Philippines seek cybercrime law

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500205731-500286327-501542806-0,00.html

By OLIVER TEVES, Associated Press

MANILA, Philippines (May 18, 2000 1:32 p.m. EDT
http://www.nandotimes.com) - A senior official in the Department of
Justice has ruled that a law investigators hoped to use against
suspects in the "Love Bug" computer virus case does not apply to
computer crimes.

The decision severely handicaps the investigators, who have struggled
to find a legal basis on which to charge any suspects.

The Philippines has no laws specifically addressing high-tech computer
crimes such as the "ILOVEYOU" virus, which earlier this month crippled
e-mail systems worldwide.

After an extensive legal search, investigators settled on a 1998 law
regulating fraudulent use of "access devices," such as credit cards,
account numbers and passwords to obtain money, goods or services. The
law carries a penalty of up to 20 years in prison.

The "Love Bug" virus attempted to pilfer passwords from infected
computers and send them to e-mail addresses in the Philippines.

But Chief State Counsel Elmer T. Bautista, in a memorandum to the
secretary of justice, said suspects in the case could not be charged
under the law.

"Nowhere in the law is `computer hacking' ... and the effects thereof
dealt with," Bautista said in the memorandum, obtained Wednesday by
The Associated Press.

"The intention of a computer hacker ... is not to defraud but to
destroy files," and so computer hacking "cannot be considered covered"
by that law, he said.

The National Bureau of Investigation said it would not question
Bautista's decision.

The virus was released May 4 and spread through e-mail addresses
stored in infected computers. The damage caused by the virus has been
estimated at up to $10 billion.

Investigators have focused on an apartment in Manila where a telephone
line was believed to have been used to release the "ILOVEYOU" virus.

One of the apartment's residents, computer student Onel de Guzman, has
admitted he may have accidentally released the virus, but refused to
say whether he wrote it.

De Guzman has not been questioned, and his lawyer said he would
respond to a summons only after formal charges were filed.

De Guzman failed to graduate this month from AMA Computer College
because the faculty rejected his thesis project as a form of computer
piracy designed to steal passwords so people could use the Internet
for free, a feature similar to the "ILOVEYOU" virus.

Elfren Meneses, chief of the NBI's anti-fraud and computer crimes
division, said investigators found a second virus on one of 17
diskettes seized from de Guzman's apartment. He said a friend of de
Guzman, Michael Buen, may have authored it.

Meneses said the diskette also contained a warning that appeared to
have been written by Buen.

The message said: "If I don't get a stable job by the end of the
month, I will release a third virus that will remove all files from
the primary disk."

Buen, who graduated from AMA college the day after the "ILOVEYOU"
virus was released, has denied any role in making or spreading the
virus.

Investigator Nelson Bartolome said Wednesday that the NBI has issued
subpoenas to at least five people who are among about 40 people
acknowledged in the computer code of the second virus. Most are
students at AMA college.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".