MANILA, Philippines—Amid the recent phishing attacks which victimized several teachers and non-teaching personnel of the Department of Education (DepEd), a lawmaker has issued a reminder about the existence of an inter-agency body that was created to make the war on cybercrime a whole-of-government effort.
“Congress is counting on the Cybercrime Investigation and Coordinating Center (CICC) to take strong action against the mounting cases of fraudulent bank transactions perpetrated by phishers as well as hackers,” said Anakalusugan Rep. Michael Defensor in a statement.
In this article, INQUIRER.net will detail what the CICC is, including its powers and functions, as well as its role in investigating the phishing attacks and bank hacking schemes which have recently cost teachers thousands of pesos.
What is CICC?
The CICC, an attached agency of the Department of Information and Communications Technology (DICT), was created in 2012 upon the approval of Republic Act 10175 or the Cybercrime Prevention Act of 2012.
The inter-agency body was formed to protect the integrity of the country’s computer and communications network and crackdown on all forms of misuse, abuse, and illegal access. It also serves as the country’s lead agency for monitoring cybercrime cases.
“It performs matters related to cybercrime prevention and suppression, including but not limited to monitoring cybercrime cases handled by participating law enforcement and prosecution agencies, facilitating international cooperation on intelligence, investigations, training, and capacity-building, coordinating the support of the public and private sector and recommending the enactment of appropriate laws, issuances, measures, and policies pursuant to its mandate,” said CICC Executive Director Cezar O. Mancao II.
Mancao, a former police officer, was appointed to the CICC by President Rodrigo Duterte in September 2020
READ: Ex-cop Cezar Mancao named head of DICT’s cybercrime center
According to Section 25 of RA 10175, the CICC is composed of:
- executive director of the Information and Communications Technology Office under the Department of Science and Technology (ICTO-DOST) as chairperson
- director of the National Bureau of Investigation (NBI) as vice-chairperson
- chief of the PNP
- head of the DOJ Office of Cybercrime
- one representative each from the private sector and academe, as members
Agency’s powers and functions
Under Section 26 of the law, the powers and functions of CICC include:
- formulate a national cybersecurity plan and extend immediate assistance for the suppression of real-time commission of cybercrime offenses through a computer emergency response team (CERT);
- coordinate the preparation of appropriate and effective measures to prevent and suppress cybercrime activities;
- monitor cybercrime cases being handled by law enforcement and prosecution agencies;
- facilitate international cooperation on intelligence, investigations, training, and capacity building related to cybercrime prevention, suppression, and prosecution;
- coordinate the support and participation of the business sector, local government units (LGUs), and non-government organizations (NGOs) in cybercrime prevention programs and other related projects;
- recommend the enactment of appropriate laws, issuances, measures, and policies;
- perform all other matters related to cybercrime prevention and suppression, including capacity building and such other functions and duties as may be necessary for the proper implementation of R.A. 10175.
Allocated budget
According to Defensor, the CICC was given this year a budget that was 31 times higher than the P11.7 million budget it received in 2021.
“We gave the CICC a total of P365.4 million in new appropriations this year, including P63.5 million for capital outlay, precisely so that it can start operating effectively,” he said.
Based on data from the Department of Budget and Management (DBM), the budget allocated for the agency has increased from 2017 to 2019, but the agency saw a budget decrease in 2020.
Below is the allocated budget for CICC from 2017 to 2022, according to DBM records:
- 2017: P6.2 million
- 2018: P19.72 million
- 2019: P31.39 million
- 2020: 11.26 million
- 2021: P11.67 million
- 2022: P310.15 million
Under the 2022 National Expenditure Programs (NEP) Targets of the agency, the CICC aims to handle, monitor, and assist 485 cybercrime cases this year—and submit at least 60 percent of these cases to agencies for appropriate action.
It also plans to develop eight cybercrime plans and policies.
Take action vs phishing attacks
“We expect the CICC to expedite the identification, capture, and prosecution of phishers, hackers, and other cybercriminals,” said Defensor.
“Phishing and hacking are law enforcement problems that can only be curbed once the culprits are apprehended and put behind bars,” he added.
The lawmaker’s statement came after 16 teachers from Metro Manila, Calabarzon (Cavite, Laguna, Batangas, Rizal, Quezon), Central Luzon, Negros, and Mindoro reportedly lost at least P26,000 to P121,000 each through unauthorized withdrawals from their payroll accounts in the Land Bank of the Philippines (Landbank).
READ: Some teachers lose P26K to P121K each in alleged bank hacking — group
Landbank, on the other hand, has denied any hacking incident in its systems and said that the teachers’ accounts were illegally accessed through phishing.
“The Land Bank of the Philippines clarifies that its systems were not hacked and remain secure, following reports that alleged unauthorized transactions were experienced by two teachers who maintain payroll accounts with Landbank,” it said in a separate statement.
“According to the initial investigation by Landbank, the devices of the teachers were hacked via phishing which compromised their personal information,” it added.
READ: Landbank: Teachers who lost money fell victims to phishing scam
Justice Secretary Menardo Guevarra said last Jan. 27 that he has given the NBI 30 days to submit a progress report on its investigation of the phishing scheme which victimized the teachers.
READ: NBI given 30 days to crack case of hacked bank accounts of teachers
Phishing, according to the Bangko Sentral ng Pilipinas (BSP), is a form of identity theft “whereby someone steals or uses personal or sensitive information of another person without his/her knowledge or permission, through hacking into one’s personal account, hijacking one’s data and taking over one’s online identity, to commit fraudulent acts/crimes, or conduct unauthorized business.”
Once phishers or scammers get a hold of the victim’s information, they can withdraw money or purchase items under the victim’s name. They may also open a new bank or credit card account.
Phishers, who according to Defensor are “social engineers” who pretend to be trusted individuals, like bank officers, and steal sensitive data,” usually conduct their scams through fraudulent electronic mail, text messages, and/or voice calls.
The BSP also noted that phishers may also install computer viruses and worms or embed them in your e-mail and disseminate more phishing e-mails to other people.
The CICC had suggested the following steps in case of a suspected fraudulent bank transaction:
- Take a screenshot of the transaction notification as evidence.
- Ascertain the hotline and email address of the bank to submit an official report or complaint.
- Report through email and call the bank’s customer service.
- Post the incident on social media to raise social awareness and gather more information.