Computer & Internet

Crime
KT44103
Ethics and Law in ICT
Sem 1: 2021/2020
14 November 2022
 Contents

• IT Security Incidents: A Major Concern

• Why Computer Incidents Are So Prevalent
• Types of Exploits
• Types of Perpetrators
• Implementing Trustworthy Computing
• Plan & Prevention
• Computer Forensics
 IT Security Incidents: Major
Concerns
• Security IT is of utmost importance
• Safeguard:
 Confidential business data
 Private customer and employee data
• Protect against malicious acts theft or disruption
• Balance against other business needs and issues
• Number of IT-related security incidents is
increasing around world
Why Computer Incidents Are So
Prevalent
• Increasing complexity increases vulnerability
• Computing environment is enormously complex
 Continues to increase in complexity
 No. of entry points expands continuously
 Cloud computing
• Higher computer user expectations
• Computer users share login IDs and passwords
Why Computer Incidents Are So
Prevalent
• Expanding/changing systems equal new risks
• Network era (Sharing information)
• Information technology (Ubiquitous, need of technology
tool, increase of technology)
• Increased reliance on commercial software with
known vulnerabilities
 Type of Exploits

• Virus
• Worm
• Trojan horse
• Distributed denial of service
• Rootkit
• Spam
• Phishing & pharming
 Viruses

• Pieces of programming code

• Usually disguised as something else
• Cause unexpected and undesirable behavior
• Often attached to files
• Spread by actions of the “infected” computer user
 Infected email document attachements
 Downloads of infected programs
 Visits to infected Web sites
 Worms

• Harmful programs
 Reside in active memory of a computer
 Duplicate themselves
• Can propagate without human intervention
• Negative impact of worm attack
 Lost data and programs
 Lost productivity
 Additional effort for IT workers
 Trojan Horses

• Malicious code hidden inside seemingly harmless

programs
• Users are tricked into installing them
• Delivered via email attachment, downloaded from
a Web site, or contracted via a removable media
device
• Logic bomb
 Executes when triggered by certain event
 Distributed Denial of Service (DDoS)
Attacks

• Malicious hacker takes over computers on the Internet

and causes them to flood a target site with demands for
data and other small tasks.
 The computers that are taken over are called zombies
 Botnet is a very large group of such computers
• Does not involve a break in at the target computer.
 Target machine is busy responding to a stream of automated
requests
 Legitimate users cannot access target machine
 Rootkits

• Set of programs that enables its user to gain

administrator level access to a computer without
the end user’s consent or knowledge
• Attacker can gain full control of the system and
even obscure the presence of the rootkit
• Fundamental problem in detecting a rootkit is that
the operating system currently running cannot be
trusted to provide valid test results
 Spam

• Abuse of email systems to send unsolicited email

to large numbers of people
 Low cost commercial advertising for questionable
products
 Method of marketing also used by many legitimate
organizations
 Phishing & Pharming

• Phishing
• Act of using email fraudulently to try to get the recipient to reveal
personal data
• Legitimate looking emails lead users to counterfeit Web sites
 Spear-phishing (Fraudulent emails to an organization’s employees)
 Smishing (via text messages)
 Vishing (via voice mail messages)
• Pharming – attack intended to redirect a website’s traffic to
another, fake site by installing a malicious program on
computer
 Types of Perpetrators

• Perpetrators include:
 Thrill seekers wanting a challenge
 Common criminals looking for financial gain
 Industrial spies trying to gain an advantage
 Terrorists seeking to cause destruction
• Different objectives and access to varying resources
• Willing to take different levels of risk to accomplish
an objective
Types of Perpetrators
 Hackers & Crackers

• Hackers
• Test limitations of systems out of intellectual curiosity
 Some smart and talented
 Others inept; termed “lamers” or “script kiddies”
• Crackers
• Cracking is a form of hacking
• Clearly criminal activity
 Malicious Insiders
• Major security concern for companies.
• Fraud within an organization is usually due to weaknesses in internal
control procedures
• Collusion
 Cooperation between an employee and an outsider
• Insiders are not necessarily employees
 Can also be consultants and contractors
• Extremely difficult to detect or stop
 Authorized to access the very systems they abuse
• Negligent insiders have potential to cause damage
 Industrial Spies

• Use illegal means to obtain trade secrets from

competitors
• Competitive intelligence
 Uses legal techniques
 Gathers information available to the public
• Industrial espionage
 Uses illegal means
 Obtains information not available to the public
 Cybercriminals
• Hack into corporate computers to steal
• Engage in all forms of computer fraud
• Chargebacks are disputed transactions
• Loss of customer trust has more impact than fraud
• To reduce potential for online credit card fraud:
 Use encryption technology
 Verify the address submitted online against the
 issuing bank
 Use transaction risk scoring software
 Hacktivists and Cybertrrorists

• Hacktivism
 Hacking to achieve a political or social goal
• Cyberterrorist
 Attacks computers or networks in an attempt to
intimidate or coerce a government in order to advance
certain political or social objectives
 Seeks to cause harm rather than gather information
 Uses techniques that destroy or disrupt services
 Implementing Trustworthy
Computing
• Trustworthy computing
 Delivers secure, private, and reliable computing
 Based on sound business practices
 Plan and Prevention
• Risk Assessment
 Process of assessing security-related risks
 Identify investments that best protect from most likely and serious threats
 Focus security efforts on areas of highest payoff
• Establishing a Security Policy – defines organization’s security
requirements, and controls & sanctions needed to meet
requirements
 Delineates responsible & expected behavior
 Outlines what needs to be done
 Written policies
 Plan and Prevention

• Educating Employees, Contractors, and Part Time Workers

• Educate and motivate users to understand and follow policy
• Discuss recent security incidents
• Help protect information systems by:
 Guarding passwords
 Not allowing sharing of passwords
 Applying strict access controls to protect data
 Reporting all unusual activity
 Protecting portable computing and data storage
 devices
 Plan and Prevention

• Prevention
• Implement a layered security solution
 Make computer break ins harder
• Installing a corporate firewall
 Limits network access
• Intrusion prevention systems
 Block viruses, malformed packets, and other threats
• Installing antivirus software
 Scans for sequence of bytes or virus signature
 Plan and Prevention
• Safeguards against attacks by malicious insiders
• Departing employees and contractors
 Promptly delete computer accounts, login IDs, and passwords
• Carefully define employee roles and separate key responsibilities
• Create roles and user accounts to limit authority
• Defending against cyberterrorism
• Conduct periodic IT security audits
 Evaluate policies
 Review access and levels authority
 Test system safeguards
 Plan and Prevention

• Detection
• Detection systems
 Catch intruders in the act
• Instruction detection system
 Monitors system/networks resource and activities
 Notifies the proper authority when identifies:
Possible instructions
Misues from within organization
• Knowledge and behavior –based approach
 Plan and Prevention
• Response
• Response plan (in advance –approved by legal and management)
• Primary goal : Regain control and limit damage
• Incident notification (who to notify and not to notify)
• Document all details of a security incident
• Act quality to contain attack
• Eradication effort (collect, verify necessary backups and create new backups)
• Follow-up
• Review
• Weight carefully the amount of effort required to capture the perpetrator
• Consider the potential for negative publicity
• Legal precedent
Computer Crime Act
KT44103
Ethics and Law in ICT
Sem 1: 2021/2020
14 November 2022
 Contents

• Introduction
• Content of Act
• Part I
• Part II
• Part III
 Computer Crime Act 1997 -
Introduction
• An Act to provide for offences relating to the misuse of
computers. Act 563

• The Computer Crimes Act 1997, effective as of the 1st of

June 2000, created several offences relating to the misuse of
computers. Among others, it deals with 1) unauthorized
access to computer material, 2) unauthorized access with
intent to commit other offences and 3) unauthorized
modification of computer contents. It also makes provisions
to facilitate investigations for the enforcement of the Act.
 The contents

• Part 1: Preliminary
• Part 2: Offences
• Part 3: Ancillary and General Provisions
 Part I : Preliminary
S1 Short title and commencement
• Cited as the Computer Crimes Act 1997.
• This Act shall come into force on such date as the
Prime Minister may, by notification in the Gazette,
appoint.
 Part I: Preliminary
S2: Interpretation
• Computer – An electronic, magnetic, optical, electrochemical or other data
processing device : “programmable”
 Performing logical
 Arithmetic
 Storage (storage /communication facility)
 Display function
• Computer Network – Interconnection of communication lines and circuits with a
computer or a complex consisting of two or more interconnected computers
• Computer Output/output – Statement/representation whether in written, printed,
pictorial, film, graphical, acoustic or other form –
 Produced by a computer
 Displayed on the screen of a computer; or
 Accurately translated from a statement or representation so produce:
 Part1: Interpretation
 Data
• representations of information or of concepts that are being prepared or have
been prepared in a form suitable for use in a computer
 Function
• includes logic, control, arithmetic, deletion, storage and retrieval and
communication or telecommunication to, from or within a computer
 Premises
• includes land, buildings, movable structures and conveyance by land, water
and air
 Program
• data representing instructions or statements that, when executed in a computer,
causes the computer to perform a function.
 Part1: Interpretation
• Associate action (secures access):
 Alters/erases the program/data
 Copies/moves it to any storage medium
 Uses it (executing the program and functioning the program)
 Causes it to be output from the computer in which it is held whether by having
it displayed or in any other manner.
• Computer is unauthorized if:
 Not entitled to control access of the kind in question to the program or data:
and
 Does not have the consent or exceeds any right or consent to access by him of
the kind in question to the program or data from any person who is so entitled
 Part1: Interpretation

• Content modification:
 any program or data held in the computer concerned is altered or
erased
 any program or data is introduced or added to its contents; or
 any event occurs which impairs the normal operation of any computer
• Unauthorized modification:
 the person whose act causes it is not himself entitled to determine
whether the modification should be made; and
 does not have consent to the modification from any person who is so
entitled.
 Part II: Offences
S3: Unauthorized access to computer material

• Guilty of an offences if –
 causes a computer to perform any function with intent to
secure access to any program/data in any computer
 the access he intends to secure is unauthorized; and
 knows at the time when he causes the computer to perform
the function that is the case.
• Penalty:
a fine not exceeding fifty thousand ringgit or to imprisonment
for a term not exceeding five years or to both
 Part II: Offences
S4: Unauthorized access with intent to
commit/facilitate commission of further offence

• Guilty referred to S3 with intent-

 involving fraud or dishonesty or which causes injury as defined in
the Penal Code [Act 574]; or
 facilitate the commission of such an offence whether by himself or
by any other person
• Same time when the unauthorized access is secured or on
any future occasion.
• Penalty:
a fine not exceeding one hundred and fifty thousand ringgit or to
imprisonment for a term not exceeding ten years or to both.
 Part II: Offences
S5: Unauthorized modification of the contents of any computer

• Directed at:
 any particular program or data
 a program or data of any kind; or
 a program or data held in any particular computer
• Immaterial whether an unauthorized modification is, or is intended to be,
permanent or merely temporary
• Penalty:
 Fine not exceeding one hundred thousand ringgit or to imprisonment for a term not
exceeding seven years or both.
 Fine not exceeding one hundred and fifty thousand ringgit or to imprisonment for a
term not exceeding ten years or to both, if the act is done with the intention of causing
injury as defined in the Penal Code.
 Part II: Offences
S6: Wrongful communication
• Guilty – communicates directly or indirectly a number, code,
password or other means of access to a computer to any
person other than a person to whom he is duly authorized to
communicate
• Penalty:
Fine not exceeding 25thousand ringgit or to
imprisonment for a term not exceeding three years
or to both.
 Part II: Offences
S7: Abetments and attempts punishable as
offences

• Guilty:
 A person who abets the commission of or who attempts to
commit any offence.
 A person who does any act preparatory to or in furtherance of
the commission of any offence
• Penalty
Imprisonment imposed shall not exceed one-half of
the maximum term provided for the offence
 Part II: Offences
S8: Presumption
A person who has in his custody or control any
program, data or other information which is held in
any computer or retrieved from any computer which
he is not authorized to have in his custody or control
shall be deemed to have obtained unauthorized access
to such program, data or information unless the
contrary is
proved.
 Part III
S9: Territorial Scope of offences
• The provision – any person regardless the citizenship,
effect outside as well as within Malaysia and
committed at any place within Malaysia.
• The computer, program or data was in Malaysia or
capable of being connected to or sent to or used by or
with a computer in Malaysia at the material time
• Further proceedings against him under any written law
relating to the extradition of persons, in respect of the
same offence outside Malaysia.
 Part III
S10: Power of search, seizure and arrest

• Entitled to:
 have access to any program or data held in any computer / have access
to, inspect or check the operation of, any computer and any associated
apparatus or material which he has reasonable cause to suspect is or
has been in use in connection with any offence under this Act;
 Require:
 the person by whom or on whose behalf the police officer has reasonable
cause to suspect the computer is or has been so used: or
 any person having charge of or otherwise concerned with the operation of,
the computer, apparatus or material

• Warrant or without a warrant (relating to criminal procedure)

 Part III
S11: Obstruction of search
• Guilty:
 assaults, obstructs, hinders or delays any police officer in effecting
entrance to any premises under this Act or in the execution of any duty
imposed or power conferred by this Act; or
 Fails to comply with any lawful demands of a police officer acting in the
execution of his duty under this Act
• Penalty:
Fine not exceeding twenty five thousand ringgit or to
imprisonment for a term not exceeding three years
or to both.
 Part III
S12 Prosecution
A prosecution under this Act shall not be instituted
except by or with the consent of the Public Prosecutor
in writing.
 – 끝–

– 수고했어요 ! –
감사합니다 .