Você está na página 1de 12

PREAMBLE Thank God I had finally finished doing my English assignment for my third semester.

After a lot of hard work, asking and gaining information from the people around me, the books as well as from the net, finally this is what I can produce in order to fulfill the task given by the lecturer. Hopefully, this assignment will help me as well as my colleagues to know and gain knowledge about cyber crime in Malaysia and America.

OUMH1203

Page 1

CYBER CRIMES IN MALAYSIA AND U.S.A. : WHAT SHOULD WE DO IN MALAYSIA?

Introduction

The fast-paced development of information and communication technologies in the world during the last fifty years has led to a thriving online community. This community exists in a place called cyberspace and are known collectively as netizens. Netizens are encouraged by cyberspaces architecture to communicate, trade and to commit crimes in ways that are different from the tangible world. Also, free speech is encouraged to flourish and anybody could publish statements and/or information online. This architecture also provides an environment that is conducive for the perpetrators of cyber crimes to mask their identity and to commit such crimes with ease. Governments of countries, including the Malaysian government has voiced concerns over such crimes in the Internet and in any online environment. Niser, the National ICT Security and Emergency Response Centre of Malaysia (Niser) had reported online on 14th March 2005 that: INFORMATION and communications technology (ICT) networks and systems in the Government are facing a serious threat of cyber attacks. So far this year, a whopping 100 million intrusion attempts have been detected by the Government Computer Emergency Response Team, a special team established by Malaysian Administrative Modernisation and Management Planning Unit (Mampu) to address ICT security incidences in the public sector.Malaysians are now exposed to computer crimes that have amusing or strange names. For example, terms such as Phreaking, Hacking, Worming, Phishing and Spoofing gives one the impression that these terms are used in the shipping industry. However, these terms are names for computer crimes that came into existence within the last 50 years or so. According to Webopedia, cyber crime encompasses any criminal act dealing with computers and networks (called hacking). This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber crimes also include non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a OUMH1203 Page 2

computer and the Internet. There are three types of cyber crimes that occur in our country which are called hacking, phreaking and phishing. There is benign hacking and malignant hacking. Benign hacking used to mean hacking activities (that are harmless) upon computer networks or computers. The hacker has a burning curiosity to explore and understand data, systems or the security features of such computer systems or computers. However, the hacker does not intend to harm the systems or the computers and would not leave any trail of destruction upon his exit from the same. Malignant hacking (also known as cracking) on the other hand, is a more prevalent activity today. Worms, Trojans, viruses and spywares are examples of malicious programmes that are created by malignant hackers. Worms are computer programmes that are self executable. They are usually released into the Internet and distributed through attachments in e-mails or via a website wherein the Worm attaches itself unto the unwitting visitors computer system. Worms may be programmed to open up trapdoors in security systems, harvest security passwords or to just create chaos. The word Trojan was taken from Homers well-known work The Odyssey, as the functions of these malicious software are the same as the Trojan horse. They are made to hitch along other harmless software that are uploaded into computers or computer systems. They then unleash themselves upon the computers or computer systems. As akin to worms, Trojans may also be programmed to open up trapdoors in security systems, harvest security passwords or to just create chaos. According to an online encyclopedia, Phreaking is: a slang term coined to describe the activity of a subculture of people who study, experiment with, or exploit telephones, the telephone companies, and systems connected to or composing the Public Switched Telephone Network (PSTN) for the purposes of hobby or utilityIt has also come to mean doing similar things to anything such as vending machines. Phreakers create devices that are able to imitate frequencies used in PSTN telephone systems. Such devices are then used to obtain free long distance calls to connect their computers online for hacking purposes. Hence, phreaking on its own is a manipulation of telephone networks to perform activities according to the whims and fancies of Phreakers. In the early days of the Internet, phreaking and hacking were skills that hackers had to acquire for high quality hacking. The phreaking culture today also results in intrusions upon telephone networks and wanton misuse of telephone lines. Currently, this activity has expanded to not only include PSTN telephone structures but also vending machines.

OUMH1203

Page 3

Phishing is also known as carding and spoofing. The term Phishing is from the word fishing. This term first appeared in the online hackers magazine known, as the 2600 Magazine. Hackers usually replace the alphabet f with the alphabets ph, as in the case of freaking and Phreaking. Fishing or rather, Phishing in this context, is to fish for passwords, security clearance codes, financial and personal details. Phishing is more common in the form of bogus websites. These websites are prone to be similar to banks or financial institutions websites wherein Internet users are invited to enter personal and financial details into the website. Thereafter, such information is used to create fake identity cards, passports and/or credit cards. The gathering of such information is known as Identity theft. In the early Phishing culture, passwords were stolen from unsuspecting AOL (America Online) (or any other similar platform) users by attackers to be used as covers to generate spam or to hack into other computer systems. Today, Phishing has matured into a more efficient system of stealing identity. Customers of Ebay, Paypal and even certain banks have been specifically targeted by Phishers. Information is gathered from unsuspecting clients who are asked to verify account and personal information, online, by bogus websites and pop-ups.

Classification Of Cyber Crimes

Cyber crimes can be classified in to 4 major categories which are: i. Cyber crime against Individual Page 4

OUMH1203

ii. iii. iv.

Cyber crime Against Property Cyber crime Against Organization Cyber crime Against Society

There are four types of cyber crimes against individual which includes email spoofing, spamming, cyber defamation and harassment & cyber stalking. A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source. Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain letters. Cyber defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information. Cyber stalking means following the moves of an individual's activity over internet. It can be done with the help of many protocols available such at e- mail, chat rooms, user net groups. Cyber crimes against property are credit card fraud, intellectual property crimes and Internet time theft. Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. According to the Federal Trade Commission, while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008. However, credit card fraud, that crime which most people associate with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row. The costs of card fraud in 2006 were 7 cents per 100 dollars worth of transactions (7 basis points). Due to the high volume of transactions this translates to billions of dollars. In 2006, fraud in the United Kingdom alone was estimated at 535 million, or US$750830 million at prevailing 2006 exchange rates. Intellectual property is any innovation, commercial or artistic, or any unique name, symbol, logo or design used commercially. Intellectual property is protected by patents on inventions, trademarks on branding devices, copyrights on music, videos, patterns and other forms of expression and trade secrets for methods or formulas having economic value and used commercially. Intellectual property (IP) crime is a generic term used to describe a wide range of counterfeiting and piracy offences. Trademark (counterfeiting) and copyright (piracy) infringements are serious IP crimes that defraud consumers, threaten the health of patients, cost society billions of dollars in lost government revenues, foreign investments or business profits and violate the rights of trademark, patent, and OUMH1203 Page 5

copyright owners. These include software piracy: illegal copying of programs and distribution of copies of software, copyright infringement, trademarks violations and theft of computer source code. Internet time theft comes under hacking. It is the use by an unauthorised person, of the Internet hours paid for by another person. The person who gets access to some one elses ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other persons knowledge. Cyber crimes against organization include unauthorized accessing of computer, denial of service, virus attack, email bombing, salami attack, logic bomb, Trojan Horse and data diddling. Unauthorized accessing of computer is accessing the computer/network without permission from the owner. It can be of 2 forms: Changing/deleting data: Unauthorized changing of data and Computer voyeur: The criminal reads or copies confidential or proprietary information, but the data is neither deleted nor changed. Denial of service is when Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. Virus attack is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to. Email bombing means sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. Salami attack happens when negligible amounts are removed and accumulated in to something larger. These attacks are used for the commission of financial crimes. Logic bomb is an event dependent programme, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities. Trojan Horse is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Data diddling involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

There are three types of cyber crime against society and it occurred in forgery, cyber terrorism and web jacking. Forgery is an illegal modification or reproduction of an instrument, document, signature, or legal tender, or any other means of recording information. Forgeries include currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers. Cyber OUMH1203 Page 6

terrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as viruses. It will use computer resources to intimidate or coerce others. According to The American Heritage Dictionary of the English Language 854 (3d ed. 1992), a web jacking is often accomplished by the web jacker sending a counterfeit email message to the registrar controlling a domain name registration. The counterfeit message appears to have been sent from someone with authority over the domain name, and the message instructs the registrar to "connect the domain name with a new Internet Protocol (IP) address. Once this connection is set up by the duped registrar, any Internet user who types the domain name in his or her Web browser is taken to whatever Web site the web jacker has installed at the new IP address. Sometimes the web jacker's Web site is a fraudulent copy of the original Web site, causing Internet users not to notice the web jacker's scam. It happens when hackers gain access and control over the website of another; even they change the content of website for fulfilling political objective or for money.

Comparison Of Cyber Crimes In Malaysia And U.S.A

The computer has become a tool in the execution of other crimes, particularly on the Internet and on networks. According to San Oo Aung wordpress.com, more than 4,000 OUMH1203 Page 7

cyber complaints, mostly concerning cyber crimes have been lodged with Cyber security Malaysia in the past two years. Its chief executive officer Lieutenant-Colonel Husin Jazri said that the complaints mostly consisted of hack threats, fraud, denial of services and other computer problems such files lost or corrupted by viruses. One of the institution in fighting cyber crimes CyberSecurity Malaysia reported that last year, they handled a total of 2,123 incidents, more than 100 per cent increase compared with 2007 but that rate was an increase in incidents and it may not correlate with cyber crime rates. They have not analysed cyber crime rates per se but they have analysis on the complaints and referrals given to them. They said that there are three main factors that contribute to the increase of the crimes; i. ii. Cyber crimes have gone up The number of Internet users has gone up. There are 13.5 million Internet users in the country today and the number is increasing. iii. The base has expanded and, correspondingly, complaints have also increased. This institution said that most cyber crimes are financially motivated. The impact of the economic downturn and financial crisis could potentially lead to the increase in cyber crime cases globally. According to them, a very challenging issue in cyber crime investigation is the gathering of evidence. If there is a cyber court, there will be a need for a provision on how the court can facilitate and give empowerment for evidence collection in a much, much easier way. The government has acted wisely and is farsighted as far as cyber security issues are concerned. It has created institutions like CyberSecurity Malaysia to help us face the challenges. There is also the National Cyber Security Policy which aims to reduce the vulnerability of ICT systems and networks. It tries to in still a culture of cyber security among Internet users and strengthen Malaysian self-reliance in terms of technology and human resources. Not many countries have such a policy or enacted laws like the Computer Crime Act 1997 and the Communication and Multimedia Act 1998.

The fundamentals have been put in place and it is believed that the security and safety in Malaysian cyberspace is much better than in some developed countries. For example, if a malicious virus arrives in Malaysian space, they can stop it within 24 hours. They do this by working with banks, MCMC, ISPs and the police. They said that they are the OUMH1203 Page 8

fastest because Malaysian cyberspace is well governed. Whereas in U.S.A, Some of the many crimes that are regularly committed with the facilitation of the Internet are child pornography, fraud, the sell and purchase of illegal guns or drugs, or other material that are protected by copyright. In the worst cases, cyber crimes can result in child abduction and molestation, and physical harm to victims. These heinous crimes have forced lawmakers and legislators to look long at hard at the state of crimes in relation to the Internet, and what laws are in effect to protect and prevent such crimes from harming those at risk. One of the most popular cyber crimes in U.S.A is identity theft. According to Law Vibe, it has become more and more elaborate, where identity thieves have mastered numerous ways accessing bank accounts, Social Security numbers and controlling another individuals identity. These crimes became apparent through dozens of cybercrime forums. Criminals use these sites the same way as any regular person uses their online purchasing/bidding sites. They buy, sell, and auction anything related to cybercrime through these sites, including credit and debit card numbers, bank accounts and personal data. Cybercrime cost the US approximately $67.2 billion a year worth of income from businesses, according to the FBI. Consumers, on the other hand, lost roughly $8 billion from malicious contents and viruses online within the last two years based on Consumer Reports. Between May 2004 and May 2005, it is estimated that approximately 1.2 million computer users in the United States have suffered losses amounting to USD 929 million due to Phishing.

OUMH1203

Page 9

OUMH1203

Page 10

Você também pode gostar