Introduction

As Internet usage continues to rise throughout the world, the threat of cybercrime also grows.
While some of these crimes are relatively harmless and commonplace, others are very serious
and carry with them felony charges.

Computer crime also commonly referred to as Cyber Crime is a common problem that every
country has to face in various degrees and as such, various laws have been legislated to tackle
this issue.

Our research aims to discuss on matters pertaining to hacking as a cyber crime, its effects and
implications as well as discussing the Malaysian legislation pertaining to the matter.

Why Malaysia?

We based our research on Malaysia as it is the only place in which all group members have
lived since they are studying in Limkokwing. All of the members of this group have lived in
Malaysia for quite a while and we felt like it would be most appropriate if our report was on
Malaysia, being IT students in this country.

Another factor which influenced us in choosing a Malaysia as the country for research is that
we felt it would be more challenging since it is not a well publicized issue in Malaysia. The
following is the report on our findings about hacking in Malaysia and the consequences from
a legal perspective.

Definition of Computer Crime and Cyber Crime

Before we focus on hacking, it is important to have a basic understanding of what cyber

crime and computer crimes are.

Cyber Crime
Cybercrime is criminal activity done using computers and the Internet. This includes
anything from downloading illegal music files to stealing millions of dollars from online
bank accounts. Cybercrime also includes non-monetary offenses, such as creating and
distributing viruses on other computers or posting confidential business information on the
Internet.

Computer Crime
Computer crime is also commonly referred to as Cyber Crime. This generally refers to the
Criminal Activity where a computer or network is the source, tool, target or place of a crime.
The terms computer crime do not sometimes exclusively refer to describing criminal activity
in which the computer or network is a necessary part of the crime but also sometimes used to
include traditional crimes such as fraud, theft, blackmail, forgery and embezzlement, in
which computers or networks are used to facilitate the illicit activity.

Computer Crime: Doing crimes without using internet.

Cyber Crime: Doing crimes with using internet.

Types of Cybercrime
There are several types of cybercrimes in the Cyber Crime ACT. Described below are a few
of the more common forms of cybercrime.

Hacking
The act of gaining unauthorized access to a computer system or network and in some cases
making unauthorized use of this access. Hacking is also the act by which other forms of
cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means
illegal intrusion into a computer system without the permission of the computer owner/user.

Viral Dissemination
Malicious software that attaches itself to different software (virus, worms, Trojan Horse,
Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious software).

Software Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original. Retail revenue losses worldwide are
ever increasing due to this crime. Can be done in various ways such as end user copying, hard
disk loading, Counterfeiting, Illegal downloads from the internet etc.

Pornography
Pornography is the first consistently successful ecommerce product. It was a deceptive
marketing tactic and used mouse trapping technologies. Pornography encourage customers to
access their websites. Anybody including children can log on to the internet and access
website with pornography contents with a click of a mouse.

IRC Crime
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world
can come together and chat with each other Criminals use it for meeting co-conspirators.
Hackers use it for discussing their exploits / sharing the techniques while pedophiles use chat
rooms to allure small children.

Credit Card Fraud

You simply have to type the credit card number into www page off the vendor for
online transactions. If electronic transactions are not secured the credit card numbers can be
stolen by the hackers who can misuse this card by impersonating the credit card owner.

Phishing
It is technique of pulling out confidential information from the bank/financial institutional
account holders by deceptive means.

Cyber stalking
The Criminal follows the victim by sending emails, entering the chat rooms frequently.

Hacking: An Introduction
Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities for
example software piracy, computer hacking is more difficult to define. Computer hacking always
involves some degree of infringement on the privacy of others or damage to computer-based property
such as files, web pages or software. The impact of computer hacking varies from simply being
simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking, and a
prestige that accompanies being part of a relatively "elite" group of individuals who possess
technological savvy and are willing to take the risks required to become a true "hacker

Issues

There are few issues when it comes to hacking; here we have highlighted some of those which
provoked the hackers to do so:

1. The biggest issue when it comes to website hacking is the issue of personal information. Some
websites store a large amount of personal data, from name and address information to credit card
information and probably purchase history on the site. A website hacker can use this kind of
information to steal the identity of the customers.

2. National security is another concern when it comes to website hacking. Some statistics suggest
that as many as two thirds of hacking attempts aimed at the U.S. Department of Defense each year are
successful. If this statistic is true, website hacking poses a very real and present danger, not only in
the U.S. but in countries such as Malaysia and others around the globe. Website hacking, then, is not
only an issue of financial concern for some companies and for some individuals, but of safety and
security of people around the globe.

3. Another important issue in this area is the source of website hacking. While outside attacks do
make up a good percentage of website hacking incidents, many incidents are also caused from within.
Whether it’s a disgruntled employee, an employee who is out for her own financial gain or a person
who has been unwittingly recruited by a third party, a company’s personnel are at least an equal risk
as those outside the company when it comes to website hacking.

4. Complicating the issue is the public image of the hacker. The stereotypical hacker is a computer
geek who sits at home and breaks into secure websites just for fun. Unfortunately, this public image
rarely matches the reality. Like we said before, most website hacking incidents aren’t about curiosity;
they’re a dedicated effort to make money. Website hackers generally aren’t young kids experimenting
– they’re often individuals with criminal purposes. It’s easy to commit crime and just escape using the
internet. In most cases, they’re not acting as a “robin hood” of sorts, either. They are out to benefit
themselves, and only themselves.

Cybercrime and Hacking ACT in Malaysia

A number of Acts are in place in Malaysia which deals with the punishment of cyber
criminals. Hackers come under this category and can be convicted under a number of these
acts. These acts include:

i) The Computer Crimes Act 1997

This Act provides law enforcers with a framework that defines illegal access, interception,
and use of computers and information; standards for service providers; and outlines potential
penalties for infractions.

ii) The Digital Signature Act 1997

Regulates the legal recognition and authentication of the originator of an electronic

document. This Act enables businesses and the community to use electronic signatures
instead of their hand-written counterparts in legal and business transactions.

iii) The Telemedicine Act 1997

This Act empowers medical practitioners to provide medical services from remote locations
using electronic medical data and prescription standards, in the knowledge that their
treatment will be covered under insurance schemes. However, this Act is yet to be
implemented.

iv) The Copyright (Amendment) Act 1997

This Act gives multimedia developers full intellectual property protection through the on-line
registration of works, licensing, and royalty collection. Especially, the Act reinforces an
author's work cannot be presented as the work of another, by adding a provision that the work
must be identified as created by the author. It was also decided that a regulatory body
entrusted with the role to implement and promote the national objectives of the Malaysian
Government for the communications and multimedia sector was needed. Hence, in 1998,
another two acts were passed.

v) The Malaysian Communication and Multimedia Commission Act 1998

Provide for the establishment of the Malaysian Communications and Multimedia

Commission (MCMC), a single regulatory body for an emerging and converging
communications and multimedia industry. This Act gives the MCMC the power among other
things, to supervise and regulate communications and multimedia activities in Malaysia and
to enforce the relevant laws.

vi) The Communication and Multimedia Act 1998

The most significant legislation brought into force on April 1, 1999. This legislation provides
the policy and regulatory framework for convergence of the telecommunications,
broadcasting and computer industries. The Act is based on the basic principles of
transparency and clarity; more competition and less regulation; bias towards generic rules;
regulatory forbearances; emphasis on process rather than content; administrative and sector
transparency; and industry self-regulation.

In addition, the government is also in the process of formulating another legislation presently
called the Personal Data Protection Bill. This law will provide assurance of privacy of
personal data. It will address the issues of collection, processing, maintenance and utilization
of personal data.

The above cyber laws serve two central purposes:

To bolster intellectual property rights; and

To create the right environment for the multimedia industry and for online transactions or
electronic commerce to thrive in a continuously and increasingly competitive business
environment.

Punishment in Malaysia
Cybercrime must be dealt with very seriously because it causes a lot of damage to businesses and the
actual punishment should depend on the type of fraud used.

The penalty for illegally accessing a computer system ranges from 6 months to 5 years. The penalty
for the unofficial modification on a computer ranges from 5 to 10 years. Other penalties are listed
below:

Telecommunication service theft: The theft of telecommunication services is a very common theft and
is punished with a heavy fine and imprisonment.

Communications intercept crime: This is a Class-D crime which is followed by a severe punishment
of 1 to 5 years of imprisonment with a fine. Other cybercrimes like telecommunication piracy,
offensive material dissemination, and other cyber frauds also belong to this category.

Information Technology Act-2000: According to this act, different penalties are available for different
crimes. Some of the penalties are as follows:

Computer source document tampering: The person who changes the source code on the website or
any computer program will get a punishment up to 3 years of imprisonment or fine.

Computer hacking
The individual who hacks the computer or computer devices will get an imprisonment up to 3
years or a fine.

Government protected system: An act of trying to gain access to a system which is a

protected system by the government, will result in imprisonment for 10 years and a heavy
fine.

The introduction of such penalties have lead to a drastic reduction in the cybercrime rates as
more and more criminals are becoming aware of the penalties related to them. Spreading the
word about the penalties of cybercrime can serve as a deterrent against such crime.

Penalties relating to cybercrime will vary depending on the country and legislation in place.

· The first of course is the enactment of appropriate laws, with the aim of protecting the
Computer crime victims, to serve as a deterrent to would be hackers (the penalty should be
severe enough) and to provide a legal means of prosecuting those who are found guilty of
committing such crimes. In Malaysia, the punishment may range from 3 years to 10 years
imprisonment and/or a monetary fine of between RM 25,000 to RM 150,000 (Under the
Cyber Crimes ACT 1997). Note that stiffer penalties will be given if it is found that the guilty
party had intention to cause injury when committing the crime.

Case Study
Cases where a person was convicted and punished for hacking could not be found through
our research, though we tried our level best. When asked around on some forums, the
members who are locals informed us that most hacking cases in Malaysia have been against
government websites. They say that due to this reason, the government does not want to
publicize the events since this exposes the vulnerabilities of the government websites.

Therefore, for our report, we have found a case which happened in Malaysia and we will
predict the outcome of the court trial by looking at the ACTs and discussing within the group.

JPJ Website Hacker:

The case we are going to discuss is one in which a Malaysian youth hacked in the
government road transport department website. We could not find the conviction or any other
information on this case other than that the police were looking to arrest the suspect. We
believe that he would have been tried in court even though that information is not available
on the net. Therefore we would provide the verdict we reached by our discussions.

Below is an extract from the news article on which we found the case:

“
JPJ website hacker identified
By Niluksi Koswanage
4th April 2001 (The Star)

KUALA LUMPUR: A 22-year-old youth, who wanted to make the best of his holiday, went to a
cybercafe and hacked into the Road Transport Department (JPJ) website.

Within minutes, the culprit who identified himself as Sennx, posted a message on the site stating
cheekily that, "Officers responsible for the website are too lazy to do their job.''

Policemen from Bukit Aman's high-tech crime unit have identified the youth and are in the process of
arresting him.

It is learnt that the suspect was holidaying in Kedah at the end of February when he went to a
cybercafe to install a "trojan horse" programme onto the website.

Trojan horse refers to a virus inside e-mail attachments.

Early last month, he activated the programme and defaced the website.

Federal Commercial Crime deputy director Senior Asst Comm II Kamaruddin Alias confirmed the
case, adding that police were treating the case seriously as they have the facilities and manpower to
track down such culprits.
SAC II Kamaruddin said police were looking for Razwan Mokhtar, whose last known address is No:
55, Jalan 18/48 Taman Datuk Senu, 51000 Kuala Lumpur, to assist in investigations.

”
Verdict/Discussions:

The culprit hacked into a government website which is considered a serious offense under the
Computer Crimes Act 1997. We came to the conclusion that the court verdict would have been to
inflict a fine of RM 50,000 and a prison sentence of 8 years. The punishment under the Cyber Crimes
Act 1997 ranges from 3 to 10 years imprisonment and/or a monetary fine of between RM 25,000 to
RM 150,000. The maximum charges are not inflicted because no injury of bodily harm was committed
by the hacker.
Statistical Analysis

Discussion: MyCERT which is a cyber security website is where we got our statistics from. To get
the most recent view, we found out the 2010 statistics related to cyber crimes. Since 2008, the
MyCERT statistics for hacking are provided in two categories: Intrusion and Intrusion Attempts.
When we look at the trend, we can see that both of them are increasing, though intrusion itself has
decreased a bit after it peaked in July. However, in September it is much higher than ever before. The
statistics confirm that firm action has to be taken in order to reduce these attacks.

Prevention
There are many ways when a hacker would try to scam you into receiving a file etc, so that
you will take the bait and help him with the Trojan/virus installation on your hard disk drive.
If you need just one way to stop being hacked, the best way is to install an all-in-one solution
with anti-virus, firewall and anti-spyware solution.

Nevertheless, you must know that whether or not your PC will be hacked will depend very
much on your actions as well. For example, downloading files from warez sites and poor
habits of opening up strange email attachments, is as good as inviting hackers to break your
door.

Prevention is always better than cure. If you would like to take the risk, a common practice is
to use another PC when we need to do something risky. With constant PC upgrades, many of
us could easily keep an older PC (at least one) just for this purpose.

Another way of getting into trouble is to visit cracks, warez, and keygen websites. There are
several ways which your PC may be infected:

1) Clicking on buttons on the site which activates malicious scripts, including Scareware
windows.

2) Trojans, virus or spyware hidden in the software cracks, or keygen.

3) Trojans, virus, or spyware hidden in attachments of emails, and this include pictures.

Although we did mention earlier that you must have a minimum of one security software
installed on your PC, however, it is impossible to guarantee that the software will definitely
protect you against any or all the possible viruses, Trojans and malicious programs.

If you find that your PC behaves abnormally, such as unexpected pop-up ads, shutting down
of applications, poor internet connections (or busy connections), etc, there is a good chance
that your PC is infected. You will need to waste quite a bit of time to perform a complete PC
scan, try to locate and remove the infected file, or to reformat and reinstall the entire hard
disk again. Again, prevention is always better than cure, so backup your data at all times.
Some virus does more than simply shutting down your PC; they can damage your hard disk
physically by force writing over a specific sector repeatedly within a very short time.

We will summarize the 2 generic recommendations below.

Install a good internet security software

Do not visit high-risk websites or click on any of the links there.

While it cannot guarantee 100% that your PC/laptop would be free from intrusions, it would
lower the chances of it happening significantly.

Conclusion
The growing danger from crimes committed against computers, or against information on
computers, is beginning to claim attention in national capitals. In most countries around the
world, however, existing laws are likely to be unenforceable against such crimes. This lack of
legal protection means that businesses and governments must rely solely on technical
measures to protect themselves from those who would steal, deny access to, or destroy
valuable information.

Self-protection, while essential, is not sufficient to make cyberspace a safe place to conduct
business. The rule of law must also be enforced. Countries where legal protections are
inadequate will become increasingly less able to compete in the new economy. As cyber
crime increasingly breaches national borders, nations perceived as havens run the risk of
having their electronic messages blocked by the network. National governments should
examine their current statutes to determine whether they are sufficient to combat the kinds of
crimes discussed in this report. Where gaps exist, governments should draw on best practices
from other countries and work closely with industry to enact enforceable legal protections
against these new crimes.

References
2688. (2010). A Few Tips To Help Prevent Hacking. Available: http://hubpages.com/hub/A-
Few-Tips-To-Help-Prevent-Hacking-. Last accessed 16th April 2011.

BH Staff. (2008). 10 Tips to Prevent Your Site from Being Hacked. Available:
http://blog.banahosting.com/10-tips-to-prevent-your-site-from-being-hacked/. Last accessed
16th April 2011.

Diginson, J. (2010). How to Prevent Hacking of your PC?. Available:

http://www.hotscams.com/articles/how-to-prevent-hacking-of-your-pc.html. Last accessed
16th April 2011.

Gross, G. (2008). Malaysia resident sentenced in brokerage hacking scheme. Available:

http://www.networkworld.com/news/2008/090908-malaysia-resident-sentenced-in-
brokerage.html?fsrc=rss-security. Last accessed 16th April 2011.

Koswanage, N. (2001). JPJ website hacker identified. Available:

http://www.cybersecurity.my/en/knowledge_bank/news/2001/main/detail/1295/index.html.
Last accessed 16th April 2011.

myCert. (2010). MyCERT Incident Statistics. Available:

http://www.mycert.org.my/en/services/statistic/mycert/2010/main/detail/725/index.html. Last
accessed 16th April 2011.

Stone, D. (2009). Computer Hacking. Available:

http://education.illinois.edu/wp/crime/hacking.htm. Last accessed 16th April 2011.

Yew, C. (2001). Malaysian Law and Computer Crime. Available:

http://www.sans.org/reading_room/whitepapers/legal/malaysian-law-computer-crime_670.
Last accessed 16th April 2011.