IZ00702 – E-COMMERCE SECURITY AND

PAYMENT SYSTEM
 Introduction of Cybercrime
 Cybercrime Law
 Ethics and Professionalism
 Until now there is no exact definition for computer crime and
cyber crime. Usually, computer crime refers to cyber crime and
vice versa. It all depends on 4how researcher interprets these
crimes based on the research.
 Generally, computer crime consists of several crimes. Computer
crimes also known as crime that were done using computer as a
tool. This requires a direct connection between the criminal and
computer.
 Cyber crime does not happen without internet. Through direct
lines, criminals can expand his crime activities to other countries
which are out of Malaysian authorities.
 However, it is not totally wrong to refer computer crime as cyber
crime for both of them needs computer to commit the crime.
 The major difference is that computer crime is under the
observation of Malaysian laws and cyber crime has no boundaries
and it surely does give effects on to other country’s authorities.

4
 Cyber crime on to Properties
◦ stealing information, properties, money as well as
services.
 Cyber Crime on to Human Being
◦ spam e-mails, website intrusion and accessing
individual’s computer system without permission.
 Terror Cyber Crime
◦ advantage from a poor computer system to
launch a terror attack

5
 Crimes committed via internet
Examples : Spreading Virus, Hacking,
Illegal Access, Illegal interception, Data
Interference and communication
Interference. Non-Reconstructable
Network Packet
Networ
k Crime operation methods… Evidence from …
Packet
Traditional crimes committed
via Internet.
Examples: Internet Auction fraud,
trafficking in contraband goods,
Reconstructable
Internet sexual assault, internet-
network Packet
advertising bank loans fraud

6
1. Crime Time Evidence
2. Crime location Collection
3. Corpus delicti
4. Crime method
5. Perpetrator Analysis
6. Criminal damage Internet
7. Criminal charges Interception

Search

Seizure

Complete Forensic analysis and

interpret the evidence found for
legal/courtroom setting
7
To assist in the forensic acquisition of digital evidence, it is
essential that every computer crime investigator has access to
the correct forensic hardware and software tools.
This plays a critical role in the detection of computer related
crimes as well as the collection and analysis of evidence.

8
 1. Viruses & Worms, Hacking &
Trojans ... ...… …

Non-Reconstructable
Network Packet

2. Email , Web Mail ,IM, FTP , P2P,

VoIP, Video Streaming , HTTP,
Online Games, Telnet ，

Reconstructable
Network Packet

9
 1 Forensics tools

2 3
“Stop, look and listen”
Off-Line Forensics
software
Wired , HTTPS/SSL
and VoIP
Wireless

“Catch-it-while-you-can”
forensics systems Off-Line packet
reconstruction
software

Providing a mobile and 10 G base cyber forensics in

assisting Homeland Security capabilities 10
 Forensics tools

By using Forensic Tools, we can obtain supporting evidence like log, files
and records from both victim and suspect computers.

Internet Interception Capturing network packets to reconstruct

Email , Web Mail , IM, FTP , P2P, VoIP,
Video Streaming , HTTP, Online Game,
Telnet …

11
By Using Off-Line packet reconstruction
software to reconstruct the recorded traffic
data
Off-Line packet
reconstruction
software
Network
Packet

12
 Digital Evidence Court

Forensic Analysis
Forensic Reports 13
 Cyber crime on to Properties
◦ stealing information, properties, money as well as
services.
 Cyber Crime on to Human Being
◦ spam e-mails, website intrusion and accessing
individual’s computer system without permission.
 Terror Cyber Crime
◦ advantage from a poor computer system to
launch a terror attack

15
 Theft Crime allocated under Section 378
Kanun Keseksaan
 Fraud Crime allocated under Section 415
Kanun Keseksaan.
 Betrayal Crime allocated under Section 425
Kanun Keseksaan.

16
◦ Accessing computer materials without
permission or known as hacking, under Section
3 Computer Crime Act 1997
◦ Accessing without permission with intention to
do further crimes or known as cracking, under
Section 4 Computer Crime Act 1997
◦ Modifying of any contents of a computer without
permission under Section 5 Computer Crime Act
1997

17
In Computer Crime Act 1997, computer is defined
as:
“An electronic, magnetic, optical, electrochemical,
or other data processing devise, or a group of such
interconnected or related device, performing
logical, arithmetic, storage and display functions
and includes any data storage facility or
communications facility directly related to or
operating in conjunction with such devise or group
of such interconnected or related devices, but does
not include an automated typewriter or typesetter,
or a portable hand held calculator or other similar
devise which is non-programmable or which does
not contain any data storage facility.”

18
 Section 3(1) Computer Crime Act 1997 allocate that
one is committing a crime when:-
◦ He/she cause one computer to function with
intention to gain access to any program or data
kept in any computer.
◦ Intention of access is without permission
◦ He/she knows when the computer function, the
consequences is in the way it should happened.
 These terms are cumulative. To fulfill the first term,
hacker must function a computer in order to have
access to program or data. The word “function a
computer” is not clear. In Section 2 Computer
Crime Act 1997, functions are defined as logic,
arithmetic, storage and communication to, from or
in a computer.

19
 It is not mentioned that the criminal must have specific access for
any computer. Usually, hackers dialed telephone number randomly.
The first term of Section 3 is fulfilled when access is made without
knowing the identity of the victims.
 The second term in this section is related to access without
permission. Whether an access is done without permission or not, it
must refer to the definition under Section 2(5) Computer Crime Act
1997.
 Referring to this section:-
◦ He/she have no rights to control access in the related form of the
program or data
◦ He/she have no permission or abuse the permission given in
accessing related form of program or data from any authorized
person.
 The first term is clear. It refers to individual that have no rights on to
computer system or databases but made access without the owner’s
permission.
 The second term refers to individual that in the beginning has
permission to have access but have no rights to permit other people
in accessing the same material.

20
 One is convicted under Section 5 Computer Crime Act
1997 if involved in activities that are known able to
modify without permission.
 The definition of modify is given under Section 2(7)
Computer Crime Act 1997. Modifying the contents of a
computer if with conducting any function of the
computer or any other computer happened when:-
◦ Any program or data kept inside the computer is
modified or erased
◦ Any program or data is entered or added to its
content
◦ Any circumstances that leads to malfunctioning a
computer.
 Based on the definition, modification without
permission is quite broad. However, to convict the
committed crime, a very solid evidence of the
existence of modification activities without permission
is needed.

21
 Section 4 Computer Crime Act 1997 is crime related to
accessing without permission with intention to do
further crimes.
 One can be charged under this section if committing
this crime that involve fraud or that can cause casualty
which defined by “Kanun Keseksaan”.
 It is not material to see the crime is done within the
same time as accessing without permission or in other
time. For example, a hacker tries to gain access to a
computer with intention to send threatening message
but fails to do so.
 It is quite difficult to convict this hacker for it is just in
the beginning of the process. However, conviction
made under Section 4 can be a success as long as the
intention to do the crime can be proven.

22
 A computer can perform many roles in a crime.
A particular computer can be subject, object or
medium of a crime
 A computer can be attacked, used to be attack
and used as a means to commit crime. It is
hard to prosecute for the following reasons:
◦ Lack of understanding
◦ Lack of physical evidence
◦ Lack of recognition of assets
◦ Lack of political impact
◦ Complexity of case
◦ Juveniles

23
 Derived from the Greek word “ethos”, which means “custom”,
“habit”, and “way of living”
 Ethics is concerned with human conduct, i.e., behavior of
individuals in society
 Ethics is a system of morals of a particular person, religion or a
group
 Moral: means dealing with, or capable of, distinguishing between
right and wrong, and between just and unjust
 Ethical Theory: a system of ethics guides towards actions good
for all
 Applied Ethics:
◦ The practice of ethics
◦ Rules for ethical behavior for everyday life
◦ Impossible for all people to share same applied ethics in all
details
 Never copy anyone else’s work
 Never plagiarize from an outside source
 Do not make copies of a friend’s software to

use on your personal computer

 Privacy
◦ Computers create a false sense of security
◦ People do not realize how vulnerable information stored
on computers are
 Property
◦ Physical property
◦ Intellectual property (in both copyright and patent)
◦ Data as property
 Access
◦ Access to computing technology
◦ Access to data
 Accuracy
◦ Accuracy of information stored
 Hacking, cracking and virus creation
◦ Serious crimes that cannot be justified
◦ Attempts at justifying such actions
 Electrons are free- they do not belong to anybody
 Companies have weak protection
 Point out flaws and vulnerabilities in information systems
 Hacking or virus creation is right in a particular country or
culture
 Software piracy
◦ Unauthorized copying of software is stealing
◦ It is morally wrong as it constitutes a violation of
someone else’s rights
1) General Moral Imperatives addresses ethical issues of
honesty, individual contribution to the well being of society,
non-discrimination, property rights, intellectual property,
privacy, and confidentiality.

2) Specific Professional Responsibilities addresses issues of

effectiveness of process and products, maintaining
professional competence, respecting existing laws, accepting
professional review, comprehensive evaluations of computer
systems to assess impacts and risks, honoring contracts,
improving understanding of computing, accessing computer
communication only when authorized.
 3) Organizational Leadership addresses encouraging
members to accept full social responsibility, design and build
systems that enhance working lives, thorough assessment of
user needs when analyzing and designing systems,
protecting the dignity of users, promote the learning of
principles and limitations of computing. This section is
extremely important because it places some obligations on
management to create an environment where a computer
professional can be ethical.

 4) Compliance with the Code contains 2 items. The first item

directs members to be supportive of others. The second item
indicates that gross misconduct is grounds for dismissal. It
also makes a major point: "Adherence of professionals to a
code of ethics is largely a voluntary matter."
SECURITY MECHANISM