This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Computer crime, orÂ cyber crime, refers to any crime that involves aÂ computerÂ and aÂ network, where the computers may or may not have played an instrumental part in the commission of aÂ crime.Â Issues surrounding this type of crime have become high-profile, particularly those surroundingÂ hacking,Â copyright infringement, child pornography, andÂ child grooming. Child groomingÂ refers to actions deliberately undertaken with the aim of befriending and establishing an emotional connection with a child, in order to lower the child's inhibitions in preparation for abuse (such asÂ child sexual abuse) or exploitation. There are also problems ofÂ privacyÂ whenÂ confidentialÂ information is lost or intercepted, lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities asÂ espionage,Â financial theft, and other cross-border crimes sometimes referred to asÂ cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with theÂ International Criminal CourtÂ among the few addressing this threat.
Computer crime encompasses a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories, firstly, crimes that target computer networks or devices directly, secondly, crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.
Examples of crimes that primarily target computer networks or devices would include: Computer viruses, Denial-of-service attacks, and MalwareÂ (malicious code).
Examples of crimes that merely use computer networks or devices would include, Cyber stalking, FraudÂ andÂ identity theft, Information warfare, and Phishing scams.
Types of computer crimes are hacking. This is activity of breaking into a computer system to gain an unauthorized access. The act of defeating the security capabilities of a computer system in order to obtain an illegal access to the information stored on the computer system is called hacking. The unauthorized revelation of passwords with intent to gain an unauthorized access to the private communication of an organization of a user is one of the widely known computer crimes. Another highly dangerous computer crime is the hacking of IP addresses in order to transact with a false identity, thus remaining anonymous while carrying out the criminal activity.
Secondly is Phishing. Phishing is the act of attempting to acquire sensitive information like usernames, passwords and credit card details by disguising as a trustworthy source. Phishing is carried out through emails or by luring the users to enter personal information through fake websites. Criminals often use websites that have a look and feel of some popular website, which makes the users feel safe to enter their details there.
Thirdly are Computer Viruses. Computer viruses are computer programs that can replicate themselves and harm the computer systems on a network without the knowledge of the system users. Viruses spread to other computers through network file system, through the network, Internet or by the means of removable devices like USB drives and CDs. Computer viruses are after all, forms of malicious codes written with an aim to harm a computer system and destroy information. Writing computer viruses is a criminal activity as virus infections can crash computer systems, thereby destroying great amounts of critical data.
Fourthly is Cyber stalking. This is the use of communication technology, mainly the Internet, to torture other individuals. False accusations, transmission of threats and damage to data and equipment fall under the class of cyber stalking activities. Cyber stalkers often target the users by means of chat rooms, online forums and social networking websites to gather user information and harass the users on the basis of the information gathered. Obscene emails, abusive phone calls and other such serious effects of cyber stalking have made it a type of computer crime.
Fifthly is Identity Theft. This is one of the most serious frauds as it involves stealing money and obtaining other benefits through the use of a false identity. It is the act of pretending to be someone else by using someone else's identity as one's own. Financial identity theft involves the use of a false identity to obtain goods and services and a commercial identity theft is the using of someone else's business name or credit card details for commercial purposes. Identity cloning is the use of another user's information to pose as a false user. Illegal migration, terrorism and blackmail are often made possible by means of identity theft.
Similarly, many crimes involving computers are no different from crimes without computers; the computer is only a tool that a criminal uses to commit a crime. ForÂ example, firstly, using a computer, a scanner, graphics software, and a high-quality colour laser or inkÂ jet printer for forgery or counterfeiting is the same crime as using an old-fashioned printing press with ink.Â Secondly, stealing a laptop computer with proprietary information stored on the hard disk inside the computer is the same crime as stealing a briefcase that contains papers with proprietary information.Â Thirdly, using the Internet or online services to solicit sex is similar to other forms of solicitation of sex, and so is not a new crime.Â Fourthly, using computers can be another way to commit either larceny or fraud.
Computer Crimes Act 1997
Cyber crime is under the Computer Crime Act 1997. The computer Crimes Act 1997 is aimed to 'provide for offences relating to the misuse of computers'. The Computer Crimes Act 1997 introduced into Malaysia, for the first time, the concept of a cyber crime; which is basically the Act makes it an offence to access computer systems without authority and use computer systems for fraudulent purpose. The Act also provides that the commission of these offences extra-territorially (that is, outside Malaysia) is punishable. Section 9(1) of the Computer Crimes Act 1997 states:
The provisions of this Act shall, in relation to any person, whatever his nationality or citizenship, have effect outside as well as within Malaysia, and where an offence under this Act is committed by any person in any place outside Malaysia, he may be dealt with in respect of such offence as if it was committed at any place within Malaysia.
For the purposes of subsection (1), this Act shall apply if, for the offence in question, the computer, program or data was in Malaysia or capable of being connected to or sent to or used by or with a computer in Malaysia at the material time.
Any proceeding against any person under this section which would be a bar to subsequent proceedings against such person for the same offence if such offence was committed in Malaysia shall be a bar to further proceedings against him under any written law relating to the extradition of persons, in respect of the same offence outside Malaysia.
The Act defines the word 'computer' as 'an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, storage and display functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include an automated typewriter or typesetter, or a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility.
"Computer network" means the interconnection of communication lines and circuits with a computer or a complex consisting of two or more interconnected computers. Section 2(10) of the Act provides further that 'any reference in this Act to a computer includes a reference to a computer network'.
The Computer Crimes Act 1997 defines 'data' as 'representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer. The word 'programme' means data representing instructions or statements that, when executed in a computer, causes the computer to perform a function.
Offences of Unauthorized Access
Section 3(1) of the Computer Crimes Act 1997 provides that; a person shall be guilty of an offence if, (a) he causes a computer to perform any function with intent to secure access to any programme or data held in any computer, (b) the access he intends to secure is unauthorized, and (c) he knows at the time when he causes the computer to perform the function that is the case.
Section 3(2) of the Act provides that; the intent a person has to have to commit on an offence under this section need to be directed at; (a) any particular programme or data, (b) a programme or data of any particular kind, or (c) a programme or data held in any particular computer.
In short, this section creates an offence where there has been an unauthorized secure the unauthorized access to any programme or data need not be a different computer from that containing the data or programme.
The Computer Crimes Act 1997 defines the scope and meaning of 'unauthorized access' in Section 2(2) and Section (5). The burden of proof on the prosecution is made easier by section 8 of the Act which provides; A person who has in his custody or control any programme, data or other information which is held in any computer which he is not authorized to have in his custody or control shall be deemed to have obtained unauthorized access to such programme, data or information unless the contrary is proven.
Unauthorized Access with Ulterior Intent
Section 4(1) and 2, Computer Crimes Act 1997 states; (1) a person shall be guilty of an offence under this section if he commits an offence referred to in section 3 with intent; (a) to commit an offence involving fraud or dishonesty or which causes injury as defined in the Penal Code, or (b) to facilitate the commission of such an offence whether by himself or by any other person. (2) For the purposes of this section, it is immaterial whether the offence to which this section applies is to be committed at the same time when the authorized access is secured or on any future occasion.
Thus, the offence which this section creates is limited to those offences which involve fraud or dishonesty or which causes injury as defined in the Penal Code. Example of section 4(1) (a) offences occur when; (1) a person secures the unauthorized access to a bank's computer in order to divert funds into his bank account maintained in another bank; or (2) a person secures the unauthorized access to a bank's computer and instructs the bank's computer to round down the interest calculated on all interest-bearing accounts, and the excess funds of half Sen be diverted to his personal account.
Such person can be said to have committed theft under the Penal Code and would have committed offences under both section 3 (for the unauthorized access) and 4 of the Computer Crimes Act 1997.
Section 4(1) (b) requires the person securing access 'to facilities the commission of such an offence whether by himself or by any other person'.
Section 4 (3) provides that a person guilty of the Section 4 offence shall on conviction be liable to a fine not exceeding RM 150,000 or to imprisonment of up to ten years or to both.
Unauthorized Modification of Contents of Computer
Section 5(1) renders it an offence if a person who does 'any act which he knows will cause unauthorized modification of the contents of any computer'. An essential element of this offence is knowledge. In the case of Lai Fook Kee v Public Prosecutor the court relied on two authorities for the definition of the word 'know' and stated thus:
In London Computator Ltd v Seymour  2 All ER 11â€¦it was 'knows' bears its ordinary meaning and is not so to be construed as 'ought to have known'. In Sinniah Sokkan v Public Prosecutor  MLJ 249, Gill J (as he taken was) was considering the meaning of 'knowingly made a false statement' and he stated: 'â€¦it must not only be proved that the statement was false but also that it was conscientiously made and known to be false'. In the absence of specific finding of personal knowledge by the appellant that the statement which he gave was false, the conviction cannot stand and the appellant must be acquitted.
Besides having to prove that the accused had personal knowledge that the access was unauthorized, it must also be proved that there was an 'act'. Thus, examples of acts which may constitute offences under this section include:
Deliberately closing of a word-processing program without saving the changes made to the information by moving the mouse or by switching off the power supply;
Introducing a 'worm ' program into the computer system so that by adding programs or data to the computer's content, all the spare capacity in the computer is used up; and
Intentionally introducing a computer 'virus' into the system.
For the purposes of Subsections 5(2) of the Computer Crimes Act 1997, it is immaterial that the act in question is not directed at; (a) any particular programme or data, (b) a programme or data of any kind; or (c) a programme or data held in any particular computer.
For the purposes of Subsections 5(3) of the Computer Crimes Act 1997, it is immaterial whether an unauthorized modification is, or is intended to be, permanent or merely temporary.
Section 2(7) explains what 'modification' in this context means; (a) any programme or data held in the computer concerned is altered or erased, (b) any programme or data is introduced or added to its contents, or (c) any event occurs which impairs the normal operation of any computer, and any act that contributes towards causing such a modification shall be regarded as causing it. Thus, a modification occurs where a function of the 'target' computer itself is operated.
Subsection 2(8) goes on to provide that such modification is 'unauthorized' if; (a) the person whose act causes it is not himself entitled to determine whether the modification should be made, and (b) he does not have consent to the modification from any person who is so entitled.
Subsection 5(3) provides that it is immaterial whether an unauthorized modification is, or is intended to be, permanent or merely temporary. Mere transient forays into another computer's system would be caught by the section if there is an unauthorized modification.
A person guilty of a section 5 offence shall on conviction be liable to a fine not exceeding RM 100,000 or to imprisonment for a term of up to seven years or to both. The penalty is enhanced, to a maximum fine of RM 150,000 or maximum imprisonment of ten years or to both, if the act is done with the intention of causing injury as defined in the Penal Code.
Unauthorized Communication of Codes or Passwords
Section 6 of the Computer Crimes Act 1997 makes it an offence to communicate directly or indirectly a number, code, password or other means of access to a computer to any authorized person. A person guilty of this offence shall on conviction be liable to a maximum fine of RM 25,000 or to imprisonment for a term of up to three years or to both.
As the marginal note of this section and the Explanatory Notes to the Computer Crimes Act 1997 use the words 'wrongful communications', it is submitted that an offence under section 6 cannot be committed by inadvertence. Mens rea (intention) is necessary to make it an offence to wrongfully communicate the number, code, password, etc to an unauthorized third party.
The other element to be proven is the information given (in the form of a number, code, password, or other means) has the effect of enabling the third person (who is unauthorized to do so) to gain access to a computer.
Bankers, in particular, should take heed of this section as the scope of this provision is very wide and would cover situations where their passwords or access codes are communicated to their colleagues who are not authorized such access.
Inchoate Offences and Participants
Under section 7(1) of the Computer Crimes Act 1997, abetments and attempts are punishable as offences. However, section 7(2) provides that where a person does any act preparatory to or in furtherance of the commission of any offence under the Computer Crimes Act 1997, the maximum sentence is half of the maximum term provided for the offence which the act was preparatory to. An example of such act would be where an intending 'hacker' purchases the necessary equipment in order to perform his deed.
Powers of Law Enforcement Agencies
Under section 10(1) of the Computer Crimes Act 1997, the powers of the law enforcement agency to search and seize evidence is subject to a warrant to be issued by the magistrate. The magistrate must have reasonable grounds for believing that the commission of an offence is committed. The magistrate must have sufficient facts to form the basis of his belief.
The powers given to the police under section 10(2) of the Computer Crimes Act 1997 are very wide. The section provides:
(2) Whenever it appears to any police officer of or above the rank of Inspector that there is reasonable cause to believe that in any premises there is concealed or deposited any evidence of the commission of an offence under this Act, and the police officer has reasonable grounds for believing that by reason of the delay in obtaining a search warrant the object of the powers mentioned in subsection (1) in as full and ample a measure is if he were empowered to do so by warrant issued under that subsection.
(3) Any police officer may arrest without a warrant any person whom he reasonably believes to have committed or to be committing an offence against this Act, and every offence against this Act, and every offence against this Act shall be deemed to be seizable offence for the purposes of the law for the time being in force relating to criminal procedure.
Thus, under certain circumstances and conditions, the police may search without a search warrant and arrest without a warrant.
Under section 11, a person guilty of the offence of obstructing a search shall on conviction be liable to a maximum fine of RM 25,000 or to imprisonment of up to three years or to both. Section 12 of the Computer Crimes Act 1997 provides that all prosecutions under the Act can only be instated by or with the written consent of the Public Prosecutor.
Data Protection Act 1998
The DATA PROTECTION ACT 1998 builds upon previous legislation to give rights to individuals whose 'personal data' is stored on computers and certain manual files.
The act defines 'data' as information which is:
Being processed by means of equipment operating automatically in response to instructions given for that purpose.
Is recorded with the intention that it should be processed by means of such equipment.
Is recorded as part of relevant filing system or with the intention that it should form part of a relevant filing system, or
Thought not filing within a, b or c, forms part of an accessible health, educational or publicly accessible record.
The Act lays down a number of principles which will govern personal data processing; these are that such data be:
Processed fairly and lawfully;
Obtained only for lawfully;
Adequate, relevant and not excessive in relation to the purpose for which it is to be processed;
Accurate and kept up to date;
Not kept for longer than is necessary for the stated purpose;
Processed in accordance with the rights given under the Act to data subjects;
Subject to measures of security to prevent unauthorised or unlawful processing, accidental loss, destruction or damage; not transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects.
The key ingredients that are important to form an effective case in a computer crime investigation are firstly is the enactment of appropriate laws, with the aim of protecting the computer crime victims, to serve as a deterrent to would be hackers (the penalty should be severe enough) and to provide a legal means of prosecuting those who are found guilty of committing such crimes. In Malaysia, the punishment may range from 3 years to 10 years imprisonment and/or a monetary fine of between RM 25,000 to RM 150,000. Note that stiffer penalties will be given if it is found that the guilty party had intention to cause injury when committing the crime.
Secondly is to have a group of specially trained prosecutors in the area of computer crime. The challenge for this group of prosecutors is that they have to be generalist on the subject of computer security and information technology. This is to enable them to tackle the various technologies that they may come across when dealing with cyber criminals.
Thirdly is the success of a computer crime investigation is also highly dependent on the effectiveness of the investigative team. More and more computer crime divisions are being setup within the police force around the world. In United Kingdom (UK) for example there is the Metropolitan Police Service Computer Crime Unit. This unit deals with crimes that relates to the Computer Misuse Act in the UK. There is even a new establishment called the National High Tech Crime Squad (UK) to deal with technology related crimes that run across conventional police boundaries and require specialist investigation skills. TheÂ ComputerÂ Misuse Act of 1990 is a law in the UK that makes illegal certain activities, such asÂ hackingÂ into other people's systems, misusing software, or helping a person to gain access to protected files of someone else's computer. The key point that highlighted here is trained specialists are required to carry out investigations in computer crime cases.
Fourthly is the global nature of criminal activities requires that strong ties be forged between enforcement agencies around the world.
Summary of the offences relating to misuse of computers as extracted from the "Explanatory Statement" of the Computer Crimes Act 1997:
a) Seeks to make it an offence for any person to cause any computer to perform any function with intent to secure unauthorised access to any computer material.
b) Seeks to make it a further offence if any person who commits an offence referred to in item (a) with intent to commit fraud, dishonesty or to cause injury as defined in the Penal Code.
c) Seeks to make it an offence for any person to cause unauthorised modifications of the contents of any computer.
d) Seeks to provide for the offence and punishment for wrongful communication of a number, code, password or other means of access to a computer.
e) Seeks to provide for offences and punishment for abetments and attempts in the commission of offences referred to in items (a), (b), (c) and (d) above.
f) Seeks to create a statutory presumption that any person having custody or control of any program, data or other information when he is not authorised to have it will be deemed to have obtained unauthorized access unless it is proven otherwise.
Example case of computer crime
IPOH: An information technology (IT) officer with the Natural Resources and Environment Ministry has been charged with four counts of illegally transferring Perak land titles.
Mohd Radzi Mohd Ramli, 54, pleaded not guilty to illegally transferring two land titles from a person called Chong Chiep Bee to a Yew Chio Chiong.
He also claimed trial to illegally invalidating the mortgage status of the two land titles, which had been initially charged to OCBC Bank (M) Bhd.
Mohd Radzi, who is still an officer of the ministry's IT section in Putrajaya, pleaded not guilty to illegally transferring the land title of Woo Foo Yee @ Anne Marie to Yew Chio Chiong.
The IT officer is also said to have created a land title for Mulia Era Jaya Sdn Bhd.
He is alleged to have committed all the fraudulent transactions at the computer training room of the IT section of the Perak Land and Mines Office here on Oct 1, 2007, between 3.39pm and 3.49pm.
All the land parcels involved in the alleged illegal transfers are located in Perak.
Mohd Radzi was charged under Section 5 (1) of the Computer Crimes Act 1997 for unauthorised modification of the contents of a computer.
If found guilty, Mohd Radzi is liable to a fine not exceeding RM100,000 or to a jail term of not more than seven years, or both.
Deputy Public Prosecutor Fatnin Yusof prosecuted before sessions court judge Rashidah Chik who set bail at RM12,000 with one surety and fixed Oct 9 for mention.
Computer crime definitely must be taken seriously. Attacks can come from a computer across the room or computers located in another country. The threat could be external or it could be internal. It may have financial impact, it may deal with child pornography or it may be related to cyber terrorism. Tackling computer crime is similar to tackling computer security; that is to start from the basics and address one thing at a time.
The Computer Crimes Act must be seen not only as a law which regulates the behaviour of people who use and do business over the Internet, but it also must be seen as the Government's efforts to put in place soft infrastructure to nurture the MSC and the knowledge-based economy so that Malaysia can achieve Vision 2020.Â
At the same time, the Government should be aware that technological innovation and the deviousness of human minds would mean that the law as well as enforcement must not only keep up with cyber-criminals, but it must ensure that their officers are one step ahead of cyber-criminals, ready to catch them if the cyber-criminals perform their dirty deeds.Â
As long as there is a system in place to punish the wrongdoers, as long as there is public awareness of the potential seriousness of such crimes, I believe that there will be much headway in computer crime law and investigation in the coming years in Malaysia and around the world.
My suggestions to prevent the computer crimes are firstly, is need to select a good password. Make the length of your passwordÂ at leastÂ five characters. It is too easy for automatic programs to sequentially try all combinations of characters in a password of only 1, 2, 3, or 4 characters.Â
Secondly is using the anti-virus software. Since everyone uses e-mail and nearly everyone will download executable software from the Internet, everyone should have a good anti-virus program running on their machine.
Thirdly is using firewall. It is good practice to erect a "firewall" between parts of a computer system that an external user can access (e.g., via modem or Internet or voiceÂ mail) and parts that are supposedly accessible only by a local user.
Fourthly is avoiding harassment. For casual on-line activities, you can establish a free e-mail account at Yahoo, Hot Mail, or some other provider, and use a stage name for that account. If someone harasses or stalks you, then you simply close that account and chose another stage name. In other words, you adopt a disposable identity for your life in cyberspace.Â
Lastly is making backup files. If a computer virus or an invading hacker deletes your files or either one corrupts your files, the easiest way to restore your computer may be to reformat the hard drive(s) and then copy files from a recent backup. Backups offer protection from more common (and less exotic) threats such as accidental deletion of a file by an authorized user or failure of a hard disk drive.Â