Sunday 3 April 2011

Cyber Security Malaysia

I came across an interesting agencies in Malaysia that deal with CyberCrime issues that is Cyber Security Malaysia. Please refer Cyber Security Malaysia

Below are some of the functions of Cyber Security Malaysia
- to provide advise for Internet users on how to cope with cyber threats and deal with safety issues.
- to provide specialised services to support the growth of digital forensics, security management and best practices, and cyber security products evaluation based on international standards.
- to provide third party validation on quality and reliability of security products is important as it will ensure that Malaysian products get accepted globally.
- to provide education, training and creating awareness in the area of cyber security.
- to increase the number of cyber security professionals.
- to develop educational content on cyber security that can be used by Internet users of all ages for example students, office workers and home users.
- to run a help centre, the Cyber 999 service.

In this case, Cyber Security Malaysia will help us for CyberCrime issues, we can contact them for help. However, I think Cyber Security should be more active, for example give advertisement to promote themself and let people know their existence and their purpose because I have to browse the Internet to get to know about Cyber Security. 

In this stage, I think that by giving awareness to cyber users regarding cyber crime and the law that implemented to the cyber crime is not enough. Even there is guide through cyber security also not sufficient, cyber users need to learn and follow the correct and good ethics. Ethical in cyber is very important also and have to emphasizes to cyber users.

Cyber users must realise that what they did in cyber, certain acts might harm or make losses to someone else and some of the acts might give big negative impacts to other people. Stealing is illegal in crime even you steal people identity is also crime. 
Posted by at No comments:

Identity Theft Reference

After searching the internet, I find that below article is quite complete and informative about Identity Theft and ways to prevent the risk of identity theft. Unfortunately, the informations is focus on US not Malaysia.

Sample of Identity Theft File

However, some tips can be useful for our reference while some tips only applicable in US for example place a fraud alert on credit report, i dont think in Malaysia we have credit report. We can only inform bank that issue us the credit card in case suspect fraud happened.

For most of Malaysians, we didnt realize much or pay attention to Identity Theft in Cybercrime even that if someone encounter that his identity is stolen to make fraud. He also didnt know what really happened so it is better to let people know what is happening and know the ways to prevent it. Prevention is better than letting cybercrime to happened and nobody can help on it.
Posted by at No comments:

Saturday 2 April 2011

Better Laws Needed

Better Laws Needed

From above articles, it really expressed and raised the concerns that better laws and ways of strengthen laws is needed to deal with identity theft and cybercrimes and identify some of the common techniques use in identity theft in Malaysia.

According to intellectual property lawyer Deepak Pillai, Malaysia's legal position does not address online identity theft directly.

So, Data Protection Bill since 1999 is badly needed to strengthen the existing laws, namely the Computer Crimes Act 1997 and the Penal Code, in curbing identity theft activities in Malaysia.

Besides, another positive move in curbing the problem would be to get the Anti-Spam Act passed.

The Anti-Spam Act would regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited e-mails via the internet.

While for Credit Cards fraud, it is advisable that authorities to spend their time and money to pin down the culprits.

Finally, online users must aware that identity theft like phising and information can be retrieved from online social network like facebook.

In conclusion, good and relevant cyber laws is needed, authorities have to enforce the cyberlaws effectively and bring down anyone that is involved in identity theft or cybercrime and lastly online users must aware of their data privacy and protection try not to expose their personal to risk.

Besides this, I think not just good and relevant cyber laws needed only. Because of the cybercrime can be committed in different ways and become more and more types of cybercrime happened from time to time. The cyberlaws have to be amended from time to time to cope with new cybercrime. In other words, the cyberlaws must be updated, sufficient, accurate, and on time to cope with the cybercrime that happened. If not cyber users will take advantages of the cyber world to commit crime.
Posted by at No comments:

Data protection violated

Based on Lin Mun Poo and Gooi Kok Seng case of identity theft on credit cards numbers, can be related to Data Protection Act 2010.

** Data Protection Act aim is to regulate the collection, possesion, processing and use of personal data so as to safeguard the privacy of an individual in relation to that data.

Both cases raises the awareness and concerns whether privacy and data protection is protected.

The consumers that is the victim of both cases were exposed to the risk of misuse of their credit card numbers information for fraud purpose.

Under Data Protection Principles
- Principle 1 Personal Data shall be collected Fairly and Lawfully and principle 2 Purposes of Collection of Personal Data already being violated that is the Data is collected neither lawfully or fairly, neither necessary or relevant but for the purpose of fraud credit cards numbers.

- Principle 4 also being violated because the data after collected is sold out to crime syndicates for counterfeit credit cards usage.
Posted by at No comments:

Malaysian credit card scam at US

Another interesting case of Malaysian hacking into US card scam is Gooi Kok Seng case

Gooi Kok Seng, age 44, arrested Jan 2010 is basically charged for following charges
- illegal possession of a data access device,
- illegal dealing in a data access device
- hacking into a computer
- consipiracy
- computer intrusion
- fraud
- identity theft

Below are brief introduction to Gooi Kok Seng case
- Gooi was a prominent member of a credit card fraud gang which had been operating in the US for the past three years.
- The group is suspected to have stolen credit card information from victims patronising restaurants and major department stores in the US.
- They then sold the data to organised crime syndicates in Asia who produced counterfeit credit cards.
- US Secret Service uncovered what was believed to be the largest hacking and identity theft case ever in the country involving 11 individuals.
- The 11 were charged in Boston and San Diego with three identified as US citizens, three from Ukraine, two from China, one each from Estonia, Belarus and Malaysia.
- The three-years probe uncovered the theft and sale of more than 40 million credit and debit card numbers from nine major US retailers.

Let's assume and analysis if the defendant is arrested and found hacking in Malaysia, in my opinion,

- The defendant will be charged under Computer Crimes Act 1997 that is misuse of computers to commit fraud and identity theft

- Under section 3(1), defendant is found guilty of Unauthorized Access because of his intention that cause computer to secure access to data in financial and national security, military sectors like banks and military transport systems, the access is unauthorized and lastly he had the knowledge to access to the network
- if guilty, he will be fine for amount maximum of RM50000.00 or to 5 years imprisonment or both

- Under section 4(1), defendant is found guilty of unauthorized access with intent to commit fraud by earning money through finding and exploiting network vulnerabilities or trading and selling the information contained and selling for example selling credit and debit card account numbers
- if guilty, he will be fine for amount maximum of RM150000.00 or to 10 years imprisonment or both

-  Under section 5(1), defendant is found guilty of unauthorized modification of contents of any computer. In this case defendant had taken victims credit cards information for counterfiet credit cards through modification of database
- if guilty, he will be fine for amount maximum of RM100000.00 or to 7 years imprisonment or both

- Under section 7(1), defendant gang is found guilty of aiding and abetting defendant to commit s3, s4 and s5 crime
- if guilty, his punishment will be the same as principal offender but cannot be more

For more details of Gooi Kok Seng case, please refer beow
Sample of Gooi Kok Seng Case

*Notes above texts is my comments
Posted by at No comments:

Friday 1 April 2011

Malaysian Cyber Law Case Detention Letter

I found out that for Lin Mun Poo case. There is a detention letter that request for permanent order of detention of defendant.

I found that it is quite interesting as the letter clearly stated facts about why request for permanent order of detention for defendant and clearly stated the reasons.
    
Lin Mun Poo is basicaly charged for following
- Access device fraud and aggravated identity theft (Counts One and Two)
- Computer hacking (unauthorized computer access and tranmission of malicious code involving computer network of the federal reserve bank targeting the national security, military and financial sectors of US (Counts Three and Four)

Under US Bail Reform Act, there is two elements to prove for maintain permanent detention

1. Nature and Circumstances of Crimes Charged and the Evidence of the Defendant's Guilt
- During defendant arrest, seized defendant's ecrypted laptop with massive quantity of stolen financial account and personal identifying information include 400,000 credit card, debit card and bank account numbers which in violation of 18 U.S.C SS 1029 and 1028A (Counts One and Two)
- In his post arrest statement, defendant admitted compromise a computer network of the Federal Reserve Bank by exploiting vulnerability of the secure system around June 2010 resulting thousands of dollars in damage and affecting ten or more FRB computers forming (Counts Three and Four)
- Laptop contains significant hacking activity, for example possesed data illegally from FedComp computer network, illegally hacking into the Fedcomp system and unauthorized access to data of Firemen's Association of the State of New York Federal Credit Union and Mercer County New Jersey Teacher's Federal Credit Union
- Admitted to compromise computer networks of several major international banks and companies and admitted earning money by finding and exploiting network vulnerabilities or trading and selling the information contained
- In august 2010, defendant hacked into secure computer system of a major Department of Defense Contractor which provides systems management of military transport and other highly sensitive military operations
- In conclusion, evident showed that defendant hack into US financial and national security sectors

2. History and Characteristics of the Defendant and Risk of Flight
- Defendant appears to US sole purpose is to engage in criminal activity within hours of arrival on October 21,2010, US Secret Service Agents observed defendant selling stolen credit card numbers for $1000 at diner in Brooklyn and arrested him
- Defendant if released will obtain a new identity and obtain financial through unauthorized access to faciliate his flight back to Malaysia or other countries
- Under United States Sentencing Guideline S 2B1.1, which assigns a minimum of loss amount of $500 per unauthorized access device (resulting in a total loss amount of at least $20 million), estimated Guidelines range for Count One alone is 78 or 97 months
- Charged with aggravated identity theft in violation of 18 U.S.C. S 1028A, which carries a mandatory consecutive sentence of 2 years

In Conclusion
- For these reasons,government requested Court maintain permanent order of detention issued on October 22,2010 to defendant

Sample of Lin Mun Poo Detention Letter

*Note above texts is my comments
Posted by at No comments:

Malaysian hacking and identity theft

After searching Internet, I found an interesting cyberlaw case and can be use to analysis purpose that is regarding identity theft and hacking case that happened in US and the defendant is an Malaysian.

Below is an brief introduction of the case

Lin Mun Poo, age 32 was arrested on Oct 21 2010 at US, for selling $1000 worth of stolen credit card numbers at Brooklyn diner
- After arrested and inspected his laptop, U.S. Secret Service investigators found more than 400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions

- defendant was charged for hacking, fraud and identity theft

- defendant was found hacking into companies' networks and selling the sensitive information he uncovered

- for example: hacked into the FedComp system and accessed data belonging to many victims, including the Firemen's Association of the State of New York Federal Credit Union and the Mercer County New Jersey Teachers' Federal Credit Union.

- defendant admitted to compromised the computer networks of several major international banks and companies, and admitted earning money by finding and exploiting network vulnerabilities or trading and selling the information

- defendant also hacked into a major Department of Defense contractor, which provided systems management for military transport and other highly sensitive military operations

I noticed that one of the charges of that similar with Computer Crimes Act in Malaysia for unauthorized access is below
- Under United States Sentencing Guideline S 2B1.1, which assigns a minimum of loss amount of $500 per unauthorized access device (resulting in a total loss amount of at least $20 million), estimated Guidelines range for Count One alone is 78 or 97 months

Let's assume and analysis if the defendant is arrested and found hacking in Malaysia, in my opinion,
- The defendant will be charged under Computer Crimes Act 1997 that is misuse of computers to commit fraud and identity theft

- Under section 3(1), defendant is found guilty of Unauthorized Access because of his intention that cause computer to secure access to data in financial and national security, military sectors like banks and military transport systems, the access is unauthorized and lastly he had the knowledge to access to the network
- if guilty, he will be fine for amount maximum of RM50000.00 or 5 years imprisonment or both

- Under section 4(1), defendant is found guilty of unauthorized access with intent to commit fraud/dishonesty by earning money through finding and exploiting network vulnerabilities or trading and selling the information contained and selling for example selling credit and debit card account numbers
- if guilty, he will be fine for amount maximum of RM150000.00 or 10 years imprisonment or both

-  Under section 5(1), defendant is found guilty of unauthorized modification of contents of any computer. In this case defendant had admitted earning money by finding and exploiting network vulnerabilities or trading and selling the information through modification of database
- if guilty, he will be fine for amount maximum of RM100000.00 or to 7 years imprisonment or both

Please refer below links for more details about Lin Mun Po
Sample of Lin Mun Poo Case

*Note above texts is my comments
Posted by at No comments:
Subscribe to: Posts (Atom)