Cybercrime activities on the rise
22nd November 2004 (Computimes)
BY Foo Eu Jin

CYBERCRIME is commonly referred to as a criminal activity related to technology and computers committed on the Internet.

According to MyCert's manager Solahuddin Shamsuddin, these include illegal activities done with malicious purposes from electronic hacking to denial of service attacks that cause great loss in monetary terms to the affected victim.

The types of cybercrime reported in Malaysia through MyCert include Intrusions - Web defacement, harassment, destruction of computers, denial of service, frauds, forgery, phishing scams, mailbomb and copyright piracy.

According to him, Part II - Offences in Cyber Crimes Act 1997 defines what constitutes an offence in the Act.

"Part II of the Act noted that a person shall be guilty of an offence if he causes a computer to perform any function with intent to secure access to any program or data held in any computer.

"The person is also guilty if the access he intends to secure is unauthorised; and he knows at the time when he causes the computer to perform the function that is the case."

He said the Act notes that the intent a person has to have to commit an offence under this section need not be directed at any particular program or data, a program or data of any particular kind; or a program or data held in any particular computer.

According to him, a person guilty of an offence under this section shall on conviction be liable to a fine not exceeding RM50,000 or to imprisonment not exceeding five years or both.

Malaysia has a set of cyberlaws that has been passed by Parliament to provide a comprehensive framework of societal and commerce -enabling laws, which encompass aspects concerning security of information and network integrity and reliability.

These include among others, the Digital Signature Act 1997, Computer Crime Act 1997, Communications and Multimedia Act 1998, and the Optical Disk Act 2000, he added.

Meanwhile, Association of Computer and Multimedia Malaysia (Pikom) Info Security Special Interest Group Chairman Dr Wong Say Ho said the Oxford Reference Online defines cybercrime as crime committed over the Internet while the Encyclopaedia Britannica defines cybercrime as any crime that is committed by means of special knowledge or expert use of computer technology.

"Cybercrime could reasonably include a wide variety of criminal offences and activities. The scope of this definition becomes wider with a frequent companion or substitute term 'computer-related crime'."

Wong noted that examples of activities that are considered cybercrime can be found in the United Nations Manual on the Prevention and Control of Computer-Related Crime. The manual includes fraud, forgery, computer sabotage, unauthorised access and copying of computer programs as examples of cyber crime.

According to him, Malaysia was among the first few countries in the world to introduce cyberlaws such as the Computer Crimes Act 1997. This cyber law addresses and looks into areas of cybercrime activities.

Wong added that despite the lengthy definitions provided by various sources, the definition of cybercrime will change along with the evolution of IT.

Commenting on the latest trends and statistics on cybercrimes in Malaysia, he said that the Deputy Minister of Internal Security Chia Kwang Chye in a recent report noted that cybercrime is on the rise and getting more sophisticated.

There were 117 cases involving RM451,000 in losses were taken to court under the Communications and Multimedia Act 1998 between January and last month compared to 35 last year, while 857 cases were charged in court under the Computer Crime Act 1997 last year, with losses totalling RM2.9 million, while 355 cases have been hauled up to court from January to last month.

Among the offences under the Act were hacking, computer virus and fraudulent withdrawals of cash using fake ATM cards.

Paladion Networks (M) Sdn Bhd's country manager Sreeraj Gopinathan said cybercrime includes a wide range of activities from sending rumours and defamatory messages to sending mails to unsuspecting banking customers and luring them to give out personal details (phishing) to the more "direct" crimes, including transferring money from others' accounts, stealing critical information, etc. He noted that authorities were able to trace the people behind the e-mail scam and the more recent Web log incident.

"But we have to remember that these were detected and traced after it happened. What if instead of scandalous mails and non -sensitive postings, it was some national security information which was in question.

"It might be too late if detected after the incident. The same applies to big corporations which consider their data as important. I believe the authorities have started thinking in this line and hope to see some action soon," he noted.

Sreeraj said that it is often debated whether cybercrime is on the rise or is it just hype by the security industry.

"Whatever is the case the 'perception index' is still high. It is evident from the fact that e-commerce is struggling to pick up in Malaysia. Though the trend has to do with other factors, including user friendliness, complicated procedures, and security, the fear of cybercrime is a big factor.

"You feel unsafe about giving your credit card details on a Web site, but have no problem handing over the card to the local bartender's custody for five to 10 minutes," Sreeraj added.