Académique Documents
Professionnel Documents
Culture Documents
CONTENTS
Classification Of Cyber Crimes
It can be classified in to four major categories as:
(A) Cyber crime against Individual
(B) Cyber crime Against Property
(C) Cyber crime Against Organization
(D) Cyber crime Against Society
(iv) Harassment & Cyber stalking : Cyber Stalking Means following the moves of an
individual's activity over internet. It can be done with the help of many protocols
available such at e- mail, chat rooms, user net groups.
Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike
viruses do not need the host to attach themselves to.
(iv) Email Bombing : Sending large numbers of mails to the individual or company or
mail servers thereby ultimately resulting into crashing.
(v) Salami Attack : When negligible amounts are removed & accumulated in to
something larger. These attacks are used for the commission of financial crimes.
(vi) Logic Bomb : Its an event dependent programme , as soon as the designated event
occurs, it crashes the computer, release a virus or any other harmful possibilities.
(vii) Trojan Horse : An unauthorized program which functions from inside what seems to
be an authorized program, thereby concealing what it is actually doing.
(viii) Data diddling : This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is completed.
Seah said one of the reasons why people commit economic crimes is their desire for a
better quality of life; when they cannot achieve that legitimately, they tend to adopt illegal ways
of getting what they want.
In Malaysia, cases of computer fraud would normally be investigated under the Computer
Crimes Act 1997 (Act 563) (CCA), which provides for the punishment of unauthorized access
with intent to commit the offence of fraud or dishonesty under the Penal Code. While we contend
that Computer fraud is more a matter of using different processes to achieve the same end as
that achieved through historical mainstream fraud, the response required from the investigation
team often needs to be markedly different. A critical factor is the admissibility of computer-
generated evidence in criminal proceedings. Any evidence that is obtained must satisfy the rules
of the court in the relevant jurisdiction. Companies can risk damaging or destroying valuable
evidence if they do not follow the correct investigation technique committed against the
computer systems. As more computers move on to on-line processing and improved
telecommunications, computer hackers are now a threat.
In a reported Malaysian case of Creative Purpose Sdn Bhd vs Intergrated Trans Corp Sdn
Bhd (1997) 2 MLJ 449, the term hacking was defined as unauthorized access to computer
systems by those who simply enjoy using computers and experimenting with their abilities in
trying to invade a computer system. In a software world, hacking means computer
programming. It may also involve the de-compilation or reverse engineering of computer
programs with the aim of changing the behavior of the program.
The other cyber crimes case reported is The Malaysian Parliament website that was
hacked on December 2000 was traced to IP addresses in Brazil and France. The relevant
authorities in those countries were contacted for assistance in the investigation.
In USA, more heavier cyber crimes cases reported. According to Computer Crime &
Intellectual Property Section from the United States Department of Justice, most of the cases are
done by profesional individually or by group and organization. The crimes that have been
reportedly are most consists of hacking personal data banking such as credit card fraud
information, ATM PIN and identity theft.
From January 1, 2009 through December 31, 2009, the Internet Crime Complaint Center
(IC3) Web site received 336,655 complaint submissions. This was a 22.3% increase as compared
to 2008 when 275,284 complaints were received. Of the 336,655 complaints submitted to IC3,
146,663 were referred to local, state, and federal law enforcement agencies around the country
for further consideration. The vast majority of referred cases contained elements of fraud and
involved a financial loss by the complainant. The total dollar loss from all referred cases was
$559.7 million with a median dollar loss of $575. This is up from $264.6 million in total reported
losses in 2008. Unreferred submissions generally involved complaints in which there was no
documented harm or loss (e.g., a complainant received a fraudulent solicitation email but did not
act upon it) or complaints where neither the complainant nor perpetrator resided within the
United States (i.e., there was not an appropriate domestic law enforcement agency for direct
referral).
Complaints received by IC3 cover many different fraud and non-fraud categories,
including auction fraud, non-delivery of merchandise, credit card fraud, computer intrusions,
spam/unsolicited email, and child pornography. All of these complaints are accessible to local,
state, and federal law enforcement to support active investigations, trend analysis, and public
outreach and awareness efforts.
On January 1, 2009, IC3 implemented a new complaint classification system based on a
redesigned questionnaire that generates an automatic classification of the complaint into one of
79 offense-based categories. This redesign also resulted in a number of changes to the way the
system gathers and classifies complaint data. Significant findings related to an analysis of the
complaint data include:
Email scams that used the Federal Bureau of Investigations (FBI) name (schemes in
which the scammer pretended to be affiliated with the FBI in an effort to gain information
from the target) represented 16.6% of all complaints submitted to IC3. Non-delivered
merchandise and/or payment (in which either a seller did not ship the promised item or a
buyer did not pay for an item) accounted for 11.9% of complaints. Advance fee fraud (a
scam wherein the target is asked to give money upfront- often times- for some reward
that never materializes) made up 9.8% of complaints. Identity theft and overpayment
fraud (scams in which the target is given a fraudulent monetary instrument in excess of
the agreed-upon amount for the transaction, and asked to send back the overpayment
using a legitimate monetary instrument) round out the top five categories of all
complaints submitted to IC3 during the year.
Of the top five categories of offenses reported to law enforcement during 2009, nondelivered merchandise and/or payment ranked 19.9%; identity thieft, 14.1%; credit card
fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism
of property), 7.9%.
Of the complaints involving financial harm that were referred to law enforcement, the
highest median dollar losses were found among investment fraud ($3,200),
overpayment fraud ($2,500), and advance fee fraud ($1,500) complainants.
In those complaints in which perpetrator information is provided, 76.6% were male and
half resided in one of the following states: California, Florida, New York, the District of
Columbia, Texas, and Washington. The majority of reported perpetrators (65.4%) were
from the United States. A number of perpetrators were also in the United Kingdom,
Nigeria, Canada, Malaysia, and Ghana.
Among complainants, 54% were male, nearly two-thirds were between the ages of 30 and
50, and a little over one- third resided in one of the following states: California, Florida,
Texas, or New York. The majority of complainants were from the United States (92%).
However, IC3 received a number of complaints originating in Canada, the United
Kingdom, Australia, India, and Puerto Rico.
Male complainants lost more money than female complainants (ratio of $1.51 lost per
male to every $1.00 lost per female). Individuals 40-49 years of age reported, on average,
higher amounts of loss than other age groups.
In addition to FBI scams, popular scam trends for 2009 included hitman scams,
astrological reading frauds, economic scams, job site scams, and fake pop-up ads for
antivirus software.
There are huge major differences of cyber crimes cases in Malaysia and in USA. In
Malaysia, the cyber crimes cases are not really the big deal or serious problems for MSC and
CyberSecurity to handle. Most like e-mail scam, advance fee fraud and fake website are always
reported in Malaysia.
Futhermore in Malaysia, the specific law that governs the misuse of computer is the CCA
(Criminal Crime Act). Given the increase in computer related crimes and computer abuse, the
enactment of the CCA was timely to govern and regulate this cyberspace activity and impose
sanctions for criminal acts related to it. There was also a need for a specific legislation on
computer crimes as the Penal Code, a general statute catered for criminal offences obviously
being a 19th century piece of legislation, did not envisage for computer related crimes and are
inadequate to provide for these categories of offences.
In USA, most cases that have been reported are shown in the table below. (Source:
Internet Crime Complaint Center, IC3). FBI, NSA, CIA are the agents that involved the
investigation of the cyber crimes in USA.
Suggestions
Based on findings and related study above, there are following recommendations for cyber space
participants to fight against threats.
1. Better Awareness of Users
Individual users do not have enough information about the danger of cyber threats. As
cyber attacks tend to aim at money, they face a bigger risk of fraud and financial
damages. Many Internet users are easily lured by unknown mails and web site buttons,
falling victim to spyware and phishing.
Education of users is most important. This is a typical area where public-private
collaboration can work well. It is recommended that every country should have such
educational program or activities to improve civil awareness of cyber threats.
2. Law Enforcement
Many countries now have legislation against cybercrime. Legislation is not a simple
solution. There are areas of conflicts involving human rights and communication secrecy,
and a trade off of between deregulation and industrial order.
The other difficulty is that cybercrime can take place regardless of borders, but
legislations and jurisdictions are based on a nation-by-nation framework. So,
international collaboration and coordination are very important. If an international,
seamless restriction and regulation network could be established, it would provide a great
boost to efforts to suppress cyber threats.
Information technology evolves day-by-day. Cybercrime technology is also
constantly evolving. Hackers invent IT and social engineering methods to commit
cybercrime. The important thing to prevent cybercrime is, therefore, to cover any security
holes. It is also necessary to ensure better quality through improved software engineering
development. An early warning partnership to eliminate vulnerabilities is another
potential area of major benefit. The final point is to fill the legislation gaps and holes
among countries. Do not create a hacker haven.
3. Damage Control
Completely exterminating cybercrime is impossible, just as real crime cannot be
completely suppressed. The next best alternative is to prepare for unexpected attacks and
damages.
Prevention is one way. Precautions, protections, detections and preventions should
be properly implemented. Tools and services are available. Employ appropriate and
effective prevention measures.
Mitigation is the next step. In order to minimize the impact of attacks, it is
important to prepare for incidents. Measures to limit the extent of damage include the
creation of a backup to enable rapid recovery. This helps businesses resume with limited
loss and system down time. Business continuity planning should also include damage
mitigation strategies.
CONCLUSION
Cybercrime is a persisting international evil that transcends national boundaries in a manner that
renders this form of organized crime a global concern. Cybercrime may take several forms
including online fraud, theft and cyberterrorism. It has been seen that amongst the major reasons
that facilitate the perpetration of this crime is the globalisation of technology and the
revolutionary advancement of ICTs that have impacted on criminal activity. Broadband, wireless
technologies, mobile computing and remote access, Internet applications and services, software
and file transfer protocols are amongst the tools utilized by cybercriminals to commit their crime.
The increasing proliferation in usage of technology assisted criminal activity and
cybercrime merits further attention from the global community by enacting the necessary
legislative provisions and implementing effective technological and enforcement tools that
reduce ICT-facilitated criminal activities. By and large, it is submitted that cybercrime should be
subject to a global principle of public policy that aims at combating and preventing this form of
organized crime through raising global awareness and increasing literacy rates, coordinating
legislative efforts on national, regional and global levels, and establishing a high level global
network of cooperation between national, regional, and international enforcement agencies and
police forces.
(2884 WORDS)
REFERENCES
Brown, S.E. et al (2004). Criminology: Explaining Crime and Its Context. Anderson Publishing.
Clinard, M.B. and Quinney, R. (1973). Criminal Behaviour System: A Typology, New York: Holt,
Rinehart and Winston.
Department of Justices (US) Computer Crime and Intellectual Property Section of the Criminal
Division of the U.S. Department of Justice.
http://www.usdoj.gov/criminal/cybercrime/index.html
Edelhertz, H (1970). The Nature, Impact and Prosecution of White Collar Crime, U.S.
Department of Justice.
http://www.cybersecurity.my/
http://Sanooaung.wordpress.com
http://www.techterms.com/