FACULTY OF EDUCATION AND LANGUAGE SEMESTER 3 / 2011

OUMH1203SMP ENGLISH FOR WRITTEN COMMUNICATION

MATRICULATION NO IDENTITY CARD NO. TELEPHONE NO. E-MAIL LEARNING CENTRE

: : : : :

690814015414001 690814015414 0166414948 jkt8814@hotmail.com BATU PAHAT LEARNING CENTRE

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

CYBER CRIMES IN MALAYSIA AND U.S.A.: WHAT SHOULD WE DO IN MALAYSIA?

Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. Today cyber and organized crime has become the order of the day round the globe and the need to put an end to this criminal act cannot be kept aside. Cyber crime can result in loss of life, loss of dignity, loss of time and loss of employment. These losses manifest themselves in various ways. The usual way to account for the costs of cyber crime is to reduce it to monetary terms. While this exercise is useful it does not account for the enormous toll of non-monetary costs. Much of the consequences of cyber crime are not reported. This fact alone makes monetizing the full cumulative effect of the loss difficult but it is in the billions of dollars per year. Although the media has given the impression that the cause of all cyber crime is the work of hackers, the truth is that insiders perpetrate most events. What is cyber crime actually? One common definition describes cybercrime as any activity in which computers or networks are a tool, a target or a place of criminal activity. Cyber crime is a criminal offense that has been created or made possible by the advent of computer technology, or a traditional crime which has been so transformed by the use of a computer that law enforcement investigators need a basic understanding of computers in order to investigate the crime. Within that broad definition lie two distinct sub-categories; Computer Crime and Computer-related Crime. (1) The rising level of cyber crime is an indication of an enormous threat to national security. Lawmakers and law enforcement agencies have to give immediate attention to the matter. Cyber crime is a rampant evil with its roots firmly planted on the growing dependence on computers in the contemporary scenario. In today's age when everything from small gadgets to nuclear plants is being operated through computers, cyber crime has assumed threatening ramifications. Various kinds of cyber crimes are prevailing in the world today. Hacking, bombing, diddling, spoofing, botnet attacks and viruses are capable of breaching the security in the information systems of vital installations. The Cyber Security Malaysia categorizes this cyber crime in three ways (2). The first is when information and communications technology (ICT) systems and intellectual property become targets of exploitation, intrusion, identity and information theft. The second is when ICT devices are used as means to commit crimes. For example, computers at home are used

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

to run malicious programs to intrude other computers to steal money, identity and passwords. The third category is where the ICT devices are used as mediums of committing crimes. For example, sedition, disharmony or unrest, slandering and instigating at higher scale come under this category. Some people say these cases must be prosecuted under cyber laws. But there are already laws that can be used to handle these cases. For example, for sedition and slander, one can be charged under the Penal Code. The computer as a target means they attacking the computers of others such as try to spreading viruses or computer vandalism. Vandalism means deliberately destroying or

damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some parts of a computer or by physically damaging a computer. Transmitting virus or worms also is common action nowadays. Sometimes they just transmit for fun or sometimes they spread the viruses as a bad intention for someones computer with hope that the computer will be damaged or system in that company will destroys. There are many cases as these crimes is very simple and easy; only send an email contains folder of worms or viruses to users and once users click the folder, viruses will spreading into the computers. Usually these malicious emails have a format of .org. An antivirus software and firewall is turning on in your computer will smaller the risk of infection of those viruses on your computer. The second classification is computer as a weapon to commit a crime is like an illegal gambling. Committing offences such as online fraud needs nothing more than a computer and Internet access and can be carried out from a public Internet cafe. More sophisticated offences can be committed using specialist software tools. Unlike a real casino, large financial investments are not needed to establish online casinos. In addition, the regulations on online and offline casinos often differ between countries. Tracing money transfers and proving that funds are not prize winnings, but have instead been laundered, is only possible if casinos keep records and provide them to law enforcement agencies. In mass media, this illegal gambling always happens when football seasons such as World Cup, Super League, Premier League, Malaysia Cup and FA Cup where they tried to match-fixing among local footballers and monitored by several betting sites. Phishing is one of an example for computer as an accessory, which is using a computer as a "fancy filing cabinet" to store illegal or stolen information to committing crimes. Phishing is a fraud action and we face the risk of it in our daily life as we usually use banking internet,

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

shopping online or transfer money. It is designed to trick the recipient into revealing credit card, passwords, social security numbers and other personal information to individuals who intend to use them for fraudulent purposes using some techniques, ranging from spyware to phishing attacks. Phishing describes acts that are carried out to make victims disclose personal or secret information. Offenders identify legitimate companies offering online services such as banking institutions. Offenders design website resembling the legitimate websites requiring victims to perform normal log in procedures, enabling offenders to obtain personal information. In order to direct users to their spoofing sites, offenders will send out emails resembling emails from the legitimate company, often resulting in trademark violations. As soon as personal information is disclosed, offenders log in to victims accounts and commit offences such as the transfer of money, application for passports or new accounts. The rising number of successful attack proves phishings potential and rising identity theft. I, myself also had received this spoofing email which asked me to give my personal information by clicking the links that they are given. For the first half of 2011, a total of 7,404 cyber security incidents were handled by Cyber Security Malaysias Cyber999 Security Incident Help Centre compared to 2,991 incidents reported in first half of 2010. The number of incidents had increased significantly compared to last year with an increase of 147%, said Lt Col Dato Prof. Husin Jazri (Retired) a Director and Chief Executive Officer (3). From the analysis by Cyber Security Malaysia too, the trend of incidents reported in the first half of 2011 is similar to the trend in the first half of 2010 in terms of categories. Within the first six months, all cyber security incidents categories have recorded a significant increase, with Fraud (2,820 cases) related incidents leading the list, followed by Spam (1,806 cases), Intrusion (1,364 cases) and others. On 2010, Intrusion (1085 cases) is leading the list, Fraud (870 cases), Malicious Codes (497 cases) and others. A total of 303,809 cases are reported to Internet Crime Complaint Centre (IC3) for 2010 (4). The number of the incidents had been decreased compared to 2009, which is 336,655 cases but still in the second highest number of complaints since its inception on 2000. IC3 received and processed an average of 25,317 complaints per month in 2010. Non-delivery of payment or merchandise accounted for the most complaints (14.4 per cent). Scams using the FBI's name (13.2 per cent) and incidents of identity theft (9.8 per cent) rounded out the top three types of complaints.

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

The statistics shown are not categorized onto the three classifications earlier but most of the leading cases are by the third category, where the ICT devices are used as mediums of committing crimes. There are many cases in Malaysia and USA. Below is an example cases that have been reported and pleaded in court. On September 1, 2011, an Orange County man who admitted hacking into personal computers sentenced to six years in Federal prison for sextortion of women and teenage girls (5). This man pleaded guilty to computer hacking and wiretapping by United States District Judge George H. King. This man use malicious software to hack his victims computer to surreptitiously obtain naked photos. Then he using it to blackmailed the victims and attach a Trojan emails too. Whereas on July 13, 2011, New Hampshire man guilty to computer intrusion into former employers computer system (6).This case was investigated by Federal Bureau of Investigation, FBI from May through September 2009. This man admitted the plea of hacked the former employers system and use the illegal information to solicit new customer on behalf of his new employer. This man is charging with computer intrusion by U.S District Court Judge Steven J. McAuliffe in Concorde, New Hampshire. This man faces a maximum penalty of five years in prison and fine of up to $250,000 and restitution. A Malaysian man, Lin Mun Poo is being charged with hacking into computer networks of the US Federal Reserve Bank (FRB) and a defence contractor. Lin Mun Poo is admitted exploiting a vulnerability he found in the banks computer system. US District Judge Dora Irizarry was assigned the case and if Lin Mun Poo convicted, he was faces a potential maximum prison sentence of between six and half years to eight years (7). Those are example of cases for first category, ICT devices are used as a target of exploitation and intrusion. On September 6, 2011 a New York Stock Broker sentenced to prison in international Stock Fraud Scheme (8). This man pleaded guilty to conspiring for commit securities fraud and wire fraud by U.S. District Judge Marianne O. Battani in Detroit for his role in a wideranging international stock fraud scheme involving the illegal use of bulk commercial emails, or spamming, to promote thinly-traded Chinese penny stocks. This man was ordered to serve three years of supervised release following his prison term and agreed to forfeit $600,000 to the United States. Police in Malaysia file charges against patrons found gambling in cyber cafes according to The Star Publication (Malaysia) Berhad on September 26, 2011. These patrons will be

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

taking to court for mushrooming of cyber casinos all over the state (9). These two cases are example for second category of cyber crime. Example case for third category of cyber crime is happened in Brooklyn, USA. On August 10, 2011, a Brooklyn man pleads guilty to online identity theft involving more than $ 700,000 in reported fraud (10). He faces a maximum penalty of 20 years in prison and a fine of $1,541,349 on the wire fraud charge, and two years in prison and $250,000 fine on identity theft charge. He admitted to illegally possessing information from 2,341 stolen credit card accounts as well as equipment to put the information onto counterfeit credit and pleaded guilty by U.S. District Judge Gerald Bruce Lee in the Eastern District of Virginia. Meanwhile, a High Court in Malaysia has ordered blogger Raja Petra Kamaruddin as well as the group chief editor and editor of PKRs Suara Keadilan to pay a total of RM7million to University Utara Malaysia and its vice-chancellor Tan Sri Dr Nordin Kardi for libel. High Court deputy registrar Priscilla Gengadaran made ordered the damages to be paid to the plaintiffs for claiming that Dr Nordin was a plagiarist on the Malaysia Today website and in the 98th edition of Suara Keadilan in November 2006 (11). This is an example of slandering using the internet on March 26, 2008. Cyber crime definitely must be taken seriously. Attacks can come from a computer across the room or computers located in another country. The threat could be external or it could be internal. It may have financial impact, it may deal with child pornography or it may be related to cyber terrorism. Because of the number of computer crime cases that has increased over the years (and many more unreported), the development of computer crime laws and policing initiatives must grow in tandem. Combating cyber crime is similar to tackling computer security; you have to start from the basics and address one thing at a time. As long as there is a system in place to punish the wrongdoers, as long as there is public awareness of the potential seriousness of such crimes, there will be much headway in computer crime law and investigation in the coming years in Malaysia and around the world. Malaysia should do extreme enforcement especially by police. Malaysian Computer Crimes Act 1997 (CCA 1997) is one of enactment in Malaysia that can be used to control this criminals. Malaysia has Royal Malaysia Police, Bank Negara, Securities Commission and Malaysian Communications and Multimedia Commission (MCMC) to combat this cyber crime. Majority of Malaysian not realize this enactment and didnt know how to use this enactment to prevent them from this cyber crime. Civilisation campaign by Cyber Security Malaysia should been done more often to give awareness and best practises of using internet

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

among Malaysian. Cyber Security Malaysia is launched on 20th August 2007 to support the enforcement agencies and victims in ensuring prevail justice and also to assist cyber forensics and analysis departments. Cyber Security Malaysia also had been launched their new campaign Cyber Safe in School on 24 September 2010. This program should been boarded to all school and Educational Institute to insist awareness among students of Malaysian. At present, Malaysia has more than 17 million internet users and the number is growing due to the support from the robust development of broadband infrastructure (12) and young generations is highly on using internet for nowadays. Besides that, users should always been remembered to take safely actions when using the internet. There have a lot of prevention that users could follow as a cautious action. Users should never provide their personal information to strangers when in a chat room and should always been suspicious of any unsolicited email requesting personal information. Always delete unread spam email directly and never open it although for once. Users should also been cautious when shopping online too. Shopping online is one of practical way but always remember to purchasing merchandise from reputable sources only. Users should ensure the website or business is legitimate and secure before providing a credit card number online. Reconcile credit card statement promptly to avoid any unauthorized charges and report to bank if there are unauthorized transactions in the statement. The Malaysian Parliament website that was hacked on December 2000 was traced to IP addresses in Brazil and France and the relevant authorities in those countries were contacted for assistance in the investigation. It shows that, Malaysia cant handle alone as this is a worldwide issue and need close cooperation from others international enforcement agencies. Cyber crime is none of new problems but with growing of internet usage it make this problem one of crucial issues and need to give more attention especially among Malaysian themselves. Malaysia cant settle down it alone as the attackers are around worldwide and its very complicate action to be taken because it will cross the boundaries of laws in different countries. Anyhow, with enactments that already have in our country, enforcement agencies can and ready to tackle the problems from the roots if the attackers are from inside. Malaysian also should been reminded of awareness for safely internet using especially the kids who are easy to exploit them to do a cyber crime. Parents should always been noticed of what their children are surfing on the internet. It can avoid them from pornography syndicate which always waiting their prey. We should more careful with this new globalization issues and take seriously action because we will bear some losses of financial and ours dignity.

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

Maybe we cant stop this crime but we can minimize the riskier of being cyber crime victims by doing and following guidance that our government or NGOs advises to do so. Malaysian also should be a responsibility nation to report any phishing cases that they come across to eliminate those cyber crimes in our country and always be aware and be alert to hidden risks. (2,732 words)

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

REFERENCES:

1. Investigation of Cybercrime and Technology-related Crime by Dan Koenig, March 2002, available at http://www.neiassociates.org/cybercrime.htm

2. http://www.cybersecurity.my

3. Media release on 15 July 2011, page 1 at http://www.cybersecurity.my/data/content_files/44/866.pdf

4. 2010 internet crime report pdf, page 7, available at : http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf 5. Media release on 01st September 2011, available at: http://www.justice.gov/usao/cac/pressroom/pr2011/123.html 6. Media release on 13th July 2011, available at http://www.cybercrime.gov/marinoPlea.pdf 7. Media release on 20th November 2010, available at: http://thestar.com.my/news/story.asp?file=/2010/11/20/nation/7469956&sec=nation 8. Media release on 6th September 2011, available at: http://www.cybercrime.gov/bergerSent.pdf 9. Media release on 26th September 2011, available at: http://thestar.com.my/news/story.asp?file=/2011/9/26/nation/9573649&sec=nationillegal 10. Media release on 10th August 2011, available at: http://www.cybercrime.gov/OliverasPlea.pdf

OUMH1203 (ENGLISH FOR WRITTEN COMMUNICATION)

11. Media release on 26th March 2008, available at: http://thestar.com.my/news/story.asp?file=/2008/3/26/nation/20080326194316&sec= nation

12. Media release on 15 July 2011, page 2 at http://www.cybersecurity.my/data/content_files/44/866.pdf