http://www.crime-research.

org/analytics/702/2

Cyber crime encompasses any criminal act dealing with computers and networks (called
hacking). Additionally, cyber crime also includes traditional crimes conducted through
the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft,
and credit card account thefts are considered to be cyber crimes when the illegal activities
are committed through the use of a computer and the Internet.

Cybercrime is criminal activity done using computers and the Internet. This includes
anything from downloading illegal music files to stealing millions of dollars from online
bank accounts. Cybercrime also includes non-monetary offenses, such as creating and
distributing viruses on other computers or posting confidential business information on
the Internet.

Perhaps the most prominent form of cybercrime is identity theft, in which criminals use
the Internet to steal personal information from other users. Two of the most common
ways this is done is through phishing and pharming. Both of these methods lure users to
fake websites (that appear to be legitimate), where they are asked to enter personal
information. This includes login information, such as usernames and passwords, phone
numbers, addresses, credit card numbers, bank account numbers, and other information
criminals can use to "steal" another person's identity. For this reason, it is smart to always
check the URL or Web address of a site to make sure it is legitimate before entering your
personal information.

Because cybercrime covers such a broad scope of criminal activity, the examples above
are only a few of the thousands of crimes that are considered cybercrimes. While
computers and the Internet have made our lives easier in many ways, it is unfortunate that
people also use these technologies to take advantage of others. Therefore, it is smart to
protect yourself by using antivirus and spyware blocking software and being careful
where you enter your personal information.

Computer crime includes traditional criminal acts committed with a computer, as well as
new offenses that lack any parallels with non-computer crimes. The diversity of offenses
renders any narrow definition unworkable. The U.S. Department of Justice (DOJ) broadly
defines computer crimes as "any violations of criminal law that involve a knowledge of
computer technology for their perpetration, investigation, or prosecution." Accurate
statistics on the extent of this phenomenon have proven to be elusive because of the
difficulty in adequately defining computer crimes. The statistics also are untrustworthy
due to victims' failure to report incidents. The aggregate annual losses to businesses and
governments are estimated to be in the billions of dollars.
Some of the most notorious computer crimes have involved computer viruses, such as the
Melissa virus that appeared on the Internet in March 1999 and infected systems in the
United States and Europe, and the February 2000 distributed denial of service (DDS)
attacks on several leading commercial Web sites including Yahoo!, E*Trade,
Amazon.com, and eBay.

Cyber-crimes are frequently grouped into three categories. The first are those in which
the computer comprises the "object" of a crime and in which the perpetrator targets the
computer itself. This includes theft of computer processor time and computerized
services. The second category involves those in which the computer forms the "subject"
of a crime, either as the physical site of the offense or as the source of some form of loss
or damage. This category includes viruses and related attacks. Finally, the third category
includes those in which the computer serves as the "instrument" used to commit
traditional crimes in cyberspace. This encompasses offenses like cyber-fraud, online
harassment, and child pornography.

Though teenage hackers and underage, e-fraud perpetrators have captured headlines, no
"typical" cyber-criminal exists. Perpetrators also commit cyber-crimes for a variety of
reasons. Motives range from a desire to showcase technical expertise, to exposing
vulnerabilities in computer security systems, retaliating against former employers, or
sabotaging government computer systems.

Read more: Computer Crime - Definitions - Crimes, Cyber, Includes, Offenses, Criminal,
and Category http://ecommerce.hostip.info/pages/237/Computer-Crime-
DEFINITIONS.html#ixzz1aTv3Lhue

What Is Cybercrime?
Date: October 11, 2004
Source: Star Of Mysore Online
By: Maya Babu, Mysore Grahakara Parishat

The internet in India is growing rapidly. It has given rise to new opportunities in every
field we can think of – be it entertainment, business, sports or education. There are two
sides to a coin. Internet also has its own disadvantages. One of the major disadvantages
is Cybercrime – illegal activitiy committed on the internet. The internet, along with its
advantages, has also exposed us to security risks that come with connecting to a large
network. Computers today are being misused for illegal activities like e-mail espionage,
credit card fraud, spams, software piracy and so on, which invade our privacy and offend
our senses. Criminal activities in the cyberspace are on the rise. Here we publish an
article by Nandini Ramprasad in series for the benefit of our netizens. –Ed.

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist
may be able to do more damage with a keyboard than with a bomb".

– National Research Council, "Computers at Risk", 1991.

What is this Cyber crime? We read about it in newspapers very often. Let's look at the
dictionary definition of Cybercrime: "It is a criminal activity committed on the internet.
This is a broad term that describes everything from electronic cracking to denial of
service attacks that cause electronic commerce sites to lose money".

Mr. Pavan Duggal, who is the President of cyberlaws.net and consultant, in a report has
clearly defined the various categories and types of cybercrimes.

Cybercrimes can be basically divided into 3 major categories:

1. Cybercrimes against persons.

2. Cybercrimes against property.

3. Cybercrimes against government.

Cybercrimes committed against persons include various crimes like transmission of

child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including
pornography and indecent exposure, constitutes one of the most important Cybercrimes
known today. The potential harm of such a crime to humanity can hardly be amplified.
This is one Cybercrime which threatens to undermine the growth of the younger
generation as also leave irreparable scars and injury on the younger generation, if not
controlled.

A minor girl in Ahmedabad was lured to a private place through cyberchat by a man,
who, along with his friends, attempted to gangrape her. As some passersby heard her cry,
she was rescued.

Another example wherein the damage was not done to a person but to the masses is the
case of the Melissa virus. The Melissa virus first appeared on the internet in March of
1999. It spread rapidly throughout computer systems in the United States and Europe. It
is estimated that the virus caused 80 million dollars in damages to computers worldwide.

In the United States alone, the virus made its way through 1.2 million computers in one-
fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to
state and federal charges associated with his creation of the Melissa virus. There are
numerous examples of such computer viruses few of them being "Melissa" and "love
bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur
in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial,
religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.

Cyberharassment as a crime also brings us to another related area of violation of privacy

of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No
one likes any other person invading the invaluable and extremely touchy area of his or
her own privacy which the medium of internet grants to the citizen.

The second category of Cyber-crimes is that of Cybercrimes against all forms of property.
These crimes include computer vandalism (destruction of others' property), transmission
of harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the
business when the rival company, an industry major, stole the technical database from
their computers with the help of a corporate cyberspy.

The third category of Cyber-crimes relate to Cybercrimes against Government.

Cyberterrorism is one distinct kind of crime in this category. The growth of internet has
shown that the medium of Cyberspace is being used by individuals and groups to threaten
the international governments as also to terrorise the citizens of a country. This crime
manifests itself into terrorism when an individual "cracks" into a government or military
maintained website.

In a report of expressindia. com, it was said that internet was becoming a boon for the
terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination),
CBI, terrorist outfits are increasingly using internet to communicate and move funds.
"Lashker-e-Toiba is collecting contributions online from its sympathisers all over the
world. During the investigation of the Red Fort shootout in Dec. 2000, the accused
Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use
of the internet to communicate with the operatives and the sympathisers and also using
the medium for intra-bank transfer of funds".

Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to
know that a stranger has broken into your computer systems without your knowledge and
consent and has tampered with precious confidential data and information.

Coupled with this the actuality is that no computer system in the world is cracking proof.
It is unanimously agreed that any and every system in the world can be cracked. The
recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo,
Amazon and others are a new category of Cyber-crimes which are slowly emerging as
being extremely dangerous.

Unauthorised access
Using one's own programming abilities as also various progra-mmes with malicious
intent to gain unauthorised access to a computer or network are very serious crimes.
Similarly, the creation and dissemination of harmful computer programmes which do
irreparable damage to computer systems is another kind of Cybercrime. Software piracy
is also another distinct kind of Cybercrime which is perpetuated by many people online
who distribute illegal and unauthorised pirated copies of software.

Professionals who involve in these cybercrimes are called crackers and it is found that
many of such professionals are still in their teens. A report written near the start of the
Information Age warned that America's computers were at risk from crackers. It said that
computers that "control (our) power delivery, communications, aviation and financial
services (and) store vital information, from medical re-cords to business plans, to
criminal records", were vulnerable from many sources, including deliberate attack.

"Script-kiddies"

Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in
their circles, gain "root" access to a computer system, giving them the same power over a
system as an administrator – such as the power to modify features. They cause damage by
planting viruses.

The Parliament of India passed its first Cyberlaw, the Information Technology Act in
2000. It not only provides the legal infrastructure for E-commerce in India but also at the
same time, gives draconian powers to the Police to enter and search, without any warrant,
any public place for the purpose of nabbing cybercriminals and preventing cybercrime.
Also, the Indian Cyberlaw talks of the arrest of any person who is about to commit a
cybercrime.

The Act defines five cyber-crimes – damage to computer source code, hacking,
publishing electronic information whi-ch is lascivious or prurient, br-each of
confidentiality and pu-blishing false digital signatu-res. The Act also specifies that
cybercrimes can only be investigated by an official holding no less a rank than that of Dy.
Superintendent of Police (Dy.SP).

The Act simply says "Notwi-thstanding anything contained in any other law for the time
being in force, any Police Officer not below the rank of Dy.SP may enter, search and
arrest any person without search warrant in any public place who he thinks is committing
or about to commit a cybercrime".

It is common that many systems operators do not share information when they are
victimis-ed by crackers. They don't contact law enforcement officers when their computer
systems are invaded, preferring instead to fix the damage and take action to keep crackers
from gaining access again with as little public attention as possible.

According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain,
may be because they are aware of the extent of the crime committed against them, or as
in the case of business houses, they don't want to confess their system is not secure".

As the research shows, computer crime poses a real threat. Those who believe otherwise
simply have not been awakened by the massive losses and setbacks experienced by
companies worldwide. Money and intellectual property have been stolen, corporate
operations impeded, and jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have been

compromised. The economic impact of computer crime is staggering.

Cyberspace

As the cases of cybercrime grows, there is a growing need to prevent them. Cyberspace
belongs to everyone. There should be electronic surveillance which means investigators
tracking down hackers often want to monitor a cracker as he breaks into a victim's
computer system. The two basic laws governing real-time electronic surveillance in other
criminal investigations also apply in this context, search warrants which means that
search warrants may be obtained to gain access to the premises where the cracker is
believed to have evidence of the crime. Such evidence would include the computer used
to commit the crime, as well as the software used to gain unauthorised access and other
evidence of the crime.

There should also be analysing evidence from a cracker's computer by the officials
investigating the crime. A seized computer may be examined by a forensic computer
examiner to determine what evidence of the crime exists on the computer.

Researchers must explore the problems in greater detail to learn the origins, methods, and
motivations of this growing criminal group. Decision-makers in business, government,
and law enforcement must react to this emerging body of knowledge. They must develop
policies, methods, and regulations to detect incursions, investigate and prosecute the
perpetrators, and prevent future crimes. In addition, Police Departments should
immediately take steps to protect their own information systems from intrusions.

Internet provides anonymity: This is one of the reasons why criminals try to get away
easily when caught and also give them a chance to commit the crime again. Therefore, we
users should be careful. We should not disclose any personal information on the internet
or use credit cards and if we find anything suspicious in e-mails or if the system is
hacked, it should be immediately reported to the Police officials who investigate cyber-
crimes rather than trying to fix the problem by ourselves.

Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to
keep the drawbacks from overshadowing the great promise of the computer age.
Cybercrime is a menace that has to be tackled effectively not only by the official but also
by the users by co-operating with the law. The founding fathers of internet wanted it to be
a boon to the whole world and it is upon us to keep this tool of modernisation as a boon
and not make it a bane to the society.
http://www.computer-forensics-recruiter.com/home/cyber_crime_statistics.html

he cyber crime statistics below the list of schools illustrate some of the general trends in
the field of hi-tech crimes. Marked increases in cyber crime statistics result in an
increasing need for professionals capable of responding to and investigating cyber
crimes, and conducting computer forensic examinations of evidence in these cases.

Cyber Crime Statistics from the 2006 Internet Crime Report*

 In 2006, the Internet Crime Complaint Center received and processed over
200,000 complaints.
 More than 86,000 of these complaints were processed and referred to various
local, state, and federal law enforcement agencies.
 Most of these were consumers and persons filing as private persons.
 Total alleged dollar losses were more than $194 million.
 Email and websites were the two primary mechanisms for fraud.
 Although the total number of complaints decreased by approximately 7,000
complaints from 2005, the total dollar losses increased by $15 million.
 The top frauds reported were auction fraud, non-delivery of items, check fraud,
and credit card fraud.
 Top contact mechanisms for perpetrators to victims were email (74%), web page
(36%), and phone (18%) (there was some overlap).

* The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the
National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the
National White Collar Crime Center's site.

Cyber Crime Statistics from the 12th Annual Computer Crime and
Security Survey*
 Between 2006 and 2007 there was a net increase in IT budget spent on security.
 Significantly, however, the percentage of IT budget spent on security awareness
training was very low, with 71% of respondents saying less than 5% of the
security budget was spent on awareness training, 22% saying less than 1% was
spent on such training.
 71% of respondents said their company has no external insurance to cover
computer security incident losses.
 90% of respondents said their company experienced a computer security incident
in the past 12 months.
 64% of losses were due to the actions of insiders at the company.

The top 3 types of attack, ranked by dollar losses, were:

 financial fraud ($21.1 million)
 viruses/worms/trojans ($8.4 million)
 system penetration by outsiders ($6.8 million)
* The complete results of this study, as well as past studies, which are conducted annually by the Computer Security Institute,
can be found at the CSI website www.gocsi.com . Interestingly, these statistics are compiled from voluntary responses of
computer security professionals. Thus, there is certainly an inference that the damages due to computer security incidents are
much higher than those cited here, as companies without responding security professionals undoubtedly were the victim of
computer security incidents.

Cyber Crime Statistics from the Online Victimization of Youth, Five

Years Later study*
 Increasing numbers of children are being exposed to unwanted sexual materials
online.
 Reports of online sexual solicitations of youth decreased while reports of
aggressive sexual solicitation of youth did not (perhaps indicating that some
prevention and education measures may be working, while the most serious
offenders may not be deterred).
 Online child solicitation offenses are rarely reported to any authority.
 Incidents of online harassment and bullying increased.

*This is an empirical study based on approximately 1500 surveys conducted with online youth in 2005 that were compared to
the results of a similar study in 2001. The study was conducted by the National Center for Missing and Exploited Children, the
Crimes Against Children Research Center, and the Office for Juvenile Justice and Delinquency Prevention at the United States
Department of Justice. The complete results of the study can be found here http://www.missingkids.com.

http://www.laweddie.com/wordpress/malaysian-cyber-police/

You have heard of police? But have you heard of cyber police?

In Karnataka, there is actually a Cyber Police Station. One of the provinces in China also
have set up its Haikou Cyber Police Station.

Do you still remember in July 2007, Federal Territory Umno Youth head, Datuk Norzahas
urged government to set up Malaysian Cyber Police unit in order to take action against
the bloggers.

In view of the recent numerous arrest of bloggers, do we actually need cyber police in
Malaysia now? what is the main duty of cyber police? is our existing enforcement body
capable to deal with the cyber crimes now?

Lets start with the real function of a cyber police unit, I think no one would object if I say
cyber police unit is a police department dealing with cyber crimes. The broad definition
of cyber crimes is “wrongful act committed using computer as a tool or a target of the
said act or both.”

As such, its seems that the basic requirement to join cyber police unit is IT saviness. As
they may be required to hack into certain system or tracking the source
of the visitors/users and so on.
However, in view of the alleged offences committed by the bloggers in Malaysia, most of
them are in relation to making defamatory/seditious statement via computer. This falls
under the broad definition of the abovementioned “cyber crime”. But if you think further
do we really need cyber police to handle this kind of case? The answer is obvious, No.

Nevertheless, in view of the rapid development of e-commerce in Malaysia, we still

need cyber police to handle other cyber crimes like fraudulent online payment
case, illegal hacking activities and others.

What do you think?

3. Ingredients for an effective computer crime trial

Now that we have covered the CCA 1997, we will focus our attention to the key
ingredients that
are important to form an effective case in a computer crime investigation.
The first of course is the enactment of appropriate laws, with the aim of protecting the
computer crime victims, to serve as a deterrent to would be hackers (the penalty should
be
severe enough) and to provide a legal means of prosecuting those who are found guilty of
committing such crimes. In Malaysia, the punishment may range from 3 years to 10 years
imprisonment and/or a monetary fine of between RM 25,000 to RM 150,000. Note that
stiffer penalties will be given if it is found that the guilty party had intention to cause
injury
when committing the crime.
Next of course is to have a group of specially trained prosecutors in the area of
computer
crime. The challenge for this group of prosecutors is that they have to be generalist on the
subject of computer security and information technology. This is to enable them to tackle
the
various technologies that they may come across when dealing with cyber criminals.
The success of a computer crime investigation is also highly dependent on the
effectiveness
of the investigative team. More and more computer crime divisions are being setup
within
the police force around the world. In United Kingdom (UK) for example there is the
Metropolitan Police Service Computer Crime Unit. This unit deals with crimes that
relates to
the Computer Misuse Act in the UK. There is even a new establishment called the
National
High Tech Crime Squad (UK) to deal with technology related crimes that run across
conventional police boundaries and require specialist investigation skills. The key point
that
is highlighted here is trained specialists are required to carry out investigations in
computer
crime cases.
The global nature of criminal activities requires that strong ties be forged between
enforcement agencies around the world.
o United States Attorney General Janet Reno gave a good example of how complicated a
crime investigation could be when technology involved in the case resides in another part
of the world. “An officer may quickly find himself or herself in the middle of a case with
international implications. For example, during the raid of a drug dealer's home, an
officer might download data from the suspect's network account only to find out later that
the data was stored in a foreign country and the download violated that country's law.”
o Bruce Schneier in his book “Secret and Lies” also brings up the point that “the global
nature of the Internet complicates criminal investigation and prosecution”. Bruce raises
the question of which state or country’s law should be used for prosecution, will it be
from where the data/attack originated from or where the data/target is located or even
where the data/transmission passes through? Personally, it really depends on two things.
The first consideration is the effectiveness of the laws in a particular country and the
second consideration would be how easy would it be to bring the suspect to trial in the
preferred country.
o The Malaysian Parliament website that was hacked on December 2000 was traced to
IP
addresses in Brazil and France. The relevant authorities in those countries were
contacted for assistance in the investigation. This clearly shows the importance of strong
working relationships between authorities in countries around the world.
Early communication with Internet or Network Service Providers
o In his article “Tracking a Computer Hacker”, Daniel A. Morris highlights this as one
of
the important elements when tracing a hacker. ISPs may have in their possession key
records that will help track a hacker. However, in most cases, proper documentation (e.g.
a court order) will be required from the investigators before an ISP will corporate.
Security training and awareness – do’s and don’ts when attacked
Another ingredient that is required for a successful investigation is the actions (pre or
post action) of the system administrators of an attacked system. This includes the
activation and storage of adequate audit and system logs. This is important as it is
equivalent to looking at footprints or fingerprints in the physical world.
Use of traditional investigative techniques
o Finally, investigators in computer crime cases should also utilize traditional
investigative
techniques in their work. This point was clearly pointed out by Daniel A. Morris as he
pointed out that it would be necessary to identify the actual person using a particular
computer or user ID to commit a crime. Take for example a trace that leads to a
computer in a college lab. As hundreds of students make use of the lab, day in day out,
the investigator would have to fall back on more traditional techniques such as physical
surveillance or getting information from students or lab assistants.
4. Computer Crime Case & Lessons Learned
For this section, we will be focusing on computer crimes in the United States, as it is the
most up-to-date and publicly available information on computer crimes over the Internet.
From these cases, we will be able to better comprehend and appreciate the “Internet
Threats”
that are out there.
a. U.S. v. Ventimiglia (M.D. FL). This case is about an ex-employee intentionally
damaging his company’s computers. How does he get in to the computer facility you
may ask? Well, pretty simple if you are still buddy with an existing employee. This
clearly shows that you may have the best door access system or security cameras in the
world, but when there is collusion with internal or “trusted” employees, you can hardly
do much to stop the crimes from taking place. However, what can be done is probably to
allow strict disciplinary action against employees violating policies such as allowing
unauthorized persons to restricted areas. This will at the very least result in an individual
thinking twice before committing any rash acts.
b. U.S. v. Morch (N.D. CA). This is another example of an internal threat. Basically, an
employee on his last day of duty copies out proprietary information and was caught. This
brings up a couple of precautionary measures that may be considered when dealing with
staff resignation.
i. Consider removing or limiting access to staff that has tendered their resignation;
or
ii. Monitor the action of the staff from the period he/she tenders their resignation
letter.
iii. Where possible, change password to the administrator or other IDs that is known
by the staff leaving.
c. U.S. v. Oquendo (S.D. NY). In this particular case, a computer security expert was
found
guilty of computer hacking and electronic eavesdropping. This case once again shows
that Internet threat can come from within an organization. In this particular case, the
employee does the damage while still with the company and began exploiting his earlier
efforts remotely.
i. The challenge to system administrators is to basically know what is supposed to
be on their systems. This knowledge along with regular review of the software or
applications on the system will ensure that any new or unknown software or rogue
files are detected and scrutinized.
d. U.S. v. Smith (D. NJ). Unlike the previous 3 cases highlighted above, which were
internal threats, this case dealt with threats coming from and infecting through the
Internet. David L. Smith pleaded guilty for creating the “Melissa” virus and causing
millions of dollar worth of damage. One thing to learn from this case is that fighting
computer criminals, especially those which leverages on the Internet as a medium of
attack, requires collaboration between multiple parties. In this particular scenario,
America Online and ICSA.net were amongst the key contributors to the successful
investigation of the case. Although this was more of an availability attack, Smith could
be faced with a 5-year federal prison sentence.
e. U.S. v. Gregory (N.D. TX). This case is classified as a telecommunication fraud and
computer hacking. The case was chosen for discussion, as it is different from the four
cases above. Among other things, it includes use of stolen access devices, PIN obtained
from other hacking organization and stolen credit card information. With access to these
equipment and information, Gregory could make free teleconferences at the expense of
the Telecommunication Service Provider. An important lesson or reminder that we can
take from this case is that the hacker network is large and they are willing to trade
information amongst themselves. To me there are both pros and cons about this situation.
The obvious disadvantage against the authorities is that they are fighting against a very
large network of cyber criminals. The advantage for the authorities is that there are more
leads to follow up on. The more people who are involved or know about a crime, the
higher the likelihood of obtaining useful leads to the criminals.
5. Last Words
Before I conclude the paper, I recently came across a piece of news that state a group of
hacker cracked into a Sudanese bank and obtained information about the Al-Qaeda
terrorist organization and its leader Osama bin Laden. They have apparently handed over
the information to the Federal Bureau of Investigation or FBI. However, the authorities
have neither denied nor confirm the incident. The question here is that if these
announcements were indeed true, how should this case be treated? Would the authorities
be indirectly “approving” hacking activities if they were to use the information for the
interest of national security? Would it be better if the hackers would have gotten the
information and passed it on to the authorities without publicizing it? In a virtual world
where laws are still maturing, it is difficult to draw a clear line as to what is right or
wrong, especially when justice needs to be served. Other hacker organizations may use
this as an opportunity to begin hacking into sites, which are linked to terrorists but for
their own agenda. Lawmakers and authorities definitely have a great task ahead of them
for defining internationally acceptable cyber laws.
6. Conclusion
Computer crime definitely must be taken seriously. Attacks can come from a computer
across the room or computers located in another country. The threat could be external or
it could be internal. It may have financial impact, it may deal with child pornography or
it may be related to cyber terrorism. Because of the number of computer crime cases that
has increased over the years (and many more unreported), the development of computer
crime laws and policing initiatives must grow in tandem. Tackling computer crime is
similar to tackling computer security; you have to start from the basics and address one
thing at a time. As long as there is a system in place to punish the wrongdoers, as long as
there is public awareness of the potential seriousness of such crimes, I believe that there
will be much headway in computer crime law and investigation in the coming years in
Malaysia and around the world. One important element that I found to be similar
between most of the cases was the strength of the investigation team and the support it
has received from its counterparts whether locally or internationally. With that I would
like to sum up the paper with a quote from Barry W. Mawn, the Assistant Director in
Charge of the New York Office of the Federal Bureau of Investigation, “This
investigation and these charges should dispel the notion that using a computer to commit
criminal acts literally a world away from one’s victim provides a zone of safety from law
enforcement scrutiny. In fact, the growth of computer related crime in recent years has
resulted in a closer coordination among law enforcement agencies around the world.
This investigation demonstrates the cooperation of both American business entities and
our international law enforcement partners to address 21st century crime”
(http://www.cybercrime.gov/bloomberg.htm).
Bibliography
1. Attorney General Janet Reno Addresses the High Technology Crime Investigation
Association
1999 International Training Conference, September 20, 1999.
http://www.usdoj.gov/criminal/cybercrime/agsandie.htm
2. Department of Justice’s (US) Computer Crime and Intellectual Property Section of the
Criminal Division of the U.S. Department of Justice.
http://www.usdoj.gov/criminal/cybercrime/index.html
3. Department of Justice – Computer Intrusion Cases. Last updated October 1, 2001.
http://www.cybercrime.gov/cccases.html
“Ex-GTE Employee Pleads Guilty to Intentionally Damaging Protected GTE
Computers”, March 20, 2001. Last updated March 22, 2001.
(http://www.cybercrime.gov/VentimigliaPlea.htm).
Press release from the US Department of Justice, March 21, 2001. Last updated 3 May
2001. (http://www.cybercrime.gov/MorchPlea.htm).
“Computer Security Expert Sentenced to 27 months Imprisonment for Computer
Hacking
and Electronic Eavesdropping, June 13, 2001. Last updated on 14 June 2001.
(http://www.cybercrime.gov/OquendoSent.htm).
“Creator of Melissa Computer Virus Pleads Guilty to State and Federal Charges,
December 9, 1999. Last updated, December 14, 1999.
(http://www.cybercrime.gov/melissa.htm)
“Computer Hacker Sentenced”, September 6, 2000. Last updated September 25 2000.
(http://www.cybercrime.gov/gregorysen.htm)
“Three Kazak Men Arrested In London For Hacking Into Bloomberg L.P.’s Computer
System”, August 14, 2000. Last updated, August 31, 2000.
(http://www.cybercrime.gov/bloomberg.htm).
4. Malaysian Computer Crimes Act 1997
http://ktkm.netmyne.com.my/contentorg.asp?
Content_ID=80&Cat_ID=1&CatType_ID=17&Sub
Cat_ID=40&SubSubCat_ID=15
(If you are having trouble accessing the above link, please go to the general site of the
Malaysia
Energy, Communications and Multimedia Ministry’s Homepage at
http://www.ktkm.netmyne.com.my - Go to menu item => Organisation => Jurisdiction
=>
Ministry of Energy, Comm and Multimedia => Computer Crimes Act 1997)
5. Morris, Daniel A. “Tracking a Computer Hacker”. Last updated July 10, 2001.
http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm
6. Puvaneswary, S. “Police Seek Help From The Two Countries To Track Down Those
Responsible”. 17 January 2001. http://www.niser.org.my/news/2001_01_17.html
7. Schneier, Bruce. Secret and Lies. John Wiley & Sons, 2000.
8. Stafford, Ned. “Sudan Bank Hacked, Bin Ladden Info Found – Hacker”, Newsbytes.
27
September 2001. http://www.newsbytes.com/news/01/170588.html.
Cyber crime increased by 127pc in 2010
February 09, 2011
KUALA LUMPUR, Feb 9 – Incidents of cyber crime in the country jumped by 127 per cent last
year, or the equivalent of 8,090 cases compared to 3,564 cases in 2009, CyberSecurity Malaysia
announced today.
Chief executive officer, Lt. Kol (Ret.) Husin Jazri said that of all the cases reported last year, the
majority involved online fraud and deception, or the equivalent of 2,212 cases.
“In 2009, only 3,564 cases were recorded by Cyber999 but that number jumped to a much higher
level last year,” he told reporters after the launch of the KL GreenHat 2011 challenge at Universiti
Kuala Lumpur (UniKL) here, today.
The two-day challenge was officiated by the dean of the Malaysia Institute of Information
Technology (MIIT), Dr Roslan Ismail.
Husin said many cases revolved around personal attacks of a political nature, pornography, fraud
and computer viruses.
“There were 419 cases of blackmail last year,” he added.
CyberSecurity Malaysia is the national cyber security specialist under the Ministry of Science,
Technology and Innovation (MOSTI) that runs the Cyber999 Help Centre which is tasked with
eradicating cyber crime.
Meanwhile, Roslan said ethical hacking represented one of the challenges at KL GreenHat 2011.
He said ethical hackers are not individuals who trespass and steal information but those who help
strengthen existing systems from being hacked.
Moreover, the increase in ethical hackers allows for more far-reaching cyber security as well as a
more thorough examination of computer systems, including the internet and computer
applications.
Ethical hackers would be able to determine if any data was at risk of being compromised and
suggest ways of overcoming such weaknesses, he added. – Bernama