Wednesday, October 14, 2009
development and be a global centre and hub for
communication and multimedia information and content
services (8), a law needs to be formed to promote a high level
of consumer confidence and to protect the information
security and network reliability and integrity. Therefore, the
first important step that is taken by the government of
Malaysia to combat this new type of crime is by introducing a
new legal framework to facilitate the development of ICT
systems by countering the threats and abuses related to such
systems called Cyber Laws of Malaysia. The Malaysian
cyber laws consist of Computer Crime Act 1997, Digital
Signature Act 1997, Telemedicine Act 1997, Communication
and Multimedia Act 1998 Copyright (Amendment) Act 1997,
Malaysian Communication and Multimedia Commission Act
1998 and Optical Disk Act 2000.
There are other existing laws that will be used in
conjunctions with these acts. They are the Official Secret Act Act 1976, Patent Act 1983, Prison Act 1995, Akta Arkib
Negara 44/146 and other relevant legislations. This set of
Acts has made Malaysia as one of the first countries to enact a
comprehensive set of cyber laws. The above Acts were
formed for the purpose of safeguarding consumer and service
providers besides on-line businesses and owners of
Computer Crime Act 1997 (CCA 97)
The CCA 97 was given its Royal Assent on June 18, 1997
but was only enforced on June 1, 2000 (9). CCA 97 main
concerns are offences due to the misuse of computers and
complement the existing criminal legislation. CCA 97 is
in fact has a lot of similarity with the UK Computer Misuse
Act 1990 in terms of the offences but differs in several ways.
It is different in that CCA 97 gave an interpretation of
computers, computer networks, output, data, functions,
programs and premises. The interpretation of a computer
in CCA 97 is summarised as any electronic machines that are
programmable and has the facility for data storage.
The CCA 97 also covers a wider range of offences
compared to CMA 1990 which only covers 3 aspects of
computer misuse: unauthorised access, unauthorised access
with intent to commit or facilitate other crime and
unauthorised modification. The three other offences
included in CCA 97 are wrongful communication, abetment
and attempts punishable as offences and presumptions.
Besides that, it also covers on obstruction of search. The
CCA 97 also gives more severe punishment compared to
CMA 1990 (UK). Table 1 lists the offences as well as the
punishments covered in CCA 97.
Table 1. List of Offences and Punishment in
Computer Crime Act 1997
Type of Offences Punishments
Sec. 3 Unauthorised
access to computer
Imprisonment: Not > 5 years
Fine: Not > MYR50,000 or both
Sec. 4 Unauthorised
access with intent to
commit or facilitate
Imprisonment: Not > 10 years
Fine: Not > MYR150,000 or both
Sec. 5 Unauthorised
modification of the
contents of any
Imprisonment: Not > 7 years, If
injury caused: >10 years
Fine: Not > MYR100,000; If
injury caused : Not >
MYR150,000 or both
Sec. 6 Wrongful
Imprisonment: Not > 3 years
Fine: Not > MYR25 000 or both
Sec.7 Abetment and Imprisonment: Not > ½ of
Fine: Same amount as offences
In conclusion, computer crimes are still on the rise. It is
easy to commit a crime whether we realize it or not. There are
a lot of tools available on the Internet that can be used to
commit all sorts of crimes such as fraud, identity theft, scams,
denial of service attacks, hacking and breaking in and so forth.
A lot of actions and approaches have been taken by the
governments as well as private sectors around the world to try
to combat the computer crimes. In the case of Malaysia, the
government has set up legal frameworks that are used to
punish the offenders such as the Cyber Laws of Malaysia.
apart from the technical approaches taken by each individual
organizations. Though there is no fool proof approach that
can be taken to stop computer crimes from occurring, but by
having these approaches mentioned above applied efficiently
and effectively, users awareness and involvements it is hope
that it will put the problems under control.
Proceedings of the International Conference on
Electrical Engineering and Informatics
Institut Teknologi Bandung, Indonesia June 17-19, 2007
Malaysian Computer Emergency Response Team (MyCERT) was formed on January 13, 1997 and started its operation fully on March 01, 1997. Operating from the office of CyberSecurity Malaysia, MyCERT provide a point of reference for the Internet community here to deal with computer security incidents and methods of prevention.
Locally, MyCERT works closely with the relevant law enforcement agencies such as Royal Malaysian Police, Securities Commission, Bank Negara Malaysia. MyCERT also has close collaboration with Internet Service Providers (ISP) and other local CERTs and Computer Security Incident Response Teams (CSIRT).
MyCERT is a member and current chair (2007 - 2008) of Asia Pacific Computer Emergency Response Teams (APCERT), Forum of Incident Response and Security Teams (FIRST) and various initiatives with security organizations for mitigating cyber attacks such as malware, botnets and frauds.
To address the computer security concerns of Malaysian Internet users.
To reduce the probability of successful attack and lower the risk of consequential damage.
CyberSecurity Malaysia has a cybercomplaints centre, called Cyber999, where the public can e-mail or call to report incidents or complain about cyberissues such as malware infections, intrusions, online harassment, spam, malicious websites, etc.
After the agency receive a report, they validate the complaint and refer the complainant to the police or help him or her lodge a complaint with the service provider or website concerned.
CyberSecurity comes under the purview of the Ministry of Science, Technology and Innovation. It is a one-stop co-ordination centre for national cybersecurity
MyCERT Core Functions
Provides point of contact for reporting security incidents.
Cyber Early Warning
* Alerts the constituency on new threats on the Net.
* Writes and distributes security bulletins, alerts and advisories.
Coordinates and handles security incidents received from other CERTs,ISPs, Institutions from worldwide.
Facilitates interaction and cooperation with Law Enforcement Agencies.
MyCERT also shares knowledge and experience at various events by conducting trainings, talks and workshops.
One of the suggestion of Cybersecurity Malaysia is to form cybercourt to deal with cybercrimes in Malaysia.
National cybersecurity specialist CyberSecurity Malaysia says the nation needs a dedicated “cybercourt” in view of the huge increase in cybercrimes in the country last year.
Moreover In a Bernama report on Jan 6, Datuk Shaziman said Malaysia needs a cybercourt in view of the increasing number of such cases.
“If in future we cannot cope anymore, we may need to have a cybercourt,” he was quoted in the report.
Husin CyberSecurity chief executive officer said that as the country’s cyberpopulation increases, the number of online transactions or other activities will increase in tandem, which will likely mean more incidents of cybercrime.
“It is a natural phenomena. There will inevitably be more criminals taking advantage of the situation to conduct their crimes online. “Increases in wireless and broadband capacity make it easier and faster to use the Internet. Unfortunately these facilities can be also used as a medium for cybercrimes,” he continued.
The current economic situation, in which the global economy is heading towards a recession, will also contribute to an increase in cybercrimes, he added.
Steven Patrick,: Cybercrimes On The Rise  http://star-
techcentral.com/tech/story.asp?file=/2009/1/16 >accessed 12 October 2009
In 2001, Malaysia’s Internet infrastructure was attacked by the Code Red worm. This was a classic example of infrastructure attack in which the worm spread very fast and brought our national communication network to a standstill.
It was reported that the relevant agencies took three months to eradicate this worm and the estimated minimum losses was RM22mil, not inclusive of the losses to the business fraternity and other sectors as well.
Other incidents of cyberattacks were caused by the Blaster and Naachi worms in
2003. The incident started with the propagation of the Blaster worm through the scanning of vulnerable machines via the network, followed by Naachi worms.
These worms exploited the vulnerability found in the Windows NT, 2000 and XP software. The estimated cost to eradicate this worm was about RM31mil, not including lost productivity and the cost of lost opportunity.
In a trojan horse virus scenario, when the virus code is hidden in the host program,the virus programmer satisfies the "inserts into a program" .
Worm programs are generally inserted directly into a computer network or bulletin board system and infect computers throughout the system. Threfore, by inserting the worm virus directly into the network or bulletin board system.
Logic Bomb programs are inserted directly into a computer or a program and activate upon the occurenceof a designated event.
Monday, October 12, 2009
Monday, October 5, 2009
Council of Europe Convention on Cybercrime
The aims of the Council of Europe Convention on Cybercrime (“COECCC”) are to achieve a common criminal policy to protect society against cyber crime by adopting appropriate legislation and to foster international co-operation.
The working group proposed that legislation regarding computer crime should look towards international developments so that it remains up to date. In particular, the working group compared the COECCC with Hong Kong’s existing legislation and the group’s proposals are in line with the COECCC, some interesting points arising from the comparison are discussed below.
Article 6 of the COECCC states that each party to the convention still shall make it an offence to produce, distribute or possess devices, computer programs or password designed specifically for the purposes of committing offences such as hacking. There is no legislation in Hong Kong outlawing “hacking tools”, nor would the working group recommended legislation to make them illegal. The reason cited was that system managers may wish to use these to test their security measures. However, it might be possible to license these “hacking tools” to legitimate users only and make it an offence to sell hacking tools (in line with Article 6 of the COECCC). This would make it more difficult for hackers to operate and make it easier to prosecute them, as prosecution would simply rest on of these devices.
Article 9 of the COECCC deals with child pornography on a computer system. The CRO does not deal with this issue but the Prevention of Child Pornography Bill is currently being discussed and will, in the future, create concrete legislation to address this.
Reference: Internet Law in Hong Kong
by Renuka Jeyabalan
Sunday, October 4, 2009
Friends, I would like share something that might be a worthy read here. Most of us are fond of updating and downloading anti-viruses, especially students in the varsity. Our computers and notebooks are prone to get “infected” and we are used to installing anti-viruses as our means of security for our computers. But is it really safe? What if I tell you that there are cyber criminals who use this circumstances as their platform to install not anti-virus but malware into our computers?
This article deals with the subject of internet security and why you must pay close attention when you decide to download anti-viruses via the internet. Hope it will throw some light into this subject. Read on!
When a computer connects to a network and begins communicating with others, it is taking a risk. Internet security involves the protection of a computer's internet account and files from intrusion of an unknown user. Basic security measures involve protection by well selected passwords, change of file permissions and back up of computer's data.
Security concerns are in some ways peripheral to normal business working, but serve to highlight just how important it is that business users feel confident when using IT systems. Security will probably always be high on the IT agenda simply because cyber criminals know that a successful attack is very profitable. This means they will always strive to find new ways to circumvent IT security, and users will consequently need to be continually vigilant. Whenever decisions need to be made about how to enhance a system, security will need to be held uppermost among its requirements. Anti-viruses helps to enhance our computer’s security system but these days, we need to be alert even as we chose anti-virus for our computer.
- Malware is the most general name for any malicious software designed for example to infiltrate, spy on or damage a computer or other programmable device or system of sufficient complexity, such as a home or office computer system, network, mobile phone, PDA, automated device or robot.
- Viruses are programs which are able to replicate their structure or effect by integrating themselves or references to themselves, etc into existing files or structures on a penetrated computer. They usually also have a malicious or humorous payload designed to threaten or modify the actions or data of the host device or system without consent. For example by deleting, corrupting or otherwise hiding information from its owner.
- Trojans-Trojan Horses are programs which may pretend to do one thing, but in reality steal information, alter it or cause other problems on a such as a computer or programmable device / system. Trojans can be hard to detect.
- Spyware includes programs that surreptitiously monitor keystrokes, or other activity on a computer system and report that information to others without consent.
- Worms are programs which are able to replicate themselves over a (possibly extensive) computer network, and also perform malicious acts that may ultimately affect a whole society / economy.
- Bots are program which take over and use the resources of a computer system over a network without consent, and communicate those results to others who may control the Bots.
The above concepts overlap and they can obviously be combined. The terminology is evolving these days.
Antivirus programs and Internet security programs are useful in protecting a computer or programmable device / system from malware.
Such programs are used to detect and usually eliminate viruses. Anti-virus software can be purchased or downloaded via the internet. Care should be taken in selecting anti-virus software, as some programs are not as effective as others in finding and eliminating viruses or malware. Also, when downloading anti-virus software from the Internet, one should be cautious as some websites say they are providing protection from viruses with their software, but are really trying to install malware on your computer by disguising it as something else.
So there you go, people! It is vital that we have good internet security for our computers or notebooks in order to not fall as victims of cyber crimes.
With reference to Wikipedia. :)
Saturday, October 3, 2009
Types of Cybercrime
• DENIAL OF SERVICE
• VIRUS DISSEMINATION
• SOFTWARE PIRACY
• IRC Crime
• CREDIT CARD FRAUD
• CYBER STALKING
• SALAMI ATTACK
• NET EXTORTION
The act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user.
DENIAL OF SERVICE ATTACK
This is an act by the criminal, who floods the band width of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
Malicious software that attaches iitself to other software.
(virus, worms, Trojan Horse, Time bomb,Logic Bomb, Rabbit and Bacterium are the malicious soft wares)
Theft of software through the iillegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses world wide are ever increasing due to this crime
Can be done in various ways such as end user copying, hard disk loading, Counterfeiting, Illegal downloads from the iinternet etc.
Pornography is the first consistently successful ecommerce product. It was a
deceptive marketing tactics and mouse trapping technologies. Pronography encourage customers to access their websites. Anybody including children can log on to the internet and access website with pronography contents with a click of a mouse.
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques
Paedophiles use chat rooms to allure small children.
CREDIT CARD FRAUD
You siimply have to type credit card number into www page off the vendor for
online transaction If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner.
Copying the company’s confidential data in order to extort said company for huge amount.
It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges ,, so as to obtain access to the other computers on the network.
The Criminal follows the victim by sending emails, entering the chat rooms frequently.
The Criminal sends emails containing defamatory matters to all concerned of the victim or post the defamatory matters on a website. (disgruntled employee may do this against boss, ex-boys friend against girl, divorced husband against wife etc)
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)
In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount.
posted by Renuka a/p Jeyabalan