Criminal Fundamentals of Cybersecurity

Questions and Answers

What is the primary motivation of criminals using critical infrastructure for their actions?

• Fun or entertainment
• Patriotic ideals
• National security
• Money (correct)

What term is used for hackers who have limited skills but can still cause damage?

• Black Hat Hackers
• Script Kiddies (correct)
• Nation State Adversaries
• White Hat Hackers

Which group is characterized by individuals using hacking for fun with minimal damage?

• Script Kiddies
• Joy Hacks (correct)
• Black Hat Hackers
• Money Makers

What is the best way to counteract a hacker according to common advice?

Think like a hacker (C)

What do Black Hat Hackers primarily seek when gaining unauthorized access?

Malicious purposes (C)

Who could be categorized as Nation State Adversaries?

Government Intelligence Agencies (B)

What does the term 'Money Makers' refer to regarding hackers?

Hackers exploiting machines for profits (D)

What is common among most hackers when starting their activities?

They begin as Script Kiddies (D)

What does the term 'Cyber Security' refer to?

Preservation of confidentiality, integrity, and availability of information (A)

What are the two key aspects organizations must protect to achieve CIA objectives?

Application security and data security (A)

Which act is known as the Cybercrime Prevention Act of 2012?

R.A. 10175 (D)

What is the primary purpose of R.A. 10173?

To protect individual personal information (C)

What does 'Critical Infrastructure' refer to?

Systems and assets essential for national security and public safety (B)

Which of the following is an offense related to the confidentiality and integrity of computer data?

Illegal Access (C)

What does the term 'cybersex' refer to in the context of cybercrime?

The sharing of pornographic content (C)

What is one of the main goals of implementing cybersecurity measures?

To ensure the availability of services (C)

What is the penalty for malicious disclosure?

1-65 years imprisonment and a 500K-1M penalty (C)

Which of the following describes unauthorized disclosure?

Disclosing information without a legitimate purpose and consent (D)

Which act defines cybercrime in the Philippines?

Republic Act 10175 (C)

What constitutes cyber squatting?

Acquiring a domain name in bad faith for profit (C)

Which of the following is considered 'illegal access' in cybercrime?

Unauthorized access to any part of a computer system (C)

Which act involves willful engagement with sexual content online?

Cybersex (D)

What type of crime involves the alteration or deletion of data with fraudulent intent?

Computer-Related Forgery (C)

Which of the following is an example of data interference?

Intentional alteration or deletion of computer data (B)

What does Data Interference involve?

Intentional or reckless alteration or deletion of computer data (D)

What act is defined under the Anti-Child Pornography Act of 2009?

Intentional acts of child pornography through a computer system (C)

Which of the following is a component of Misuse of Devices?

Production and distribution of devices without right (B)

What does Cyber Squatting entail?

Acquisition of a domain name over the internet in bad faith (D)

What defines the unlawful act of Libel in relation to computer systems?

Online defamation as defined in Article 355 of the Revised Penal Code (C)

What is a Data Privacy Violation?

Illegal or unwanted acts that threaten privacy rights (B)

What does Unauthorized Processing refer to?

Processing personal information without proper authorization (B)

What is the potential penalty for forgery related to computer data?

3-6 years imprisonment and a fine between 500K and 4M (D)

What is malicious disclosure?

Disclosing unwarranted or false information with malice (D)

What constitutes unauthorized access or intentional breach?

Unlawfully breaking into a system with sensitive information (C)

What does unauthorized processing refer to?

Engaging in data processing without lawful criteria or consent (B)

What is an example of negligence in access?

Failing to secure personal information leading to unauthorized access (B)

What does the concept of concealment of breach involve?

Ignoring the obligation to report a known security breach (D)

What is defined as unauthorized disclosure?

Disclosing personal information without proper consent (D)

What can be considered as unauthorized purpose?

Processing personal information for purposes not permitted by law (A)

Which Act focuses on protecting individual personal information?

R.A. 10173 (C)

Study Notes

Criminal Fundamentals of Information and Network Security

• Criminals utilize critical infrastructure for nefarious activities, primarily motivated by financial gain.
• Common threats to critical infrastructure include espionage, terrorism, and attacks from groups like Anonymous, driven by patriotic or principled causes.
• Various hacker types exist, ranging from beginners to experienced professionals, including Script kiddies who lack real skills but can still cause significant damage.

Types of Hackers

• Black Hat Hackers: Unauthorized access to systems with malicious intent, often exploiting vulnerabilities.
• Joy Hacks: Inexperienced hackers engaging in acts for fun with minimal skill, often targeting unpatched systems.

Cyber Security Essentials

• Defined as ensuring confidentiality, integrity, and availability of information in cyberspace.
• Achieving CIA objectives necessitates robust application and data security.

Critical Infrastructure

• Comprises systems, networks, and assets essential to national security, economic stability, and public safety.
• All other sectors depend primarily on the information technology sector.

Cybercrime Legislation in the Philippines

• R.A. 10175 (Cybercrime Prevention Act of 2012): Defines cybercrime and outlines penalties, focusing on unauthorized access, system integrity, and unauthorized processing.
• R.A. 10173 (Data Privacy Act of 2012): Protects individual personal information, establishing a National Privacy Commission for enforcement.

Cybercrime Offenses

• Illegal Access: Unauthorized entry into computer systems.
• Illegal Interception: Unlawful data interception via technical means.
• Data Interference: Reckless alteration or deletion of computer data.
• System Interference: Disruption of computer or network functionality.
• Misuse of Devices: Unauthorized use or distribution of devices for illegal purposes.
• Cyber Squatting: Bad faith acquisition of domain names for profit.

Types of Cybercrimes Under R.A. 10175

• Cybersex: Using computers to conduct lascivious exhibitions.
• Child Pornography: Acts defined under Republic Act No. 9775, punishable by law.
• Libel: Defamation committed via computer systems.

Data Privacy Concepts

• Difference between data privacy and right to privacy; privacy violation concerns illegal acts that harm an individual's privacy rights.
• Reporting mechanism exists for data privacy violations through a National Privacy Commission.

Cybercrime Penalties

• Varied imprisonment terms and financial penalties exist for offenses like unauthorized processing, malicious disclosure, and unauthorized disclosure of personal information.

Key Sectors of Critical Infrastructure

• Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health.

Description

Explore the essential concepts of cybersecurity, including the types of hackers and their motivations. This quiz covers topics such as critical infrastructure security and the importance of confidentiality, integrity, and availability in protecting information. Test your knowledge on the various threats and the roles different hacker types play in cybercrime.