PENYERAHAN DAN PENILAIAN TUGASAN ASSIGNMENT SUBMISSION AND ASSESSMENT

FACULTY OF EDUCATION AND LANGUAGES SEPT / 2011

OUMH1203 ENGLISH FOR WRITTEN COMMUNICATION

MATRICULATION NO IDENTITY CARD NO. TELEPHONE NO. E-MAIL LEARNING CENTRE NAME

: 750620126206001 : 750620-12-6206 : 0135571200 : rohanajukarna@yahoo.com.my : SANDAKAN BRANCH : ROHANA BT HJ JUKARNA

1.0

INTRODUCTION

2.0

CONTENT 2.1 CLASSIFICATION OF CYBER CRIMES

4 4 6 6 6 7

i. ii. iii. iv.

Cyber crime against individual Cyber crime against property Cyber crime against organization Cyber crime against society

2.2 i. ii. iii.

COMPARISON OF CYBER CRIMES IN MALAYSIA AND USA

8 8 10 11

Cyber crime act and law Cyber crime agency Cyber crimes cases and report

2.3 SUGGESTIONS

14

3.0 CONCLUSION

15

4.0 REFERENCES

16

1.0

INTRODUCTION

Cyber crimesharmful acts committed from or against a computer or networkdiffer from most terrestrial crimes in four ways. They are easy to learn how to commit; they require few resources relative to the potential damage caused; they can be committed in a jurisdiction without being physically present in it; and they are often not clearly illegal. This growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes.

To begin answering these questions, it would be helpful to briefly look at the components of crime in general. Traditionally, crime has been defined as an intentional violation of the legal code that is punishable by the state. Central to this definition is the premise that crime occurs within the boundaries of some physical reference point, that is, a location that constitutes a specific jurisdiction. Some definitions of cyber-crime are relatively narrow in focus. In some cases, only hacking behavior would fall under the definition of what constituted cyber-criminality (Thomas et.al., 2010). For example, the Council of Europes Cybercrime Treaty refers to only those offenses that involve damage to data or to copyright and content infringements. However, most experts would agree that this definition is much too narrow and needs to take into account more traditional crimes, such as fraud and stalking that make use of computers (Gordon and Ford, 2006). Below are suggested best definitions in describing cyber crimes. i. Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Two of the most common ways this is done is through phishing and harming (http://www.techterms.com/definition/cybercrime). ii. Cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. All cybercrimes involve both the computer and the person behind it as victims (http://www.crime-research.org/articles/joseph06). iii. Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet

(http://www.webopedia.com/TERM/C/cyber_crime.html).

iv.

Cyber crime as any activity in which computers or networks are a tool, a target or a place of criminal activity. More precisely cyber crime as computer-mediated activities which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks (Hale, 2002). The term cybercrime is used to describe a range of offences including traditional computer crimes, as well as network crimes. As these crimes differ in many ways, there is no single criterion that could include all acts mentioned in the Stanford Draft Convention and the Convention on Cybercrime, whilst excluding traditional crimes that are just committed using hardware (Brenner, 2004).

v.

vi.

Cyber crimes is the use of any computer network for crime or any criminal offence committed against or with the help of a computer network (Council of Europe, 2001).

Among above definitions, the best description in my perspective is from Council of Europe (2001) in their Convention Cybercrime in United Kingdom. The definition given is simple and easy too understand yet completely describe computer and network as a tool in the crime and anyone can be the victim such as individual, society or even organization.

2.0

CONTENT 2.1 CLASSIFICATION OF CYBER CRIMES

The classification of cybercrime which is an important step to fighting it, has been grossly limited to whether these crimes are computer-assisted or computer-focused or simply by directly naming these crimes (Audit Commission, 1998). Furnell (2001) attempted a classification based on a different view motivation. However, his categorizations of hackers only addressed a small subset of cybercrimes. He does a good job in reviewing past classifications as far back as twenty years into the categorizations put forth by the United Kingdom (UK) Audit Commission on computer crimes. Below are the categorizations and organization responsible for them as reviewed by Furnell. i. UK Audit Commission (1998) Classification Hacking Sabotage. Introducing pornographic material. Virus Fraud Theft Use of unlicensed software Private work Misuse of personal data FBIs National Crime Squad (Fraser, 1996)
4

ii.

 Intrusions of the Public Switched Network (the telephone company) Major computer network intrusions Network Integrity violations Industrial espionage Pirated computer software Other crimes where the computer is a major factor in committing the criminal offense

iii.

Computer Security Institute (CSI) (CSI, 2001) Denial of Service Spoofing Virus Unauthorized insider access Telecom fraud Active wiretapping Laptop theft Theft and proprietary information Sabotage of data or networks Telecom eavesdropping System penetration by outsider Insider abuse of net access Financial fraud

Gordon and Ford (2006) also classified cybercrimes into two major group called Type I and Type II cybercrimes. Type I cybercrime has the following characteristics: i. ii. It is generally a singular, or discrete, event from the perspective of the victim. It often is facilitated by the introduction of crime-ware programs such as keystroke loggers, viruses, root kits or Trojan horses into the users computer system iii. The introductions can, but may not necessarily be, facilitated by vulnerabilities

The characteristics of Type II cyber crime are: i. It is generally facilitated by a program that does not t under the classication crime ware. For example, conversations may take place using IM (Instant Messaging) clients or les may be transferred using the FTP protocol ii. There are generally repeated contacts or events from the perspective of the user.

According to many classification on cyber crimes, there are four major types of cyber crimes based on Lawyers Club India (2009) and my research also shows that this classification is completely needed in our modern network nowadays and to guarantee human basic right. The 4 major categories are cyber crime against individual, cyber crime against property, cyber crime against organization and cyber crime against society. This classification also used by Report Cyber Crime Centre, (http://www.reportcybercrime.com/classification.php) an online assistance under IT act in India.
5

i.

Cyber crime against individual

Cybercrimes committed against persons include various crimes like transmission of childpornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. Examples of cyber crime against individual are: Email spoofing Spamming Cyber Defamation Harassment & Cyber stalking For example in cyber chat case, a minor girl in Ahmedabad was lured to a private place through cyber chat by a man, who, along with his friends, attempted to gang rape her. As some passersby heard her cry, she was rescued. This case is one of example under harassment and cyber stalking. Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.

ii.

Cyber crime against property

These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes. Two best examples under this type of cyber crime is credit card fraud and intellectual property crimes intellectual property crimes include software piracy, illegal copying of programs and distribution of copies of software.

iii.

Cyber crime against organization

Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of cyber space is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country. This crime manifests itself into terrorism when an individual cracks into a government or military maintained website. A few example of this type are: Unauthorized accessing of computer - a) Changing/deleting data, b) Computer voyeur: Computer contamination / Virus attack - a computer virus is a computer program that can infect other computer programs by modifying them
6

Email bombing - Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. Salami attack - when negligible amounts are removed and accumulated in to something larger. These attacks are used for the commission of financial crimes. Logic bomb - its an event dependent programme, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities Trojan horse - an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Data diddling - This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

In recent cases in Malaysia, about 51 governmentss website have been hacked on 15 June 2011 (Utusan Malaysia, 16 June 2011). The hackers group named themselves, as Anonymous are targeting website that have .gov.my suffix. Among website that involved was www.malaysia.gov.my, www.politeknik.gov.my, www.upm.edu.my and more. Cracking is amongst the gravest cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.

iv.

Cyber crime against society

These crimes not only affect individual or any organisation but the society at large. They include pornography (especially child pornography), polluting the youth through indecent exposure and trafficking. Some examples are: Forgery - currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers Cyber terrorism - use of computer resources to intimidate or coerce others Web jacking - hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.

Besides these classifications, Malaysia Lawyers (http://malaysia-lawyers.com) has found that cyber crime can be divided into three major categories:
7

i. ii. iii.

against individuals against property against government

2.2

COMPARISON OF CYBER CRIMES IN MALAYSIA AND USA

Generally speaking, computers play four roles in crimes: They serve as objects, subjects, tools, and symbols. In this topic, I will make a comparison of cyber crimes in Malaysia and USA based on this point of view: i. Cyber crime act and laws

For Malaysia to be a world leading country in ICT development and be a global centre and hub for communication and multimedia information and content services, a law needs to be formed to promote a high level of consumer confidence and to protect the information security and network reliability and integrity. Therefore, the first important step that is taken by the government of Malaysia to combat this new type of crime is by introducing a new legal framework to facilitate the development of ICT systems by countering the threats and abuses related to such systems called Cyber Laws of Malaysia. Malaysia

The Malaysian cyber laws consist of Computer Crime Act 1997, Digital Signature Act 1997, Telemedicine Act 1997, Communication and Multimedia Act 1998 Copyright (Amendment) Act 1997, Malaysian Communication and Multimedia Commission Act 1998 and Optical Disk Act 2000. There are other existing laws that will be used in conjunctions with these acts. They are the Official Secret Act Act 1976, Patent Act 1983, Prison Act 1995, Akta Arkib Negara 44/146 and other relevant legislations. This set of Acts has made Malaysia as one of the first countries to enact a comprehensive set of cyber laws. The above Acts were formed for safeguarding consumer and service providers besides on-line businesses and owners of intellectual property.

USA

The first federal computer crime statute was the Computer Fraud and Abuse Act of 1984 (CFAA). The fact that only one indictment was ever made under the original CFAA before it was amended in 1986 shows how difficult it is to write effective computer crime legislation. CFAA is the most important computer crime statute in the U.S. because almost every other statute that deal with computer crime modifies the CFAA.

Cyber Security Enhancement Act (CSEA) was passed together with the Homeland Security Act in 2002, it granted sweeping powers to the law enforcement organizations and increased penalties that were set out in the Computer Fraud and Abuse Act. The Digital Millennium Copyright Act (DMCA) was enacted in 1998. The basic purpose of the DMCA is to amend Title 17 of the United States Code and to implement the World Intellectual Property Organization (WIPO) Copyright Treaty and Performances and Phonograms Treaty, which were designed to update world copyright laws to deal with the new technology. The DMCA prohibits circum venting a technological measure designed to protect a copyright. DMCA also prohibits the manufacture or sale of devices or programs whose primary purpose is to circumvent access control technology. Table 1 shows all countries with cyber law (McConnell, 2000).

Table 1: Countries with cyber law (McConnell, 2000).

ii.

Cyber crime agency

Security measures such as two factor authentication, that many online banking services rely on, are no longer as secure as was first thought. The challenge is enormous because cybercriminals are unfettered by national boundaries, while law enforcement agencies' efforts are limited to local jurisdictions. In the face of an onslaught from highly organised criminal organisations, are underresourced law enforcement agencies fighting a losing battle? Most agree that law enforcement alone does not have the financial, technical or manpower resources that it would take to make any real impact on cybercrime. With the law enforcement and act, an agencies to handle the cyber crimes report should well organized in every countries. Strong working relationships between authorities in countries around the world can help to solve cyber crimes cases quickly. For example, The Malaysian Parliament website that was hacked on December 2000 was traced to IP addresses in Brazil and France. The relevant authorities in those countries were contacted for assistance in the investigation. Malaysia

Cyber Security Malaysia is not an enforcement agency but it is an agency under Ministry of Science Technology and Innovation (MOSTI). Cyber Security Malaysia only provided support to enforcement agencies such as police and victims, in ensuring that justice will prevail regardless of the "space" where a particular crime is conducted. This agency also assist in cyber forensics and analysis -such as analysing evidence and providing expert witnesses for relevant cases. Most of the cases handled by Cyber Security Malaysia.

USA

The primary federal law enforcement agencies that investigate domestic crime on the Internet include: the Federal Bureau of Investigation (FBI), the United States Secret Service, the United States Immigration and Customs Enforcement (ICE) , the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF) . Each of these agencies has offices conveniently located in every state to which crimes may be reported. Contact information regarding these local offices may be found in local telephone directories. In general, federal crime may be reported to the local office of an appropriate law enforcement agency by a telephone call and by requesting the "Duty Complaint Agent." Each law enforcement agency also has a headquarters (HQ) in Washington, D.C., which has agents who specialize in particular areas. For example, the FBI and the U.S. Secret Service both have headquarters-based specialists in computer intrusion (i.e., computer hacker) cases.

10

A number of international organisations work constantly to analyse the latest developments in cybercrime and have set up working groups to develop strategies to fight these crimes. The G8772 In 1997, the Group of Eight (G8) established a Subcommittee773 on High-tech Crimes dealing with the fight against cybercrime.774 During their meeting in Washington D.C., United States, the G8 Justice and Interior Ministers adopted Ten Principles and a Ten-Point Action Plan to fight high-tech crimes. United Nations788

At the 8th Congress on the Prevention of Crime and the Treatment of Offenders (held in Havana, Cuba, 27 August7 September 1990), the UN General Assembly adopted a resolution dealing with computer crime legislation.789 Based on its Resolution 45/121 (1990), the UN published a manual in 1994 on the prevention and control of computer-related crime. International Telecommunication Union802

The International Telecommunication Union (ITU), as a specialized agency within the United Nations, plays a leading role in the standardization and development of telecommunications as well as cybersecurity issues. Among other activities, the ITU was the lead agency of the World Summit on the Information Society (WSIS) that took place in two phases in Geneva, Switzerland (2003) and in Tunis, Tunisia (2005). Governments, policymakers and experts from around the world shared ideas and experiences about how best to address the emerging issues associated with of the development of a global information society, including the development compatible standards and laws.

iii.

Cyber crimes cases and report

According to the Computer Emergency Response Team Coordination Center (CERT/CC), the number of reported incidences of security breaches in the first three quarters of 2000 has risen by 54 percent over the total number of reported incidences in 1999.1 Moreover, countless instances of illegal access and damage around the world remain unreported, as victims fear the exposure of vulnerabilities, the potential for copycat crimes, and the loss of public confidence. The proportion of identity theft/fraud facilitated online is expected to increase throughout 2007 as a result of the increasing technical sophistication and organization of fraudsters and the increasing amount of identity information that may be gathered from online sources.

11

Malaysia

In 2008, Cyber Security Malaysia handled a total of 2,123 incidents more than 100 per cent increase compared with 2007. But that rate was an increase in incidents and it may not correlate with cyber crime rates. Malaysia saw the number of reported cyber crimes rise to 5,181 year 2010 from 2,642 in 2009 (New Straits Times Press, 27 October 2010). In the first quarter of 2011, 3,563 incidents were reported to the Cyber 999 Security Incident Help Centre and of those, 400 phishing sites targeting Malaysian banks were reported. Figure 1 and 2 shows reported based on cyber crime in Malaysia in 2010 (modified from www.mycert.com.my).

Figure 1: Reported based on cyber crime incidents in year 2010.

Figure 2: Reported by total number based on Figure 1.

12

Table 2 shows percentage derived from the statistic according to types of cyber crime in Malaysia. Fraud percentage is 27.34 % and spam percentage is 15.67 % in Malaysia record.

CASES Content related Denial of serviceCyber harrassmentFraud Intrusion Intrusion attempt Malicious codes Spam Vulnerabilities report

PERCENTAGES (%) 0.48 % 0.82 % 5.18 % 27.34 % 26.70 % 8.47 % 14.82 % 15.67 % 0.52 %

USA

The Federal Bureau of Investigation (FBI) in collaboration with the Internet Crime Complaint Center (www.ic3.gov) have again published its annual report that shows cybercrime continue to be on the increase. Complaints received by IC3 cover many different fraud and non-fraud categories, including auction fraud, non-delivery of merchandise, credit card fraud, computer intrusions, spam/unsolicited email, and child pornography. All of these complaints are accessible to local, state, and federal law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts.

Figure 3 shows the top 10 most common report in USA (2009). Based on the figure, fraud percentage is 32.7 % and spam percentage is 6.9 %. Fraud in the USA are in various types such as overpayment fraud, credit card fraud, auction fraud, advance fee fraud and miscellaneous fraud. Comparison between fraud and spam percentage between in Malaysia and USA. Malaysia: Fraud - 27.34 % and spam - 15.67 % USA: Fraud - 32.7 % and spam - 6.9 %

13

Fraud percentage in USA is higher than in Malaysia. While spam percentage is higher in Malaysia than in USA. This means, fraud cases or complaints in developed country is higher than non developed country. However, spam cases is a beginning to fraud cases.

Figure 3: Figure 3:

2.3

SUGGESTIONS

As accessibility to the internet grows, many people are becoming victims to cybercrime (Fafinski & Minassian, 2008). Technology and crime in recent history have known an unhealthy cohabitation. In a global environment plagued by an ever-growing community of ill-intentioned cyber criminals whose deleterious effects are obvious on affected people and organizations, every contribution to a fuller and more comprehensive understanding of the determinants and components, and how these components relate is critical.

In our country, extending the rule of law into cyberspace is a critical step to create a trustworthy environment for people and businesses. Because that extension remains a work in progress, organizations today must first and foremost defend their own systems and information from attack, be it from outsiders or from within. They may rely only secondarily on the deterrence that
14

effective law enforcement can provide. To provide this self-protection, organizations should focus on implementing cyber security plans addressing people, process, and technology issues. Organizations need to commit the resources to educate employees on security practices, develop thorough plans for the handling of sensitive data, records and transactions, and incorporate robust security technology such as firewalls, anti-virus software, intrusion detection tools, and authentication servicesthroughout the organizations' computer systems.

These system protection tools--the software and hardware for defending information systems are complex and expensive to operate. To avoid hassles and expense, system manufacturers and system operators routinely leave security features turned off, needlessly increasing the vulnerability of the information on the systems. Bugs and security holes with known fixes are routinely left uncorrected. Further, no agreed-upon standards exist to benchmark the quality of the tools, and no accepted methodology exists for organizations to determine how much investment in security is enough. The inability to quantify the costs and benefits of information security investments leave security managers at a disadvantage when competing for organizational resources. Much work remains to improve management and technical solutions for information protection. To conclude, there is need for the emergence of well defined framework of Malaysian cyber laws which should include: i. Create and implement a minimum set of guiding rules of conduct that would facilitate efficient communications and reliable commerce through the use of electronic medium ii. Formulation of new laws and amendment of existing laws by nations within their present territorial boundaries thereby attempting to regulate all actions on the internet that have any impact on their own population iii. iv. Nations may enter into multi-lateral international agreement Define punishment and prevent wrongful action that attack the electronic medium or harm the other v. To meet the challenge posed by new kinds of crime made possible by computer technology including telecommunication, various cyber laws should be reviewed

15

3.0

CONCLUSION

It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime in the world. As one nation, it is not impossible for us to fight the bad hackers and all the cyber crimes record as long as we have the awareness and the platform such as Cyber Security Malaysia and other government ministry to support us handling the scenario.

4.0

REFERENCES

Aghatise E. Joseph, 2006. Cybercrime definition. Computer Crime Research Center

Brenner, 2004. Cybercrime Metrics: Old Wine, New Bottles?, Virginia Journal of Law and Technology, Vol. 9

Council of Europe Convention Cybercrime (ETS No. 185), 2001. UK Cybercrime report.

Fafinski, S. and Minassian, N., 2008. UK Cybercrime Report 2008. New York: Garlik

Hale, 2002. Cybercrime: Facts & Figures Concerning this Global Dilemma, CJI 2002, Vol. 18.

McConnell, 2000. Cyber Crime and Punishment? Archaic Laws Threaten Global Information. www.mcconnellinternational.com

Thomas A. Petee, Jay Corzine, Lin Huff-Corzine, Janice Clifford and Greg Weaver, 2006. Defining Cyber Crime: Issues in Determining the Nature and Scope of Computer-Related Offenses.

http://www.techterms.com/definition/cybercrime).

http://www.crime-research.org/articles/joseph06).
16

17