Tuesday, September 15, 2009

Summary of R.A. 8792 (E Commerce Law)

Summary of R.A. 8792 (E Commerce Law)

Republic Act 8792, was signed into law last June 14, 2000. It is a landmark legislation in the history of the Philippines. Not only has this bill made the country a legitimate player in the global marketplace. The Philippine Internet community has played a major role in pushing for its passage. The law took effect last June 19, 2000.


With the Philippines relaxed stock market listing rules plus a proposed vibrant investment priorities program in place, Filipinos here and abroad, and its foreign partners, have something to look forward for.


Here are the salient features of Republic Act 8792:


It gives legal recognition of electronic data messages, electronic documents, and electronic signatures. (section 6 to 13)
Allows the formation of contracts in electronic form. (section 16)
Makes banking transactions done through ATM switching networks absolute once consummated. (section 16)
Parties are given the right to choose the type and level of security methods that suit their needs. (section 24)
Provides the mandate for the electronic implementation of transport documents to facilitate carriage of goods. This includes documents such as, but not limited to, multi-modal, airport, road, rail, inland waterway, courier, post receipts, transport documents issued by freight forwarders, marine/ocean bill of lading, non-negotiable seaway bill, charter party bill of lading. (section 25 and 26)
Mandates the government to have the capability to do e-commerce within 2 years or before June 19, 2002. (section 27)
Mandates RPWeb to be implemented. RPWeb is a strategy that intends to connect all government offices to the Internet and provide universal access to the general public. The Department of Transportation and Communications, National Telecommunications Commission, and National Computer Center will come up with policies and rules that shall lead to substantial reduction of costs of telecommunication and Internet facilities to ensure the implementation of RPWeb. (section 28)
Made cable, broadcast, and wireless physical infrastructure within the activity of telecommunications. (section 28)
Empowers the Department of Trade and Industry to supervise the development of e-commerce in the country. It can also come up with policies and regulations, when needed, to facilitate the growth of e-commerce. (section 29)
Provided guidelines as to when a service provider can be liable. (section 30)
Authorities and parties with the legal right can only gain access to electronic documents, electronic data messages, and electronic signatures. For confidentiality purposes, it shall not share or convey to any other person. (section 31 and 32)
Hacking or cracking, refers to unauthorized access including the introduction of computer viruses, is punishable by a fine from 100 thousand to maximum commensurating to the damage. With imprisonment from 6 months to 3 years. (section 33)
Piracy through the use of telecommunication networks, such as the Internet, that infringes intellectual property rights is punishable. The penalties are the same as hacking. (section 33)
All existing laws such as the Consumer Act of the Philippines also applies to e-commerce transactions. (section 33) Anyone who uses the Internet, computer, cellular phone, and other IT-enabled devices has the duty to know RA8792. As the old saying goes, "Ignorance of the law doesn't excuse anyone."
There were several hacking/cracking incidents that took place in the past five years. I am worried that these people behind the hacking attempts are completely ignoring RA8792 or The E-Commerce Law. In one of my public speaking engagements, I was asked how come there are still so many hacking attempts even now that we have a law. Is it unenforceable?
I fear that as e-commerce takes off in the government and private sector, the moment we run to law enforcers in times of trouble, they will not be able to help us.
The law enforcement agencies such as the National Bureau of Investigation and Philippine National Police are continuously beefing up their skills. It is sad to note however that they have not received any form of funding for their training and cybercrime equipment. Whatever they have right now are donated by foreign governments in the form of training and equipment. Despite limited resources, the conviction of the first Filipino hacker under Republic Act 8792 puts high marks on our enforcement of the E-Commerce Law.
The business community and Internet users must contribute and work with government to take action on this. It is not the Cybercrime bill that is important today, giving appropriate funding for cybercrime enforcement is, that will allow the creation of cybercrime helpdesks all over the country.
In addition, it requires vigilance from the Internet community as well. If you know of someone that has made these hacking actions, report them. It is the duty of every Filipino to report these crimes. They can contact the Cyber Crime Anti Fraud Division of the National Bureau of Investigation at Taft Ave., Manila, phone number (632) 5254093 and look for Director Reynaldo Wycoco or Atty. Elfren Meneses, Jr. Those who became victims as well should report it and not just ignore it, change the site, and move on. If this is the attitude that site owners will show, unlawful actions such as this, regardless of best or worst intention, will never cease. The web hosting, Internet Service Provider, phone companies should extend their best cooperation as well to facilitate efficient investigation in this regard.
More importantly, what the hackers should realize that just because they were not caught now, does not mean they are already off the hook. What they are only doing is accumulate offenses. One day, the hand of the law will reach them. Once that happens, all of these offenses can be combined into a one big case that can put them to jail longer than they think. Even if the owners of the sites that they were able to hack decide not to pursue a case against them, it does not mean they no longer have a liability. The hacking/cracking/piracy provision of the E-Commerce Law makes such acts as criminal offenses in nature, therefore what can only be waived, should the companies decide not to sue them, is the civil liability (monetary damages) and the criminal liability will still be pursued by the state.
I hope that publications can play a role in sparking vigilance among Internet users of this country and the world against acts of hacking/cracking/piracy. The act of hacking should never be glamorized and even make these people who commits these acts as heroes. It may send a wrong signal that our younger Internet generation might misunderstand.
These people are seeing that they're getting the media mileage and attention that they long for and see it like a merit/badge of their hacking accomplishment. Being published, talked about, is I'm very sure, a big deal for some of these guys.
I hope to see the computer publications as a medium in making the Internet users vigilant and not scared/wary of these hackers. Perhaps feature articles on how the NBI, ISPs, phone companies, National Security Council, handle these incidents.
Hacking, cracking, piracy is a crime under RA8792. The iron hand of the law must be fully enforced or else this can propagate further and cause irreparable damage to the Philippine Internet industry as a whole. The increase number of hacking incidents these past few weeks is already alarming. Worst, these people seems to be enjoying it and not even bothered with the consequences.

Intellectual Property Rights

Intellectual Property Rights (IPRs) are rights to make, use, and sell anew product or technology that are granted, usually for a period of 17-20years, solely to the inventor or the corporation which files a claim on theinventor's behalf. They generally take the form of patents, trademarks, orcopyrights and have traditionally fallen under the domain of national law.Different countries have produced different IPR laws, each one a balancebetween industry's desire to capitalize on its investments in technologicaldevelopment and the rights of society to benefit from the knowledge andresources of its country.

Computer Hackers and Their Contribution to I.T. Industry

Computer Hackers and Their Contribution to I.T. Industry

Jonathan James:

James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.

Adrian Lamo


Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

Kevin Mitnick


A self-proclaimed "hacker poster boy," Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick's mischief got serious when he went on a two and a half year "coast-to-coast hacking spree." The CNN article, "Legendary computer hacker released from prison," explains that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.

Kevin Poulsen


Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.

Robert Tappan Morris


Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.

Stephen Wozniak


"Woz" is famous for being the "other Steve" of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.
Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger.
Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak's cherished scientific calculator and Jobs' VW van for capital and got to work assembling prototypes in Jobs' garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing "what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help." Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."

Tim Berners-Lee


Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.
While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, "Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television." Technological innovation seems to have run in his genes, as Berners-Lee's parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.
While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.

Tsutomu Shimomura


Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.


Raphael Gray


was just 19 when he hacked computer systems around the world over six weeks between January and February 1999 as part of a multi-million pound credit card mission. He then proceeded to publish credit card details of over 6,500 cards as an example of weak security in the growing number of consumer websites.


Masters of Deception (MOD)


was a New York-based hacker group. MOD reportedly controlled all the major telephone RBOC's and X.25 networks as well as controlling large parts of the backbone of the rapidly emerging Internet.


Legion of Doom (LOD)


was a very influential hacker group that was active from the 1980s to the late 1990s and early 2000. Their name appears to be a reference to the main antagonists of Challenge of the Superfriends.
LOD was founded by the hacker Lex Luthor, after a rift with his previous group the Knights of Shadow (much as the Masters of Deception would later be founded after Phiber Optik had a rift with Chris Goggans and LOD, eventually leading to the Great Hacker War and disbanding of both groups).
At different points in the group's history, LOD was split into LOD and LOD/LOH (Legion of Doom/Legion of Hackers) for the members that were more skilled at hacking than pure phone phreaking.

All Kinds of Computer Viruses/Worm & Their Effects

All Kinds of Computer Viruses/Worm & Their Effects

Nimda
is a computer worm, and is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.
The worm was released on September 18, 2001[1]. Due to the release date, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.
The worm's name spelled backwards is "admin".

I love you
This worm began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States),[1] causing about $5.5 billion in damage.[2] By 13 May 2000, 50 million infections had been reported.[3] Most of the "damage" was the labor of getting rid of the worm. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.[4]
This particular malware caused widespread outrage. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user's contact list. Because it was written in Visual Basic Script, this particular worm only affected computers running the Microsoft Windows operating system. While any other computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected.

Melissa worm
also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus. As it is not a standalone program, it is not in fact a worm.

Melissa can spread on word processors Microsoft Word 97 and Word 2000 and also Microsoft Excel 97, 2000 and 2003. It can mass-mail itself from e-mail client Microsoft Outlook 97 or Outlook 98.
If a Word document containing the virus, either LIST.DOC or another infected file, is downloaded and opened, then the macro in the document runs and attempts to mass mail itself.
When the macro mass-mails, it collects the first 50 entries from the alias list or address book and sends itself to the e-mail addresses in those entries.

Code Red worm
was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. The CodeRed worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named the worm CodeRed because they were drinking Pepsi's Mountain Dew CodeRed over the weekend they analyzed it and because of the worms references to China. Specifically the worm code contained the phrase "Hacked By Chinese!" with which the worm defaced websites. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
The worm exploited a vulnerability in the indexing software distributed with IIS, described in MS01-033, for which a patch had been available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated character 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine.

Conficker

also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has more than five million computers now under its control — government, business and home computers in more than 200 countries, according to the New York Times. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.

Boot's viruses

Computers' operating systems are composed of programs usually disk resident. Whenever you turn on your computer, it searches for a specific disk area which contains some vital information about the disk itself (MBR Master Boot Record). After reading this area, your computer is able to recognize some disk's features, such as sectors number. Then, it has to read the boot record, an area containing all statements to load the operating system. Operating systems can be loaded either from hard disks or floppy disks. Anyway, your computer read always the first sector of disk, that, in case of hard disk contains the MBR, and, in case of floppy contains the boot record.
The virus acts by moving the blocks of statements needed to start the operating system (boot record) to a different zone of disk. Then it copy itself where there was the original block. The last virus' statement is that will let the real boot record available for system's starting. So, the virus (remember, it's just a program) is launched whenever you start your computer. If you leave a floppy disk inside your turned off PC, when you will turn on it, the machine will detect its presence, and it will attempt to load the operating system from the floppy disk. It will read the first disk sector which, as we know by now, contains the virus.

Companion viruses


On MsDos systems, when two files with the same name are located in the same directory, one with '.com' extension and the other with '.exe' extension, the Dos always will launch '.com' files before than '.exe' files. Companion viruses copy themselves with the same name of infected '.exe' files. But with '.com' extension! So, if you launch 'your-file' executable file (your-file.exe), the Dos will use your-file.com file (a copy of virus).
This kind of viruses are not active on Windows 95 environment, but if you launch it inside of a Dos window, it's really dangerous again!.
File system's viruses
This kind of virus changes the system's FAT (File Allocation Table). Inside the FAT there is an index of names and addresses of files. File system's viruses change it to make the system launch the virus before than the original program.

Macro viruses


This is the last virus generation. They use certain programs (such as Word or Excel) features. This programs use a specific language to let users build macros. A macro is just a set of operations (as opening documents or saving them). It's possible to build 'models', that will be associated with documents, in order to let the program (a word processor like Word, for example) execute them on opening of such documents. So, in this case, the virus is just a macro: but containing harmful operations for your system!

Time viruses


I'm talking about these viruses which 'sleep' for a while, inside of infected files, and which wake up whenever special conditions occur, such as special dates (on the first of April, for example) or after a certain number of starting of your system, or simply, after a while.
ANSI viruses
On MsDos systems, you can associate commands with any key of keyboard. Well, there are a few of viruses which use this option. they can associate the 'format c:' command with the 'v' key, or 'del *.exe' command with enter key! These associations are written inside of the config.sys file.

Trojan horses


They aren't really viruses, because they can't produce a copy of themselves, but they are really dangerous. You can't identify them, because they are hidden inside of normal programs. They don't produce effects for a while, and you think that your system is clean. But they come out in an unforeseeable way. Very famous is the 'PKZIP300.EXE' trojan horse, which isn't the new version of PKZIP program (its last release never reached 3.0!). Antiviruses can nothing in these cases. However it isn't so easy to meet a trojan horse. Usually they are so famous that it's pretty difficult to load them inside computers.

Software Piracy and Their Sanctions

Software Piracy and Their Sanctions

Software piracy is a term that is frequently used to describe the copying or use of computer software in violation of its license (commonly referred to as an end user licensing agreement or EULA). Interestingly, not only the concept, but also the term itself, is highly controversial.1
The copying and selling of software in violation of its EULA is extremely common in many parts of the world, particularly in the so-called developing economies, such as China, Southeast Asia, Eastern Europe and Latin America. In fact, in such regions typically the vast majority of computers contain unofficial copies of commercial software. Moreover, this practice is far from unusual even in the higher income, industrialized countries.
Inability to Stop
Software developers have tried various techniques to eliminate so-called software piracy because of the loss in their revenue that can result from it. These techniques have included publicity about the harm that it supposedly causes, electronic copy protection, surprise audits of businesses, requiring users to contact the vendor to obtain an installation code, legal action, and the selling of less expensive versions with reduced functionality.
However, such measures have generally met with little success, as determined users soon discover ways to avoid or defeat them. Moreover, some of them have actually alienated users by making software more difficult to install or use, notably the tedious task of typing in long registration codes and the annoyance of having to call the vendor after installation or reinstallation to obtain an authorization code.
The main success of these techniques has been in the higher income, industrialized countries, particularly within large businesses and other organizations. This is largely because of the stronger enforcement of copyright laws in such countries and the fear of surprise audits and heavy fines by the Business Software Alliance (BSA)2, as permitted by the EULAs. The BSA is a not-uncontroversial, international organization that was set up by the largest software vendors to enforce compliance with their EULAs.

Posts (Atom)