Criminal Fundamentals of Cybersecurity

Questions and Answers

What is the primary motivation of criminals using critical infrastructure for their actions?

Fun or entertainment

Patriotic ideals

National security

Money (correct)

What term is used for hackers who have limited skills but can still cause damage?

Black Hat Hackers

Script Kiddies (correct)

Nation State Adversaries

White Hat Hackers

Which group is characterized by individuals using hacking for fun with minimal damage?

Script Kiddies

Joy Hacks (correct)

Black Hat Hackers

Money Makers

What is the best way to counteract a hacker according to common advice?

Think like a hacker

What do Black Hat Hackers primarily seek when gaining unauthorized access?

Malicious purposes

Who could be categorized as Nation State Adversaries?

Government Intelligence Agencies

What does the term 'Money Makers' refer to regarding hackers?

Hackers exploiting machines for profits

What is common among most hackers when starting their activities?

They begin as Script Kiddies

What does the term 'Cyber Security' refer to?

Preservation of confidentiality, integrity, and availability of information

What are the two key aspects organizations must protect to achieve CIA objectives?

Application security and data security

Which act is known as the Cybercrime Prevention Act of 2012?

R.A. 10175

What is the primary purpose of R.A. 10173?

To protect individual personal information

What does 'Critical Infrastructure' refer to?

Systems and assets essential for national security and public safety

Which of the following is an offense related to the confidentiality and integrity of computer data?

Illegal Access

What does the term 'cybersex' refer to in the context of cybercrime?

The sharing of pornographic content

What is one of the main goals of implementing cybersecurity measures?

To ensure the availability of services

What is the penalty for malicious disclosure?

1-65 years imprisonment and a 500K-1M penalty

Which of the following describes unauthorized disclosure?

Disclosing information without a legitimate purpose and consent

Which act defines cybercrime in the Philippines?

Republic Act 10175

What constitutes cyber squatting?

Acquiring a domain name in bad faith for profit

Which of the following is considered 'illegal access' in cybercrime?

Unauthorized access to any part of a computer system

Which act involves willful engagement with sexual content online?

Cybersex

What type of crime involves the alteration or deletion of data with fraudulent intent?

Computer-Related Forgery

Which of the following is an example of data interference?

Intentional alteration or deletion of computer data

What does Data Interference involve?

Intentional or reckless alteration or deletion of computer data

What act is defined under the Anti-Child Pornography Act of 2009?

Intentional acts of child pornography through a computer system

Which of the following is a component of Misuse of Devices?

Production and distribution of devices without right

What does Cyber Squatting entail?

Acquisition of a domain name over the internet in bad faith

What defines the unlawful act of Libel in relation to computer systems?

Online defamation as defined in Article 355 of the Revised Penal Code

What is a Data Privacy Violation?

Illegal or unwanted acts that threaten privacy rights

What does Unauthorized Processing refer to?

Processing personal information without proper authorization

What is the potential penalty for forgery related to computer data?

3-6 years imprisonment and a fine between 500K and 4M

What is malicious disclosure?

Disclosing unwarranted or false information with malice

What constitutes unauthorized access or intentional breach?

Unlawfully breaking into a system with sensitive information

What does unauthorized processing refer to?

Engaging in data processing without lawful criteria or consent

What is an example of negligence in access?

Failing to secure personal information leading to unauthorized access

What does the concept of concealment of breach involve?

Ignoring the obligation to report a known security breach

What is defined as unauthorized disclosure?

Disclosing personal information without proper consent

What can be considered as unauthorized purpose?

Processing personal information for purposes not permitted by law

Which Act focuses on protecting individual personal information?

R.A. 10173

Study Notes

Criminal Fundamentals of Information and Network Security

• Criminals utilize critical infrastructure for nefarious activities, primarily motivated by financial gain.
• Common threats to critical infrastructure include espionage, terrorism, and attacks from groups like Anonymous, driven by patriotic or principled causes.
• Various hacker types exist, ranging from beginners to experienced professionals, including Script kiddies who lack real skills but can still cause significant damage.

Types of Hackers

• Black Hat Hackers: Unauthorized access to systems with malicious intent, often exploiting vulnerabilities.
• Joy Hacks: Inexperienced hackers engaging in acts for fun with minimal skill, often targeting unpatched systems.

Cyber Security Essentials

• Defined as ensuring confidentiality, integrity, and availability of information in cyberspace.
• Achieving CIA objectives necessitates robust application and data security.

Critical Infrastructure

• Comprises systems, networks, and assets essential to national security, economic stability, and public safety.
• All other sectors depend primarily on the information technology sector.

Cybercrime Legislation in the Philippines

• R.A. 10175 (Cybercrime Prevention Act of 2012): Defines cybercrime and outlines penalties, focusing on unauthorized access, system integrity, and unauthorized processing.
• R.A. 10173 (Data Privacy Act of 2012): Protects individual personal information, establishing a National Privacy Commission for enforcement.

Cybercrime Offenses

• Illegal Access: Unauthorized entry into computer systems.
• Illegal Interception: Unlawful data interception via technical means.
• Data Interference: Reckless alteration or deletion of computer data.
• System Interference: Disruption of computer or network functionality.
• Misuse of Devices: Unauthorized use or distribution of devices for illegal purposes.
• Cyber Squatting: Bad faith acquisition of domain names for profit.

Types of Cybercrimes Under R.A. 10175

• Cybersex: Using computers to conduct lascivious exhibitions.
• Child Pornography: Acts defined under Republic Act No. 9775, punishable by law.
• Libel: Defamation committed via computer systems.

Data Privacy Concepts

• Difference between data privacy and right to privacy; privacy violation concerns illegal acts that harm an individual's privacy rights.
• Reporting mechanism exists for data privacy violations through a National Privacy Commission.

Cybercrime Penalties

• Varied imprisonment terms and financial penalties exist for offenses like unauthorized processing, malicious disclosure, and unauthorized disclosure of personal information.

Key Sectors of Critical Infrastructure

• Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health.

Description

Explore the essential concepts of cybersecurity, including the types of hackers and their motivations. This quiz covers topics such as critical infrastructure security and the importance of confidentiality, integrity, and availability in protecting information. Test your knowledge on the various threats and the roles different hacker types play in cybercrime.