For Malaysia to be a world leading country in ICT
development and be a global centre and hub for
communication and multimedia information and content
services (8), a law needs to be formed to promote a high level
of consumer confidence and to protect the information
security and network reliability and integrity. Therefore, the
first important step that is taken by the government of
Malaysia to combat this new type of crime is by introducing a
new legal framework to facilitate the development of ICT
systems by countering the threats and abuses related to such
systems called Cyber Laws of Malaysia. The Malaysian
cyber laws consist of Computer Crime Act 1997, Digital
Signature Act 1997, Telemedicine Act 1997, Communication
and Multimedia Act 1998 Copyright (Amendment) Act 1997,
Malaysian Communication and Multimedia Commission Act
1998 and Optical Disk Act 2000.
There are other existing laws that will be used in
conjunctions with these acts. They are the Official Secret Act Act 1976, Patent Act 1983, Prison Act 1995, Akta Arkib
Negara 44/146 and other relevant legislations. This set of
Acts has made Malaysia as one of the first countries to enact a
comprehensive set of cyber laws. The above Acts were
formed for the purpose of safeguarding consumer and service
providers besides on-line businesses and owners of
intellectual property.
Computer Crime Act 1997 (CCA 97)
The CCA 97 was given its Royal Assent on June 18, 1997
but was only enforced on June 1, 2000 (9). CCA 97 main
concerns are offences due to the misuse of computers and
complement the existing criminal legislation. CCA 97 is
in fact has a lot of similarity with the UK Computer Misuse
Act 1990 in terms of the offences but differs in several ways.
It is different in that CCA 97 gave an interpretation of
computers, computer networks, output, data, functions,
programs and premises. The interpretation of a computer
in CCA 97 is summarised as any electronic machines that are
programmable and has the facility for data storage.
The CCA 97 also covers a wider range of offences
compared to CMA 1990 which only covers 3 aspects of
computer misuse: unauthorised access, unauthorised access
with intent to commit or facilitate other crime and
unauthorised modification. The three other offences
included in CCA 97 are wrongful communication, abetment
and attempts punishable as offences and presumptions.
Besides that, it also covers on obstruction of search. The
CCA 97 also gives more severe punishment compared to
CMA 1990 (UK). Table 1 lists the offences as well as the
punishments covered in CCA 97.
Table 1. List of Offences and Punishment in
Computer Crime Act 1997
Type of Offences Punishments
Sec. 3 Unauthorised
access to computer
material
Imprisonment: Not > 5 years
Fine: Not > MYR50,000 or both
Sec. 4 Unauthorised
access with intent to
commit or facilitate
commission of
further offences
Imprisonment: Not > 10 years
Fine: Not > MYR150,000 or both
Sec. 5 Unauthorised
modification of the
contents of any
computer
Imprisonment: Not > 7 years, If
injury caused: >10 years
Fine: Not > MYR100,000; If
injury caused : Not >
MYR150,000 or both
Sec. 6 Wrongful
communication
Imprisonment: Not > 3 years
Fine: Not > MYR25 000 or both
Sec.7 Abetment and Imprisonment: Not > ½ of
attempts punishable
as offences
maximum term
Fine: Same amount as offences
abetted
In conclusion, computer crimes are still on the rise. It is
easy to commit a crime whether we realize it or not. There are
a lot of tools available on the Internet that can be used to
commit all sorts of crimes such as fraud, identity theft, scams,
denial of service attacks, hacking and breaking in and so forth.
A lot of actions and approaches have been taken by the
governments as well as private sectors around the world to try
to combat the computer crimes. In the case of Malaysia, the
government has set up legal frameworks that are used to
punish the offenders such as the Cyber Laws of Malaysia.
apart from the technical approaches taken by each individual
organizations. Though there is no fool proof approach that
can be taken to stop computer crimes from occurring, but by
having these approaches mentioned above applied efficiently
and effectively, users awareness and involvements it is hope
that it will put the problems under control.
Proceedings of the International Conference on
Electrical Engineering and Informatics
Institut Teknologi Bandung, Indonesia June 17-19, 2007
Wednesday, October 14, 2009
Cybersecurity Malaysia
Background
Malaysian Computer Emergency Response Team (MyCERT) was formed on January 13, 1997 and started its operation fully on March 01, 1997. Operating from the office of CyberSecurity Malaysia, MyCERT provide a point of reference for the Internet community here to deal with computer security incidents and methods of prevention.
Locally, MyCERT works closely with the relevant law enforcement agencies such as Royal Malaysian Police, Securities Commission, Bank Negara Malaysia. MyCERT also has close collaboration with Internet Service Providers (ISP) and other local CERTs and Computer Security Incident Response Teams (CSIRT).
MyCERT is a member and current chair (2007 - 2008) of Asia Pacific Computer Emergency Response Teams (APCERT), Forum of Incident Response and Security Teams (FIRST) and various initiatives with security organizations for mitigating cyber attacks such as malware, botnets and frauds.
Mission
To address the computer security concerns of Malaysian Internet users.
Vision
To reduce the probability of successful attack and lower the risk of consequential damage.
CyberSecurity Malaysia has a cybercomplaints centre, called Cyber999, where the public can e-mail or call to report incidents or complain about cyberissues such as malware infections, intrusions, online harassment, spam, malicious websites, etc.
After the agency receive a report, they validate the complaint and refer the complainant to the police or help him or her lodge a complaint with the service provider or website concerned.
CyberSecurity comes under the purview of the Ministry of Science, Technology and Innovation. It is a one-stop co-ordination centre for national cybersecurity
MyCERT Core Functions
Cyber999
Provides point of contact for reporting security incidents.
Cyber Early Warning
* Alerts the constituency on new threats on the Net.
* Writes and distributes security bulletins, alerts and advisories.
Coordination Centre
Coordinates and handles security incidents received from other CERTs,ISPs, Institutions from worldwide.
Facilitates interaction and cooperation with Law Enforcement Agencies.
MyCERT also shares knowledge and experience at various events by conducting trainings, talks and workshops.
One of the suggestion of Cybersecurity Malaysia is to form cybercourt to deal with cybercrimes in Malaysia.
National cybersecurity specialist CyberSecurity Malaysia says the nation needs a dedicated “cybercourt” in view of the huge increase in cybercrimes in the country last year.
Moreover In a Bernama report on Jan 6, Datuk Shaziman said Malaysia needs a cybercourt in view of the increasing number of such cases.
“If in future we cannot cope anymore, we may need to have a cybercourt,” he was quoted in the report.
Husin CyberSecurity chief executive officer said that as the country’s cyberpopulation increases, the number of online transactions or other activities will increase in tandem, which will likely mean more incidents of cybercrime.
“It is a natural phenomena. There will inevitably be more criminals taking advantage of the situation to conduct their crimes online. “Increases in wireless and broadband capacity make it easier and faster to use the Internet. Unfortunately these facilities can be also used as a medium for cybercrimes,” he continued.
The current economic situation, in which the global economy is heading towards a recession, will also contribute to an increase in cybercrimes, he added.
References: http://www.mycert.org.my/en/about/about_us/main/detail/344/index.html
Steven Patrick,: Cybercrimes On The Rise [2009] http://star-
techcentral.com/tech/story.asp?file=/2009/1/16 >accessed 12 October 2009
Attack by Viruses
Hi frens, here is the article where Malaysia Attacked by the viruses.
In 2001, Malaysia’s Internet infrastructure was attacked by the Code Red worm. This was a classic example of infrastructure attack in which the worm spread very fast and brought our national communication network to a standstill.
It was reported that the relevant agencies took three months to eradicate this worm and the estimated minimum losses was RM22mil, not inclusive of the losses to the business fraternity and other sectors as well.
Other incidents of cyberattacks were caused by the Blaster and Naachi worms in
2003. The incident started with the propagation of the Blaster worm through the scanning of vulnerable machines via the network, followed by Naachi worms.
These worms exploited the vulnerability found in the Windows NT, 2000 and XP software. The estimated cost to eradicate this worm was about RM31mil, not including lost productivity and the cost of lost opportunity.
In 2001, Malaysia’s Internet infrastructure was attacked by the Code Red worm. This was a classic example of infrastructure attack in which the worm spread very fast and brought our national communication network to a standstill.
It was reported that the relevant agencies took three months to eradicate this worm and the estimated minimum losses was RM22mil, not inclusive of the losses to the business fraternity and other sectors as well.
Other incidents of cyberattacks were caused by the Blaster and Naachi worms in
2003. The incident started with the propagation of the Blaster worm through the scanning of vulnerable machines via the network, followed by Naachi worms.
These worms exploited the vulnerability found in the Windows NT, 2000 and XP software. The estimated cost to eradicate this worm was about RM31mil, not including lost productivity and the cost of lost opportunity.
Types of Viruses
Hello there. We would like to thank all of you for the comments. Now, we would like to talk about viruses where one of the commenter ask some questions regarding this topic. Based on our reading their three main viruses called trojan horse, worm viruses, and logic bomb viruses....
In a trojan horse virus scenario, when the virus code is hidden in the host program,the virus programmer satisfies the "inserts into a program" .
Worm programs are generally inserted directly into a computer network or bulletin board system and infect computers throughout the system. Threfore, by inserting the worm virus directly into the network or bulletin board system.
Logic Bomb programs are inserted directly into a computer or a program and activate upon the occurenceof a designated event.
In a trojan horse virus scenario, when the virus code is hidden in the host program,the virus programmer satisfies the "inserts into a program" .
Worm programs are generally inserted directly into a computer network or bulletin board system and infect computers throughout the system. Threfore, by inserting the worm virus directly into the network or bulletin board system.
Logic Bomb programs are inserted directly into a computer or a program and activate upon the occurenceof a designated event.
Monday, October 12, 2009
FBI- CYBER CRIME!!!
Friend, i found this video on Youtube, probably it help us to get to know more how the other country solving cyber crime cases..:-) though the video is just simple interview, yet it is interesting..
http://www.youtube.com/watch?v=Exr-cOJ_4Fw
http://www.youtube.com/watch?v=Exr-cOJ_4Fw
Monday, October 5, 2009
Council of Europe Convention on Cybercrime
Hi frenz this is a information about a organisation which protect society against cyber crime. This is one of the way to protect society against the cybercrimes where Malaysia can apply the same application as other country. Enjoy read it.
Council of Europe Convention on Cybercrime
The aims of the Council of Europe Convention on Cybercrime (“COECCC”) are to achieve a common criminal policy to protect society against cyber crime by adopting appropriate legislation and to foster international co-operation.
The working group proposed that legislation regarding computer crime should look towards international developments so that it remains up to date. In particular, the working group compared the COECCC with Hong Kong’s existing legislation and the group’s proposals are in line with the COECCC, some interesting points arising from the comparison are discussed below.
Article 6 of the COECCC states that each party to the convention still shall make it an offence to produce, distribute or possess devices, computer programs or password designed specifically for the purposes of committing offences such as hacking. There is no legislation in Hong Kong outlawing “hacking tools”, nor would the working group recommended legislation to make them illegal. The reason cited was that system managers may wish to use these to test their security measures. However, it might be possible to license these “hacking tools” to legitimate users only and make it an offence to sell hacking tools (in line with Article 6 of the COECCC). This would make it more difficult for hackers to operate and make it easier to prosecute them, as prosecution would simply rest on of these devices.
Article 9 of the COECCC deals with child pornography on a computer system. The CRO does not deal with this issue but the Prevention of Child Pornography Bill is currently being discussed and will, in the future, create concrete legislation to address this.
Reference: Internet Law in Hong Kong
by Renuka Jeyabalan
Council of Europe Convention on Cybercrime
The aims of the Council of Europe Convention on Cybercrime (“COECCC”) are to achieve a common criminal policy to protect society against cyber crime by adopting appropriate legislation and to foster international co-operation.
The working group proposed that legislation regarding computer crime should look towards international developments so that it remains up to date. In particular, the working group compared the COECCC with Hong Kong’s existing legislation and the group’s proposals are in line with the COECCC, some interesting points arising from the comparison are discussed below.
Article 6 of the COECCC states that each party to the convention still shall make it an offence to produce, distribute or possess devices, computer programs or password designed specifically for the purposes of committing offences such as hacking. There is no legislation in Hong Kong outlawing “hacking tools”, nor would the working group recommended legislation to make them illegal. The reason cited was that system managers may wish to use these to test their security measures. However, it might be possible to license these “hacking tools” to legitimate users only and make it an offence to sell hacking tools (in line with Article 6 of the COECCC). This would make it more difficult for hackers to operate and make it easier to prosecute them, as prosecution would simply rest on of these devices.
Article 9 of the COECCC deals with child pornography on a computer system. The CRO does not deal with this issue but the Prevention of Child Pornography Bill is currently being discussed and will, in the future, create concrete legislation to address this.
Reference: Internet Law in Hong Kong
by Renuka Jeyabalan
Sunday, October 4, 2009
Internet Security
Friends, I would like share something that might be a worthy read here. Most of us are fond of updating and downloading anti-viruses, especially students in the varsity. Our computers and notebooks are prone to get “infected” and we are used to installing anti-viruses as our means of security for our computers. But is it really safe? What if I tell you that there are cyber criminals who use this circumstances as their platform to install not anti-virus but malware into our computers?
This article deals with the subject of internet security and why you must pay close attention when you decide to download anti-viruses via the internet. Hope it will throw some light into this subject. Read on!
When a computer connects to a network and begins communicating with others, it is taking a risk. Internet security involves the protection of a computer's internet account and files from intrusion of an unknown user. Basic security measures involve protection by well selected passwords, change of file permissions and back up of computer's data.
Security concerns are in some ways peripheral to normal business working, but serve to highlight just how important it is that business users feel confident when using IT systems. Security will probably always be high on the IT agenda simply because cyber criminals know that a successful attack is very profitable. This means they will always strive to find new ways to circumvent IT security, and users will consequently need to be continually vigilant. Whenever decisions need to be made about how to enhance a system, security will need to be held uppermost among its requirements. Anti-viruses helps to enhance our computer’s security system but these days, we need to be alert even as we chose anti-virus for our computer.
Some apparently useful programs also contain features with hidden malicious intent. Such programs are known as Malware, Viruses, Trojans, Worms, Spyware and Bots.
- Malware is the most general name for any malicious software designed for example to infiltrate, spy on or damage a computer or other programmable device or system of sufficient complexity, such as a home or office computer system, network, mobile phone, PDA, automated device or robot.
- Viruses are programs which are able to replicate their structure or effect by integrating themselves or references to themselves, etc into existing files or structures on a penetrated computer. They usually also have a malicious or humorous payload designed to threaten or modify the actions or data of the host device or system without consent. For example by deleting, corrupting or otherwise hiding information from its owner.
- Trojans-Trojan Horses are programs which may pretend to do one thing, but in reality steal information, alter it or cause other problems on a such as a computer or programmable device / system. Trojans can be hard to detect.
- Spyware includes programs that surreptitiously monitor keystrokes, or other activity on a computer system and report that information to others without consent.
- Worms are programs which are able to replicate themselves over a (possibly extensive) computer network, and also perform malicious acts that may ultimately affect a whole society / economy.
- Bots are program which take over and use the resources of a computer system over a network without consent, and communicate those results to others who may control the Bots.
The above concepts overlap and they can obviously be combined. The terminology is evolving these days.
Antivirus programs and Internet security programs are useful in protecting a computer or programmable device / system from malware.
Such programs are used to detect and usually eliminate viruses. Anti-virus software can be purchased or downloaded via the internet. Care should be taken in selecting anti-virus software, as some programs are not as effective as others in finding and eliminating viruses or malware. Also, when downloading anti-virus software from the Internet, one should be cautious as some websites say they are providing protection from viruses with their software, but are really trying to install malware on your computer by disguising it as something else.
So there you go, people! It is vital that we have good internet security for our computers or notebooks in order to not fall as victims of cyber crimes.
With reference to Wikipedia. :)
by dharshinnii
Saturday, October 3, 2009
Types of Cybercrime
Hi frenz lets we have a knowledge on types of cybercrime. As a cyberlaw student we should have a knowledge on it.
Types of Cybercrime
• HACKING
• DENIAL OF SERVICE
ATTACK
• VIRUS DISSEMINATION
• SOFTWARE PIRACY
• PORNOGRAPHY
• IRC Crime
• CREDIT CARD FRAUD
• PHISHING
• SPOOFING
• CYBER STALKING
• CYBER
DEFAMATION
• THREATENING
• SALAMI ATTACK
• NET EXTORTION
HACKING
The act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user.
DENIAL OF SERVICE ATTACK
This is an act by the criminal, who floods the band width of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
VIRUS DISSEMINATION
Malicious software that attaches iitself to other software.
(virus, worms, Trojan Horse, Time bomb,Logic Bomb, Rabbit and Bacterium are the malicious soft wares)
SOFTWARE PIRACY
Theft of software through the iillegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses world wide are ever increasing due to this crime
Can be done in various ways such as end user copying, hard disk loading, Counterfeiting, Illegal downloads from the iinternet etc.
PRONOGRAPHY
Pornography is the first consistently successful ecommerce product. It was a
deceptive marketing tactics and mouse trapping technologies. Pronography encourage customers to access their websites. Anybody including children can log on to the internet and access website with pronography contents with a click of a mouse.
IRC CRIME
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques
Paedophiles use chat rooms to allure small children.
CREDIT CARD FRAUD
You siimply have to type credit card number into www page off the vendor for
online transaction If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner.
NET EXTORTION
Copying the company’s confidential data in order to extort said company for huge amount.
PHISHING
It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
Spoofiing
Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges ,, so as to obtain access to the other computers on the network.
CYBER STALKING
The Criminal follows the victim by sending emails, entering the chat rooms frequently.
CYBER DEFAMATION
The Criminal sends emails containing defamatory matters to all concerned of the victim or post the defamatory matters on a website. (disgruntled employee may do this against boss, ex-boys friend against girl, divorced husband against wife etc)
THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)
SALAMI ATTACK
In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount.
http//cybercelimumbai.com/files
posted by Renuka a/p Jeyabalan
Types of Cybercrime
• HACKING
• DENIAL OF SERVICE
ATTACK
• VIRUS DISSEMINATION
• SOFTWARE PIRACY
• PORNOGRAPHY
• IRC Crime
• CREDIT CARD FRAUD
• PHISHING
• SPOOFING
• CYBER STALKING
• CYBER
DEFAMATION
• THREATENING
• SALAMI ATTACK
• NET EXTORTION
HACKING
The act of gaining unauthorized access to a computer system or network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user.
DENIAL OF SERVICE ATTACK
This is an act by the criminal, who floods the band width of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
VIRUS DISSEMINATION
Malicious software that attaches iitself to other software.
(virus, worms, Trojan Horse, Time bomb,Logic Bomb, Rabbit and Bacterium are the malicious soft wares)
SOFTWARE PIRACY
Theft of software through the iillegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses world wide are ever increasing due to this crime
Can be done in various ways such as end user copying, hard disk loading, Counterfeiting, Illegal downloads from the iinternet etc.
PRONOGRAPHY
Pornography is the first consistently successful ecommerce product. It was a
deceptive marketing tactics and mouse trapping technologies. Pronography encourage customers to access their websites. Anybody including children can log on to the internet and access website with pronography contents with a click of a mouse.
IRC CRIME
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques
Paedophiles use chat rooms to allure small children.
CREDIT CARD FRAUD
You siimply have to type credit card number into www page off the vendor for
online transaction If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner.
NET EXTORTION
Copying the company’s confidential data in order to extort said company for huge amount.
PHISHING
It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
Spoofiing
Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges ,, so as to obtain access to the other computers on the network.
CYBER STALKING
The Criminal follows the victim by sending emails, entering the chat rooms frequently.
CYBER DEFAMATION
The Criminal sends emails containing defamatory matters to all concerned of the victim or post the defamatory matters on a website. (disgruntled employee may do this against boss, ex-boys friend against girl, divorced husband against wife etc)
THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with
victim. (Any one disgruntled may do this against boss, friend or official)
SALAMI ATTACK
In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount.
http//cybercelimumbai.com/files
posted by Renuka a/p Jeyabalan
Wednesday, September 30, 2009
The Law that Governs Cyber Crime....
HYE...FRENS...AS I BROWSING,I FOUND SOME ESSENTIAL ARTICLES REGARDING THE LAW THAT GOVERNS CYBER CRIMES..HOPE U GURLS GET BENEFIT FROM THAT..ENJOY READING IT..
A)EUROPEAN COMMISSION
The European Commission adopted a proposal for new laws against cybercrime to harmonise laws that deal with hacking, viruses and denial of service attacks. All EU Member States are also members of the Council of Europe which recently agreed a Cybercrime Convention with the same aim
The Commission adopted its proposal for a Council Framework Decision on "Attacks against information systems" seeks to ensure that Europe's law enforcement and judicial authorities can take action against crimes for which existing laws were not designed. It also aims to encourage and promote information security. Antonio Vitorino, European Commissioner for Justice and Home Affairs, said:
"Member States' laws contain some significant gaps which could hamper the ability of law enforcement and judicial authorities to respond to crimes against information systems. Given the trans-national nature of hacking, virus and denial of service attacks, it is important that the European Union takes action in this area to ensure effective police and judicial co-operation."
The Framework Decision that is now being proposed would approximate criminal law rules and facilitate judicial co-operation for hacking, described by the Commission as “illegal access to information systems” and denial of service and virus attacks – described as “illegal interference with information systems.” The Commission says its proposed Framework Decision is technology neutral and “takes account of the broader Information Society context.” The Commission says the proposed Framework Decision also takes into account other international activities such as the work of the G8 and the Council of Europe Convention on Cybercrime.
B)INDIAN LAW
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didn’t quite fit the crimes being committed, new laws hadn’t quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust— between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe “place” for its users.
Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories.
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi
C)UN RESOLUTION
A broad, inclusive focus is necessary to address problems of cybercrime, going beyond criminal law, penal procedures and law enforcement. The focus should include requirements for the secure functioning of a cyber-economy optimizing business confidence and individual privacy, as well as strategies to promote and protect the innovation and wealth-creating potential and opportunities of information and computing technologies, including early warning and response mechanisms in case of cyberattacks. Behind the prevention and prosecution of computer-related crime looms the larger challenge of creating a global culture of cybersecurity, addressing the needs of all societies, including developing countries, with their emerging and still vulnerable information technology structures.
International cooperation at all levels should be developed further. Because of its universal character, the United Nations system, with improved internal coordination mechanisms called for by the General Assembly, should have the leading role in intergovernmental activities to ensure the functioning and protection of cyberspace so that it is not abused or exploited by criminals or terrorists. In particular, the United Nations system should be instrumental in advancing global approaches to combating cybercrime and to procedures for international cooperation, with a view to averting and mitigating the negative impact of cybercrime on critical infrastructure, sustainable development, protection of privacy, e-commerce, banking and trade.
All States should be encouraged to update their criminal laws as soon as possible, in order to address the particular nature of cybercrime. With respect to traditional forms of crime committed through the use of new technologies, this updating may be done by clarifying or abolishing provisions that are no longer completely adequate, such as statutes unable to address destruction or theft of intangibles, or by creating new provisions for new crimes, such as unauthorized access to computers or computer networks. Such updating should also include procedural laws (for tracing communications, for example) and laws, agreements or arrangements on mutual legal assistance (for rapid preservation of data, for example). In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Europe Convention on Cybercrime.
Governments, the private sector and non-governmental organizations should work together to bridge the digital divide, to raise public awareness about the risks of cybercrime and introduce appropriate countermeasures and to enhance the capacity of criminal justice professionals, including law enforcement personnel, prosecutors and judges. For this purpose, national judicial administrations and institutions of legal learning should include comprehensive curricula on computer related crime in their teaching schedules.
Cybercrime policy should be evidence-based and subject to rigorous evaluation to ensure efficiency and effectiveness. Therefore, concerted and coordinated efforts at the international level should be made to establish funding mechanisms to facilitate practical research and curb many types of newly emerging cybercrime. It is, however, equally important to ensure that research be internationally coordinated and that research results be made widely available.
UNODC should bring the results of the Workshop on Measures to Combat Computer-related Crime, to be held during the Eleventh Congress, to the attention of the second phase of the World Summit on the Information Society, to be held in Tunis in 2005, for its consideration.
Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi
EXRACTED FROM: http://library.thinkquest.org/06aug/02257/more.html
A)EUROPEAN COMMISSION
The European Commission adopted a proposal for new laws against cybercrime to harmonise laws that deal with hacking, viruses and denial of service attacks. All EU Member States are also members of the Council of Europe which recently agreed a Cybercrime Convention with the same aim
The Commission adopted its proposal for a Council Framework Decision on "Attacks against information systems" seeks to ensure that Europe's law enforcement and judicial authorities can take action against crimes for which existing laws were not designed. It also aims to encourage and promote information security. Antonio Vitorino, European Commissioner for Justice and Home Affairs, said:
"Member States' laws contain some significant gaps which could hamper the ability of law enforcement and judicial authorities to respond to crimes against information systems. Given the trans-national nature of hacking, virus and denial of service attacks, it is important that the European Union takes action in this area to ensure effective police and judicial co-operation."
The Framework Decision that is now being proposed would approximate criminal law rules and facilitate judicial co-operation for hacking, described by the Commission as “illegal access to information systems” and denial of service and virus attacks – described as “illegal interference with information systems.” The Commission says its proposed Framework Decision is technology neutral and “takes account of the broader Information Society context.” The Commission says the proposed Framework Decision also takes into account other international activities such as the work of the G8 and the Council of Europe Convention on Cybercrime.
B)INDIAN LAW
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didn’t quite fit the crimes being committed, new laws hadn’t quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust— between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe “place” for its users.
Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories.
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi
C)UN RESOLUTION
A broad, inclusive focus is necessary to address problems of cybercrime, going beyond criminal law, penal procedures and law enforcement. The focus should include requirements for the secure functioning of a cyber-economy optimizing business confidence and individual privacy, as well as strategies to promote and protect the innovation and wealth-creating potential and opportunities of information and computing technologies, including early warning and response mechanisms in case of cyberattacks. Behind the prevention and prosecution of computer-related crime looms the larger challenge of creating a global culture of cybersecurity, addressing the needs of all societies, including developing countries, with their emerging and still vulnerable information technology structures.
International cooperation at all levels should be developed further. Because of its universal character, the United Nations system, with improved internal coordination mechanisms called for by the General Assembly, should have the leading role in intergovernmental activities to ensure the functioning and protection of cyberspace so that it is not abused or exploited by criminals or terrorists. In particular, the United Nations system should be instrumental in advancing global approaches to combating cybercrime and to procedures for international cooperation, with a view to averting and mitigating the negative impact of cybercrime on critical infrastructure, sustainable development, protection of privacy, e-commerce, banking and trade.
All States should be encouraged to update their criminal laws as soon as possible, in order to address the particular nature of cybercrime. With respect to traditional forms of crime committed through the use of new technologies, this updating may be done by clarifying or abolishing provisions that are no longer completely adequate, such as statutes unable to address destruction or theft of intangibles, or by creating new provisions for new crimes, such as unauthorized access to computers or computer networks. Such updating should also include procedural laws (for tracing communications, for example) and laws, agreements or arrangements on mutual legal assistance (for rapid preservation of data, for example). In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Europe Convention on Cybercrime.
Governments, the private sector and non-governmental organizations should work together to bridge the digital divide, to raise public awareness about the risks of cybercrime and introduce appropriate countermeasures and to enhance the capacity of criminal justice professionals, including law enforcement personnel, prosecutors and judges. For this purpose, national judicial administrations and institutions of legal learning should include comprehensive curricula on computer related crime in their teaching schedules.
Cybercrime policy should be evidence-based and subject to rigorous evaluation to ensure efficiency and effectiveness. Therefore, concerted and coordinated efforts at the international level should be made to establish funding mechanisms to facilitate practical research and curb many types of newly emerging cybercrime. It is, however, equally important to ensure that research be internationally coordinated and that research results be made widely available.
UNODC should bring the results of the Workshop on Measures to Combat Computer-related Crime, to be held during the Eleventh Congress, to the attention of the second phase of the World Summit on the Information Society, to be held in Tunis in 2005, for its consideration.
Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi
EXRACTED FROM: http://library.thinkquest.org/06aug/02257/more.html
What is Cyber Crime???
What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money". Mr. Pavan Duggal, who is the President of www.cyberlaws.net and consultant, in a report has clearly defined the various categories and types of cybercrimes. Cybercrimes can be basically divided into 3 major categories:
1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.
a) Cybercrimes against persons
Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
A minor girl in Ahmedabad was lured to a private place through cyberchat by a man, who, along with his friends, attempted to gangrape her. As some passersby heard her cry, she was rescued.
Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.
In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes. Cyberharassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.
b) Cybercrimes against property
The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.
A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyberspy.
c) Cybercrimes against government
The third category of Cyber-crimes relate to Cybercrimes against Government. Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
In a report of expressindia.com, it was said that internet was becoming a boon for the terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly using internet to communicate and move funds. "Lashker-e-Toiba is collecting contributions online from its sympathisers all over the world. During the investigation of the Red Fort shootout in Dec. 2000, the accused Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use of the internet to communicate with the operatives and the sympathisers and also using the medium for intra-bank transfer of funds".
Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.
"Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime."
- Pavan Duggal,Supreme Court advocate and cyber law expert
http://library.thinkquest.org/06aug/02257/more.html
1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.
a) Cybercrimes against persons
Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
A minor girl in Ahmedabad was lured to a private place through cyberchat by a man, who, along with his friends, attempted to gangrape her. As some passersby heard her cry, she was rescued.
Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.
In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes. Cyberharassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.
b) Cybercrimes against property
The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.
A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyberspy.
c) Cybercrimes against government
The third category of Cyber-crimes relate to Cybercrimes against Government. Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
In a report of expressindia.com, it was said that internet was becoming a boon for the terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly using internet to communicate and move funds. "Lashker-e-Toiba is collecting contributions online from its sympathisers all over the world. During the investigation of the Red Fort shootout in Dec. 2000, the accused Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use of the internet to communicate with the operatives and the sympathisers and also using the medium for intra-bank transfer of funds".
Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.
"Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime."
- Pavan Duggal,Supreme Court advocate and cyber law expert
http://library.thinkquest.org/06aug/02257/more.html
Tuesday, September 29, 2009
VIRUSES
Cute virus in yellow..I found a very interesting articles when i try my very best to search through development of cyber crimes..yeah!! finally, i come across an article which entitled ' Where in the world do viruses comes from?' This article mainly contribute the international development of cyber crimes..Let's read through together..:-)
Where in the World do Viruses Come From?
Computerworld Singapore
Saturday, September 05, 2009 11:23 AM PDT
The U.S. and Brazil continued their output of spam and viruses through August, although levels have dropped slightly since July, according to security vendor Network Box. An analysis of Internet threats by Network Box in August 2009 shows that the volume of malware, which peaked in July (when volumes increased by 300 per cent), are down again at levels seen in June (around four viruses per customer, per hour). Spam is also down slightly, averaging around 90 spam e-mails per customer, per hour (from a peak of around 120 in May). The U.S. continues to dominate as the main source of the world's viruses, producing 15.9 per cent of all viruses. It is followed closely by Brazil, which produces 14.5 per cent (similar levels to last month's 14.1 per cent). Brazil continues to be the biggest source of spam, producing 11.6 per cent of all spam, followed by the US at 8.6 per cent and South Korea at 7.2 per cent.
South Korea remains the biggest source of intrusion attacks, at 17.3 per cent.
Phishing attacks also remain high, at 33 per cent of all viruses. This is down slightly from last month's 36.2 per cent, but still significantly higher than in June, when phishing attacks made up just five per cent of all viruses.
South Korea remains the biggest source of intrusion attacks, at 17.3 per cent.
Phishing attacks also remain high, at 33 per cent of all viruses. This is down slightly from last month's 36.2 per cent, but still significantly higher than in June, when phishing attacks made up just five per cent of all viruses.
From the article, we can see that U.S is the country that become the main contributor of the viruses..what is the reason behind all this? can we think together? any comments friend?
posted by Bee Ling
Sunday, September 27, 2009
Denial of service attack??
After such a long holiday, our group come back again..hehe..today, we would like to talk about denial of service attack. What is denial of service attack? Denial of service attack is an attempt to make a computer resource unavailable to its intended users. For your information, denial of service attack is a type of cyber crime.
A Denial of service attack can be perpetrated in a number of ways. The five basic types of attack are:
1. Consumption of computational resources, such as bandwidth, disk space, or processor time
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
In the Police and Justice Act 2006, the United Kingdom specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison. The question arise, how about the case happens in Malaysia? any suggestion? :-)
posted by Bee Ling
A Denial of service attack can be perpetrated in a number of ways. The five basic types of attack are:
1. Consumption of computational resources, such as bandwidth, disk space, or processor time
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
In the Police and Justice Act 2006, the United Kingdom specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison. The question arise, how about the case happens in Malaysia? any suggestion? :-)
posted by Bee Ling
Wednesday, September 2, 2009
Internet Users Need To Be Security Conscious
Internet Users Need To Be Security Conscious
24 February 2009 (Eastern Times)
By Wilfred Pilo
KUCHING: Internet users need to be educated on cyber security as there have been an increasing number of thefts of identity and data over the cyberspace these days.
This was pointed out by Deputy Minister of Science, Technology and Innovation, Hj Fadillah Yusof, while officiating at a seminar on Infosec.My yesterday.
"Since many people are relying on the internet and communication technology for their daily tasks, there is an urgent need to ensure that the data or information are free from virus attack and threat," said Fadillah, adding that hackers were getting more sophisticated in their attacks of websites of various businesses and government agencies.
Fadillah also said that in a research carried out by the Commissioner of Communication and Multimedia, it was found that, the biggest group of people using the internet were the youths. "Among their popular applications are websites on chatting, blogs, email and social networking.
"Therefore it is very important that the youths should be taught to become more aware of the need to be cyber security conscious," he said.
He said that if the users were conscious of cyber security, then they would be more cautious in the manner they made use of the internet.
The theme of the seminar was "Keeping Your Family Safe in Cyber Space" Also present was CEO of Cyber Security Malaysia, Lt.Colonel (R) Husin Jazri.
Subscribe to:
Posts (Atom)
