Wednesday, October 14, 2009

Computer Crime Act 1997

For Malaysia to be a world leading country in ICT
development and be a global centre and hub for
communication and multimedia information and content
services (8), a law needs to be formed to promote a high level
of consumer confidence and to protect the information
security and network reliability and integrity. Therefore, the
first important step that is taken by the government of
Malaysia to combat this new type of crime is by introducing a
new legal framework to facilitate the development of ICT
systems by countering the threats and abuses related to such
systems called Cyber Laws of Malaysia. The Malaysian
cyber laws consist of Computer Crime Act 1997, Digital
Signature Act 1997, Telemedicine Act 1997, Communication
and Multimedia Act 1998 Copyright (Amendment) Act 1997,
Malaysian Communication and Multimedia Commission Act
1998 and Optical Disk Act 2000.
There are other existing laws that will be used in
conjunctions with these acts. They are the Official Secret Act Act 1976, Patent Act 1983, Prison Act 1995, Akta Arkib
Negara 44/146 and other relevant legislations. This set of
Acts has made Malaysia as one of the first countries to enact a
comprehensive set of cyber laws. The above Acts were
formed for the purpose of safeguarding consumer and service
providers besides on-line businesses and owners of
intellectual property.
Computer Crime Act 1997 (CCA 97)
The CCA 97 was given its Royal Assent on June 18, 1997
but was only enforced on June 1, 2000 (9). CCA 97 main
concerns are offences due to the misuse of computers and
complement the existing criminal legislation. CCA 97 is
in fact has a lot of similarity with the UK Computer Misuse
Act 1990 in terms of the offences but differs in several ways.
It is different in that CCA 97 gave an interpretation of
computers, computer networks, output, data, functions,
programs and premises. The interpretation of a computer
in CCA 97 is summarised as any electronic machines that are
programmable and has the facility for data storage.
The CCA 97 also covers a wider range of offences
compared to CMA 1990 which only covers 3 aspects of
computer misuse: unauthorised access, unauthorised access
with intent to commit or facilitate other crime and
unauthorised modification. The three other offences
included in CCA 97 are wrongful communication, abetment
and attempts punishable as offences and presumptions.
Besides that, it also covers on obstruction of search. The
CCA 97 also gives more severe punishment compared to
CMA 1990 (UK). Table 1 lists the offences as well as the
punishments covered in CCA 97.
Table 1. List of Offences and Punishment in
Computer Crime Act 1997
Type of Offences Punishments
Sec. 3 Unauthorised
access to computer
Imprisonment: Not > 5 years
Fine: Not > MYR50,000 or both
Sec. 4 Unauthorised
access with intent to
commit or facilitate
commission of
further offences
Imprisonment: Not > 10 years
Fine: Not > MYR150,000 or both
Sec. 5 Unauthorised
modification of the
contents of any
Imprisonment: Not > 7 years, If
injury caused: >10 years
Fine: Not > MYR100,000; If
injury caused : Not >
MYR150,000 or both
Sec. 6 Wrongful
Imprisonment: Not > 3 years
Fine: Not > MYR25 000 or both
Sec.7 Abetment and Imprisonment: Not > ½ of
attempts punishable
as offences
maximum term
Fine: Same amount as offences
In conclusion, computer crimes are still on the rise. It is
easy to commit a crime whether we realize it or not. There are
a lot of tools available on the Internet that can be used to
commit all sorts of crimes such as fraud, identity theft, scams,
denial of service attacks, hacking and breaking in and so forth.
A lot of actions and approaches have been taken by the
governments as well as private sectors around the world to try
to combat the computer crimes. In the case of Malaysia, the
government has set up legal frameworks that are used to
punish the offenders such as the Cyber Laws of Malaysia.
apart from the technical approaches taken by each individual
organizations. Though there is no fool proof approach that
can be taken to stop computer crimes from occurring, but by
having these approaches mentioned above applied efficiently
and effectively, users awareness and involvements it is hope
that it will put the problems under control.

Proceedings of the International Conference on
Electrical Engineering and Informatics
Institut Teknologi Bandung, Indonesia June 17-19, 2007

Cybersecurity Malaysia

Cybersecurity Malaysia


Malaysian Computer Emergency Response Team (MyCERT) was formed on January 13, 1997 and started its operation fully on March 01, 1997. Operating from the office of CyberSecurity Malaysia, MyCERT provide a point of reference for the Internet community here to deal with computer security incidents and methods of prevention.

Locally, MyCERT works closely with the relevant law enforcement agencies such as Royal Malaysian Police, Securities Commission, Bank Negara Malaysia. MyCERT also has close collaboration with Internet Service Providers (ISP) and other local CERTs and Computer Security Incident Response Teams (CSIRT).

MyCERT is a member and current chair (2007 - 2008) of Asia Pacific Computer Emergency Response Teams (APCERT), Forum of Incident Response and Security Teams (FIRST) and various initiatives with security organizations for mitigating cyber attacks such as malware, botnets and frauds.

To address the computer security concerns of Malaysian Internet users.

To reduce the probability of successful attack and lower the risk of consequential damage.

CyberSecurity Malaysia has a cybercomplaints centre, called Cyber999, where the public can e-mail or call to report incidents or complain about cyberissues such as malware infections, intrusions, online harassment, spam, malicious websites, etc.

After the agency receive a report, they validate the complaint and refer the complainant to the police or help him or her lodge a complaint with the service provider or website concerned.

CyberSecurity comes under the purview of the Ministry of Science, Technology and Innovation. It is a one-stop co-ordination centre for national cybersecurity

MyCERT Core Functions

Provides point of contact for reporting security incidents.

Cyber Early Warning
* Alerts the constituency on new threats on the Net.
* Writes and distributes security bulletins, alerts and advisories.

Coordination Centre
Coordinates and handles security incidents received from other CERTs,ISPs, Institutions from worldwide.
Facilitates interaction and cooperation with Law Enforcement Agencies.

MyCERT also shares knowledge and experience at various events by conducting trainings, talks and workshops.

One of the suggestion of Cybersecurity Malaysia is to form cybercourt to deal with cybercrimes in Malaysia.
National cybersecurity specialist CyberSecurity Malaysia says the nation needs a dedicated “cybercourt” in view of the huge increase in cybercrimes in the country last year.

Moreover In a Bernama report on Jan 6, Datuk Shaziman said Malaysia needs a cybercourt in view of the increasing number of such cases.
“If in future we cannot cope anymore, we may need to have a cybercourt,” he was quoted in the report.

Husin CyberSecurity chief executive officer said that as the country’s cyberpopulation increases, the number of online transactions or other activities will increase in tandem, which will likely mean more incidents of cybercrime.
“It is a natural phenomena. There will inevitably be more criminals taking advantage of the situation to conduct their crimes online. “Increases in wireless and broadband capacity make it easier and faster to use the Internet. Unfortunately these facilities can be also used as a medium for cybercrimes,” he continued.
The current economic situation, in which the global economy is heading towards a recession, will also contribute to an increase in cybercrimes, he added.

Steven Patrick,: Cybercrimes On The Rise [2009] http://star- >accessed 12 October 2009

Attack by Viruses

Hi frens, here is the article where Malaysia Attacked by the viruses.

In 2001, Malaysia’s Internet infrastructure was attacked by the Code Red worm. This was a classic example of infrastructure attack in which the worm spread very fast and brought our national communication network to a standstill.

It was reported that the relevant agencies took three months to eradicate this worm and the estimated minimum losses was RM22mil, not inclusive of the losses to the business fraternity and other sectors as well.

Other incidents of cyberattacks were caused by the Blaster and Naachi worms in
2003. The incident started with the propagation of the Blaster worm through the scanning of vulnerable machines via the network, followed by Naachi worms.

These worms exploited the vulnerability found in the Windows NT, 2000 and XP software. The estimated cost to eradicate this worm was about RM31mil, not including lost productivity and the cost of lost opportunity.

Types of Viruses

Hello there. We would like to thank all of you for the comments. Now, we would like to talk about viruses where one of the commenter ask some questions regarding this topic. Based on our reading their three main viruses called trojan horse, worm viruses, and logic bomb viruses....

In a trojan horse virus scenario, when the virus code is hidden in the host program,the virus programmer satisfies the "inserts into a program" .
Worm programs are generally inserted directly into a computer network or bulletin board system and infect computers throughout the system. Threfore, by inserting the worm virus directly into the network or bulletin board system.
Logic Bomb programs are inserted directly into a computer or a program and activate upon the occurenceof a designated event.

Monday, October 12, 2009


Friend, i found this video on Youtube, probably it help us to get to know more how the other country solving cyber crime cases..:-) though the video is just simple interview, yet it is interesting..

Monday, October 5, 2009

Council of Europe Convention on Cybercrime

Hi frenz this is a information about a organisation which protect society against cyber crime. This is one of the way to protect society against the cybercrimes where Malaysia can apply the same application as other country. Enjoy read it.

Council of Europe Convention on Cybercrime

The aims of the Council of Europe Convention on Cybercrime (“COECCC”) are to achieve a common criminal policy to protect society against cyber crime by adopting appropriate legislation and to foster international co-operation.

The working group proposed that legislation regarding computer crime should look towards international developments so that it remains up to date. In particular, the working group compared the COECCC with Hong Kong’s existing legislation and the group’s proposals are in line with the COECCC, some interesting points arising from the comparison are discussed below.

Article 6 of the COECCC states that each party to the convention still shall make it an offence to produce, distribute or possess devices, computer programs or password designed specifically for the purposes of committing offences such as hacking. There is no legislation in Hong Kong outlawing “hacking tools”, nor would the working group recommended legislation to make them illegal. The reason cited was that system managers may wish to use these to test their security measures. However, it might be possible to license these “hacking tools” to legitimate users only and make it an offence to sell hacking tools (in line with Article 6 of the COECCC). This would make it more difficult for hackers to operate and make it easier to prosecute them, as prosecution would simply rest on of these devices.

Article 9 of the COECCC deals with child pornography on a computer system. The CRO does not deal with this issue but the Prevention of Child Pornography Bill is currently being discussed and will, in the future, create concrete legislation to address this.

Reference: Internet Law in Hong Kong
by Renuka Jeyabalan