Professional Documents
Culture Documents
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/5105324
CITATIONS READS
0 178
2 authors, including:
Gita Radhakrishna
Multimedia University
13 PUBLICATIONS 4 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Gita Radhakrishna on 20 February 2017.
The user has requested enhancement of the downloaded file. All in-text references underlined in blue are added to the original document
and are linked to publications on ResearchGate, letting you access and read them immediately.
INTERNATIONAL CONFERENCE ON FINANCE & BANKING 2005
Citation: Gita Radhakrishna and Leo Desmond Pointon, Fraud In Internet Banking:- A
Malaysian Legal Perspective Advances in Research in Business & Finance: banking &
1.1 Introduction
Internet banking made its advent in Malaysia in June 2000 with the Central Bank, Bank
banking products and services offered by banking institutions on the internet through
access devices, including personal computers and other intelligent devices. This paper
looks at the legal issues specific to internet banking, focussing on the incidence of fraud
and its prosecution. The research objective is to investigate three questions in relation to
Malaysia. Firstly, the incidence of fraud in internet banking, secondly, the adequacy of
the relevant regulations and statutes, and thirdly, the problems in adducing electronic
BNM as the financial authority in the country, vets every application for a license to
operate a banking business and forwards its recommendations to the Minister of Finance
who then acts upon such advice. Internet banking services in Malaysia are provided by
the traditional bricks and mortar banks which have added this service as an additional
1
delivery channel to their existing range of services. The purely virtual or internet only
banks have not as yet made their appearance on the Malaysian banking scene. BNMs
Supervision (BCBS) and the Bank for International Settlements (BIS). Currently there are
is an increase of 15.4% from 2003. This represents a penetration rate of 7.9% to total
internet banking as a convenient and safe delivery channel to access banking services.
The main concerns in internet banking have been identified as strategic risk, transactional
risk, compliance risk, reputational risk and traditional banking risks. All the major
operational areas in banking represent a good opportunity for fraudsters, which in internet
banking is particularly manifold. Firstly, there is the traditional risk of fraud being
committed by a banks own employees. Secondly, banks are not able to take sole
responsibility for the provision of their services. They are of necessity dependant on third
party service providers for the provision and maintenance of technical support. This
means an increased risk of intrusion along the various links in the chain. Thirdly
technology and the borderless nature of the internet has enabled breaking into a bank
through the use of remote computers located anywhere in the world. Fourthly, technology
has again enabled fraudsters to access bank accounts through consumers themselves
through the method of phishing or identity theft which is the offence selected for study
1
Bank Negara Malaysia Annual Report (2004) , p 222.
Available online:- http://www.bnm.gov.my/files/publication/ar/en/2004/cp10.pdf ; Visited on 3.10.2005
2
herein The guidelines introduced, have been specifically designed to counter these risks.
The repercussions of phishing have transcended the simple theft of credit and debit card
account numbers to facilitate the thiefs shopping spree, to drug trafficking, money
laundering and terrorist financing. Phishing is today the primary threat to internet
banking! Transactions are incredibly mobile and afford anonymity, leaving a challenging
Internet Banking Task Force was established by BNM to develop industry-wide best
incidences2.
In order to determine this, data was collected through a series of questionnaires and
BNM, the Technology Crimes section of the Commercial Crimes Department of The
Royal Malaysian Police (RMP) and the Commercial Crimes Division of the Attorney
Generals Chambers (AG). Table 13 below shows general statistics on the type and
volume of commercial crimes for the period 1997 to 2004, compiled by the Commercial
Crimes Division, RMP. Some of those charged may plead guilty and be sentenced
forthwith, whilst others may be referred to the Attorney Generals Office for assessment
2
Supra n 1
3
Statistics from Polis Di-Raja Malaysia, Available online:- www.rmp.gov.my/statistics , .
Statistics from the Attorney Generals Chambers derived from a Questionnaire submitted on 28 th.
September 2004
3
of the probative value of the evidence, amendment or withdrawal of charges, plea
bargaining and prosecution. This accounts for the marked variance in the statistics
compiled by the AGs Chambers on the number cases actually prosecuted. Compilation
division within the Commercial Crimes Department of the Police and the enactment of
certain cyber legislation such as the Digital Signatures Act 1997 (DSA), Computer
Crimes Act 1997 (CCA), Communication and Multimedia Act 1998 (CMA).
KEY :- Figures without brackets indicate statistics from the Polis Di-Raja Malaysia
* indicates statistics from the Polis Di Raja Malaysia as only up to August 2003
[ ] Figures in brackets indicate prosecutions by the Attorney Generals Chambers
4
The range of crimes covered under the term cyber crimes4 is rather wide. Cybercrime
committed on the internet. The offences cover hacking, virus writing, fraudulent
withdrawals of cash using fake Automated Teller Machines (ATM) cards, online credit
card fraud as well as offences such as defamation, false allegations and discrediting
another via the internet, use of counterfeit access devices installed at ATM machines,
Statistical data relating to individual offences are not available. However offences under
s.4 CCA 1997 and s. 232 and 233 CMA 1998 have been steadily increasing . The incidents
relate basically to illegal withdrawals of cash at ATMs. as well as wire tapping into the
distribution points to intercept data being transmitted from credit cards eg. from service
providers at telephone terminals or point of sale terminals by attaching a small device with
Table 2 relates to fraudulent fund transfers committed specifically through the medium of
internet banking transactions.5 For eg. it would be easy for a bank employee or a criminal
who infiltrates the banks client accounts to program the computer to round off each
customers account down to the nearest 5 sen and transfer a minimum of 1 sen in each such
calculation to his own account. That in itself would amount to a tidy daily income.
4
The Star:- Thursday October 21st. 2004 p 2
5
Ibid As the cases are still under investigation the matter is sub judice and therefore material facts are not
available for discussion.
5
Table 2:- (Polis Di-Raja Malaysia_)
As can be seen this medium of white collar crime is still in its infancy and the tracing of
process compounded by the lack of manpower. The modus operandi is normally through
spam e-mail. It is the practice of sending unsolicited e-mail, usually of a commercial nature
in large numbers and repeatedly to individuals with whom the vendor has no previous
contact and whose e-mail address may be found in a public place on the internet such as
newspapers, mailing lists, directories and/ web sites6. Table 3 below provides spam
National ICT Security and Emergency Response Centre (NISER) reports that the spam
incidents show a 62% decrease in the second quarter mainly attributable to more local
Internet Service Providers (ISP) installing anti-spam filters in their e-mail gateways leading
6
The New Straits Times Monday, 6th September 2004:- Computimes p 6
7
National ICT Security and Emergency Response Centre:- Incident Statistics
Available online:- http://www.niser.org.my/statistics.html ; Visited on:- 3.10.2005
6
this case the fraudster will normally set up a fake or spoof bank website and require the
unsuspecting account holder to fill in his account details and password on the pretext of
updating or reconstructing the website (phishing). Once the necessary particulars are
obtained, a third party, normally a drug addict or a student is paid a nominal sum to open
an account in a bank and the money from the victims account is then transferred to the
third partys account and withdrawn.8 Although much publicity has been given to the
offence of phishing, statistical records for this particular offence are not available from the
police because Banks adhere to a strict statutory code of banking secrecy9 so as not to
received complaints that four local banks had been victims of a major phishing attack 10 A
total of 92 phishing cases were reported to the NISER in 2004. The modus operandi was
phishing. A bogus e-mail phishing for internet banking usernames and passwords was
Table 4
8
Derived from a personal interview and questionnaire submitted to the Polis diRaja Malaysia, Commercial
Crimes Department, Technology Crimes section on 16 th. August 2004. As the cases are still under
investigation the matter is sub judice and therefore material facts are not available for discussion
9
s.97 102 Banking and Financial Institutions Act 1989
10
Steven Patrick:- MyCERT: Less hacking, more phishing (2nd.August 2005 (The Star)
MyCERT is a unit of the National ICT Security and Emergency Response Team (NISER) responsible for
tracking, logging and analyzing security incidents,
Available online:- http://www.niser.org.my/news/2005_08_02_01.html ; Visited on 24.9.2005
11
Phishing e-mail targets local Internet banking users (19th May 2005 (The Star)
Also available from NISER Available online:- http://www.niser.org.my/news/2005_08_02_01.html
7
Subject: Hong Leong/Bumiputra Commerce/AmBank Group/Alliance Bank
You must complete this process by clicking on the link below and entering in the small
window your Hong Leong/Bumiputra Commerce/AmBank Group/Alliance Bank online
access details.
This is done for your protection - because some of our members no longer have access to
their email addresses and we must verify it.
To verify your e-mail address and access your account, click on the link below:
:http://www.alliancebank.com.my/euDs4yqktp3iz7c290ka
In this case NISER traced the phishing websites to a single machine in Russia, whereupon
their Russian counterparts followed-up and shut down the phishing website within 2 days12
Hence the formation of the Internet Banking Task Force by BNM to monitor these
12
Supra n 10. The Report however does not mention whether fraudsters were caught and or charged.
8
Apart from charges being formulated specifically under the new cyber legislation, a lot of
framed under the Malaysian Penal Code. These are typically crimes of cheating and
Table 5:- PROSECUTIONS UNDER THE PENAL CODE FOR THE YEAR 2003
1.4 Are the current statutory provisions and regulations in Malaysia adequate for the
The introduction of cyber laws has aroused much interest and discussion. As can be seen
from the foregoing data, it is the CCA 1997 and the CMA 1998 that are being used
together with the Penal Code itself. It is trite law that the standard of proof required in all
criminal offences is beyond reasonable doubt. To apply any other standard would be a
13
Laporan Tahunan Bahagian Pendakwaan 2003 ms 11 (Annual Report 2003:- Prosecution Division of the
Attorney Generals Chambers, p 11)
9
grave misdirection incapable of being cured as affirmed by the Court of Appeal in the case
The CCA 1997 which has been modeled after the United Kingdoms Misuse of
Computer Act 1990 (UKMCA), received the Royal Assent on 18th. June 1997 and came
into force on 1st. June 2000. It is a short Act divided into 3 parts, with just 12 sections with
cross references to the Penal Code with respect to the terms fraudulantly and
dishonestly
(i) unauthorized access to computer material [section (s) 3(1),] The penalty a fine not
exceeding RM 150,000/- and/or imprisonment for a term not exceeding ten years.
This penalty, is said to be among the highest in the world for such offences15.
computer, [s.6]
14
[1997] 3 CLJ SUPP 223
15
Sulaiman Azmil:- Crimes on the Electronic Frontier -- Some Thoughts on the Computer Crimes Act
1997, [1997] 3 MLJ lix
10
(v) inchoate offences such as abatement and attempt to commit any act that is an
offence under the CCA s.7(1). This carries a penalty of a maximum fine of RM
Although the foregoing data shows an increase in the number of offences being charged
under the Act, the provisions have not as yet been tested in Court. (even without
restricting the focus to only internet banking related cases which are in its infancy). The
reasons for this range from inter alia the newness of the crime, time consuming
manpower Therefore any views on its efficacy, at this stage, would be premature and
purely speculative It is nevertheless noted with interest that certain incidents relating
specifically to internet banking have been preferred by the police under s.4 CCA16 which
is termed as an ulterior intent offence. One wonders at this stage whether the charges will
However as specific facts are not available (matters being sub judice) it would be
Incidentally though the CCA has been modeled after the UKMCA in the UK separate
anti-spam and identity theft legislation have been enacted to criminalize the offence of
16
Refer Table 2
11
Although the Act received the Royal Assent on 23rd. September 1998 it only came into
force on 1st April 1999. The Act repeals the Telecommunications Act 1950 and the
Broadcasting Act 1988. Among its stated objectives is to promote a national policy on
Commission (MCMC), ensure information security, network reliability and integrity and
networked services and activities only. The key participants in the industry who are
(iv) content applications service providers who are a special subset of (iii) above.
multimedia industry. For the purposes of this paper s. 232 is of relevance as it covers
s.232. criminalises fraudulent use, possession or creation of inter alia network facilities
and network services. The penalty on conviction is a fine not exceeding RM 300,000 and
The Penal Code the backbone of a legal systems criminal laws continues to serve the
efforts of prosecutors and law enforcers in this new field as well. As noted earlier the
main provisions relating to most white collar crimes are equally applicable to the new
12
genre of technology related crimes. The relevant provisions here are sections 405 to 409
s.405. Criminal breach of trust (also known as criminal breach of trust simpliciter)
His Lordship Chang Min Tat FJ in the case of Tan Sri Tan Hian Tsin v Public
.. he is guilty of the offence (criminal breach of trust) as the person who dips his hands
in the companys till on a Saturday morning for his own use, say for instance, a week
ends flutter at the races or the casino, even though he has every intention to pay the
money and in fact does so first thing on the following Monday morning.
This section does not require the creation of a trust as under the law of trust. What is
important is the creation of a relationship whereby the legal owner of property makes it
disposed of by him on the happening of a certain event. It is not necessary that the
Under s. 405, the prosecution must establish that the accused was either:
17
[1979] 1 MLJ 73
18
George Mary:- Criminal Breach of Trust Under Malaysian Law : A Review [1990] 1 CLJ i (Part I) and
x (Part II)
13
In PP v. Yeoh Teck Chye19 the accused was a bank manager who was alleged to have
approved payment of cheques to a customer in excess of his overdraft. The accused was
practice. The penalty under s.406 is imprisonment for a term between one to ten years,
s.408. and s.409 deal with criminal breach of trust by clerk or servant and by a
sections 407 to 409 are the same as in s. 405. Whilst the penalty under s. 408 is the same
as that under s. 405, the penalty under s. 409 is stiffer, imprisonment for a term between
two years to twenty years, whipping, and a fine based on judicial discretion.
The case of PP v Aman Shah bin Ahmad (Unreported) KL SC (1) Arrest Case No.
62-50-9020 was one of the earliest cases of using a computer to commit criminal breach
of trust. The accused was charged for 7 offences under s.408 for transferring property in
the total amount of RM 4.01 million with which he was entrusted belonging to Hock Hua
Bank to one Bistro Advertising Agencys account at Bank Bumiputra Malaysia Bhd.
belonging to him between January and March 1990 by means of a series of online
transfers.
A more recent case is that of a former general manager with BBMB Securities Sdn Bhd,
Abdul Jalil Yaakob, 48 who was on 18th. December, 2004 charged under s.409 (known
19
PP. v. Yeoh Teck Chye [1981] 2 MLJ 176
20
Nazura Abdul Manap and Anita Abdul Rahim ;- Pemasalahan Frod/Penipuan Komputer Sejauh Manakah
Penyelesaian nya? ( How Remote is the Solution to Computer Fraud / Cheating ?) 1 MLJ [2002] lix
14
as the bankers section) with commiting criminal breach of trust involving RM79.9
In Alor Setar Sessions Court Arrest Case PP v Tan Khay Guan (2004) The accused a
bank manager of the RHB Mergong branch, was charged under s.409 for criminal breach
of trust on November 11, 2004. Tan was charged with siphoning off RM 22.2 million
over a period of five months He had allegedly used his position to channel the bank's
money into two separate accounts by manipulating the overdraft facilities of two
accomplices whose loan applications had been rejected some years previously and routed
the money by online transfers to a $2/- share company in Hong Kong 22.
It is submitted that these cases of criminal breach of trust23 have been preferred under the
Penal Code rather than the CCA 1997 because firstly, they satisfy the fiduciary element
Secondly, in order to reflect the gravity of the crime. The Penal Code imposes mandatory
Under s.4(3) CCA the penalties are discretionary, ie. a fine not exceeding RM 150,000/-
or imprisonment of up to 10 years and /or both. Thus the penalties under the Penal Code
are harsher and more punitive than the CCA and ought to serve as a stronger deterrent.
However it is submitted that the statistical history of commercial crimes do not bear
15
s.415. to s. 420 deal with the offence of Cheating.
The sections do not specifically refer to inducement over the internet, nor to
targeted victims over the internet. The elements required to be established are
causes or is likely to cause damage or harm to any person in body, mind, reputation,
or property.
phishing either in the Penal Code or CCA, this offence could well be prosecuted
under s.415 as it would have intentionally induced a person into doing anything which he
would not do if not so deceived to do and which causes damage to his property ie. money
in his bank account in this case and which could possibly lead to the commission of
s.417. provides the penalty for cheating, ie.imprisonment for a term up to five years, or
16
This Act came into force on 15th. January 2002 with further amendments in relation to
anti- terrorism financing which were gazetted on 25th December 2003 though they are not
as yet in force. On April 23rd. 2004 Dr. Hamimah Idruss became Malaysias first
person to be charged under AMLA for money laundering in the sum of US$ 9,763,391.5
(RM 37,062,251 .65) with further charges for aiding and abetting under the Penal
Code.24 The facts of the case are not available as the case has yet to be heard. This would
be an interesting case to follow through as it would reveal the possible issues that could
By s. 3 money laundering has been given the widest possible definition covering anyone
By s.4(i). the penalty upon conviction is a fine not exceeding five million ringgit or to
Evidence is anything that demonstrates, clarifies or shows the truth of a fact or point in
question. Electronic evidence is information and data of investigative value that is stored
24
New Straits Times April 24th. 2004
17
Amendments to the Evidence Act 1950 (EA) in 1993 provided for the admissibility of
was sought as to the admissibility and probative value of computer generated documents
from the Court of Appeal. His Lordship Mahadev Shankar JCA: clarified that s. 90A was
enacted to bring the "best evidence rule" up to date with the realities of the electronic age.
It is submitted that s.64 Digital Signatures Act (DSA) 1997 and the amendments to s.90
EA read together puts paid, any argument as to the admissibility or probative value of
Electronic evidence:
Is sometimes time-sensitive.
The growing use of the internet, electronic banking, online hosts and bulletin board
systems means that evidence needs to be collected from remote computers for use in legal
proceedings. The traditional law of evidence as in the best evidence rule and the rule
against hearsay may have to be rethought and reformulated. Issues such as the probative
value of such evidence need to be addressed even if the strict rules of admissibility are
removed. Thus the background processes involved need to be understood if courts are to
25
[1997] 4 CLJ 6
18
The majority of computer derived exhibits in internet banking take the form of print outs
of accounts, statements, invoices, reports, memoranda and such like. Electronic data are
formatting and the structure and content of electronic forms, may be lost, or even the
record itself destroyed unless appropriate steps are taken. Similarly, unless such changes
are thoroughly documented, it can be difficult to demonstrate that the critical information
was not changed in the process. In transition between systems, institutions sometimes
electronic based systems. Because information from all systems may be required to be
maintained and may be needed for various purposes, institutions should address retention
Another form of computer evidence is read-out from single purpose devices such as
alcohol level metres and telephone call loggers.26 A newly emerging form of evidence is
that derived from data media ie. files derived from hard discs installed within computers,
removable floppy discs used for temporary storage, tapes and optical discs used for back
up or archives. The problem with data media is that it may only be obtainable with the
time it may not contain the precise files required or alternatively under search and seizure
provisions with a warrant. Here again there is danger of the file being altered in the time
taken to obtain such a warrant or order. Investigators and regulators tendering such
26
Sommer Peter:- Downloads, Logs and Captures Evidence from Cyberspace Journal of Financial Crime
Vol.5 No.2 , p 138 Available online:- http://www.bna.com/products/ip/ctlr.htm > Electronic Commerce
Law Report
19
evidence in court may face the problems of admissibility arising from the following
allegations:-27
(i) authenticity:- was the file acquired what was on the remote computer? The court
has to be satisfied that the file was acquired from its purported source.
(ii) accuracy:- was the process of acquisition free from error? There should be no
room for reasonable doubt about the quality of procedures used to collect,
analyse, and produce it in court. It should also be proved that material once
acquired was not tampered with. This would require a competent witness to
(i) computer data can change moment to moment within a computer and along a
(ii) computer data be can easily altered without leaving any obvious trace that such
27
Ibid.
Further reading:-USA:- National Institute of Justice:- Electronic Crime Scene Investigation: A Guide for
First Responders (July 2001) Available online:-http://www.ncjrs.org/txtfiles1/nij/187736.txt
UK:- Association of Chief Police Officers, Good Practice Guide for Computer Based Electronic
Evidence Available online:- http://www.4law.co.il/Lea92.htm
20
(iii) computer material can also be easily changed in the process of collecting it as
evidence, the very act of opening an application or file can create changes through
(iv) there can be much computer evidence which is not obviously apparent and
court may be print outs of any number of possible permutations of the purported
original. Thus computer derived exhibits require the court to make a chain of
(v) computers create evidence as well as record and produce it. The traditionally
written or typed, but in the computerised version only the original entries are
(vi) another area of computer evidence that is engaging the attention of the legal
academia in the USA and the UK is pretrial discovery and disclosure of electronic
evidence in both civil and criminal litigation. The problems here is that there are
now new types of data to be located such as in e-mails, meta- data, network
records, archives and ghost data or deleted files and the policy considerations
28
Kenneth J. Withers:- Is Digital Different? Electronicl Discovery and Disclosure in Civil Litigation
(1999) Available online:- http://www.kenwithers.com/articles/bileta/
Further Reading:-
21
would depend on the extent of powers of search and seizure accorded in the
specific statute.
As such the science of computer forensics has also developed to keep pace with the
need to trace data and authenticate evidence in court. The Technology Crime Division
of the RMP have established a computer forensics lab to assist in such investigations
and provide expert evidence to satisfy the evidentiary rules. In the course of cross
(ii) what immediate stages were required to produce the exhibit as it is shown?
(iii) what computers were involved at each stage? Which was the source
(iv) Who was involved in these intermediate stages and what did they do?
In order to satisfy the evidentiary requirements related to computer evidence certain key
(i) Remote computers correct working test. It is necessary to show the court that
the computer was in proper working condition at the time. If all that the
United States Department of Justice, Computer Crime and Intellectual Property Section, Criminal Division,
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations.
Available online:- http://www.cybercrime.gov/s&smanual2002.htm
29
Supra n 42
22
cabinet) placed by persons the test may be relatively easy to satisfy. But what
the customer and satisfy the court. This is where DSA 1997 provides for
show that data has been obtained from a specific computer and nowhere else.
pays the telephone bills, and/or who occupies the premises. Thus the issue of
established through the internet. Hackers have been known to attack web sites,
official website. Thus the website is faked and appears to be coming from one
30
Supra n 42 The weakness arises from the fact that most websites are updated remotely. HTML pages are
created on computers other than the one hosting the site (as where a bank out sources its services) and are
FTPd (File Transfer Protocol) over the internet. Packet sniffing enables hackers to identify packets
carrying FTP requests destined for the website and which carry sequences associated with log-ons and
passwords.
23
(iii) Content party authenticaton test. Here evidence from the remote computer
has to be linked to the accused and the events that are the subject matter of the
legal proceedings, ie. particular day and time. This will require witness
media, or the possibility of inference from the nature of the contents of the
files.
(iv) Acquisition process test. Here a full and credible explanation of the process
by which the file was acquired from the remote computer to the users
machine, to show that the result is accurate, complete and free from
and plays back a complete record of all characters received by the terminal.
what was done subsequent to the material being retrieved, eg. viewed,
(vi) Quality of forensic presentation test. Evidence has to be given as to what was
Thus presenting electronically derived evidence into a form that a court can handle,
usually a print-out means a certain degree of processing will be required. This therefore
calls for a high degree of technical knowledge of the nature of electronic evidence by all
parties and further calls for a thorough and disciplined approach to evidence gathering
24
and presentation on the part of investigators, auditors, computer managers and lawyers.
Following from this therefore rules have to be formulated as to how, and for what
duration electronic data must be stored who may have access to it, for what purpose and
Currently neither the CCA 1997 nor the CMA 1998 address the issue of minimum
storage period thus data stored in logs could well be deleted within 48 hours thereby
hampering police investigative work.31. Internationally too no laws have yet been
formulated in this area. Network service providers and administrators formulate their own
policies in respect of record keeping and maintain data only so long as operationally
necessary which would not be more than a few weeks. 32 Thus this is an area which
requires careful study and the possible reformulating of the law of evidence in respect of
the rule against hearsay, record keeping and powers of search and seizure.
banking, are still in their infancy in Malaysia, they are nevertheless on the rise, as
evidenced by the statistics from the RMP. Prosecutions of such crimes are only preferred
31
Information obtained during a personal interview of ASP Mahfuz bin Dato Abdul Majid at 11.00 a.m. on
Wed. 16th. August 2004, of the Technology Crimes Division , Commercial Crimes Department, Polis Di
Raja Malaysia.
US CODE 18 CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION
AND INTERCEPTION OF ORAL COMMUNICATIONS Section 1250 (17)
Electronic storage" means-- any temporary, intermediate storage of a wire or electronic communication
incidental to the electronic transmission thereof.
32
Best Data Practices for Online Service Providers from the Electronic Frontier Foundation
Available online:- http://www.eff.org/osp/20040819_OSPBestPractices.pdf
25
under the specific cyber laws such as the CCA 1997 and the CMA 1997 in relation to
hackers who gain unauthorized access into an institutions systems. The ratio of
prosecutions to charges varies greatly owing to a variety of factors, such as a guilty plea,
plea bargaining, amendment of charges, lack of evidence, time taken to trace suspects,
investigate, collect evidence, prepare for trial and manpower shortage. From the
continue to be effectively prosecuted under the Penal Codes provisions for criminal
breach of trust and cheating. In this connection the amendments to the EA 1950, together
with s.64 DSA 1997 facilitate the admissibility of computer generated records in court
proceedings and as such there has to date been no serious challenge to the same. It may
records, for computer, in keeping with the spirit of the definition of document in the EA
Trade Law (UNCITRAL) provides for the admissibility of data messages generated
The subject of adducing electronic (as opposed to just computer specific) evidence is
electronic evidence faces the challenge of conformity with the best evidence rule and the
33
UNCITRAL Preamble and Article 9. Available online:-http://www.uncitral.org/en-index.htm
26
In Rodd v. Raritan Radiologic Associates34 Judge Weinstein observed that computer
technology is like the proverbial genie that has come out of the bottle. Stuffing it back
manipulation. The courts will have to harness this unbound energy and set rules for its
appropriate use in the courtroom. And appellate courts will have to accept yet another
REFERENCES
3. Best Data Practices for Online Service Providers from the Electronic Frontier
Foundation
Available online:- http://www.eff.org/osp/20040819_OSPBestPractices.pdf
4.. George Mary:- Criminal Breach of Trust Under Malaysian Law : A Review [1990]
1 CLJ i (Part I) and x (Part II
34
[2004 N.J. Super. LEXIS 418 [N.J. App. Div. Nov. 24, 2004].] quoted in Hoenig, "Computer-Generated
'Pedagogical' Devices: Admissible or Not?" The New York Law Journal, Nov. 8, 2004, p. 3.
Avalable online:- http://www.lexis.com/research/ >Legal News Publications >Computer Evidence
27
6. Kenneth J. Withers:- Is Digital Different? Electronicl Discovery and Disclosure in
Civil Litigation (1999) Available online:- http://www.kenwithers.com/articles/bileta/
9. Nazura Abdul Manap and Anita Abdul Rahim ;- How Remote is the Solution to
Computer Fraud / Cheating ? 1 MLJ [2002] lix
13. Phishing e-mail targets local Internet banking users (19th May 2005 (The Star)
Also available from NISER ; Available online:-
http://www.niser.org.my/news/2005_08_02_01.html; Visited on 25.5.2005
15. Steven Patrick:- MyCERT: Less hacking, more phishing (2nd.August 2005 (The
Star) Available online:- http://www.niser.org.my/news/2005_08_02_01.html ;
Visited on 24.9.2005
16. Sommer Peter:- Downloads, Logs and Captures Evidence from Cyberspace Journal
of Financial Crime Vol.5 No.2 , p 138 Available online:-
http://www.bna.com/products/ip/ctlr.htm > Electronic Commerce Law Report
17. Sulaiman Azmil:- Crimes on the Electronic Frontier -- Some Thoughts on the
Computer Crimes Act 1997, [1997] 3 MLJ lix
19. USA:- National Institute of Justice:- Electronic Crime Scene Investigation: A Guide
for First Responders (July 2001) Available online:-
http://www.ncjrs.org/txtfiles1/nij/187736.txt
20. United States Department of Justice, Computer Crime and Intellectual Property
Section, Criminal Division, Searching and Seizing Computers and Obtaining Electronic
Evidence in Criminal Investigations. Available online:-
http://www.cybercrime.gov/s&smanual2002.htm
28
21 UK:- Association of Chief Police Officers, Good Practice Guide for Computer Based
Electronic Evidence Available online:- http://www.4law.co.il/Lea92.htm
STATUTES
CASES
1. Alor Setar Sessions Court Arrest Case PP v Tan Khay Guan (2004
29
5. PP v Aman Shah bin Ahmad (Unreported) KL SC (1) Arrest Case No. 62-50-90
7. Rodd v. Raritan Radiologic Associates 2004 N.J. Super. LEXIS 418 [N.J. App. Div.
Nov. 24, 2004].
24
http://www.abanet.org/adminlaw/annual2004/Phishing/PhishingABAAug2004Rusch.ppt#10
25
http://www.abanet.org/adminlaw/annual2004/Phishing/PhishingABAAug2004Rusch.ppt#10
Illegal Fund Manager jailed over Internet Investment Scam
The Kuala Lumpur Sessions Court has sentenced businessman Phazaluddin bin Abu, 49, to four
years in jail after he was convicted of operating an online investment scam without holding a fund
managers licence. He is the first person in the country to be convicted of operating an illegal
online investment scam, after the Securities Commission Malaysia's (SC) investigations found
that he had raised RM65 million from 52,000 investors in 2007 via a website.
MLA Reference No: MLA-120710-R-04; Source(s): SC website; Date(s) of Publication: 09/07/2010; Original Title(s): Illegal
fund manager jailed for 4 years over internet investment scam; Practice Area(s): Cyber Law, Economic Crimes
[Back to Table of Contents]
Do
30