Provisions that penalize the issue of online defama tion (Philippine Law)

LIBEL
Section One. — Definitions, forms, and punishment of this crime.

Art. 353. Definition of libel. — A libel is public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead.

Art. 354. Requirement for publicity. — Every defamatory imputation is presumed to be malicious, even if it be true, if no good intention and justifiable motive for making it is shown, except in the following cases:

1. A private communication made by any person to another in the performance of any legal, moral or social duty; and

2. A fair and true report, made in good faith, without any comments or remarks, of any judicial, legislative or other official proceedings which are not of confidential nature, or of any statement, report or speech delivered in said proceedings, or of any other act performed by public officers in the exercise of their functions.

Art. 355. Libel means by writings or similar means. — A libel committed by means of writing, printing, lithography, engraving, radio, phonograph, painting, theatrical exhibition, cinematographic exhibition, or any similar means, shall be punished by prision correccional in its minimum and medium periods or a fine ranging from 200 to 6,000 pesos, or both, in addition to the civil action which may be brought by the offended party.

Art. 356. Threatening to publish and offer to present such publication for a compensation. — The penalty of arresto mayor or a fine from 200 to 2,000 pesos, or both, shall be imposed upon any person who threatens another to publish a libel concerning him or the parents, spouse, child, or other members of the family of the latter or upon anyone who shall offer to prevent the publication of such libel for a compensation or money consideration.

Art. 357. Prohibited publication of acts referred to in the course of official proceedings. — The penalty of arresto mayor or a fine of from 20 to 2,000 pesos, or both, shall be imposed upon any reporter, editor or manager or a newspaper, daily or magazine, who shall publish facts connected with the private life of another and offensive to the honor, virtue and reputation of said person, even though said publication be made in connection with or under the pretext that it is necessary in the narration of any judicial or administrative proceedings wherein such facts have been mentioned.

Art. 358. Slander. — Oral defamation shall be punished by arresto mayor in its maximum period to prision correccional in its minimum period if it is of a serious and insulting nature; otherwise the penalty shall be arresto menor or a fine not exceeding 200 pesos.

Art. 359. Slander by deed. — The penalty of arresto mayor in its maximum period to prision correccional in its minimum period or a fine ranging from 200 to 1,000 pesos shall be imposed upon any person who shall perform any act not included and punished in this title, which shall cast dishonor, discredit or contempt upon another person. If said act is not of a serious nature, the penalty shall be arresto menor or a fine not exceeding 200 pesos.

Section Two. — General provisions
Art. 360. Persons responsible. — Any person who shall publish, exhibit, or cause the publication or exhibition of any defamation in writing or by similar means, shall be responsible for the same.

The author or editor of a book or pamphlet, or the editor or business manager of a daily newspaper, magazine or serial publication, shall be responsible for the defamations contained therein to the same extent as if he were the author thereof.

The criminal and civil action for damages in cases of written defamations as provided for in this chapter, shall be filed simultaneously or separately with the court of first instance of the province or city where the libelous article is printed and first published or where any of the offended parties actually resides at the time of the commission of the offense: Provided, however, That where one of the offended parties is a public officer whose office is in the City of Manila at the time of the commission of the offense, the action shall be filed in the Court of First Instance of the City of Manila, or of the city or province where the libelous article is printed and first published, and in case such public officer does not hold office in the City of Manila, the action shall be filed in the Court of First Instance of the province or city where he held office at the time of the commission of the offense or where the libelous article is printed and first published and in case one of the offended parties is a private individual, the action shall be filed in the Court of First Instance of the province or city where he actually resides at the time of the commission of the offense or where the libelous matter is printed and first published: Provided, further, That the civil action shall be filed in the same court where the criminal action is filed and vice versa: Provided, furthermore, That the court where the criminal action or civil action for damages is first filed, shall acquire jurisdiction to the exclusion of other courts: And, provided, finally, That this amendment shall not apply to cases of written defamations, the civil and/or criminal actions which have been filed in court at the time of the effectivity of this law.

Preliminary investigation of criminal action for written defamations as provided for in the chapter shall be conducted by the provincial or city fiscal of the province or city, or by the municipal court of the city or capital of the province where such action may be instituted in accordance with the provisions of this article.

No criminal action for defamation which consists in the imputation of a crime which cannot be prosecuted de oficio shall be brought except at the instance of and upon complaint expressly filed by the offended party. (As amended by R.A. 1289, approved June 15, 1955, R.A. 4363, approved June 19, 1965).

Art. 361. Proof of the truth. — In every criminal prosecution for libel, the truth may be given in evidence to the court and if it appears that the matter charged as libelous is true, and, moreover, that it was published with good motives and for justifiable ends, the defendants shall be acquitted.

Proof of the truth of an imputation of an act or omission not constituting a crime shall not be admitted, unless the imputation shall have been made against Government employees with respect to facts related to the discharge of their official duties.

In such cases if the defendant proves the truth of the imputation made by him, he shall be acquitted.

Art. 362. Libelous remarks. — Libelous remarks or comments connected with the matter privileged under the provisions of Article 354, if made with malice, shall not exempt the author thereof nor the editor or managing editor of a newspaper from criminal liability.

Source:
http://www.chanrobles.com/revisedpenalcodeofthephilippinesbook2.htm

Case studies - Computer Security Under Attacks

Case 1: Illegal Data Mining

The owner of Snipermail, a business that distributes advertisements via the Internet to e-mail addresses on behalf of advertisers or their brokers was indicted for conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice.

It was alleged that Scott Levine and other Snipermail employees illegally accessed a computer database owned and operated by Acxiom Corporation, a company that stores, processes, and manages personal, financial, and corporate data on behalf of its clients. On numerous occasions, Levine and others illegally entered into an Acxiom file transfer protocol (ftp) server and downloaded significant amounts of data. The intrusions were traced back to an internet protocol address that belonged to one of Snipermail’s computers. The downloading of the databases lasted for period of a year and a half and represented 8.2 gigabytes of data. While the stolen data contained personal information about a great number of individuals and could have resulted in tremendous loss if the information were used in a fraudulent way, there was no evidence to date that any of the data was misused in this way. Acxiom, immediately notified law enforcement upon discovery of intrusions into its system and assisted with the investigation which was conducted by a task force formed the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS).

Case 2: The Melissa Worm

David L. Smith, a 31-year old New Jersey programmer was accused of unleashing the “Melissa” computer virus, a Visual Basic for Application^{[clarification needed]} based worm.^[1] This virus was propagated by deliberately posting an infected document to an alt.sex usenet newsgroup from a stolen AOL account. It is believed that Smith named the virus after a stripper he had known in Florida. He constructed the virus to evade anti-virus software and to infect computers using Microsoft Windows and Word programs. The Melissa virus appeared on thousands of email systems on March 26, 1999, disguised as an important message from a colleague or friend. The virus was designed to send an infected email to the first 50 email addresses on the users’ Microsoft Outlook address book. Each infected computer would infect 50 additional computers, which in turn would infect another 50 computers. The virus proliferated rapidly and exponentially, resulting in substantial interruption and impairment of public communications and services. Many system administrators had to disconnect their computer system from the internet. Companies such as Microsoft, Intel, Lockheed Martin and Lucent Technologies were forced to shut down their e-mail gateways due to the vast amount of email the virus was generating. To date, the Melissa virus is the most costly outbreak, causing more than $400 million in damages to North American businesses.

Smith was one of the first persons ever to be prosecuted for writing a virus. He was sentenced to 20 months in federal prison and a fine of $5,000. He was also ordered to serve three years of supervised release after completion of his prison sentence.

The investigation was conducted by members of the New Jersey State Police High Technology Crime Unit, the Federal Bureau of Investigation (FBI), the Justice Department’s Computer Crime and Intellectual Property Section, and the Defense Criminal Investigative service.

Case 3: The Wake Country Transportation Fraud

During a 2 and 1/2 year period, certain employees of the Wake County School Board in Raleigh, North Carolina, conspired with employees of Barnes Motor & Parts Co., based in Wilson, NC, to divert over $4.8 million through the use of fraudulent invoices in order to receive various kick-backs. Examples of items received included personal items such as automobiles, campers, golf carts and plasma-screen televisions. The scheme succeeded despite apparently strong internal controls, such as a bid limit of $2,500. At the time, the School Board employed only one internal auditor. Although the auditor had audit software which should have easily detected these unusual patterns, it was either not used or misapplied. There were numerous red flags that were not noticed. The story received wide press. [1]

Once the School district fired the employees and an investigation was performed, $4.8 million was recovered from Barnes and the former employees. Some of the employees involved received jail sentences, and returned at least some of the property stolen. Harold Ray Estes was sentenced to 11 – 15 years and fined $500,000. [2]. Vern Hatley, the Transportation Director, is serving a sentence of seven to ten years. Carol Dail Finch received a sentence between five years ten months and seven years nine months.

Once the fraud was discovered, an audit was performed and the report is available at Summerford audit report.

Source:

http://en.wikipedia.org/wiki/Computer_fraud_case_studies

IT PROFESSIONAL?

Who is the IT professional?

For the purpose of this discourse, the key areas are those that relate to the Attitude, Skill and Knowledge of the IT professional. Interestingly these are the same areas of change that training focuses on. Training seeks to close or fill any gaps that an individual has in these areas. However, it must be noted that simply going for training programs does not make one a true and complete professional.

The Diverse Nature of IT

Professionals work in areas such as Programming, Engineering, Database Administration, Networking, Web development and E-Commerce.
IT professionals create, operate, maintain and program computers. An IT professional must have the skills and knowledge required to carry out specialized tasks in a recognized field of IT. This is the minimum requirement. But IT skills demand far outstrips supply. Current IT skills shortage worldwide is enormous.

To be a competent IT professional, you must know what the expectations of your colleagues, your industry, your clients and the general public are. Meeting these expectations is what qualifies you to call yourself a professional, and what gives you recognition as a professional.

In today's world the role of the IT professional is crucial. IT has become an essential resource for most organizations. The evolving scenario is one of a growing complexity of computer systems and businesses dependence on them. Qualified and competent IT professionals are needed to ensure the effectiveness and efficiency of computers.

Source:
THE INFORMATION TECHNOLOGY PROFESSIONAL & SOCIETY
http://www.jidaw.com/article2.html

Types of Attacks

The following are the types of security attacks:

• DoS- Denial of Service
• Trojan Horse - Comes with other software.
• Virus - Reproduces itself by attaching to other executable files.
• Worm - Self-reproducing program. Creates copies of itself. Worms that spread using e-mail address books are often called viruses.
• Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.).

Hacker Attacks

• IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack.
  • The attack may be directed to a specific computer addressed as though it is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
• Gaining access through source routing. Hackers may be able to break through other friendly but less secure networks and get access to your network using this method.
• Man in the middle attack -
  • Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the session.
• Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication from the client. The attacker will run this utility while acting like the server while the user attempts to login. If the client is tricked into sending LANMAN authentication, the attacker can read their username and password from the network packets sent.
• DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon.
• Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.

Some DoS Attacks

• Ping broadcast - A ping request packet is sent to a broadcast network address where there are many hosts. The source address is shown in the packet to be the IP address of the computer to be attacked. If the router to the network passes the ping broadcast, all computers on the network will respond with a ping reply to the sttacked system. The attacked system will be flooded with ping responses which will cause it to be unable to operate on the network for some time, and may even cause it to lock up. The attacked computer may be on someone else's network. One countermeasure to this attack is to block incoming traffic that is sent to a broadcast address.
• Ping of death - An oversized ICMP datagram can crash IP devices that were made before 1996.
• Smurf - An attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.
• Teardrop - a normal packet is sent. A second packet is sent which has a fragmentation offset claiming to be inside the first fragment. This second fragment is too small to even extend outside the first fragment. This may cause an unexpected error condition to occur on the victim host which can cause a buffer overflow and possible system crash on many operating systems.