1. Greg and Sarah were undergoing a divorce.

Greg alleged that Sarah had left the matrimonial

home but according to Sarah, Greg had evicted her. While Greg was away overseas with the
children, Sarah returned to the matrimonial home to find it padlocked. With the help of a
locksmith, she gained entry to retrieve some of her belongings. When in the home, she
noticed the husband’s laptop on the dining table. She claims that it was switched “on” and in
sleep mode. Greg denied this. When Sarah accessed the laptop she was able to see a file
which allegedly showed how the husband had framed her over an incident. She then
removed the laptop from the home and with the assistance of a private investigator, she
accessed and copied the contents. She wrote down the passwords and shared them with
her sister as well. Sarah then uploaded a software which could monitor Greg’s use of
the computer.
Sarah subsequently filed an affidavit in the Family Court exhibiting WhatsApp messages
documenting exchanges between the husband and various other parties that she was able to
access from the laptop. She alleged that these showed that the husband had manufactured
evidence of incidents relating to their relationship and the children.
Greg seeks your advice as he wishes to bring an action against Sarah. Your answer must be
supported by relevant statutory provisions and case law.

Correct answer
1. Whether there was unauthorised access by Sarah under S3 of CCA 1997?
 S3
 S3(3)- can be charged
 Elements
- Copying the contents –it is fulfilled –
- She is not allowed to enter the house and she have no consent – no
consent given
- Assessing the file – she got intention and have knowledge
- Claims that it was in sleep mode- how she will know if it is in sleep
mode that means she got do something
- She accessed the laptop –evicted and going through divorce
- S2(5) – consent
2. Whether Sarah can be charged for unauthorized modification under Section 5 of the
Computer Crimes Act 1997?
- Uploaded software
- S2(8)
- She modify the computer

3. Whether Sarah’s actions constitute wrongful communication under S6 of the CCA?

- Shared password
- Wrongful communication
 4. Whether Sarah can be convicted for unauthorized access with intent to commit or
facilitate commission of further offence under Section 4 of the Computer Crimes Act
1997?
a. S23 of PC
b. S24 of PC
c. S44 of Pc- injury as she planted something in computer
d. Dishonesty – what Sapp and document exchanging all

Whether Sarah can be convicted for unauthorized access under Section 3 of the Computer
Crimes Act 1997?
Section3 is about unauthorized access to computer material. Section 3(1) of the Computer
Crimes Act 1997 stated that a person shall be guilty of an offence if he causes a computer to
perform any function with intent to secure access to any program or data held in any computer;
the access he intends to secure is unauthorized; and he knows at the time when he causes the
computer to perform the function that is the case. There are four elements that need to be
fulfilled for this section. The first element is that he causes a computer to perform any function
which proves that there is actus reus. The second element is at the time he causes the computer to
perform any function, it must be coupled with intention to secure access to any program or data
in any computer which proves that there is mens rea. The next element is the access is
unauthorized and the last element is he has that knowledge which also proves mens rea. S.3 (2)
of CCA 1997 states that the intent a person has to have to commit an offence under this section
need not be directed at, (a) any particular program or data; (b) a program or data of any particular
kind; or (c) a program or data held in any particular computer. Section 2(5) of CCA states that
access of any kind by any person to any program or data held in a computer is unauthorized if he
is not himself entitled to control access of the kind in question to the program or data; and he
does not have the consent or exceeds any right or consent to access by him of the kind in
question to the program or data from any person who is so entitled. In Director of Public
Prosecutions v Bignell, the respondents were both officers in the Metropolitan police force.
They instructed police computer operators to perform checks on the registration numbers of two
vehicles for their own personal use. They were charged with six offences contrary to s 1 of the
Computer Misuse Act 1990, were convicted by a stipendiary magistrate and fined. They each
appealed against their convictions to the Crown Court. They submitted that their use of the
computer, even if it was found to be for private purposes, was within the definition an authorized
access provided by s 17(5) of the 1990 Act because the access had been with authority, even
though that authority was used for an unauthorized purpose. The appeal was allowed. The
prosecution appealed by way of case stated. It was held that a person authorized to secure access
to a program or data did not commit an offence under s 1 of the Computer Misuse Act 1990 if
the access was at an authorized level, even if they did so for an unauthorized purpose. In the
instant case the respondents were authorized to access the Police National Computer and
accordingly had not committed an offence under s 1 of the Act despite the fact that their access
had not been for police purposes. In the case of DPP v Bignell, in this case, a policeman who
uses data from police system to check the car in front of his ex’s house. Court held that there’s
no unauthorised access because he in fact is authorised to do so. However, it’s wrong because it
was done for personal use. Access for an authorized purpose is not an offence. Unauthorized
access held to apply to external hackers. R v Bow Street Metropolitan Stipendiary
Magistrate, ex parte Government of the USA, the accused was charged for unauthorized
accessed of the American express system (credit card). A person within an organization who was
authorized to access some data on a computer system at a particular level, could exceed his
authority by accessing data at a level outside that authority. It was heavily argued that the
principle in DPP v Bignell is wrong. Unauthorized access was not limited to be obtained by an
outsider or hacker only so must look at the intention of the party under S3 of CCA. Unauthorized
access also includes unauthorized purpose.
Applying S 3(1) CCA, Sarah was not entitled to access data on the husband’s laptop on the
dining table. When Sarah accessed the laptop she was able to see a file which allegedly showed
how the husband had framed her over an incident yet she accessed and copied the contents. As in
s3 (2) CCA, Sarah used to do a series of unlawful accessed and copied the contents were not
related to her. Applying s2 (5), it is apparent that Sarah does not have the right or authority to
access. Applying DPP v Bignell, Sarah didn’t have the authorisation to access the laptop and she
was able to see a file which allegedly showed how the husband had framed her over an incident.
Sarah can be prosecuted as her actions were within the Act’s definition of unauthorised access
although she accessed the files for her personal use of extracting evidence to file an affidavit in
Family Court. R v Bow Street Metropolitan Stipendiary Magistrate, ex parte Government
of the USA, Sarah can be was charged for unauthorized accessed of the computer of Grey’s.
Applying Creative Purpose Sdn Bhd v Integrated Trans Corporation Sdn Bhd, Sarah had
the evident aim or intention to get access to Grey’s laptop. This is unquestionably unauthorised
access. As a result, all four elements have been met. Firstly, Sarah had caused a computer to
perform an action for which he intended to gain benefit from unauthorised access and was aware
of it. She even removed the laptop from home and accessed the copied contents with the help of
a private investigator, subsequently wrote down the passwords which shows her intention to
secure her access. The second element is mens rea, Sarah have the intention to secure access to
any program or data in any computer at the time. S.3 (2) of CCA 1997 states that the intent a
person has to have to commit an offence under this section need not be directed at, (a) any
particular program or data; (b) a program or data of any particular kind; or (c) a program or data
held in any particular computer. When Sarah came back home to retrieve some of her
belongings, she accessed his laptop with the intention of causing the computer to perform its
function. The third element that need to prove is the access is unauthorized. As Sarah and Greg
is going through divorce and Sarah left her matrimonial home, this clearly depicts that both
husband and wife has no authority over each other’s properties or things that leaves unauthorised
access as a clear point. She has the knowledge that the access is unauthorised. The fourth
element is Sarah has that knowledge the access is unauthorized. According to Section 2(5),
Sarah is not entitled to control access his file in his laptop nor have the consent of Greg. Sarah is
responsible under s3 of CCA 1997 and should be prosecuted under S 3(3) of CCA 1997, where
she might face a fine of up to 50,000 ringgit or a sentence of up to five years in jail, or both.
In conclusion, Sarah is liable for s3 of CCA 1997.
Whether Sarah can be punished for unauthorized modification under Section 5 of the Computer
Crimes Act 1997?
S2(7) of CCA 1997: For the purposes of this Act, a modification of the contents of any
computer takes place if, by the operation of any function of the computer concerned or any other
computer — (a) any program or data held in the computer concerned is altered or erased; (b) any
program or data is introduced or added to its contents; Or (c) any event occurs which impairs the
normal operation of any computer, and any act that contributes towards causing such a
modification shall be regarded as causing it. S2(8) of CCA 1997: Any modification referred to in
subsection (7) is unauthorized if— (a) the person whose act causes it is not himself entitled to
determine whether the modification should be made; and (b) he does not have consent to the
modification from any person who is so entitled. There are 2 elements need to be fulfilled, before
one can be held liable under this section. The first element is the actus reus, where by doing any
act which causes unauthorized modification of the contents of any computer, while the second
element which is Mens Rea, required only mere knowledge that the act will lead to such
modification and intention is immaterial. According to section 5 (1) of the Computer Crimes
Act 1997, a person shall be guilty of an offence if he does any act which he knows will cause
unauthorized modification of the contents of any computer. Section 5(2) for the purposes of this
section, it is immaterial that the act in question is not directed at—(a) any particular program or
data; (b) a program or data of any kind; or (c) a program or data held in any particular computer.
Section 5(3) of CCA 1997 for the purposes of this section, it is immaterial whether an
unauthorized modification is, or is intended to be, permanent or merely temporary. Section 5(4)
of CCA 1997 A person guilty of an offence under this section shall on conviction be liable to a
fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding
seven years 10 or to both; or be liable to a fine not exceeding one hundred and fifty thousand
ringgit or to imprisonment for a term not exceeding ten years or to both, if the act is done with
the intention of causing injury as defined in the Penal Code. PP v Devarajan, the accused was
charged under section 5 of the CCA for, amongst others, carrying out the following without
authorisation: downloading and launching software; running and stopping certain processes on
servers; and running certain programs on the database server of a broadcast centre. In the case of
R V Victor Lindesay, Revenge attack following a contract dispute. Defendant freelance
computer consultant accessed the websites of three clients of his former employer using
passwords he knew and caused £9K damage by deleting data. Guilty plea. Sentenced to 9 months
imprisonment. Upheld on appeal.
In application, S2 (7) (b) of CCA 1997, a modification of the contents of any computer takes
place if, by the operation of any function of the computer concerned or any other computer —
(b) any program or data is introduced or added to its contents. When Sarah accessed the laptop
she was able to see a file which allegedly showed how the husband had framed her over an
incident. Sarah then uploaded a software which could monitor Greg’s use of the computer. S2 (8)
of CCA 1997 the modification is unauthorized if— (b) Sarah does not have consent to the
modification from any person who is so entitled. There are 2 elements need to be fulfilled, before
one can be held liable under this section. The first element is the actus reus, Sarah who’s act
which causes unauthorized modification of the contents of Grey’s computer. Sarah has done the
modification by installing a software which could monitor Greg’s use of the computer. From
this, it is proven that such installation is unauthorised modification that shows the actus reus of
Sarah. The second element which is Mens Rea, required Sarah has the mere knowledge that her
act will lead to such modification and intention is immaterial. She has the intention to monitor
Greg’s activities which is his use of the computer via the software. She clearly knows that this
act will cause modification on Greg’s laptop. According to Section 5 (1) of the Computer
Crimes Act 1997, Sarah shall be guilty of an offence as she does an act which she knows will
cause unauthorized modification of the contents of any computer. Her act is said to be modified
as she introduced a new software in Greg’s laptop which was never existed in the laptop before.
Sarah is not entitled whether the modification should be made as she and her husband are not in
good terms due to their undergoing divorce. She neither had consent from Greg to do so. In line
with the case of PP v Devarajan, Sarah can be charged under Section 5 of CCA for carrying out
her act of installing the software to monitor Greg’s moves without authorisation. In the case of R
V Victor Lindesay, Sarah also committed offences in serious breach of trust, having used his
skills and knowledge of accessing and copied the contents. She literally wrote down the
passwords and shared them with her sister as well. Sarah then uploaded a software which could
monitor Greg’s use of the computer which to cause great inconvenience to Grey. Therefore,
Sarah can be punished for unauthorized modification under Section 5 of the Computer Crimes
Act 1997. Sarah can be punished under Section 5(4) conviction be liable to a fine not exceeding
one hundred thousand ringgit or to imprisonment for a term not exceeding seven years 10 or to
both; or be liable to a fine not exceeding one hundred and fifty thousand ringgit
In conclusion, Sarah can be punished for unauthorized modification under Section 5 of the
Computer Crimes Act 1997.
Whether Sarah’s actions constitute wrongful communication under S6 of the CCA?
Under S6(1), a person shall be guilty of an offence if he communicates directly or indirectly a
number, code, password or other means of access to a computer to any person other than a
person to whom he is duly authorized to communicate. The punishment for wrongful
communication is set out under S6(2), where a person guilty of an offence under this section
shall on conviction be liable to a fine not exceeding twenty five thousand ringgit or to
imprisonment for a term not exceeding three years or to both. There are two elements to be
fulfilled. Firstly, AR: Communicates through a number, code, passwords other than the person
authorized to communicate (person authorized to know). Secondly, MR: Knowledge. In R v
Delamare, the appellant who worked in a bank, upon the request of his acquaintance disclosed
details of bank accounts of 2 holders, which his acquaintance does not have authority to access.
He was held liable of unauthorized access to computer material and wrongful communication.
From the facts of the question, applying S 6(1) of CCA 1997 Sarah has accessed the laptop she
was able to see a file which allegedly showed how the husband had framed her over an incident
which had not been assigned to her. Sarah had not been given the permission to work on and
having accessed and copied the contents. Besides, she wrote down the passwords and shared
them with her sister. The punishment for wrongful communication is set out under S6(2), Sarah
can be caught guilty of an offence under this section shall on conviction be liable to a fine not
exceeding twenty five thousand ringgit or to imprisonment for a term not exceeding three years
or to both. There are two elements to be fulfilled. Firstly, AR: Communicates through passwords
other than the person authorized to communicate. Secondly, Sarah definitely has the knowledge.
In R v Delamare, Sarah does not have authority to access and she can be held liable of
unauthorized access to computer material and wrongful communication.
In conclusion, Sarah’s actions constitute wrongful communication under S6 of the CCA.
2. Kevin worked as a computer security specialist at a company called Freeinformation.com
during the latter part of 2019. Freeinformation.com shared office space and computer
network with one of its investors, Great Partners Asset Management (“Great Partners”),
which was a venture capital company.
One day, without the knowledge of Great Partners, Kevin altered the start-up commands
on the Great Partner’s network to send automatically the password file from the Great Partner’s
system to him at an e-mail account he controlled each time the Great Partner’s computer system
was booted. Then onwards, Kevin began accessing the Great Partner’s network remotely over
the Internet and further, through a secure shell account he illegally installed on the victim’s
network. Additionally, in November 2019, he secretly installed what is known as a “sniffer”
program that intercepted and recorded electronic traffic on the Great Partner’s network,
including unencrypted passwords.
By installing this sniffer program, Kevin was able to take advantage and make note of the
legitimate users on the Great Partner’s business network. One of the account holders with
Great Partners was RCS Computer (“RCS”), specializing in selling computer equipment at retail
locations over the Internet to individuals located throughout the country. On December 30th
2019, Kevin connected to the Internet from his home and again remotely entered the Great
Partner’s network. Using the legitimate user’s password, he transferred funds from RCS
Computers to his own bank account. Once completed, he deleted the entire RCS database,
costing RCS approximately RM60,000 to repair. Finally, Kevin left a taunting message on its
RCS network: “Hello, I have just paid a visit to your system- Have a nice day!”
(i) Identify the type (or types) of computer crimes performed by Kevin and apply the
relevant statutory provisions in Malaysia to this case. Your answer must be supported
by case law. (15 Marks)
Correct answer
- Have to do what was in last week tuto – like in what is computer all
- S3
o Free information.com
o One day, without the knowledge of Great Partners, Kevin altered the start-up
commands
o Unauthorised access
 - S4
o Fraud
o Once completed, he deleted the entire RCS database, costing RCS approximately
RM60,000 to repair
o Injury to computer – as it needed money to repair
- S5
o Altered
o He illegally installed on the victim’s network.
o He secretly installed what is known as a “sniffer” program that intercepted and
recorded electronic traffic on the Great Partner’s network, including unencrypted
passwords.
- S6
o Wrongful communication
o Must be like someone gave it to another person
o He cannot share the password
o Kevin worked as a computer security specialist at a company called
Freeinformation.com during the latter part of 2019. Freeinformation.com shared
office space and computer network with one of its investors, Great Partners Asset
Management (“Great Partners”), which was a venture capital company
o He took advantage of this all by installing
o Is he entitled to keep this passwords
o Consent exceed – S2(5)

Type of crimes

1. Hacking means the gaining of unauthorized access to someone else’s data in computer or
system with or without intention to commit further offence. There are three types of
hackers, which are
 White hat – Hacker working with government or company to improvise the
system
 Black hat – Bad hacker
 Grey hat – Unauthorized hacker but notified the person whose system is
hacked as warning or risk to be hacked by black hat hacker

One day, without the knowledge of Great Partners, Kevin altered the start-up commands on the
Great Partner’s network to send automatically the password file from the Great Partner’s
system to him at an e-mail account he controlled each time the Great Partner’s computer
system was booted. Then onwards, Kevin began accessing the Great Partner’s network remotely
over the Internet and further, through a secure shell account he illegally installed on the victim’s
network. Additionally, in November 2019, he secretly installed what is known as a “sniffer”
program that intercepted and recorded electronic traffic on the Great Partner’s network,
including unencrypted passwords.

2. DDos means distributed denial of service. Every website have input and output system.
In reality, there a lot of traffics in internet as we are not the only users in the world of the
internet. DDos is a system that creates more traffics, hence create traffic jam in internet.

Partner’s network. Using the legitimate user’s password, he transferred funds from RCS
Computers to his own bank account. Once completed, he deleted the entire RCS database,
costing RCS approximately RM60,000 to repair. Finally, Kevin left a taunting message on its
RCS network: “Hello, I have just paid a visit to your system- Have a nice day!”

Whether Kevin can be convicted for unauthorized access under Section 3 of the Computer
Crimes Act 1997?
Section3 is about unauthorized access to computer material. Section 3(1) of the Computer
Crimes Act1997 stated that a person shall be guilty of an offence if he causes a computer to
perform any function with intent to secure access to any program or data held in any computer;
the access he intends to secure is unauthorized; and he knows at the time when he causes the
computer to perform the function that is the case. There are four elements that need to be
fulfilled for this section. The first element is that he causes a computer to perform any function
which proves that there is actus reus. The second element is at the time he causes the computer to
perform any function, it must be coupled with intention to secure access to any program or data
in any computer which proves that there is mens rea. The next element is the access is
unauthorized and the last element is he has that knowledge which also proves mens rea. S.3 (2)
of CCA 1997 states that the intent a person has to have to commit an offence under this section
need not be directed at, (a) any particular program or data; (b) a program or data of any particular
kind; or (c) a program or data held in any particular computer. Section 2(5) of CCA states that
access of any kind by any person to any program or data held in a computer is unauthorized if he
is not himself entitled to control access of the kind in question to the program or data; and he
does not have the consent or exceeds any right or consent to access by him of the kind in
question to the program or data from any person who is so entitled. In the case of DPP v Bignell,
in this case, a policeman who uses data from police system to check the car in front of his ex’s
house. Court held that there’s no unauthorised access because he in fact is authorised to do so.
However, it’s wrong because it was done for personal use. Access for an authorized purpose is
not an offence. Unauthorized access held to apply to external hackers. R v Bow Street
Metropolitan Stipendiary Magistrate, ex parte Government of the USA, the accused was
charged for unauthorized accessed of the American express system (credit card). A person within
an organization who was authorized to access some data on a computer system at a particular
level, could exceed his authority by accessing data at a level outside that authority. It was heavily
argued that the principle in DPP v Bignell is wrong. Unauthorized access was not limited to be
obtained by an outsider or hacker only so must look at the intention of the party under S3 of
CCA. Unauthorized access also includes unauthorized purpose.
Kevin worked as a computer security specialist at a company called Freeinformation.com during
the latter part of 2019. His act of without the knowledge of Great Partners, Kevin altered the
start-up commands on the Great Partner’s network to send automatically the password file from
the Great Partner’s system to him at an e-mail account he controlled each time the Great
Partner’s computer system was booted. S.3 (1) of CCA 1997 Kevin shall be guilty of an offence
if, (a) he causes a computer to perform any function with intent to secure access to any program
or data held in any computer; (b) the access he intends to secure is unauthorized; and (c) he
knows at the time when he causes the computer to perform the function that is the case. As in s3
(2) CCA, Kevin used to do a series of unlawful accessed and altered the start-up commands on
the Great Partner’s network and besides, he began accessing the Great Partner’s network
remotely over the Internet and further, through a secure shell account he illegally which does not
fall within his job scope. Applying s2 (5), it is apparent that Kevin does not have the right or
authority to access. Applying DPP v Bignell, Kevin didn’t have the authorisation to access and
altered the start-up commands on the Great Partner’s network to send automatically the password
file from the Great Partner’s system to him. He can be prosecuted as his actions were within the
Act’s definition of ‘unauthorised Access’ although he accessed the files for his personal use. R v
Bow Street Metropolitan Stipendiary Magistrate, ex parte Government of the USA, Kevin
can be was charged for unauthorized accessed to do a series of unlawful accessed and altered the
start-up commands on the Great Partner’s network. Applying Creative Purpose Sdn Bhd v
Integrated Trans Corporation Sdn Bhd, he had the evident aim or intention to get access and
even altered the start-up commands on the Great Partner’s network to send automatically the
password file from the Great Partner’s system to him at an e-mail account. This is
unquestionably unauthorised access. As a result, all four elements have been met. Firstly, He had
caused a computer to perform an action for which he intended to gain benefit from unauthorised
access and was aware of it. It is evident when he altered the start-up commands on the Great
Partner’s network to send automatically the password file from the Great Partner’s system to him
at an e-mail account he controlled each time the Great Partner’s computer system was booted.
On top of that he also secretly installed what is known as a “sniffer” program that intercepted
and recorded electronic traffic on the Great Partner’s. The second element is mens rea, Kevin
have the intention to secure access to any program or data in any computer at the time. S.3 (2) of
CCA 1997 Kevin commits an offence under this section need not be directed at, (a) any
particular program or data; (b) a program or data of any particular kind; or (c) a program or data
held in any particular computer. He definitely knew and has the intention as he assessed and can
even alter the start-up commands. The third element that need to prove is the access is
unauthorized. He has no authority over the properties or things that leaves unauthorised access as
a clear point. He has the knowledge that the access is unauthorised. The fourth element is Kevin
has that knowledge the access is unauthorized. According to Section 2(5), he is not entitled to
control access his file in his work place. Kevin is responsible under s3 of CCA 1997 and should
be prosecuted under S 3(3) of CCA 1997, where she might face a fine of up to 50,000 ringgit or
a sentence of up to five years in jail, or both.
In conclusion, Kevin is liable for s3 of CCA 1997.
Whether Kevin can be punished for unauthorized modification under Section 5 of the Computer
Crimes Act 1997?
S2(7) of CCA 1997: For the purposes of this Act, a modification of the contents of any
computer takes place if, by the operation of any function of the computer concerned or any other
computer — (a) any program or data held in the computer concerned is altered or erased; (b) any
program or data is introduced or added to its contents; Or (c) any event occurs which impairs the
normal operation of any computer, and any act that contributes towards causing such a
modification shall be regarded as causing it. S2(8) of CCA 1997: Any modification referred to in
subsection (7) is unauthorized if— (a) the person whose act causes it is not himself entitled to
determine whether the modification should be made; and (b) he does not have consent to the
modification from any person who is so entitled. There are 2 elements need to be fulfilled, before
one can be held liable under this section. The first element is the actus reus, where by doing any
act which causes unauthorized modification of the contents of any computer, while the second
element which is Mens Rea, required only mere knowledge that the act will lead to such
modification and intention is immaterial. According to section 5 (1) of the Computer
CrimesAct 1997, a person shall be guilty of an offence if he does any act which he knows will
cause unauthorized modification of the contents of any computer. Section 5(2) for the purposes
of this section, it is immaterial that the act in question is not directed at—(a) any particular
program or data; (b) a program or data of any kind; or (c) a program or data held in any
particular computer. Section 5(3) for the purposes of this section, it is immaterial whether an
unauthorized modification is, or is intended to be, permanent or merely temporary. Section 5(4)
A person guilty of an offence under this section shall on conviction be liable to a fine not
exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding seven years
10 or to both; or be liable to a fine not exceeding one hundred and fifty thousand ringgit or to
imprisonment for a term not exceeding ten years or to both, if the act is done with the intention
of causing injury as defined in the Penal Code. PP v Devarajan, the accused was charged under
section 5 of the CCA for, amongst others, carrying out the following without authorisation:
downloading and launching software; running and stopping certain processes on servers; and
running certain programs on the database server of a broadcast centre. In the case of R V Victor
Lindesay, Revenge attack following a contract dispute. Defendant freelance computer consultant
accessed the websites of three clients of his former employer using passwords he knew and
caused £9K damage by deleting data. Guilty plea. Sentenced to 9 months imprisonment. Upheld
on appeal.
In application, S2 (7) (a) of CCA 1997, ‘modification’ as any program or data held in the
computer concerned is altered or erased, any program or data is introduced or added to its
contents, or any event occurs which impairs the normal operation of any computer. This is
evident in when his act of without the knowledge of Great Partners, Kevin altered the start-up
commands on the Great Partner’s network to send automatically the password file from the Great
Partner’s system to him at an e-mail account he controlled each time the Great Partner’s
computer system was booted. S2 (8) of CCA 1997 the modification is unauthorized if— (b)
Kevin does not have consent to the modification from any person who is so entitled. There are 2
elements need to be fulfilled, before one can be held liable under this section. The first element is
the actus reus, Kevin who’s act who altered the start-up commands on the Great Partner’s
network to send automatically the password file from the Great Partner’s system to him at an e-
mail account it is considered as unauthorized modification of the content. Besides, he had
secretly installed what is known as a “sniffer” program that intercepted and recorded electronic
traffic on the Great Partner’s network, including unencrypted passwords where he was able to
take advantage and make note of the legitimate users on the Great Partner’s business network.
From this, it is proven that such installation is unauthorised modification that shows the actus
reus of Kevin. The second element which is Mens Rea, required Kevin has the mere knowledge
that his act will lead to such modification and intention is immaterial. He has the intention to
secure access to any program or data in any computer at the time. The fact of the altering also
shows that he has the intention to do it. According to Section 5 (1) of the Computer Crimes
Act 1997, Kevin shall be guilty of an offence as he does an act which she knows will cause
unauthorized modification of the contents of any computer. His act is said to be illegal as he
altered and installed sniffer program which was never existed in there. He is not entitled to the
modification. In line with the case of PP v Devarajan, Kevin can be charged under Section 5 of
CCA for carrying out his act of altering and installing the software without authorisation. In the
case of R V Victor Lindesay, Kevin also committed offences in serious breach of trust, having
used his skills and knowledge of accessing and copied the contents. Therefore, Kevin can be
punished for unauthorized modification under Section 5 of the Computer Crimes Act 1997.
Kevin can be punished under Section 5(4) conviction be liable to a fine not exceeding one
hundred thousand ringgit or to imprisonment for a term not exceeding seven years 10 or to both;
or be liable to a fine not exceeding one hundred and fifty thousand ringgit
In conclusion, Kevin can be punished for unauthorized modification under Section 5 of the
Computer Crimes Act 1997.

(ii) Assuming that the RCS Computer server was not based in Malaysian explain if Kevin could
be charged for any of the offences committed by him in Malaysia under the Computer Crimes
Act 1997. Your answer must refer to the relevant statutory provisions.
Correct answer
S9
- Some connection in here means then can apply
- Yes can apply this
- If he is in here means then he can be charged
- If oversea, must apply for treaty all- extradition
- Even if the software or server is in oversea- he still will be liable because someone is
affected here
Whether Kevin could be charged for any of the offences committed by him in Malaysia under
the Computer Crimes Act 1997?
Under S 9(1) of CCA 1997, it states that in relation to any person, whatever his nationality or
citizenship, have effect outside as well as within Malaysia, and where an offence under this Act
is committed by any person in any place outside Malaysia, he may be dealt with in respect of
such offence as if it was committed at any place within Malaysia. Under S9(2) of CCA 1997,
for the purposes of subsection (1), this Act shall apply if, for the offence in question, the
computer, program or data was in Malaysia or capable of being connected to or sent to or used
by or with a computer in Malaysia at the material time. There are three elements. Firstly, “The
provisions of this Act”: S 3 / S 4 / S 5 / S 6, cannot apply to any other offences other than these!
Secondly, User: “Any person, nationality or citizenship” & “within / outside Malaysia”, the law
can apply. Anyone one around the world also can, as long as the computer was connected to
Malaysia. Thirdly, the computer connected to Malaysia. In PP v Fernando Payagala Waduge
Malitha Kumar, the offender who found a credit card at Changi Airport used the card to make
unauthorised purchases. He was charged in Singapore but later extradited to New Zealand where
he resides.
Under S 9(1) of CCA 1997, it states that in relation to Kevin, whatever his nationality or
citizenship, have effect outside as well as within Malaysia, and where an offence under this Act
is committed by any person in any place outside Malaysia, Kevin may be dealt with in respect of
such offence as if it was committed at any place within Malaysia. Kevin worked as a computer
security specialist at a company called Freeinformation.com during the latter part of 2019. Kevin
who is a Malaysian and is currently in Malaysia where he therefore using the legitimate user’s
password, he transferred funds from RCS Computers to his own bank account means that he can
still be charged under the CCA in Malaysia. Under S 9(2) of CCA 1997, it is an offence where
the computer, program or data was in Malaysia or capable of being connected to with a computer
in Malaysia at the material time. There are three elements. Firstly, “The provisions of this Act”:
S 3 / S 4 / S 5 / S 6, cannot apply to any other offences other than these! Secondly, User. Kevin
where can be assumed that he is a Malaysian citizen, the law can apply. Thus, Kevin if he is
around the world also can, as long as the computer was connected to Malaysia. Thirdly, the
computer connected to Malaysia. It can be seen on December 30th 2019, Kevin connected to the
Internet from his home and again remotely entered the Great Partner’s network. Using the
legitimate user’s password, he transferred funds from RCS Computers to his own bank account.
In PP v Fernando Payagala Waduge Malitha Kumar, since Kevin used a legitimate user’s
password, he transferred funds from RCS Computers to his own bank account means that he can
still be charged under the CCA in Malaysia. Kevin can be charged for the part he played in the
offence with David. Computer fraud falls under either S3, 4, 5 of CCA 1997.
In conclusion, Kevin could be charged for any of the offences committed by him in Malaysia
under the Computer Crimes Act 1997.