INTRODUCTION

Definition of Cyber Crimes

The Oxford Reference Online defines cyber crime as crime committed over the Internet.
The Encyclopedia Britannica defines cyber crime as any crime that is committed by means of
special knowledge or expert use of computer technology.
Perhaps the most prominent form of cybercrime is identity theft, in which criminals use
the Internet to steal personal information from other users. Two of the most common ways this is
done is through phishing and pharming. Both of these methods lure users to fake websites (that
appear to be legitimate), where they are asked to enter personal information. This includes login
information, such as usernames and passwords, phone numbers, addresses, credit card numbers,
bank account numbers, and other information criminals can use to "steal" another person's
identity. For this reason, it is smart to always check the URL or Web address of a site to make
sure it is legitimate before entering your personal information.
Because cybercrime covers such a broad scope of criminal activity, the examples above
are only a few of the thousands of crimes that are considered cybercrimes. While computers and
the Internet have made our lives easier in many ways, it is unfortunate that people also use these
technologies to take advantage of others. Therefore, it is smart to protect ourselves by using
antivirus and spyware blocking software and being careful where it can enter our personal
information.

CONTENTS
Classification Of Cyber Crimes
It can be classified in to four major categories as:
(A) Cyber crime against Individual
(B) Cyber crime Against Property
(C) Cyber crime Against Organization
(D) Cyber crime Against Society

(A) Against Individuals

(i) Email spoofing : A spoofed email is one in which e-mail header is forged so that mail
appears to originate from one source but actually has been sent from another source
(ii) Spamming : Spamming means sending multiple copies of unsolicited mails or mass emails such as chain letters.
(iii) Cyber Defamation : This occurs when defamation takes place with the help of
computers and or the internet. Example. someone publishes defamatory matter about
someone on a website or sends e-mails containing defamatory information.

(iv) Harassment & Cyber stalking : Cyber Stalking Means following the moves of an
individual's activity over internet. It can be done with the help of many protocols
available such at e- mail, chat rooms, user net groups.

(B) Against Property:

(i) Credit Card Fraud
(ii) Intellectual Property crimes : These include software piracy: illegal copying of
programs, distribution of copies of software, copyright infringement,trademarks
violations, theft of computer source code.
(iii) Internet time theft : The usage of the Internet hours by an unauthorized person which
is actually paid by another person.

(C) Against Organisation

(i) Unauthorized Accessing of Computer: Accessing the computer/network without
permission from the owner. It can be of two forms:
a) Changing/deleting data: Unauthorized changing of data.
b) Computer voyeur: The criminal reads or copies confidential or propiertary
information, but the data is neither deleted nor changed.
(ii) Denial Of Service : When Internet server is flooded with continuous bogus requests
so as to denying legitimate users to use the server or to crash the server.
(iii) Virus attack : A computer virus is a computer program that can infect other computer
programs by modifying them in such a way as to include a (possibly evolved) copy of it.

Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike
viruses do not need the host to attach themselves to.
(iv) Email Bombing : Sending large numbers of mails to the individual or company or
mail servers thereby ultimately resulting into crashing.
(v) Salami Attack : When negligible amounts are removed & accumulated in to
something larger. These attacks are used for the commission of financial crimes.
(vi) Logic Bomb : Its an event dependent programme , as soon as the designated event
occurs, it crashes the computer, release a virus or any other harmful possibilities.
(vii) Trojan Horse : An unauthorized program which functions from inside what seems to
be an authorized program, thereby concealing what it is actually doing.
(viii) Data diddling : This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is completed.

(D) Against Society

(i) Forgery : Currency notes, revenue stamps, mark sheets etc can be forged using
computers and high quality scanners and printers.
(ii) Cyber Terrorism : Use of computer resources to intimidate or coerce others.
(iii) Web Jacking : Hackers gain access and control over the website of another, even they
change the content of website for fulfilling political objective or for money

CYBER CRIMES IN MALAYSIA AND US-A COMPARISON

In Malaysia, several types of cyber crimes cases have been reported. According to
Sanooaung.wordpress.com, more than 4,000 cybercrime cases reported in Malaysia within two
years. Its chief executive officer Lieutenant-Colonel Husin Jazri said that the complaints, mostly
consisted of hack threats, fraud, denial of services and other computer problems such files lost or
corrupted by viruses.
Financial and cyber crimes are the most common crimes committed in Malaysia,
according to Malaysian national news outlet Bernama. Tommy Seah, honorary group chairperson
of International Cybercrime and Forensics Examiner Group of Companies, said the most
widespread of financial crimes in Malaysia were financial statement frauds, procurement frauds
and misappropriation of assets.
Malaysia is a pretty docile country but we are also not well equipped in preventing such
crimes. Skills and knowledge can be transferred and acquired and Malaysia has the
ability, but the corporate will to put the house in order is more vital.

Seah said one of the reasons why people commit economic crimes is their desire for a
better quality of life; when they cannot achieve that legitimately, they tend to adopt illegal ways
of getting what they want.
In Malaysia, cases of computer fraud would normally be investigated under the Computer
Crimes Act 1997 (Act 563) (CCA), which provides for the punishment of unauthorized access
with intent to commit the offence of fraud or dishonesty under the Penal Code. While we contend
that Computer fraud is more a matter of using different processes to achieve the same end as
that achieved through historical mainstream fraud, the response required from the investigation
team often needs to be markedly different. A critical factor is the admissibility of computer-

generated evidence in criminal proceedings. Any evidence that is obtained must satisfy the rules
of the court in the relevant jurisdiction. Companies can risk damaging or destroying valuable
evidence if they do not follow the correct investigation technique committed against the
computer systems. As more computers move on to on-line processing and improved
telecommunications, computer hackers are now a threat.
In a reported Malaysian case of Creative Purpose Sdn Bhd vs Intergrated Trans Corp Sdn
Bhd (1997) 2 MLJ 449, the term hacking was defined as unauthorized access to computer
systems by those who simply enjoy using computers and experimenting with their abilities in
trying to invade a computer system. In a software world, hacking means computer
programming. It may also involve the de-compilation or reverse engineering of computer
programs with the aim of changing the behavior of the program.
The other cyber crimes case reported is The Malaysian Parliament website that was
hacked on December 2000 was traced to IP addresses in Brazil and France. The relevant
authorities in those countries were contacted for assistance in the investigation.
In USA, more heavier cyber crimes cases reported. According to Computer Crime &
Intellectual Property Section from the United States Department of Justice, most of the cases are
done by profesional individually or by group and organization. The crimes that have been
reportedly are most consists of hacking personal data banking such as credit card fraud
information, ATM PIN and identity theft.
From January 1, 2009 through December 31, 2009, the Internet Crime Complaint Center
(IC3) Web site received 336,655 complaint submissions. This was a 22.3% increase as compared
to 2008 when 275,284 complaints were received. Of the 336,655 complaints submitted to IC3,
146,663 were referred to local, state, and federal law enforcement agencies around the country
for further consideration. The vast majority of referred cases contained elements of fraud and
involved a financial loss by the complainant. The total dollar loss from all referred cases was
$559.7 million with a median dollar loss of $575. This is up from $264.6 million in total reported
losses in 2008. Unreferred submissions generally involved complaints in which there was no
documented harm or loss (e.g., a complainant received a fraudulent solicitation email but did not

act upon it) or complaints where neither the complainant nor perpetrator resided within the
United States (i.e., there was not an appropriate domestic law enforcement agency for direct
referral).
Complaints received by IC3 cover many different fraud and non-fraud categories,
including auction fraud, non-delivery of merchandise, credit card fraud, computer intrusions,
spam/unsolicited email, and child pornography. All of these complaints are accessible to local,
state, and federal law enforcement to support active investigations, trend analysis, and public
outreach and awareness efforts.
On January 1, 2009, IC3 implemented a new complaint classification system based on a
redesigned questionnaire that generates an automatic classification of the complaint into one of
79 offense-based categories. This redesign also resulted in a number of changes to the way the
system gathers and classifies complaint data. Significant findings related to an analysis of the
complaint data include:

Email scams that used the Federal Bureau of Investigations (FBI) name (schemes in
which the scammer pretended to be affiliated with the FBI in an effort to gain information
from the target) represented 16.6% of all complaints submitted to IC3. Non-delivered
merchandise and/or payment (in which either a seller did not ship the promised item or a
buyer did not pay for an item) accounted for 11.9% of complaints. Advance fee fraud (a
scam wherein the target is asked to give money upfront- often times- for some reward
that never materializes) made up 9.8% of complaints. Identity theft and overpayment
fraud (scams in which the target is given a fraudulent monetary instrument in excess of
the agreed-upon amount for the transaction, and asked to send back the overpayment
using a legitimate monetary instrument) round out the top five categories of all
complaints submitted to IC3 during the year.

Of the top five categories of offenses reported to law enforcement during 2009, nondelivered merchandise and/or payment ranked 19.9%; identity thieft, 14.1%; credit card
fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism
of property), 7.9%.

Of the complaints involving financial harm that were referred to law enforcement, the
highest median dollar losses were found among investment fraud ($3,200),
overpayment fraud ($2,500), and advance fee fraud ($1,500) complainants.

In those complaints in which perpetrator information is provided, 76.6% were male and
half resided in one of the following states: California, Florida, New York, the District of
Columbia, Texas, and Washington. The majority of reported perpetrators (65.4%) were
from the United States. A number of perpetrators were also in the United Kingdom,
Nigeria, Canada, Malaysia, and Ghana.

Among complainants, 54% were male, nearly two-thirds were between the ages of 30 and
50, and a little over one- third resided in one of the following states: California, Florida,
Texas, or New York. The majority of complainants were from the United States (92%).
However, IC3 received a number of complaints originating in Canada, the United
Kingdom, Australia, India, and Puerto Rico.

Male complainants lost more money than female complainants (ratio of $1.51 lost per
male to every $1.00 lost per female). Individuals 40-49 years of age reported, on average,
higher amounts of loss than other age groups.

In addition to FBI scams, popular scam trends for 2009 included hitman scams,
astrological reading frauds, economic scams, job site scams, and fake pop-up ads for
antivirus software.

There are huge major differences of cyber crimes cases in Malaysia and in USA. In
Malaysia, the cyber crimes cases are not really the big deal or serious problems for MSC and
CyberSecurity to handle. Most like e-mail scam, advance fee fraud and fake website are always
reported in Malaysia.
Futhermore in Malaysia, the specific law that governs the misuse of computer is the CCA
(Criminal Crime Act). Given the increase in computer related crimes and computer abuse, the

enactment of the CCA was timely to govern and regulate this cyberspace activity and impose
sanctions for criminal acts related to it. There was also a need for a specific legislation on
computer crimes as the Penal Code, a general statute catered for criminal offences obviously
being a 19th century piece of legislation, did not envisage for computer related crimes and are
inadequate to provide for these categories of offences.
In USA, most cases that have been reported are shown in the table below. (Source:
Internet Crime Complaint Center, IC3). FBI, NSA, CIA are the agents that involved the
investigation of the cyber crimes in USA.

Table 1: Top 10 Computer Crimes In USA

The most treated cyber crimes cases in USA have been reported increasing about 25% a
year and increasingly more than 60% from the year of 2001 to 2010. There huge differences
between the cyber crimes cases in Malaysia and USA is the level of the cyber crimes that is have
been committed.

Suggestions

Based on findings and related study above, there are following recommendations for cyber space
participants to fight against threats.
1. Better Awareness of Users
Individual users do not have enough information about the danger of cyber threats. As
cyber attacks tend to aim at money, they face a bigger risk of fraud and financial
damages. Many Internet users are easily lured by unknown mails and web site buttons,
falling victim to spyware and phishing.
Education of users is most important. This is a typical area where public-private
collaboration can work well. It is recommended that every country should have such
educational program or activities to improve civil awareness of cyber threats.

2. Law Enforcement
Many countries now have legislation against cybercrime. Legislation is not a simple
solution. There are areas of conflicts involving human rights and communication secrecy,
and a trade off of between deregulation and industrial order.
The other difficulty is that cybercrime can take place regardless of borders, but
legislations and jurisdictions are based on a nation-by-nation framework. So,
international collaboration and coordination are very important. If an international,
seamless restriction and regulation network could be established, it would provide a great
boost to efforts to suppress cyber threats.
Information technology evolves day-by-day. Cybercrime technology is also
constantly evolving. Hackers invent IT and social engineering methods to commit
cybercrime. The important thing to prevent cybercrime is, therefore, to cover any security
holes. It is also necessary to ensure better quality through improved software engineering
development. An early warning partnership to eliminate vulnerabilities is another

potential area of major benefit. The final point is to fill the legislation gaps and holes
among countries. Do not create a hacker haven.

3. Damage Control
Completely exterminating cybercrime is impossible, just as real crime cannot be
completely suppressed. The next best alternative is to prepare for unexpected attacks and
damages.
Prevention is one way. Precautions, protections, detections and preventions should
be properly implemented. Tools and services are available. Employ appropriate and
effective prevention measures.
Mitigation is the next step. In order to minimize the impact of attacks, it is
important to prepare for incidents. Measures to limit the extent of damage include the
creation of a backup to enable rapid recovery. This helps businesses resume with limited
loss and system down time. Business continuity planning should also include damage
mitigation strategies.

4. Collaborative Fight against Threats

This include both government and non-governmental cooperations fight against the cyber
crimes. Although they have formed an effective international network, the collaboration
must be expanded between participants. What the international community and respective
national governments should do is to reinforce support for all agencies that involved in
internet securities or cyberspace so that they can be more active.

CONCLUSION
Cybercrime is a persisting international evil that transcends national boundaries in a manner that
renders this form of organized crime a global concern. Cybercrime may take several forms
including online fraud, theft and cyberterrorism. It has been seen that amongst the major reasons
that facilitate the perpetration of this crime is the globalisation of technology and the
revolutionary advancement of ICTs that have impacted on criminal activity. Broadband, wireless
technologies, mobile computing and remote access, Internet applications and services, software
and file transfer protocols are amongst the tools utilized by cybercriminals to commit their crime.
The increasing proliferation in usage of technology assisted criminal activity and
cybercrime merits further attention from the global community by enacting the necessary
legislative provisions and implementing effective technological and enforcement tools that
reduce ICT-facilitated criminal activities. By and large, it is submitted that cybercrime should be
subject to a global principle of public policy that aims at combating and preventing this form of
organized crime through raising global awareness and increasing literacy rates, coordinating
legislative efforts on national, regional and global levels, and establishing a high level global
network of cooperation between national, regional, and international enforcement agencies and
police forces.

(2884 WORDS)

REFERENCES

Brown, S.E. et al (2004). Criminology: Explaining Crime and Its Context. Anderson Publishing.

Clinard, M.B. and Quinney, R. (1973). Criminal Behaviour System: A Typology, New York: Holt,
Rinehart and Winston.

Department of Justice Computer Intrusion Cases.

http://www.cybercrime.gov/cccases.html

Department of Justices (US) Computer Crime and Intellectual Property Section of the Criminal
Division of the U.S. Department of Justice.
http://www.usdoj.gov/criminal/cybercrime/index.html

Edelhertz, H (1970). The Nature, Impact and Prosecution of White Collar Crime, U.S.
Department of Justice.

Francis Ng Aik Guan (2000). Criminal Procedure. Malayan Law Journal.

http://www.cybersecurity.my/

http://Sanooaung.wordpress.com

http://www.techterms.com/

Malaysian Computer Crimes Act 1997

http://ktkm.netmyne.com.my/contentorg.asp?
Content_ID=80&Cat_ID=1&CatType_ID=17&SubCat_ID=40&SubSubCat_ID=15

Morris, Daniel A. Tracking a Computer Hacker.

http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm