Computer & Cyber Crime – Comprehensive Study Notes

Objectives

  • Describe and categorize cybercrimes and cyber-related crimes.
  • Distinguish cybercrimes from cyber-related crimes.
  • Identify who the perpetrators are.
  • State the different kinds of crimes.
  • Know the related law.
  • Know efforts to combat such crimes.

Introduction & Global/Malaysian Statistics

  • Malaysia Computer Emergency Response Team (MyCERT) 2020 incident counts
    • Intrusion: 484 total (Jan – Apr only: 122,93,125,144; rest 0)
    • Denial of Service (DoS): 3 (Feb)
    • Content-related: 111 (Jan – Mar: 23,23,42)
    • Cyber-harassment: 187 (Jan – Apr: 37,27,58,65)
    • Intrusion attempt: 40 (Jan – Apr: 13,8,8,11)
    • Vulnerabilities report: 32 (Jan – Apr: 8,10,10,4)
    • Fraud (phishing, scams): 3,510 (Jan – Apr: 807,725,798,1,180)
    • Malicious codes, spam, etc. largely zero-reported after April.
    • Grand total (Jan – Aug rows shown): 4,596.
  • Malaysia cybercrime (Royal Malaysian Police):
    • 2007 – 2012 growth from 1,139 to 6,586 cases; losses escalated from RM11.4 million to RM96.1 million.
    • Top-3 offences: e-commerce fraud/online purchase, parcel scam, VoIP scam (cross-border syndicates).
  • Selected Indian data
    • 142 hacking cases (2006); 420 cases (2009).
    • Pornography offences: 88 in 2006, 193 in 2009.

Defining Cybercrime

  • Confusion: the term “computer crime” often equals “cybercrime,” yet finer distinctions exist.
  • Computer crime (broad): using a computer as a tool to commit any criminal act.
  • Genuine cybercrime:
    • Crime can be carried out only via cyber-technology and only in the cyber-realm.

Categories of Genuine Cybercrime

  • Cyberpiracy
    • Unauthorized reproduction/distribution of proprietary software or information using networks.
    • Example: mass sharing of MP3 files containing copyrighted content.
  • Cybertrespass
    • Unauthorized access to systems or password-protected sites.
    • Example: DoS attack on an e-commerce site.
  • Cybervandalism
    • Deployment of programs that disrupt transmissions, destroy resident data, or damage resources.
    • Example: unleashing the ILOVEYOU virus.

Categories of Cyber-related Crime

  • Cyber-exacerbated crimes
    • Cyber-tech does much more than assist; it amplifies reach/impact.
    • Examples: cyberstalking, Internet pedophilia, Internet pornography.
  • Cyber-assisted crimes
    • Cyber-tech merely helps traditional crimes.
    • Examples: income-tax cheating, physical assault coordinated with computers, property damage commanded by computer.

Alarming Cybercrime Statistics (Global)

  • Social-media–enabled cybercrime revenue >\$3.25 billion/year.
  • Entire cybercrime economy revenue \ge \$1.5 trillion (2018).
  • 76 billion USD involves Bitcoin transactions.
  • 85\% of organizations experienced phishing/social-engineering attacks.
  • Malware remains most costly category.
  • 96\% of surveyed organizations see e-mail phishing as top risk.

Examples of Cybercrime (Non-exhaustive)

  • Ransomware, malware, crypto-mining & cryptojacking scams.
  • Identity theft / impersonation.
  • Theft, leakage, manipulation of data/IP.
  • Privacy violations.
  • Human & sex trafficking, online drug/weapon sales.

Simplified Two-Way Categorization

  • Crimes targeting networks/devices: viruses, DoS attacks, malware infections.
  • Crimes using devices to commit other offences: phishing, cyberstalking, identity theft.

Types of Perpetrators

  • Hackers
    • Curiosity-driven testers of system limits.
  • Crackers
    • Malicious intruders who deface sites, crash systems, spread malware.
  • Malicious insiders
    • \approx70\% of intrusions come from employees/consultants/contractors.
    • Have credentials, procedural knowledge, and motive (financial gain, revenge, publicity).
  • Industrial spies
    • Steal trade secrets for hiring competitor; often disgruntled staff.
  • Cybercriminals
    • Conduct fraud, steal funds, purchase expertise for large-scale attacks.
  • Cyberterrorists
    • Politically/socially motivated attackers who cause destruction/disruption rather than gather intel; often well-organized and well-funded.

Fraud, Embezzlement, Sabotage, Identity Theft, Forgery

  • Fraud
    • Credit-card: stolen receipts, intercepted online transactions, careless card handling.
    • ATM: stolen numbers/PINs, counterfeit machines, insider collusion.
  • Embezzlement/Sabotage causes
    • Insider info, poor security, complex transactions, anonymity.
    • Defenses: job rotation, mandatory IDs/passwords, audit trails, background checks.
  • Identity theft
    • Causes: misuse of ID numbers, poor data security, inadequate victim support.
    • Defenses: limit PII use, strengthen storage security, better personal authentication, public education.
  • Forgery
    • Causes: powerful PCs, image editors, HQ printers/scanners.
    • Defenses: anti-counterfeit production, detection tech, legal & procedural incentives, consumer/employee education.

Impact of Cybercrime on Society

  • IBM CEO Ginni Rometty: “the greatest threat to every profession, industry, company.”
  • Global cost forecast \$6\text{ trillion} by 2021.
  • Ponemon 2016: average breach cost \$4\text{ million}.
  • 48\% of breaches from malicious intent.
  • Ransomware projected \$11.5\text{ billion} cost (2019).
  • Cybercrime will more than triple unfilled cyber-security jobs by 2021.
  • Average dwell-time to detect breach >200 days.

How to Fight Cybercrime (Preventive Measures)

  • Browse vigilantly; verify HTTPS and certificate validity.
  • Flag/report suspicious e-mails; never click unfamiliar links/ads.
  • Use VPNs on public networks.
  • Keep OS, antivirus, and applications updated.
  • Employ strong passwords (\ge14 characters); prefer pass-phrases + managers.

Popular Films Featuring Cybercrime Themes

  • Hackers • Blackhat • Who Am I • Live Free or Die Hard • Swordfish • Sneakers • Open Windows • Nerve • Antitrust • Breach • The Internet’s Own Boy • Disclosure • The Italian Job

Cybercrime in Malaysia & Enforcement Challenges

  • Cybercrime now surpasses drug trafficking in profit.
  • 70\% of commercial-crime cases qualify as cybercrime.
  • Youth are most vulnerable; tech used to cheat, harass, spread false info.
  • Royal Malaysian Police investigation challenges:
    • Mobility of devices, rapid new tech, maintaining analytical capabilities.
    • Need comprehensive legal framework, multi-jurisdiction cooperation, widespread security awareness.

Malaysian Computer Crimes Act 1997 (CCA)

  • Effective: 1/6/2000; provides punishments for computer misuse.
  • Covers reading, overtaking, using computers illegally; sets ISP standards; defines penalties.
  • Targets trespass, data theft/destruction, webpage defacement, e-mail theft, credit-card fraud.
  • Offence classes:
    • Cybercrime on property (fraud, forgery, mischief, virus spread).
    • Cybercrime on humans (pornography, cyber-harassment, stalking).
    • Cyber-terrorism (e.g., hijacking air-traffic control, poisoning food supply).

Key Sections & Penalties (CCA 1997)

  • Section 3 – Unauthorized access
    • Elements: intent + unauthorized + knowledge.
    • Penalty: fine \le RM50{,}000 or \le5 years prison or both.
  • Section 4 – Unauthorized access with intent to commit further offence
    • Includes fraud/dishonesty or causing injury.
    • Fine \le RM150{,}000 or \le10 years prison or both.
  • Section 5 – Unauthorized modification of contents
    • Alter/erase/add data or impair operation.
    • Penalties follow seriousness (not explicitly listed in slide but implied imprisonment/fine).
  • Section 6 – Wrongful communication of access codes
    • Fine \le RM25{,}000 or \le3 years prison or both.
  • Section 7 – Abetments, attempts, preparatory acts & presumption of unauthorized access when illicit data held.

Other Malaysian Cyberlaws (Complementary)

  1. Computer Crime Act 1997
  2. Communications & Multimedia Act 1998 (CMA)
  3. Malaysian Communications & Multimedia Commission Act 1998
  4. Digital Signature Act 1997
  5. Copyright (Amendment) Act 1997
  6. Telemedicine Act 1997
  7. Optical Disc Act 2000
  8. Electronic Transactions Act 2006

Selected Malaysian Case Studies

  • PP v Nebolisa Olisa Hillary (2016)
    • Nigerian romance scam via Facebook, cheated retiree of RM107{,}950.
    • Penal Code \text{S}420; sentence: 18 months + 2 strokes per charge.
  • PP v Lau Jia Wen (2018)
    • Altered iPhone 7 Plus price from RM4,299\to RM4.99.
    • CCA S5(1); fined RM3,000.
  • PP v Rose Hanida bt Long (2016) / Appeal (2017)
    • Secretary used boss’s credentials for 160 fraudulent transactions totalling RM348{,}294.81.
    • 13 charges CCA 4(1)(a) + 13 charges Penal Code 420.
    • Sentenced: 1 yr + RM15,000 fine each CCA charge; 4 yrs + RM5,000 each Penal Code charge.
  • PP v Syahzan Amir Endut (2019)
    • Sent obscene MMS; CMA S233(1)(a); fined RM15,000 (appeal dismissed).
  • PP v Aszroy bin Achoi (2018–19)
    • Supported Daesh via FB; Penal Code 130J(1)(a) (7 yrs) & 130JB(1)(a) (2 yrs), consecutive.
  • PP v Chow Mun Fai (2019)
    • Incited racial tension on Twitter; Penal Code 505, 298A(1)(a), CMA 233(2).
    • Imprisonment 7 – 30 months across charges.

International Vulnerability Rankings

  • SophosLabs Threat Exposure Rate (TER)
    • Malaysia 17.44\% (5th riskiest).
    • Top 4: Indonesia 23.54\%, China 21.26\%, Thailand 20.78\%, Philippines 19.81\%.
  • Symantec/BusinessWeek Top-20 cybercrime-source countries
    • USA 23\% of global malicious activity; China 9\%; Germany 6\%; others Spain, Brazil, Britain, etc.

Extra: Situational Q & A / Best Practices

  • Public Wi-Fi risks: data-stealing malware, Man-in-the-Middle (MitM) attacks, honeypots.
  • Using neighbour’s unsecured Wi-Fi: owner can sniff credentials & see IP/geolocation; may set traps; legal/ethical issues.
  • Webcam hacking: exploits unpatched software, malicious PDFs, banners; always update apps.
  • Multi-word vs complex-character passwords: either alone insufficient; add password manager & 2-factor authentication; ensure TLS; update software.
  • macOS myth: fewer threats than Windows but not virus-proof; no 100\% effective solution.
  • Identity-theft defense: educate yourself, employ layered tools matching budget.
  • Choosing antivirus: evaluate via user opinions, expert reviews, independent lab tests.
  • Life as a hacker/cyber-criminal: stressful, high work, risk, anxiety over outcomes.

Sources Cited in Slides

  • Techopedia, Florida Tech Online, Juniper Research, Forbes.
  • IBM SecurityIntelligence (Ponemon Institute studies & cybercrime stats).
  • CSO (IDG) & MetaCompliance.
  • Amazon reference book: “Cybercrime Cases: A Decade of Malaysian Experience” by Assoc. Prof. Rizal Rahman.