1.

0 INTRODUCTION

Cyber space is a virtual space that has become as important as real space for business, politics, and communities. Malaysias commitment in using Information and

Communication Technology (ICT) as reflected by the investment in the Multimedia Super Corridor (MSC) and its Flagships increases our dependency on cyber space. However, this dependency places Malaysia in an extremely precarious position because cyber space is vulnerable to borderless cyber attacks.

Cyber space, as it stands today, gives rise to both positive and negative consequences. For negative consequences, the ingredient of this digital soup is so vague that many refer to it as the dark sides of technology and that cyber criminal currently have the upper hand over law enforcement efforts. The applicability and effectiveness of our existing laws need to be constantly reviewed to face the risks coming from the cyber world.

Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. As it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. Computer Crime encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. Cyber Crime describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behavior perpetrated through the use of information technology such

as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries can and do cover computer related crimes or electronically perpetrated crimes. Offences against the computer are relatively new as they arise from and in relation to the digital age, which threatens the functionality of the computer as an asset of a borderless information society. New laws are required in order to nurture and protect an orderly and vibrant digital environment. Offences through the use of computers merely constitute new ways to commit traditional offences using the electronic medium as a tool. In this case, existing legislation may not be suitable or adequate for several reasons; for example, the language in criminal statutes may not apply, jurisdictional issues may arise and punishments may not be appropriate.

1.1 Definition of Cyber Crimes Despite the fact that the word Cybercrime has entered into common usage, many people would find it hard to define the term precisely. Furthermore, there is no catchall term for the tools and software which are used in the commission of certain online crimes. In the next two sections, we will attempt to rigorously define Cybercrime and formalize an emerging term, crime ware, which is an inclusive term for the many different Trojans, Viruses, Bots, Spyware and Worms which are instrumental in facilitating certain Cybercrimes.

Like traditional crime, Cybercrime has many different facets and occurs in a wide variety of scenarios and environments. Current definitions of Cybercrime have evolved experientially. They differ depending on the perception of both observer/protector and victim, and are partly a function of computer-related crimes geographic evolution. For example, The Council of Europes Cybercrime Treaty uses the term Cybercrime to refer to offences ranging from criminal activity against data to content and copyright infringement. However, Zeviar Geese suggest that the definition is broader, including

activities such as fraud, unauthorized access, child pornography, and cyber talking. The United Nations Manual on the Prevention and Control of Computer Related Crime includes fraud, forgery, and unauthorized access in its cybercrime definition.

As you can see from these three definitions, Cybercrime can occur across a broad spectrum. In many ways, our argument regarding Cybercrime is similar to our previous argument concerning the utility of the word cyber terrorism. In the case of cyber terrorism it is our belief that the term itself is misleading in that it tends to create a vertical representation of a problem that is inherently horizontal in nature. Similarly, a criminal will not care whether a crime is cyber in nature or not instead, all methods available will be exploited.

Given this position, we believe there are significant benefits to deleting the word from the lexicon entirely. However, given that this is not likely to occur, the next best thing is to attempt to define the word as meaningfully as possible. Unfortunately, modeling cybercrime definition upon existing categories in work such as Parker is problematic as existing work tends to be descriptive rather than based upon a theoretical framework. With this in mind, we define Cybercrime as any crime that is facilitated or committed using a computer, network, or hardware device.

The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime indeed, the crime can take place on the computer alone, or in other non virtual locations. An additional advantage of this approach is that it is easy for researchers to define the topic too narrowly. By explicitly highlighting these two facets of Cybercrime, we hope to provide additional emphasis on the breadth of the issue.

Further, our goal is not to legally define Cybercrime such a definition is beyond the scope of this paper. Instead, we attempt to create a conceptual framework which lawmakers can use in order to create legal definitions which are meaningful from a technical and societal perspective. We recognize that current legal definitions of

Cybercrime vary drastically between jurisdictions. However, if technicians in the field worldwide can adequately grasp the nuances of electronic crime, more cohesive legal definitions may result.

The Oxford Reference Online defines cyber crime as crime committed over the Internet. The Encyclopedia Britannica defines cyber crime as any crime that is committed by means of special knowledge or expert use of computer technology.

Cyber crime could reasonably include a wide variety of criminal offences and activities. The scope of this definition becomes wider with a frequent companion or substitute term computer-related crime. Examples activities that are considered cyber crime can be found in the United Nations Manual on the Prevention and Control of Computer-Related Crime. The manual includes fraud, forgery, computer sabotage, unauthorized access and copying of computer programs as examples of cyber crime.

Globalization, technology and the Internet are without a doubt shaping the way business is done today. While these phenomena are known to have brought global business to a whole new level, they have also brought with them, the mixed blessing called cybercrime. Businesses, governments and individuals have all played victim to cybercrime. Many have attempted a definition of cybercrime. Fafinski, & Minassian (2008) quoting Wall (2007), define cybercrime as the transformation of criminal or harmful behavior by networked technology, while Wilson (2007) puts it simply as a crime that is enabled by, or that targets computers. Other synonyms exist like computer crime and internet crime, are also found in literature. Cybercrimes can range from criminal activity against data to content and copyright infringement (Gordon & Ford, 2006). The United Nations had this to say about efforts to fight crime in general. Globalization opens many opportunities for crime, and crime is rapidly becoming global, outpacing international cooperation to fight it. United Nations Human Development Report, 19

1.2 Principles of Cyber Crimes As the new millennium dawned, the computer has gained popularity in every aspect of our lives. This includes the use of computers by persons involved in the commission of crimes. Today, computers play a major role in almost every crime that is committed. Every crime that is committed is not necessarily a computer crime, but it does mean that law enforcement must become much more computer literate just to be able to keep up with the criminal element. According to Donn Parker , For the first time in human history, computers and automated processes make it possible to possess, not just commit, a crime. Today, criminals can pass a complete crime in software from one to another, each improving or adapting it to his or her own needs. The first recorded cyber crime took place in the year 1820. The era of modern computers, however, began with the analytical engine of Charles Babbage. Cyber crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather threatening implications. The majority of what are termed cyber-crimes is really violations of longstanding criminal law, perpetrated through the use of computers or information networks. The problems of crime using computers will rarely require the creation of new substantive criminal law; rather, they suggest need for better and more effective means of international cooperation to enforce existing laws. On the other hand, there are new and serious problems posed by attacks against computers and information systems, such as malicious hacking, dissemination of viruses, and denial-of-service attacks. Such attacks should be effectively prohibited, wherever they may originate. At the same time, it is to be remembered that often the most effective way to counter such attacks is to quickly deploy technical countermeasures; therefore, to the extent that well-meaning but overbroad criminal regulations diminish the technical edge of legitimate information security research and

engineering, they could have the unintended consequence of actually undermining information security.

2.0 CLASSIFICATION OF CYBER CRIMES

Cyber crimes are the focus of legislation adopted at both the state and federal levels. Constitution allocates lawmaking authority between the two levels according to certain principles. One of which is that even when federal jurisdiction to legislate exists, federal legislation is appropriate only when federal intervention is required. While federal legislative authority can pre-empt the state ability to legislate in a given area, it rarely does, so it is not unusual for federal criminal laws to overlap with state prohibitions that address essentially the same issues.

Cyber crimes are a very serious threat for the times to come and pose the most difficult challenges before the law enforcement machinery. Most cyber crimes do not involve violence but greed, pride or other things play on the character weakness of the victims. The various types of cyber crimes may be broadly classified as Cyber crime Against Individual, Against Organization, Against Society and Against Property.

Figure 1: Many types attacks under cyber crime

2.1 Against Individual In these crimes related against person, against property of an individual are included. Against persons include harassment through e-mail, cyber stalking, disseminate of obscene material on the Internet, defamation, hacking or cracking and by indecent exposure. Cyber crimes against property of an individual include computer vandalism, transmitting virus, Internet intrusion, unauthorized control over computer system and hacking / cracking etc.

2.2 Against Organizations These include crimes against government, private firm, company, group of individual etc. These crimes can be made by hacking and cracking, by possession of unauthorized information and through cyber terrorism against the government organization. The distribution of pirated software and other related work also comes under the category of cyber crimes against organizations.

2.2.1 Hacking It is the most common type of cyber crime. It is defined in the information technology Act, 2000 as whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information in a resource or diminishes its value or utility or affects it injuriously by any means commits hacking. Under this section punishment for his imprisonment is 3 years or fine which may extend up to 8 rupees or both. A hacker is a person who breaks in or trespasses a computer system.

2.2.2 Cracking Cracking cyber crimes or economic offences are unlike routine ones. Such crimes are committed by the suspects who are well-versed in computers or seek help of

experts in the organizations. Many of the suspects committing cyber crimes cracking are well-educated and have an IT background. We have a well-trained staff that has enormous knowledge in tackling such cases in the organizations.

2.3 Against Society These crimes not only affect individual or any organization but the society at large. They include Pornography (Specially Child Pornography), polluting the youth through indecent exposure and trafficking etc.

2.3.1 E-mail Slandering Threaten Case In US 60% of the e-mail are came from spam. This activity is breaking privacy, confusing content, bluffing in practice and burden individual cost or business company cost by losing productivity and wasting of resource.

Case 1 One of the example involving public figure like Dato Siti Nurhaliza case being discuss is done by Asmah and the Geng like gossiping, slandering, porno in email. Dato Siti Nurhaliza says it is purposely done to diminish her career as entertainer.

Case 2 E-mail case of Dato Anuar Ibrahim that used address tong_sangchai@yahoo.com send email with make attention witch justify Islam Hadhari and Money Politic as waste disposal and urine being debate in website. Email like this distraction to implementation of government policy and nation harmony.

Case 3 Slandering email also threaten stabilization economy. This happened to Gardenia Bakeries (Kuala Lumpur) Sdn. Bhd. that controls 60% of Malaysia bakery market. This company was slandered by using in non-halal ingredient in their product. The fliers being distribute all over mosque in Malaysia peninsular in April 2003, and also through e-mail and short message system (sms).

2.4 Against Property

The text discusses other crimes against property, including robbery, theft, fraud, identity theft and others. There are numerous crimes against property in all state

statutes and the numbers are simply too vast to go into detail here. Therefore, this chapter will focus on some of the property offenses outlined in the text.

2.4.1 Robbery Depending on whom you ask, robbery could either be considered a property crime or a violent crime. In essence, it is both. Robbery involves the use of force or threatened use of force to commit a theft. If no force or threat of force is used, then the offense is simply theft. Thus, it is not wrong to consider robbery either a violent crime or a property crime, since elements of both are present.

Aggravated robbery also involves the removal or attempted removal of a law enforcement officers weapon during the course of the officers duties. Also, carjacking, as mentioned in the text, could be considered a type of aggravated robbery if a deadly weapon is displayed or used during the course of the theft. Aggravated robbery is considered a first-degree felony. Robbery involves the same underlying elements of aggravated robbery (attempting or committing a theft offense, fleeing immediately after, etc.), but does not involve the risk of serious physical harm. If an offender merely possesses a dangerous weapon, inflicts or threatens to inflict physical harm on another,

or uses or threatens to use force against another, then robbery has been committed. If a person possesses a dangerous weapon or inflicts physical harm, it is considered a second degree felony. If a person uses or threatens to use force, it is considered a third degree felony.

2.4.2 Theft The theft offenses cover a range of conduct but simple theft is defined as, no person, with purpose to deprive the owner of property or service, shall knowingly obtain or exert control over either the property or services in any ways. The definition of theft is broad enough to cover other offenses, such as embezzlement and false pretenses. Punishment for theft depends on the value of the property.

2.4.3 Fraud The types of fraud is tampering with records, defrauding creditors, illegal use of food stamps, insurance fraud, and workers compensation fraud. Despite these different types of fraud, each involves the same element receiving some sort of benefit by means of deception and falsification. For instance, an individual with a back problem may claim that he was injured on the job. If his employer provides workers compensation, that individual may receive benefits or reimbursement for the medical expenses or time off from work spent recuperating. An individual engages in workers compensation fraud if his back pain was not the result of a job injury or there is no injury and the individual is faking. Either way, the individual is deceiving his employer in order to receive benefits that he is not entitled to.

Figure 2: Cyber crimes against property in increase every year starting 2004 to 2008

Computer crime and Identity theft Computer crime is considered a specific kind of theft offense. It is defined as no person shall knowingly gain access to, attempt to gain access to, or cause access to be gained to any computer, computer system, computer network without the consent of or beyond the scope of the express or implied consent of the owner of the computer, computer system, computer network or other person authorized to give consent by the owner.

2.5 COMPARISION CYBER CRIME IN MALAYSIA AND USA The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to or destroy valuable information. Malaysias Government should draw on best practices from other countries like United State and work closely with industry to enact enforceable legal protections against these new crimes. The laws of most countries do not clearly prohibit cyber crimes. Existing terrestrial laws against physical acts of trespass or breaking and entering often do not cover their virtual counterparts. Web pages such as the e commerce sites recently hit by widespread, distributed denial of service attacks2 may not be covered by outdated laws as protected forms of property. Effective law enforcement is complicated by the transnational nature of cyber crime. Different with United State, mechanisms of cooperation across national borders to solve and prosecute crimes are complex and slow in Malaysia. Cyber criminals can defy the conventional jurisdictional realms of sovereign nations, originating an attack from almost any computer in the world, passing it across multiple national boundaries, or designing attacks that appear to be originating from foreign sources. Such techniques dramatically increase both the technical and legal complexities of investigating and prosecuting cyber crimes. Many countries were asked to provide laws that would be used to prosecute criminal acts involving both private and public sector computers. Over fifty national governments responded with recent pieces of legislation, copies of updated statutes, draft legislation, or statements that no concrete course of action has been planned to respond to a cyber attack on the public or private sector.

Ten different types of cyber crime in four categories are listed in United State and Malaysia are data related crimes, including interception, modification, and theft as a network related crimes, including interference and sabotage as a crimes of access, including hacking and virus distribution as a and associated computer related crimes, including aiding and abetting cyber criminals, computer fraud, and computer forgery.

In comparison to traditional print based media, the accessibility and relative anonymity of cyber crime has torn down traditional barriers between an individual and his or her ability to publish. Any person with an internet connection has the potential to reach an audience of millions with little to no distribution costs.

In the United States, police departments are establishing computer crimes units, and cybercrime makes up a large proportion of the offences investigated by these units different with Malaysia Police Department (PDRM). The National Cybercrime training Partnership (NCTP) encompasses local, state, and federal law enforcement agencies in the United States. The International Association of Chiefs of Police (IACP) hosts an annual Law Enforcement Information Management training conference that focuses on IT security and cybercrime. The European Union has created a body called the forum on Cybercrime, and a number of European states have signed the Council of Europes Convention on Cybercrime treaty, which seeks to standardize European laws concerning cybercrime. From this perspective, each organization and the authors of each piece of legislation have their own ideas of what cybercrime is and isnt. This issue are very constraint in the United State but in Malaysia, cybercrime is not big issue.

In United State, one of the biggest criticisms to the definition of computer crime conducted by the U.S Department of Justice (DOJ) is of its overly broad concept. The (DOJ) defines computer crime as any violation of criminal law that involved the knowledge of computer technology for its perpetration, investigation, or prosecution. In Malaysia, cybercrime are controlled by Cyber Security Malaysia. There are no agreed indicators to measure this success. It is hard to say how successful they are. But Cyber Security Malaysia had achieved some breakthroughs in many incidents. Their role in

combating cyber crime involves providing specialized and in-depth tech support on how to tackle threats. For example, when there is a dedicated attack by Botnet to propagate malware which is very dangerous, Cyber Security Malaysia are quickly analyze it to look for an antidote. If there is none, then they create one to release to our partners, so Malaysians can be protected from these vulnerabilities online.

Last year, Cyber Security Malaysia handled a total of 2,123 incidents, more than 100 per cent increase compared with 2007. But that rate was an increase in incidents and it may not correlate with cyber crime rates. Cyber Security Malaysia had not seen comprehensive statistics on the rate of cyber crime in Malaysia. The police, Bank Negara, Securities Commission and Malaysian Communications and Multimedia Commission (MCMC) have their own statistics.

Even in the United States as recently as 2000, it was noted that American law enforcement agencies, including the Justice Department, lacked the staff to investigate and prosecute cybercrimes like digital break-ins, data destruction and viruses. As a result of this, cybercriminals were breaking into or paralyze US-based websites with little fear of retribution, costing the private sector hundreds of millions of dollars.

Even Interpol, the organization set up to track fugitives and investigate international crime and of which Malaysia is a member of, considered letting a Silicon Valley computer security company, Atomic Tangerine, help it to protect businesses from hackers. This is after it acknowledged that international law enforcers were unable to combat computer crime effectively and also after acknowledging that governments found it difficult to coordinate cross-border efforts to combat this new phenomenon. Its secretary general at the time, Raymond Kendall stated that ... there's a limit to how you can transform police officers or detectives into technicians.

In Malaysia, the Malaysian Police formed the Technology Crime Investigation Branch (TCIB) in October 1998. It is under the Commercial Crime Investigation Division. The officers in the TCIB are specially trained in cybercriminal investigation methods.

The TCIB also lends its assistance to overseas enforcement agencies in investigating online gambling, hacking and illegal distribution of pirated software

2.6 SUGGESTIONS & RECOMMENDATIONS

In Malaysia, the weak state of global legal protections against cyber crime suggests three kinds of action.

2.6.1 Firms should secure their networked information

Laws to enforce property rights work only when property owners take reasonable steps to protect their property in the first place. As one observer has noted, if homeowners failed to buy locks for their front doors, should towns solve the problem by passing more laws or hiring more police? Even where laws are adequate, firms dependent on the network must make their own information and systems secure. And where enforceable laws are months or years away, as in most countries, this responsibility is even more significant.

2.6.2 Governments should assure that their laws apply to cyber crimes

National governments remain the dominant authority for regulating criminal behavior in most places in the world. One nation already has struggled from, and ultimately improved, its legal authority after a confrontation with the unique challenges presented by cyber crime. It is crucial that other nations profit from this lesson, and examine their current laws to discern whether they are composed in a technologically neutral manner that would not exclude the prosecution of cyber criminals. In many cases, nations will find that current laws ought to be updated. Enactment of enforceable computer crime laws that also respect the rights of individuals are an essential next step in the battle against this emerging threat.

2.6.3 Frameworks for cyber security

To be prosecuted across a border, an act must be a crime in each jurisdiction. Thus, while local legal traditions must be respected, nations must define cyber crimes in a similar manner. An important effort to craft a model approach is underway in the Council of Europe comprising 41 countries. The Council is crafting an international Convention on Cyber Crime. The Convention addresses illegal access, illegal interception, data interference, system interference, computer-related forgery,

computer-related fraud, and the aiding and abetting of these crimes. It also addresses investigational matters related to jurisdiction, extradition, the interception of

communications, and the production and preservation of data. Finally, it promotes cooperation among law enforcement officials across national borders.

Late in its process, the Council began to consider the views of affected industry and civil society. This process is making the Councils product more realistic, practical, efficient, balanced, and respectful of due process that protects individual rights. At this point, most observers support provisions to improve law enforcement cooperation across borders. However, industry, through the World Information Technology and Services Alliance, argues that the requirements on service providers to monitor communications and to provide assistance to investigators, as outlined in the Draft Convention, would be unduly burdensome and expensive. Another provision considered objectionable could criminalize the creation and use of intrusive software, or hacking programs, which are designed for legitimate security testing purposes. This action could stifle the advances in technology vital to keep up with evolving cyber threats. Privacy and human rights advocates object to the Draft Conventions lack of procedural safeguards and due process to protect the rights of individuals, and to the possibility that the ensuing national laws would effectively place restrictions on privacy, anonymity, and encryption.

The Council plans to release a final draft of the Convention in December 2000. In 2001, a political process involving national governments will determine the scope and coverage of the final Convention. Because of cyber crimes international potential, all countries, and all companies, are affected. Interested parties, including national governments from outside Europe, and businesses and non-governmental

organizations from around the world, should participate vigorously in a consensus process to develop measures that support effective international law enforcement and foster continued growth and innovation.

2.6.4 Requirements for Holistic Integrated Policy and Framework

Holistic, integrated, and cohesive policies need to be established at international, regional, and national levels to ensure effective and beneficial application of ICTs within the Asia-Pacific region, especially in the poorer and inadequately serviced areas. Given that different countries of the region have expertise in different parts of this new technology, collaboration efforts between countries in the region will bring greater benefits in the application of ICTs for development of the region. The most basic problems and challenges that public policymakers face trying to enhance ICT diffusion and development are the lack of both financial and trained human resources. The need for continuous collaboration in the development of ICT is vital. Recommendations in the following four areas are offered for collaborative work to ensure that the countries of Asia-Pacific are not left behind in embracing ICT for achieving competitive advantages:

1. Adoption of sound education program at all levels to 1) foster literacy, in general, and ICT literacy, in particular, 2) establish cybercrime free technology, and 3) provide for a secure information society within the region and info-sphere;

2. Promotion of human resource development program and collaborative Research & Development in priority areas of ICTs within each country and in the region as a whole;

3. Establishment of up-to-date, common, and mutually supporting cyber-laws for combating crime and protecting intellectual property rights towards the creation of cybercrime free information society, and to encourage further inventions and innovations to generate wealth; and

4. Adoption of ICT standards, regulations, and quality assurance to foster high quality and secure services and products that maintain competitiveness for the benefit of all communities within each country, in the region, and in the world.

CONCLUSION Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.

REFERENCES

Casey, E (2000), Digital Evidence and Computer Crimes (Forensic Science, Computers and the Internet). London: Academic Press Lessig, L (1999), Code and other laws of Cyberspace. New York: Basic Books Mitnick, K.D. & Simon, W.L. (2002), The Art of Deception, United States of America: Wiley Publishing, Inc

Ohio Revised Code, www.ohio.gov/ohio/ohiolaws.html State v. Morning 2002 Ohio 5097 (2002) State v. Thomas 106 Ohio St. 3d 133 (2005) www.ag.state.oh.us/victim/idtheft/index.asp - website of the Ohio Attorney General provides information about identity theft in Ohio. www.usdoj.gov/criminal/cybercrime/cc.html - website of the U.S. Department of Justice contains information about cybercrime, with the latest news and cases dealing with the issue. www.crime-research.org/library/Cybercrimimal.html www.uncjin.org/Documents/EighthCongress.html