanged with Delete command.
Cyber Bullying - It refers to bullying of one person by another person over a digital media on the
condition of any data that is significant & valuable to him or just for the purpose of harassing the victim and
gaining pleasure from it.
Cyber Espionage - is the act of obtaining personnel, sensitive proprietary or classified information,
generally in corporate sectors, without permission. For this purpose especially professionals or hackers are
hired.

Obscenity & Child Pornography - It involves the spreading of obscene and nude or semi-nude pictures
and videos resulting in social harassment and sometimes be the sole reason behind the death of the victim
(specially females).
 Sextortion is an online modus operandi wherein the victim after being befriended and having online
romantic relationship will be lured to do sexual acts in front of a webcam. Unbeknownst to him,
taking advantage of the trust built in a short period of time, the suspect will record his sexual acts
and threaten the victim of uploading it if he will not send money in exchange of deleting or giving
the soft copy of the nude photographs or videos.
Consequences for developing countries
Finding response strategies and solution to the threat of cybercrime is a major challenge,
especially for developing countries. A comprehensive anti-cybercrime strategy generally contains technical
protection measures, as well as legal instruments. The development and implementation of these
instruments needs time. Technical protection measures are especially cost-intensive. Developing countries
need to integrate protection measures into the roll-out of the internet from the beginning, as although this
might initially raise the cost of internet services, the long-term gains in avoiding the costs and damage
inflicted by cybercrime are large and far outweigh any initial outlays on technical protection measures and
network safeguards. The risk associated with weak protection measures could in fact affect developing
countries more intensely, due to their less strict safeguard and protection. The ability to protect customers,
as well as firms, is a fundamental requirement not only for regular businesses, but also for online or internet
-based business. In the absence of internet security, developing countries could encounter significant
difficulties promoting e-business and participating in online service industries. The development of technical
measures to promote cyber security and proper cybercrime legislation is vital for both developed countries
and developing countries. Compared with the costs of grafting safeguards and protection measures onto
computer networks at a later date, it is likely that initial measures taken right from the outset will be less
expensive. Developing countries need to bring their cybercrime strategies into line with international
standards from the outset.
Preventing Cyber-Crime and Future Opportunities for Managing Cybercrime
Cybercrime which is also known as 'Internet crimes' or 'computer crimes ' is any criminal activity
that uses a computer either as an instrument, target or a means for perpetuating further crimes or offenses
or contraventions under any law.
Determinant Factors for preventing Cyber Crime
1. Law Enforcement
The law enforcement is very weak and in order to strengthen the law, the maximum fine should be
increased as well as the imprisonment so that the guilty will be charged.
2. Attitude Awareness
In order to prevent cyber-crimes, creating attitude awareness during online business is important.
Business entrepreneurs from the survey are unaware cyber-crime, thus, Awareness programs on
preventing cyber-crime should educate them in order to ensure entrepreneurs feel safe during online
business transaction.
3. Ethics
A good ethics while doing online business transaction should be addressed by entrepreneurs and they
should respect potential buyers and seller by giving detail information and respect each other during online
business.
4. IT Technology
Information technology infrastructure is comprehensive, thus, cybercrime prevention strategies should
remain a top concern as enterprise now must support more devices such tablets and smartphones. The
enterprises should equip them with knowledge and update technology security devices so that can protect
from cyber criminals.
Cybercrime prevention framework
Figure 3 shows example of cybercrime prevention framework obtained from the survey done in
order to look at cybercrime prevention from the perspective of government and non-government
organizational (NGO). Prevention of cybercrime highlight that government leadership plays an important
part in crime prevention, combined with cooperation and partnerships across ministries and between
authorities, community organizations, non-governmental organizations, the business sector and private
citizens.
 This research identifies four factors such law enforcement, attitude awareness, ethics and IT
technology have impact toward preventing cybercrime. At present law enforcement should be reviewed by
the government so that new amendment will protect online business users. Creating attitude awareness
during online business transaction is important to help both parties’ seller and buyer. Apply god ethics will
increase trust toward buyers while online business transaction. The business entrepreneur should equip
with latest information technology, and updated security system will prevent being attack by a cyber-
criminal.

Understanding the rights of the victim

Committing crimes online facilities anonymity of identity and location. Moreover, as mentioned
above, due to lack of territory and ease of access, one can commit a cybercrime thousands of miles away.
This make it easier for the criminal to commit crimes but harder for police and other law enforcement
organizations to bring them to justice.
What makes cybercrime an even bigger opportunity for a criminal is the fact that law enforcement
agencies seldom have qualified agents that can deal with the issue, consequently considering cybercrime
the least of their priorities.
Furthermore, if, by any chance the offender was identified and arrested, then the criminal will be
taken to court. Compensation and justice however, will depend on the role the victim played in the crime
and how ignorant they were.
International Laws and Cybercrimes
When one looks at existing international laws that could contribute to the international affairs of
cyber law we can take article 1 of the United Nations Code of Conduct for Law Enforcement Officials that
clarifies that the responsibility of law enforcement is to execute the duty forced upon them by law, "by
serving the community" and "by defending all persons from illicit acts."
This duty is extended to the complete range of prohibitions under penal statutes. However, as
cybercrime acts grow to be more common and widespread, law-enforcement agencies progressively face
the question of what "serving" and "protecting" in the perspective of a crime within global dimensions really
means.
A study done by the United Nations Office of Drugs and Crimes reported that more than half of the
world's countries testified that between fifty and one-hundred percent of cybercrime acts faced by the police
involve an international element.
Thus, responding countries pointed out that the majority of cybercrime acts are discovered by the
police through individual victim reports.
Therefore, the UNODC came to the conclusion that cybercrime generally transpire globally, but are
reported locally. Here one finds the need for collaboration between nation states in order to avoid
jurisdiction problems. Cyberattacks are becoming highly developed and more difficult to discover especially
when new techniques promptly find their way to a broader audience. There are certain international
organizations that have started to tackle the issue of cybercrimes. Starting from 2005 when the "Electronic
Transaction and Information Law" was presented to the Law House in Indonesia in July, and when the
"Council of Europe Convention on Cybercrime" was ratified in Norway on the 4th of November, when the
States Senate in the Netherlands formed a committee that introduced a proposal for legislation on
Computer crime on the 20th of December, and when the " Computer security and Critical information in
Infrastructure Protection Bill 2005 (Sb254)" was introduced to the National Assembly in Nigeria on the 22nd
of December. Up to this day when in November 2016 an International Convention on Cyber Crimes will
take place in Mumbai India that will try to establish an international unified cyber law.
When one looks at me International Organization and their significance, one must look at whether
they are binding on states or none-binding. Almost half are non-binding. For binding mechanism, the
geographic scope is usually determined by the nature and framework of the organization. Hence, for
instance, the League of Arab States Convention's main principle is "to strengthen and improve cooperation
between the Arab States."
Likewise, the "Commonwealth of Independent States Agreement that abolished the USSR, labels
"the members" as "independent States," and the Draft African Union Convention is foreseen to be open to
"Member States of the African Union."
However, not all members of the organization may be participants to the original agreement and
where the agreement is prone to ratification, approval, or acceptance not all participants may have
accepted such changes or agreements. Some ratifications, additions and changes are opened for signature
external of the membership of the organization where this "additional belief" was developed. For example,
The Council of Europe Cybercrime Convention was open for membership by state of the Council of Europe
AND by "non-members States which have contributed in its expansion." Founding states become the
current state that have answer over the entry of new state applying for membership usually with
accordance to the rules that were set in the "original" treaty agreement.
Treaties may be one of three things when it comes to its recruitment policies. It is "open" when any
state may become a member by simply articulating their intent to join and follow the presented treaty terms.
It is "semi-open" when membership is approved by a majority vote from contracting states. And finally it is
considered as "closed" when membership requires a unanimous vote from the contracting states.
An example of a closed membership is the Council of Europe Cybercrime Convention, where after
the Committee of Ministers, of the Council of Europe consult with the contracting states of the Convention
and obtain their unanimous consent, may they "invite any State that is not a member of the Council and
has not participated in its foundation and expansion." Similarly, the Commonwealth of Independent States
Agreement is "open for membership by any other State prepared to be bound by the requirements, only
after all parties agree." On the other hand, The Shanghai Cooperation Organization Agreement is said to
be "open to membership by any state that believes in the same principles and goals of the agreement".
Organizations and Treaties developed under the "sponsorship" of the United Nations usually have
the broadest geographical scope. The convention on law of the sea is open for "membership by any state."
Globally, 82 counties have ratified and/or signed 1 of the binding cybercrime organizations, and some
countries have signed and became members of more than one organization.
Even though there is a possibility of joining more than one international organization that
contributes to dealing with cybercrimes, facts point out that even till this day no single IO has a global
geographic reach of membership. The Council of Europe Cybercrime Convention has the leading number
of signatures/ memberships with 43 member-states, and 5 Non-member States of the Council of Europe.
The League of Arab States Convention has 18 countries/members, the Commonwealth of Independent
States Agreement has 10 countries/members, and the Shanghai Cooperation Organization Agreement has
6 countries/members.

Human Rights and Cyber Crimes

Human Rights in the digital age has posed many controversial issues and the dilemma of being put
under the position of choosing which human right/law is more appropriate to apply when dealing with the
internet. Considering both article 3 and article 12 from the Universal Declaration of Human Rights, as they
respectively declare: "Everyone has the right to life, liberty and security of person", and family, home or
correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of
the law against such interference or attacks.
One notices that the progress in information communication technology is facilitating access to
information altering these technologies in the process of becoming very susceptible for interception. What
is even more frightening are the new recent discoveries that have exposed how new technologies are being
secretly developed to facility these practices, with high efficiency.
 Using this as an excuse, it is no longer a secret that the government has been keeping tabs on
citizens' private information whether it is from phone calls or search history from explored engines such as
Yahoo and Google, to "protect".
This is why in December 2013, the United Nations General Assembly executed resolution 68/167,
which articulates deep concern at the negative impact on the interception and surveillance of the citizen's
communication and online activities may have on human rights. The general assembly came to the
imperative realization that the rights people practice offline must also be protected online; and it is the
State’s responsibility to impose the respect and protection of the right to privacy in digital communication.
That is why the General Assembly called on all States to inspect their procedures, legislation, and practices
related to communications inception, collection, and surveillance. It is stressed the need for states to
guarantee the complete and effective implementation of their obligations to adopt and implement the
international human rights law. A year later, on the 13th of November 2014, as its 27th session, the Human
Rights Council assembled a panel to discuss the right to privacy in the "digital age" tackling the subject of
surveillance.
The report was then presented to the General Assembly at its sixty-ninth session. One month later,
in December 2014, Resolution 69/166 was adopted, and the General Assembly encouraged the Human
Rights Council to deem the possibility of establishing a special procedure to promote this aim.
In April 2015, the Human Rights Council executed resolution 28/16 at its twenty-eighth session,
and decided to assign a Special Reporter, for a period of three years, on the right to privacy. The resolution
assigned the Special Reporter, along with other privacy responsibilities, to report on suspected violations
of the right to privacy that are connected to the challenges cropping up from new technologies. States were
obliged to fully cooperate and support the Special Reporter.

Economic Impact of Cybercrimes

Putting a number on the cost of cybercrime, and cyber is the tip of the iceberg, but the body of that
iceberg is the effect on competitiveness, technology, trade, and trust.
While the cost of cybercrime to the global average of 400 billion dollars every year, the dollar
amount, as much as it may seem, may not fully reveal the real damage done to the global economy.
Cybercrime also slows the rate of innovation, disrupt trade, and create social costs from job loss. This
larger effect could be more significant than any actual number.

As the world evolves, so will all its aspects: the good and the bad. That being said, one must not
forget to "modify" the definition of crime, meaning that the face of crime has evolved. Megabytes are
substituting for bullets and the scary part is that no weapon can fight this ongoing battle except for weapon
of knowledge and cooperation.
How can one combat the threat of cybercrime? Before tackling the issue on an international level
and point out the importance of establishing a conventional relationship between states, there are critical
elements every state should adopt in itself first, that will improve domestic law enforcement response to
reported acts of cybercrime.

These elements include:

1. Establishing a successful legal framework that allows investigative measures to reach the proper
balance between the respect for personal privacy and investigative authority;
2. Sufficient access to unintrusive investigative tools and inquiry methods during investigation, such
as obtaining electronic evidence from third parties like internet service providers, to trace activity
and not content.
3. Adequate training and technical capability for both specialized and non-specialized law
enforcement agents.
4. Providing training workshops in schools, universities, banks, companies, and relevant work fields
that raise awareness on cybercrimes.
5. Introduce the "Hack for Good Program", in which law enforcement agencies hire the hackers they
arrest in exchange for exemption of imprisonment to help them catch cybercriminals. In other
words, using "criminals to catch criminals".
However, implementing these security measures and elements is difficult and could take time to
master. This is why governments need to use what they have as domestic criminal laws as a base to build
upon new laws for cybercrimes.