Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia1

Introduction The fast-paced development of information and communication technologies in the world during the last fifty years has led to a thriving online community. This community exists in a place called cyberspace and are known collectively as netizens. Netizens are encouraged by cyberspaces architecture to communicate, trade and to commit crimes in ways that are different from the tangible world (Sonya Liew, 2005). Also, free speech is encouraged to flourish and anybody could publish statements and information online. Malaysians are now exposed to computer crimes that have amusing or strange names. For example, terms such as Phreaking, Hacking, Worming, Phishing and Spoofing gives one the impression that these terms are used in the shipping industry. However, these terms are names for computer crimes that came into existence within the last 50 years or so. Crime and criminality have been associated with man since his fall. Crime remains elusive and ever strives to hide itself in the face of development. Different nations have adopted different strategies to contend with crime depending on their nature and extent. One thing is certain, it is that a nation with high incidence of crime cannot grow or develop. That is so because crime is the direct opposite of development. It leaves a negative social and economic consequence. Definition of Cybercrime What is actually cybercrime? The Oxford Reference Online defines cybercrime as crime committed over the Internet. Some people call cybercrime computer crime. The Encyclopaedia Britannica defines computer crime as any crime that is committed by means of special knowledge or expert use of computer technology. Cybercrime is also defined as crimes committed on the internet using the computer as either a tool or a targeted victim. It is very difficult to classify crimes in general into distinct groups as many crimes evolve on a daily basis. Even in the real world, crimes like rape, murder or theft need not necessarily be separate. However, all cybercrimes involve both the computer and the person behind it as victims, it just depends on which of the two is the main target. Hence, the computer will be looked at as either a target or tool for simplicitys sake. For example, hacking involves attacking the computers information and other resources. It is important to take note that

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia2

overlapping occurs in many cases and it is impossible to have a perfect classification system (Computer Crime Research Center, http://www.crime-research.org/). Furthermore, cybercrime is defines by Dictionary.com as criminal activity or a crime that involves the Internet, a computer system, or computer technology: identity theft, phishing, and other kinds of cybercrime. According to TechTerms.com, cybercrimes is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming. Both of these methods lure users to fake websites (that appear to be legitimate), where they are asked to enter personal information. This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity. For this reason, it is smart to always check the URL or Web address of a site to make sure it is legitimate before entering our personal information. Scope of cybercrimes Because cybercrime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cybercrimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spyware blocking software and being careful where you enter your personal information. Cybercrimes encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cybercrime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cybercrimes when the illegal activities are committed through the use of a computer and the Internet. Computer crime could reasonably include a wide variety of criminal offences, activities, or issues. The scope of the definition becomes even larger with the frequent companion or
2

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia3

substitute term computer-related crime. Some writers are also of the opinion that computer crime refers to computer-related activities which are either criminal in the legal sense of the word or just antisocial behaviour where there is no breach of the law.

The word hacker should also be defined here, hackers are basically people who break into and tamper with computer information systems. The word cracker carries a similar meaning, and cracking means to decipher a code, password or encrypted message. Like traditional crime, cybercrime can take many shapes and can occur nearly anytime or anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and their goal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or 'cyber' aspect.

Cybercrime has surpassed illegal drug trafficking as a criminal moneymaker. Every 3 seconds an identity is stolen. Without security, our unprotected PC can become infected within four minutes of connecting to the internet.

As we can see from these definitions, cybercrime can cover a very wide range of attacks. Understanding this wide variation in types of cybercrime is important as different types of cybercrime require different approaches to improving our computer safety.

Classification of Cybercrimes There are 4 major categories of cybercrimes. The 4 major categories are cybercrime against individual, cybercrime against property, cybercrime against organization and cybercrime against society. (http://www.reportcybercrime.com)

Cybercrime against individual.

Cybercrimes committed against individual or persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail (http://library.thinkquest.org/06aug/02257/more.html). The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. This type of cybercrime
3

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia4

which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled. This type of cybercrime also included the email spoofing, spamming, cyber defamation and cyber stalking.

Cybercrime against property.

These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes (http://library.thinkquest.org/06aug/02257/more.html). These crime included the credit card fraud, internet time theft and intellectual property crimes such as software piracy, copyright infringement, trademarks violations and even theft of computer source code.

Cybercrime against organization. of individual

These include crimes against government, private firm, company, group

(http://www.bestarticleworld.com/2009/12/article-on-society-and- increasing-cyber.html). These crimes included unauthorized accessing of computer, denial of service, virus attack, email bombing, salami attack, logic bomb, trojan horse, data diddling and others cyber terrorism against the government organization.

Cybercrime against society. organisation but the society at large

These crimes not only affect individual or any

(http://www.bestarticleworld.com/2009/12/article-on-society-and-increasing-cyber.html). These crimes included forgery, cyber terrorism, child pornography, financial crimes, sale of illegal articles, web jacking, online gambling and polluting the youth through indecent exposure (http://www.cyberlawconsulting.com/cyber-case.html).

Symantec Corp draws from the many definitions of cybercrime and defines it concisely as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. The broad range of cybercrime can be better understood by dividing it into two overall categories, defined for the purpose of this research as Type I and Type II cybercrime.

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia5

Type I cybercrime has the following characteristics:

It is generally a single event from the perspective of the victim. For example, the victim unknowingly downloads a Trojan horse which installs a keystroke logger on his or her machine. Alternatively, the victim might receive an e-mail containing what claims to be a link to known entity, but in reality is a link to a hostile website.

It is often facilitated by crimeware programs such as keystroke loggers, viruses, rootkits or Trojan horses. Software flaws or vulnerabilities often provide the foothold for the attacker. For example, criminals controlling a website may take advantage of a vulnerability in a Web browser to place a Trojan horse on the victim's computer.

Examples of this type of cybercrime include but are not limited to phishing, theft or manipulation of data or services via hacking or viruses, identity theft, and bank or ecommerce fraud. Type II cybercrime, at the other end of the spectrum, includes, but is not limited to activities such as cyberstalking and harassment, child predation, extortion, blackmail, stock market manipulation, complex corporate espionage, and planning or carrying out terrorist activities. The characteristics of Type II cybercrime are:

It is generally an on-going series of events, involving repeated interactions with the target. For example, the target is contacted in a chat room by someone who, over time, attempts to establish a relationship. Eventually, the criminal exploits the relationship to commit a crime. Or, members of a terrorist cell or criminal organization may use hidden messages to communicate in a public forum to plan activities or discuss money laundering locations, for example.

It is generally facilitated by programs that do not fit into under the classification crimeware. For example, conversations may take place using IM (instant messaging) clients or files may be transferred using FTP. [Source : Symantec Corp]

What is concerning is that organised crime is escalating on the Internet, according to a 2002 statement by the head of Britain's National High-tech Crime Unit, Lee Hynds (www.ananova.com/news/story/sm_724492.html?menu). According to him the Internet
5

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia6

provides organised crime groups with a relatively low risk theatre of operations. As the topic of cybercrime is so wide, what I would like to do is focus on Malaysias Computer Crimes Act 1997, local law enforcement and practical tips on how to prevent cybercrime. Computer crime laws in other countries such as in USA, the enforcement and multilateral efforts to harmonise laws against cybercrime will be discussed later. Are there laws in Malaysia to prosecute cybercriminals? What are the penalties for cybercriminals in Malaysia? The need for laws against cybercriminals is obvious. For example, a school dropout from the Philippines who wrote the ILOVEYOU virus was not prosecuted by the Philippine Government because at that time, the country did not have laws relating to virus creators. Ironically, the then President Estrada stated that perhaps the Philippines should leverage on the fact that they have such good virus writers to attract global technology companies to base themselves in the Philippines, considering the capable talent available in the country. Viruses and worms are getting more insidious nowadays, take for instance, the Swen worm, which cleverly disguises itself as an e-mail message from Microsoft with a patch attached. Besides hacking and cracking, technology and the Internet can be used for a myriad of other illegal purposes: drug dealers use encrypted fax machines to send orders for narcotics to their suppliers in a neighbouring country. Gangsters can use computers for extortion. Prostitution rings maintain their customer payments and client lists through computer software applications. Burglary rings track break-ins and then inventory their winnings from each job. Gangsters who want to murder a person in hospital can crack the hospitals computers to alter the dosage of medication (www.scmagazine.com/scmagazine/2000_04/cover/cover.html). Laws specifically catered for criminal activity through, over and using the Internet is essential for a nation state to have, especially in this globalised, Internet age. Take the example of the ILOVEYOU virus again, which spread to at least 45 million computers worldwide causing billions of dollars in damage (www.ananova.com/news/story/sm_51942.html). The Computer Crimes Act 1997 provides for offences against cybercrime. Now, it is not the case that the other Acts of Parliament do not provide for criminal offences (like the Communications and Multimedia Act 1998, the Digital Signature Act 1997 and the Optical Discs Act 2000), it is just that in terms of cybercrime itself, the Act of Parliament which is the most relevant is the Computer Crimes Act.
6

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia7

Practical examples of cybercrimes that have been mention earlier are elaborated below : Cyberstalking.

The goal of a cyberstalker is control. Stalking and harassment over cyberspace is more easily practised than in real life. There are many cases where cyberstalking crosses over to physical stalking. Some examples of computer harassment are: Live chat obscenities and harassment; Unsolicited and threatening e-mail; Hostile postings about someone; Spreading vicious rumours about someone; Leaving abusive messages on a websites guest books. Cases where the crime can occur even if there was no computer however, the use of technology makes the commission of the crime faster and permits the processing of larger amounts of information. Examples would be credit card fraud, drug trafficking, criminal breach of trust, forgery, cheating, illegal betting or gambling, forgery of valuable documents (money, cheques, passports and identification cards) and money laundering. In the past, the Malaysian Police has investigated rumour mongering and defamation on the Internet. Malicious codes like worms, viruses and Trojan horses.

These exploit security vulnerabilities of a system and they tend to alter or destroy data. The damage they cost is worth millions of Ringgit to companies as well as government agencies. Worms are different from viruses because they are able to spread themselves with no user interaction. A virus can attack systems in many ways: by erasing files, corrupting databases and destroying hard disk drives. Hacking.

Hacked systems can be used for information gathering, information alteration, and sabotage. Vulnerabilities exist in almost every network. Hackers sometime crack into systems to brag about their abilities to penetrate into systems, but others do it for illegal gain or other malicious purposes. Today, hacking is simpler than ever hackers can now go to websites and download protocols, programs and scripts to use against their victims.

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia8

Cyberterrorism.

This is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets. We shall discuss cyberterrorism as a separate topic as this is an area of special concern and because certain countries have legislated on the topic. Industrial espionage.

This is where corporations spy on other companies and with network systems, this can be an easy task. Companies can retrieve sensitive information rarely leaving behind any evidence. Cyberespionage can also be applied to nations that spy on other countries' sensitive information. Spoofing of IP addresses.

This is where a false IP address is used to impersonate an authorised user. The reproduction and distribution of copyright protected material and software piracy. Cyberattacks on financial systems.

This includes electronic banking and payment systems. Cybervandalism.

The defacing of webpages. Pyramid schemes on the Internet. E-mail abuse.

This includees malicious or false e-mail. Denial of service attacks.

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia9

What makes a crime a cybercrime? There is no comprehensive definition of cybercrime. There were some attempts but no conclusive definition was agreeable. Cybercrime comes under three categories. The first is when information and communications technology (ICT) systems and intellectual property become targets of exploitation, intrusion, identity and information theft. The second is when ICT devices are used as means to commit crimes. For example, computers at home are used to run malicious programs to intrude other computers to steal money, identity and passwords. The third category is where the ICT devices are used as mediums of committing crimes. For example, sedition, disharmony or unrest, slandering and instigating at higher scale come under this category. Some people say these cases must be prosecuted under cyber laws. But there are already laws that can be used to handle these cases. For example, for sedition and slander, one can be charged under the Penal Code. [Source: Cybersecurity.org] Comparison of Cybercrimes in Malaysia and USA Who are the local enforcers? What type of enforcement do we have in Malaysia? Cyber law enforcers face several challenges: Firstly, there is the identification of the criminal, internet investigations are equipment and labour-intensive. It is not that easy to identify cybercriminals. This is because they operate in a virtual world and do not leave physical clues and paper trails behind, like the more traditional criminals do. Although they do leave their digital fingerprints now and then, enforcers need to move quickly before evidence fades away. Furthermore, with encryption, route relay and other types of technology and processes, they can make themselves almost undetectable by cyber enforcers. Secondly, if the cybercriminal was in another country and he perpetrated his crimes against information systems here in Malaysia, how do we prosecute and ultimately impose the sentence against him? This is where the harmonisation of a framework of cyber law globally will undoubtedly help as the Internet is borderless and does not have regard to the laws of sovereign nations.

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia10

There are Malaysian Computer Crimes Act 1997 (CCA 1997) and the Communication and Multimedia Act 1998, which are the many cyber laws enacted in Malaysia. In Malaysia, the punishment may range from 3 years to 10 years imprisonment and/or a monetary fine of between RM 25,000 to RM 150,000. Note that stiffer penalties will be given if it is found that the guilty party had intention to cause injury when committing the crime. (SANS Institute, 2002). Besides legal differences, there are practical differences in terms of enforcement and coordination efforts between nations. There may not be enough trained personnel or sufficient equipment to detect and to bring cybercriminals to book. Finally, technology always evolves and the enforcers must keep up with changes. Even in the United States as recently as 2000, it was noted that American law enforcement agencies, including the Justice Department, lacked the staff to investigate and prosecute cybercrimes like digital break-ins, data destruction and viruses. As a result of this, cybercriminals were breaking into or paralysing US-based websites with little fear of retribution, costing the private sector hundreds of millions of dollars. Even Interpol, the organisation set up to track fugitives and investigate international crime and of which Malaysia is a member of, considered letting a Silicon Valley computer security company, AtomicTangerine, help it to protect businesses from hackers. This is after it acknowledged that international law enforcers were unable to combat computer crime effectively and also after acknowledging that governments found it difficult to coordinate cross-border efforts to combat this new phenomenon. Its secretary general at the time, Raymond Kendall stated that ... there's a limit to how you can transform police officers or detectives into technicians (http://lists.insecure.org/lists/isn/2000/Jul/0056.html). In Malaysia, the Malaysian Police formed the Technology Crime Investigation Branch (TCIB) in October 1998. It is under the Commercial Crime Investigation Division. The officers in the TCIB are specially trained in cybercriminal investigation methods. The TCIB also lends its assistance to overseas enforcement agencies in investigating online gambling, hacking and illegal distribution of pirated software.

10

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia11

The growing list of cybercrimes includes crimes that have been made possible by computers, such as network intrusions and the dissemination of computer viruses, as well as computerbased variations of existing crimes, such as identity theft, stalking, bullying and terrorism. Last year, CyberSecurity Malaysia handled a total of 2,123 incidents, more than 100 per cent increase compared with 2007. But that rate was an increase in incidents and it may not correlate with cybercrime rates. According to CyberSecurity Malaysia, the total number of Internet crimes reported in 2008 by the security firm had grown more than twice the previous estimates. Moreover, the situation might get worse this year (2009), as reported by thestaronline on January 16, 2009. The organization dealt with 2,123 incidents of cybercrime, more than 100% increase in comparison to 2007 when the company dealt with 1,038 incidents. The reports received from the organization revealed that nearly 50% of the incidents reported were related to fraud, while the rest to malicious code and intrusions like malware infections, spam, online harassment, malicious websites, intrusions etc. Moreover, over 4,000 cyber complaints, majority of them relating to cyber crimes, were filed with CyberSecurity Malaysia between 2007 and 08. The complaints comprised fraud, hack threats, Denial-of-Service conditions and other PC problems like viruses corrupting files or data getting exposed. Malaysia saw the number of reported cyber crimes rise to 5,181 this year (2010) from 2,642 in 2009 (New Straits Times Press, 27 October 2010). In the first quarter of 2011, 3,563 incidents were reported to the Cyber999 Security Incident Help Centre and of those, 400 phishing sites targeting Malaysian banks were reported. (http://www.malaysiandigest.com/news/21919-cybersecurity-malaysia-intensifies-fightagainst-cybercrime.html) Percentage derived from the statistic according to types of cyber crime in Malaysia. (http://www.mycert.org.my/en/services/statistic/mycert/2010/main/detail/725/index.html) 1. Content related 2. Denial of service 3. Cyber harrassment
4. Fraud

- 0.48 % - 0.82 % - 5.18 % - 27.34 % - 26.70 % - 8.47 % - 14.82 %

11

5. Intrusion 6. Intrusion attempt 7. Malicious codes

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia12

8. Spam

- 15.67 %

9. Vulnerabilities report - 0.52 % Fraud percentage contribute 27.34 % and spam percentage is 15.67 %. In USA, there are a number of controversial issues surrounding cybercrime. Opinions differ, for example, as to whether some widespread activities (such as file sharing) should be classified as criminal acts. The U.S. Digital Media Copyright Act (DMCA) of 1998 stipulates that exchanging files of copyrighted material, such as music or videos, is illegal and punishable by law. In August, 2002, the U.S. Department of Justice announced that they would begin to prosecute cases of peer-to-peer piracy. Since that time, there have been sporadic suits brought against individuals. Such prosecutions please many in the entertainment industries but are less popular with the general public. Gary Shapiro, president of the Consumer Electronics Association, has remarked that "If we have 70 million people in the United States who are breaking the law, we have a big issue." Another controversy related to cybercrime is the issue of digital surveillance and its impact on civil liberties. Since the terrorist attacks on the World Trade Center in September 2001, many have deemed it necessary to curtail some individual rights to privacy of information in exchange for greater security. According to the American Civil Liberties Union (ACLU), government surveillance networks monitor enormous volumes of private communications and apply artificial intelligence (AI) applications to filter out relevant data. Although such extensive surveillance might significantly decrease the possibility of cybercrime, it is nearly impossible to do so without infringing upon individual privacy. Furthermore, because surveillance organizations operate in secret, they are not open to scrutiny. The ACLU suggests that while surveillance can be effectively used to curtail cybercrime, it must be properly overseen to ensure that it is not at the cost of individual rights. Crime is not new. The means by which criminals are able to commit crimes has vastly changed in some respects thanks to the use of the Internet and computers. As technology advances, so does the ways in which criminals are able to pull off their horrendous deeds. With the Internet, crimes can now be committed more anonymously and with lightning speed. On the other hand, the same technology that allows criminals to engage in felonious acts is the exact same technology that helps law enforcement catch them.

12

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia13

In 1999, President Clinton brought about the Working group on Unlawful Conduct on the Internet to talk about unlawful conduct in regards to the Internet, and to prepare a report on issues such as: To what degree do the current Federal laws allow prosecution and investigation on unlawful Internet conduct, how much will new technology help law enforcement to investigate and prosecute unlawful Internet acts, to what extent are we able to help parents, teachers and other people get the tools they need to help reduce the chances of unlawful Internet conduct. Some of the many crimes that are regularly committed with the facilitation of the Internet are child pornography, fraud, the sell and purchase of illegal guns or drugs, or other material that are protected by copyright. In the worst cases, cybercrimes can result in child abduction and molestation, and physical harm to victims. These heinous crimes have forced lawmakers and legislators to look long at hard at the state of crimes in relation to the Internet, and what laws are in effect to protect and prevent such crimes from harming those at risk. According to FBI 2010 Cybercrime Statistics, now in its tenth year, the Internet Crime Complaint Center (IC3) has become vital resource for victims of online crime and for law enforcement investigating and prosecuting offenders. In 2010, IC3 received the second highest number of complaints since its lnception. IC3 also reached a major milestone this year when it received its two-millionth complaint. On average, IC3 receives and processes 25,000 complaints per month. The most common victim complaints in 2010 were nondelivery of payment or merchandise, scams impersonating the FBI and identity theft. Victims of these crimes reported losing hundreds of millions of dollars. The 2010 Internet Crime Report demonstrates how pervasive online crime has become, affecting people in all demographic groups. The report provides specific details about various crimes, their victims and the perpetrators. It also shows how IC3 continually adapts its methods to meet the needs of the public and law enforcement. Statistic was derived from Federal Bereau of Investigation (FBI) in collaboration with the IC3 for cybercrime statistic year 2010 in USA (http://scamfraudalert.wordpress.com/2010/03/13/fbi-2009- cybercrime-statistics/)
1. Non-delivery Payment/Merchandise - 14.4% 2. FBI-Related Scams

- 13.2%
13

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia14

3. Identity Theft 4. Computer Crimes 5. Miscellaneous Fraud 6. Advance Fee Fraud 7. Spam 8. Auction Fraud 9. Credit Card Fraud 10. Overpayment Fraud

- 9.8% - 9.1% - 8.6% - 7.6% - 6.9% - 5.9% - 5.3% - 5.3%

Fraud percentage is 32.7 % and spam percentage is 6.9 %. Fraud in the USA are in various types such as overpayment fraud, credit card fraud, auction fraud, advance fee fraud and miscellaneous fraud.

By Comparison between fraud and spam percentage between in Malaysia and USA.

Malaysia USA

: Fraud - 27.34 % and spam - 15.67 % : Fraud - 32.70 % and spam - 6.9 %

The comparison between fraud and spam percentage in Malaysia and USA can be obtained by the figures. Based on the statistics above, the fraud percentage for Malaysia in 2010 is 27.34 and spam percentage is 15.67 while for USA is 32.7% and 6.9 for spam percentage. Frauds in USA are in various types such as overpayment fraud, credit card fraud, advance fee fraud and miscellaneous fraud. In addition, fraud percentage in USA is higher than in Malaysia while spam percentage is higher in Malaysia than in USA. This means, fraud cases or complaints in developed country is higher than non-developed country. However, spam cases are a beginning to fraud cases.
14

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia15

For Malaysia, based on the mycerts website, the lowest percentage of cybercrime is year 2000 which is 1.3% where the numbers of complaints is 503 and the highest percentage is 39.42% where have been in year 2004 and the numbers of complaints is 1528. For USA, the percentage of cybercrime for the past 11 years is derived from the FBI and in collaboration with the IC3. The lowest percentage is 0.8% in year 2000 which the numbers of complaints is 16838, and the highest percentage of cybercrime is 16.67% which in year 2009 with the numbers of complaints is 346655.

Although USA is higher in the number of complaints regarding cybercrime, but the percentage is lower than in Malaysia when refer to the percentage of highest and lowest complaints from the year 2000 to the year 2010. This is due to the end users awareness on cybercrime is higher in USA than in Malaysia and the roles played by cyber security agency in USA is better than in Malaysia. Moreover, Malaysia lack of cybercrimes researches than in USA. The cyber technology in preventing and curbing cybercrimes in the USA is more advanced than in Malaysia.

The recent furore over leaked confidential information by online site Wikileaks has made corporations jumpy on the subject of cyber security, particularly when it was revealed that the sites sources are not only disgruntled whistle-blowers but also malicious hackers. On Feb 5 and 6, Anonymous (a group of hackers) invaded security firm HBGary Federals website and copied tens and thousands of documents and posted the companys email online. Malaysian firms are not exempt from cybercrime. Up to 83% of Malaysian Internet users have fallen victim to cybercrimes, which include computer viruses, online credit card fraud and identity theft, according to a report released in February by security software firm Norton. Every employee is a potential cyber security risk for corporations, said Adam Palmer, lead cyber security advisor to Norton in an interview with The Edge Financial Daily. Tips on how to prevent cybercrime Most cybercrimes are financially motivated. The impact of the economic downturn and financial crisis could potentially lead to the increase in cybercrime cases globally. With
15

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia16

people becoming jobless and unemployed, it can lead to the boom in spam, especially those related to false job offers. Install hardware and software that will recognise hacker attacks, data spying and data altering, like firewalls, encryption (for e-mail, the encryption program called Pretty Good Privacy can be used), virus detection and smartcards. An Intrusion Detection System can protect your information systems in the event of the failure of the firewall and from internal attacks. An Incident Handling System will be able to identify hacker attacks as they happen. Full backups are important so that evidence like damaged or altered files, files left by the intruder, the relevant IP address and login times can be collected. A police report should then be made. Assess our information systems to identify weaknesses. Ensure that computers that run critical infrastructure are not physically connected to any other computer that is possibly connected to the Internet. Maintain clear and consistent security policies and procedures. Use alphanumeric passwords (i.e. passwords with letters and numbers in them). Login passwords should be changed frequently. Employees have to be trained to understand security risks this practically means that they must know that they should never give out PINs, passwords and calling card numbers of the company without proper third party verification. Notorious hacker, Kevin Mitnick, who was the most wanted hacker at one time in the United States, told of how he accessed the information systems of the US Department of Motor Vehicles by simply calling up an officer, disguising himself as an officer from another government agency and obtaining the appropriate username and passwords from her. Report attacks to the National ICT Security and Emergency Response Centre (Niser) so that any pattern of cybercrime in Malaysia can be detected and large-scale attacks prevented. There must exist incident response capabilities so that there is appropriate action taken against impending attacks. When an employee resigns or is terminated, employers must always ensure that the former does not have access to their computers anymore. The 1997 UN Manual on the Prevention and Control of Computer-Related Crime noted that 90% of economic crimes such as theft of information and fraud were committed by the relevant
16

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia17

companys employees. Even the Malaysian Polices Technology Crime Investigation Branch is of the opinion that more often than not, unauthorised access, hacking or email abuse cases involve disgruntled employees taking advantage of ineffective security policies. Maintain backups of all important data. When external persons service your system, save confidential information on other media before the service. Observe them during the service. Never let external people take computers or servers with confidential information from your site. Prevention and Suggestion Apart from his own mentality and the strength of his motivations, the criminal also needs to see the path of crime ahead of him clear of obstacles. If every single individual were to put up obstacles of their own, no matter how small, the crime path will seem to be far less lucrative in the eyes of even the most desperate criminal. The fight against cybercrime must start with preventing it in the first place. The individual should be proactive, not reactive. You do not have to remain at the receiving end of crime forever. The fight against cybercrime starts in your very own home. Individuals should not reply any e-mail from unknown persons, they should learn to report spam mails to the e-mail server or any know cybercrime research sites. If there is one thing that makes committing cybercrime lucrative, it is the fact that victims rarely have the required knowledge or presence of mind to handle the situation. Cybercrime prevention can be straight-forward, when armed with a little technical advice and common sense, many attacks can be avoided. In general, online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can prevent online fraud.

Keep our computer current with the latest patches and updates.

One of the best ways to keep attackers away from our computer is to apply patches and other software fixes when they become available. By regularly updating our computer, we block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into our system.

17

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia18

While keeping our computer up-to-date will not protect us from all attacks, it makes it much more difficult for hackers to gain access to our system, blocks many basic and automated attacks completely, and might be enough to discourage a less-determined attacker to look for a more vulnerable computer elsewhere. More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that we do not have to remember to check for the latest software. Taking advantage of "auto-update" features in our software is a great start toward keeping ourself safe online.

Make sure our computer is configured securely.

Keep in mind that a newly purchased computer may not have the right level of security for you. When we are installing our computer at home, pay attention not just to making our new system function, but also focus on making it work securely. Configuring popular Internet applications such as your Web browser and email software is one of the most important areas to focus on. For example, settings in our Web browser such as Internet Explorer or Firefox will determine what happens when we visit Web sites on the Internet, the strongest security settings will give us the most control over what happens online but may also frustrate some people with a large number of questions ("This may not be safe, are we sure we want do this?") or the inability to do what they want to do. Choosing the right level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be properly configured without any sort of special expertise by simply using the "Help" feature of your software or reading the vendor's Web site. If we are uncomfortable configuring it yourself consult someone we know and trust for assistance or contact the vendor directly. Choose strong passwords and keep them safe.

Passwords are a fact of life on the Internet today, we use them for everything from ordering flowers and online banking to logging into our favorite airline Web site to see how many miles we have accumulated. The following tips can help make our online experiences secure:

18

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia19

Selecting a password that cannot be easily guessed is the first step toward keeping passwords secure and away from the wrong hands. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Avoid using any of the following as our password: your login name, anything based on our personal information such as your last name, and words that can be found in the dictionary. Try to select especially strong, unique passwords for protecting activities like online banking.

Keep our passwords in a safe place and try not to use the same password for every service we use online. Change passwords on a regular basis, at least every 90 days. This can limit the damage caused by someone who has already gained access to our account. If we notice something suspicious with one of our online accounts, one of the first steps we can take is to change our password.

Protect your computer with security software.

Several types of security software are necessary for basic online security. Security software essentials include firewall and antivirus programs. A firewall is usually our computer's first line of defense-it controls who and what can communicate with our computer online. We could think of a firewall as a sort of "policeman" that watches all the data attempting to flow in and out of our computer on the Internet, allowing communications that it knows are safe and blocking "bad" traffic such as attacks from ever reaching our computer. The next line of defense many times is our antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. More recent versions of antivirus programs, such as Norton AntiVirus or Avira, also protect from spyware and potentially unwanted programs such as adware. Having security software that gives us control over software we may not want and protects us from online threats is essential to staying safe on the Internet. Our antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet. Integrated security suites such as Norton Internet Security combine firewall, antivirus, antispyware with other features such as antispam and parental controls have become popular as they offer all the security software needed for online protection in a single package. Many
19

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia20

people find using a security suite an attractive alternative to installing and configuring several different types of security software as well as keeping them all up-to-date.

Protect our personal information.

Exercise caution when sharing personal information such as our name, home address, phone number, and email address online. To take advantage of many online services, we will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. Since not divulging any personal information is rarely possible, the following list contains some advice for how to share personal information safely online:

Keep an eye out for phony email messages. Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, Web site addresses with strange extensions, Web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often tell us that we have to act quickly to keep our account open, update our security, or urge us to provide information immediately or else something bad will happen. Don't take the bait.

Don't respond to email messages that ask for personal information. Legitimate companies will not use email messages to ask for our personal information. When in doubt, contact the company by phone or by typing in the company Web address into your Web browser. Don't click on the links in these messages as they make take us to a fraudulent, malicious Web sites.

Steer clear of fraudulent Web sites used to steal personal information. When visiting a Web site, type the address (URL) directly into the Web browser rather than following a link within an email or instant message. Fraudsters often forge these links to make them look convincing. A shopping, banking or any other Web site where sensitive information should have an "S" after the letters "http" (i.e. https://www.yourbank.com not http://www.yourbank.com)/. The "s" stands for secure and should appear when we are in an area requesting us to login or provide other sensitive data. Another sign that we have a secure connection is the small lock icon in the bottom of our web browser (usually the right-hand corner).

20

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia21

Pay attention to privacy policies on Web sites and in software. It is important to understand how an organization might collect and use our personal information before you share it with them.

Guard our email address. Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures we will be added to their lists for more of the same messages in the future. Also be careful when posting our email address online in newsgroups, blogs or online communities.

Online offers that look too good to be true usually are.

The old saying "there's no such thing as a free lunch" still rings true today. Supposedly "free" software such as screen savers or smileys, secret investment tricks sure to make us untold fortunes, and contests that we've surprisingly won without entering are the enticing hooks used by companies to grab our attention. While we may not directly pay for the software or service with money, the free software or service we asked for may have been bundled with advertising software ("adware") that tracks our behavior and displays unwanted advertisements. Wee may have to divulge personal information or purchase something else in order to claim our supposed content winnings. If an offer looks so good it's hard to believe, ask for someone else's opinion, read the fine print, or even better, simply ignore it. Review bank and credit card statements regularly.

The impact of identity theft and online crimes can be greatly reduced if we can catch it shortly after our data is stolen or when the first use of our information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing the monthly statements provided by your bank and credit card companies for anything out of the ordinary. Malaysia need a cyber court. It could, hopefully, speed up the prosecution of cyber criminals. And it would encourage more judges and lawyers to specialise in cyber laws. A very challenging issue in cybercrime investigation is the gathering of evidence. If there is a cyber court, there will be a need for a provision on how the court can facilitate and give
21

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia22

empowerment for evidence collection in a much, much easier way. This is a bottleneck due to the borderless nature of the Internet and multiple jurisdiction as evidence can come from two or more countries. The setting up of the court must take into consideration the bottleneck and how it can help ease evidence gathering. The government has acted wisely and is far-sighted as far as cyber security issues are concerned. It has created institutions like CyberSecurity Malaysia to help us face the challenges. There is also the National Cyber Security Policy which aims to reduce the vulnerability of ICT systems and networks. It tries to instill a culture of cyber security among Internet users and strengthen Malaysian self-reliance in terms of technology and human resources. Not many countries have such a policy or enacted laws like the Computer Crime Act 1997 and the Communication and Multimedia Act 1998. Our government should tighthen the enforcement of Computer Crime Act 1997 and the Communication and Multimedia Act 1998. Our government should allow more cybercrimes investigators agencies such as CyberSecurity Malaysia to take part in preventing cybercrimes in Malaysia.In the same time, people or end users of the Internet or computer should be educate and aware of the cyber security. More important, our government should increase the numbers of cyber professionals to improve the cyber security in Malaysia. Conclusion Cybercrime is increasing at an alarming rate worldwide with more than a million people becoming victims every single day, according to the Norton Cybercrime Report 2011. The victims of cybercrime also paid dearly with a total loss of US$388bil (RM1.21bil) to cybercriminals in 2010. According to Deputy Science, Technology and Innovation Minister Datuk Fadillah Yusof in Dewan Rakyat, the nation stands to lose RM2.73 billion in the next five years if cybercrimes are not properly manage The estimated losses involved various costs such as privacy protection and cyber security. He said based on police reports, the government suffered losses totalling RM22.3 million in 2009 and the sum increased to RM62 million last year. In a speech in Kuala Lumpur in February 2000, Deputy Prime Minister Datuk Seri Abdullah Ahmad Badawi stated that:

22

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia23

The development of the Multimedia Super Corridor and the creation of a pioneer legal and regulatory framework encompassing, amongst other things, the Communications and Multimedia Act, the Computer Crimes Act and the Digital Signatures Act is indicative of the Government's commitment towards the creation of a knowledge-based economy. (The Harvard Business School Alumni Club luncheon talk on Managing Malaysia in the New Global Economy.) Thus, the Computer Crimes Act must be seen not only as a law which regulates the behaviour of people who use and do business over the Internet, but it also must be seen as the Governments efforts to put in place soft infrastructure to nurture the MSC and the knowledge-based economy so that Malaysia can achieve Vision 2020. At the same time, the Government should be aware that technological innovation and the deviousness of human minds would mean that the law as well as enforcement must not only keep up with cybercriminals, but it must ensure that their officers are one step ahead of cybercriminals, ready to catch them if the cybercriminals perform their dirty deeds. Cybercrime is indeed getting the recognition it deserves. Cybercrimes seems to be yielding much to developing nations, so it is not going to be curbed that easily. Offline crime rates have reduced in most developing nations because the offline criminals have gone high-tech and are making huge money from the business. In fact, it is highly likely that cybercrime and its perpetrators will continue developing and upgrading to stay ahead of the law. In conclusion, Malaysia, in its bid to be technologically advanced has put into place its various national Information Communication and Technology (ICT) projects such as the Multimedia Super Corridor and the various technology parks to promote the use and development of ICT. Such promotion will result in a widespread use of the Internet and the Internet culture. It is submitted that Malaysia must have up-to-date laws to effectively deal with the cybercrimes that comes along with the Internet. To this end, Malaysia must constantly check and conduct measurements to determine the use utility of its current laws to combat cybercrime. One cannot deny that the online environment cannot and will never be rid of cybercrimes due to the Internets unique architecture.

23

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia24

References : McQuade, S. (ed) (2009) The Encyclopedia of Cybercrime, Westport, CT: Greenwood Press. Walden, I. (2007) Computer Crimes and Digital Investigations, Oxford: Oxford University Press. Wall, D.S. (2007) Cybercrimes: The transformation of crime in the information age, Cambridge: Polity. Mitnick, K.D. & Simon, W.L. (2002), The Art of Deception, United States of America: Wiley Publishing, Inc Power, R. (2000), Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace, Indiana: QUE Corporation Sonya Liew Yee Aun, An Introduction To Cybercrimes: A Malaysian Perspective, Prosiding Seminar Kebangsaan E-Komuniti 2005. UKM. 6-7 Disember 2005. Putrajaya Communications and Multimedia Act 1998 Computer Crimes Act 1997 http://library.thinkquest.org/06aug/02257/more.html http://www.bestarticleworld.com/2009/12/article-on-society-and-increasing-cyber.html New Straits Times Press, 27 October 2010 http://www.malaysiandigest.com/news/21919-cybersecurity-malaysia-intensifies-fightagainst-cybercrime.html
24

Cyber Crimes In Malaysia And USA : What Should We Do In Malaysia25

http://www.mycert.org.my/en/services/statistic/mycert/2010/main/detail/725/index.html http://scamfraudalert.wordpress.com/2010/03/13/fbi-2009- cybercrime-statistics http://www.reportcybercrime.com http://www.wikipedia.org http://www.symantec.com http://www.crime-research.org/ http://www.niser.org.my http://www.cybersecurity.my http://thestar.com.my http://www.fbi.gov

25