Note 7 The National Computer Security Survey (NCSS) documents the nature, prevalence, and impact of cyber intrusions

against businesses in the United States. It examines three general types of cybercrime:

Cyber attacks are crimes in which the computer system is the target. Cyber attacks consist of computer viruses (including worms and Trojan horses), denial of service attacks, and electronic vandalism or sabotage. Cyber theft comprises crimes in which a computer is used to steal money or other things of value. Cyber theft includes embezzlement, fraud, theft of intellectual property, and theft of personal or financial data. Other computer security incidents encompass spyware, adware, hacking, phishing, spoofing, pinging, port scanning, and theft of other information, regardless of whether the breach was successful

Summary Findings In 2005, among 7,818 businesses

67% detected at least one cybercrime. Nearly 60% detected one or more types of cyber attack. 11% detected cyber theft. 24% detected other computer security incidents. Most businesses did not report cyber attacks to law enforcement authorities. The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year. Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more. By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000. System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.

Note 8 The cyber crime statistics below the list of schools illustrate some of the general trends in the field of hi-tech crimes. Marked increases in cyber crime statistics result in an increasing need for professionals capable of responding to and investigating cyber crimes, and conducting computer forensic examinations of evidence in these cases.

Cyber Crime Statistics from the 2006 Internet Crime Report*

In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints. More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies. Most of these were consumers and persons filing as private persons. Total alleged dollar losses were more than $194 million. Email and websites were the two primary mechanisms for fraud. Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million. The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud. Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).

The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the National White Collar Crime Center's site.

Note 9

The Federal Bureau of Investigation [FBI] in collaboration with the Internet Crime Complaint Center [ic3.gov] have again published its annual report that shows cybercrime continue to be on the increase. The Executive Summary is listed below and the complete Report can be read at Internet Crime Complaint Center website

Executive Summary

Further information about these changes can be found in Appendix I of this report.

Note 10
Jenayah Siber di Malaysia Naik 100% 13 Januari 2009 (Harian Metro) KUALA LUMPUR: Meningkat, namun masih terkawal, kata Ketua Pegawai Eksekutif CyberSecurity Malaysia (CyberSecurity), Leftenan Kolonel (B) Husin Jazri, mengulas mengenai peningkatan kegiatan jenayah siber di negara ini. Katanya, sebanyak 2,123 aduan jenayah maya diterima pihaknya tahun lalu, meningkat 1,085 berbanding tahun sebelumnya. Menurutnya, peningkatan itu fenomena biasa berikutan perkembangan mendadak pengguna Internet setiap tahun. Tahun lalu, kami menerima 2,123 aduan berbanding 1,038 pada 2007. Daripada jumlah berkenaan, aduan terbanyak membabitkan kes penipuan iaitu 907 kes, diikuti kes cubaan mengganggu (766), kod berniat jahat (277), ancaman penggodam (89), gangguan siber (72) dan penafian perkhidmatan (12). Kes jenayah siber serius hanya membabitkan jumlah kecil dan berdasarkan penilaian profesional ia masih dapat dikawal. Peningkatan jumlah ini fenomena biasa berikutan penambahan pangkalan Internet, katanya pada sidang media sempena majlis perasmian Seminar Pertama Pasukan Tindak Balas Kecemasan Komputer Pertubuhan Persidangan Islam (OIC-CERT) di sini, semalam. Hadir sama, Ketua Setiausaha Kementerian Sains, Teknologi dan Inovasi (Mosti), Datuk Abdul Hanan Alang Endut serta Ketua Teknologi Maklumat, Sekretariat Umum OIC, Mohamed Abdulrahman Elbusefi. Mengulas lanjut, Husin berkata, banyak penyebab yang menjadi pendorong segelintir individu sehingga terjebak ke dalam kancah jenayah terbabit. Antaranya desakan kewangan akibat kesan kemerosotan ekonomi dunia. Bagaimanapun, apa yang penting, pemantauan secara berterusan bagi memastikan jenayah berkenaan tidak terus meningkat di luar kawalan, katanya. Sementara itu, Abdul Hanan dalam ucapannya berkata, negara anggota OIC yang menyertai pasukan berkenaan yang baru diwujudkan, boleh mengambil Polisi Keselamatan Siber Kebangsaan (NCSP) sebagai contoh bagi merangka dan melaksanakan pelan untuk OIC-CERT. Malaysia yang mempunyai pengalaman menerusi NCSP sejak 2006, boleh membantu OICCERT untuk melaksanakan polisi atau idea sama lebih-lebih lagi membabitkan langkah pengawalan keselamatan dunia siber yang kini melampaui sempadan agama, budaya dan negara, katanya.

Note 11

Generasi IT perlu matang 14th December 2004 (Harian Metro) By Noor Azam Abd Aziz

Berdasarkan statistik dikeluarkan pada 2003 mendapati sebanyak 857 kes mengikut Akta Jenayah Komputer 1997 dibawa ke mahkamah dengan denda RM2.9 juta. Sehingga September lalu, sebanyak 355 kes dengan denda RM1.7 juta sudah melalui proses pendakwaan. Bagi pendakwaan kes mengikut Akta Komunikasi dan Multimedia 1998, sebanyak 35 kes sudah didakwa dengan denda RM34,000 manakala sehingga September tahun ini sebanyak 117 kes didakwa dengan denda RM451,000. Timbalan Menteri Keselamatan Dalam Negeri, Chia Kwang Chye dalam kenyataannya sebelum ini berkata pihak berkuasa, sudah mengambil langkah menaik taraf peralatan digunakan dari segi teknologi untuk menangani kes jenayah siber yang meningkat. Masyarakat umum lebih menjurus mengambil langkah berjaga-jaga dengan melindungi kata laluan ketika menggunakan mesin juruwang automatik (ATM), memastikan tidak ada kamera haram yang dipasang di mana-mana ATM atau segera memadam lambakan e-mel, katanya. Menurutnya, dalam usaha mencari penjenayah siber, mereka terbabit boleh dikenakan tindakan mengikut Akta Jenayah Komputer 1997 dan Akta Komunikasi dan Multimedia 1998 serta Kanun Keseksaan. Pengguna yang terbabit dalam kegiatan pencerobohan rangkaian komputer, penipuan perbankan internet, pemalsuan kad ATM serta penyebaran virus boleh didakwa mengikut Akta Jenayah Komputer 1997. Pendakwaan Akta Komunikasi dan Multimedia 1998 pula membabitkan apa-apa kegiatan berkaitan penyalahgunaan akaun komunikasi untuk mengelak bayaran. Selain itu, penyebaran maklumat berunsur fitnah atau menjatuhkan maruah orang lain boleh dikenakan tindakan mengikut Kanun Keseksaan. Mereka terbabit juga tidak terlepas kerana Penguatkuasaan undang-undang berkenaan masih memerlukan kerjasama semua pihak supaya mewujudkan suasana sihat dalam dunia teknologi maklumat di negara ini. Jika ia tidak terkawal sudah pasti memberi kesan negatif kepada negara serta turut membabitkan pelbagai maklumat rahsia yang menggugat keselamatan secara keseluruhannya.

Note 12
Tiga lagi akta perundangan siber akan digubal 3rd March 2004 (Utusan Malaysia)

KUALA LUMPUR 2 Mac Katanya, jika semuanya berjalan lancar, ketiga-tiga rang undang-undang tersebut akan dibacakan pada persidangan Parlimen akan datang dan jika diluluskan kelak ia bermakna ada tujuh akta kesemuanya yang berkaitan perundangan siber. "Pencapaian tersebut amat membanggakan dan ia dicapai kerana didorong secara langsung oleh penubuhan Koridor Raya Multimedia (MSC) serta penekanan yang diberikan oleh kerajaan di bidang teknologi maklumat dan komunikasi (ICT). "Kejayaan Malaysia sebenarnya diakui di peringkat global,'' katanya. Beliau berkata demikian dalam sidang akhbar selepas merasmi serta menyampaikan ucaptama di Persidangan Undang-Undang Siber Antarabangsa Ketiga anjuran bersama Perbadanan Pembangunan Multimedia (MDC), Majlis Peguam dan Institut Kepimpinan dan Strategi Asia (ASLI). Turut hadir ialah Pengerusi MDC, Tan Sri Abdul Halim Ali, Presiden Majlis Peguam, Kuthubul Zaman Bukhari dan Ketua Pegawai Eksekutif ASLI, Datuk Dr. Michael Yeoh. Menurut Rais, ada beberapa perkara yang harus diberi perhatian untuk mengekalkan pencapaian dan yang paling penting ialah memastikan mutu dan penguatkuasaan undang-undang siber di Malaysia selaras atau lebih dari standard yang ditetapkan di arena antarabangsa. "Jika kita tidak boleh berbuat demikian maka standard negara ini tidak akan sama seperti yang digariskan di Eropah. "Kunci untuk mencapai arah tersebut ialah dengan penguatkuasaan yang cekap serta memastikan pengamal undang-undang mahir di dalam bidang yang baru ini,'' jelasnya. Tambahnya, walaupun perundangan siber di negara ini diakui ramai sebagai yang paling menyeluruh, namun keberkesanannya masih belum teruji sepenuhnya. "Ini kerana masih belum ada kes jenayah siber yang serius didakwa di mahkamah. "Sebenarnya keadaan ini berlaku di semua negara kerana ia melibatkan undang-undang yang baru dan hanya Eropah sahaja yang sedikit ke hadapan kerana mempunyai protokol-protokol tertentu,'' jelasnya.

Note 13

5. Computer Crime Statutes in USA

There are many federal statutes in the USA that can be used to prosecute computer criminals:

15 USC 1644, prohibiting fraudulent use of credit cards 18 USC 1029, prohibiting fraudulent acquisition of telecommunications services

18 USC 1030, prohibiting unauthorized access to any computer operated by the U.S. Government, financial institution insured by the U.S. Government, federally registered securities dealer, or foreign bank. 18 USC 1343, prohibiting wire fraud 18 USC 1361-2, prohibiting malicious mischief 18 USC 1831, prohibiting stealing of trade secrets 18 USC 2314, prohibiting interstate transport of stolen, converted, or fraudulently obtained material; does apply to computer data files U.S. v. Riggs, 739 F.Supp. 414 (N.D.Ill 1990). 18 USC 2319 and 17 USC 506(a), criminal violations of copyright law 18 USC 2510-11, prohibiting interception of electronic communications 18 USC 2701, prohibiting access to communications stored on a computer (i.e., privacy of e-mail) 47 USC 223, prohibiting interstate harassing telephone calls

State Statutes in USA

There is wide variation in state statutes on computer crime in the USA: in my opinion, most state statutes are not adequate to punish computer criminals. California, Minnesota, and Maine are among the few states to prohibit explicitly release of a computer virus or other malicious program. California Statutes, Title 13 (Penal Code), 502(b)(10) and 502(c)(8). Minnesota Statutes, 609.87(12) and 609.88(1)(c). Maine Statutes, 17-A (Criminal Code), 433(1)(C). In states without an explicit statute, release of a malicious program would probably be prosecuted as "malicious mischief". California also provides for the forfeiture of computer systems used in the commission of a computer crime. If the defendant is a minor, the parents' computer system can be forfeited. California Statutes, Title 13 (Penal Code), 502(g) and 502.01(a)(1) In November 1996 and July 1997, I made comprehensive searches of the WESTLAW databases of reported cases in both state and federal courts in the USA on computer crimes. I was surprised to find that, in sharp contrast to most other areas of law, there was very little reported case law on computer crimes, except obscenity cases. I have the impression that most computer criminals who are apprehended plead guilty to a lesser

offense (a so-called "plea bargain") and avoid a trial. Plea bargains are common the U.S.A., as they dispose of cases without large investments of prosecutorial and judicial time. In the specific area of computer crimes, prosecuting such a case would be difficult for prosecutors, because the jury would need to learn about complex technical matters. In addition to making life easier for prosecutors and judges, many victims (particularly banks and other corporations) may be embarrassed to admit that some teenager defeated their security features, thus these victims refuse to testify in court.

Note 15 The Bar Council refers to the article entitled Easy Targets For Hackers appearing in the New Straits Times newspaper on 6th April 2001 and to the speech by the Deputy Prime Minister delivered at the launch of the National ICT Security and Emergency Response Center (NISER) as reported in the New Straits Times newspaper on 11th April 2001 wherein it was reported that the Government was concerned with the increasing number of hacking incidents into private and Government websites. The Bar Council wishes to express its concern over such hacking incidents where data loss, sabotage, data corruption and web-vandalism may occur. This, in turn, may affect the security and integrity of Government departments as well as affect the right of personal privacy. It appears that there is a need for a further Act of Parliament, besides the existing Communication and Multimedia Act 1998 and the Computer Crimes Act 1997, to address the increasing number of hacking incidents and to punish those responsible. The Bar Council was recently handed a draft copy of the proposed Personal Data Protection Act by the Attorney Generals Chambers for our attention and the views of the Bar Council and members of the Malaysian Bar on the proposed legislation. The proposed draft Act has been handed to the Law Reform and New Legislation Committee for due consideration. The Bar Council supports the Governments efforts in combating cyber crimes. Dated this 16th day of April 2001 Mah Weng Kwai Chairman Note 16 Property Search for Property

Nation Sarawak World Updates Courts Parliament Columnists Opinion Honours List

Published: Wednesday April 27, 2011 MYT 5:48:00 PM

Drastic rise in cyber crimes

By FLORENCE A. SAMY
KUALA LUMPUR: "While the numbers are worrying, we are also happy to see that members of the public are notifying us when they come across such fraudulent websites or email," he said at the opening of the Anti-Phishing Working Group's fifth annual international Counter-eCrime Operations Summit here Wednesday. CyberSecurity Wednesday launched a security browser plug-in called 'Don't Phish Me', which automatically detects fake local banking sites phishing for usernames and passwords in order to illegally withdraw money. Note 17 A recent CyberSecurity statement said cyber crimes had increased 100 per cent. Last year, we handled a total of 2,123 incidents, more than 100 per cent increase compared with 2007. But that rate was an increase in incidents and it may not correlate with cyber crime rates. We have not analysed cyber crime rates per se. But what we have is analysis on the complaints and referrals given to us. What we at CyberSecurity Malaysia have at the moment is the statistical data captured from our cyber help centre, the Cyber999 service. Many factors can contribute to the increase. One is that cyber crimes have gone up. Second is that the number of Internet users has gone up. There are 13.5 million Internet

users in the country today and the number is increasing. So the base has expanded and, correspondingly, complaints have also increased. Note 18 Cybercrime against Businesses, 2005 September 17, 2008

Computer virus infections were the most prevalent cybercrime among businesses in 2005. The 3,247 businesses that incurred monetary loss from cybercrime lost a total of $867 million. Most businesses did not report cyber attacks to law enforcement authorities.

Note 19

RM60m online loot

06 May 2011, by AIZAT SHARIF & THASHA JAYAMANOGARAN, The Malay Mail PETALING JAYA:

Online shopping portal scam nets RM700,000 This can happen to you
Scam tactics used by conmen to dupe the public: SMS scam Total cases: 973 Loot: RM10,043,389 How it works: Bogus contest win messages are sent. The victim is then told to make payments for administrative or some sort of charges before being able to claim lucrative prizes. Despite making payments, the prizes never arrive.

Online transaction fraud Total cases: 1,573 Loot: RM3,926,638 How it works: The scammer would advertise non-existent products on legitimate trading websites and after an unsuspecting buyer makes payment, the goods fail to arrive while the scammer can no longer be contacted.

Internet banking (phishing) Total cases: 659 Loot: RM2,235,837 How it works: Fake emails purportedly from the relevant bank would fool the victim to click on hyperlinks and go to a bogus website. There, the user IDs and passwords are harvested, then used by the scammers to empty out the victim's bank account.