| Cyber Theft
sr Peat Hon
nae
Draft 2
4 Issues
+ What is cyber theft?
= What is stolen?
+ Methods of commission
+= Vulnerabilities
+ Legal protection
« Status of information as property
1 Which taw applicable ~ criminal or civil?
3 What is cyber theft?
1 Information or electronic funds are
taken or moved from the possession of
rightful owner by illegal means
1» Medium of transfer or movement is via
the Internet or electronic means (e.9.,
4 What is stolen?
' Proprietary information
1 Corporate information
* Confidential information
= Trace secrets
+ Personal data (1D)
banking systems) + Financial info (e., credit cards numbers)
1 Social security numbers (USA)
+ Telecommunication services
Methods employed by cyber
thieves Spyware
+ Hacking 1 Armalicious software
= Spyware + Aprogram which can be used to spy on
«= Phishing emai individual's every move or even take
‘over a person's computerooo
+ Victims are asked to go to legitimate
‘government website
+ Victims are automatically directed to
‘sham website once they get into the
legitimate site
+ Victims are deceived into disclosing
personal info
Vulnerabilities
+ Victims deceived into giving info over
telephone or email
‘= Thieves buy info either on the Internet.
of other thieves
hey es om oo
application form filled out by victims
‘= They obtain from hospital, banks,
school or business victims dealt with
3 Vulnerabilities
+ They obtain info from dustbins outside
such companies
1 They hacked into victims computers
+ Employees/family members who have
access to info
‘= Employer steal from employee
(personal tax documents)
The Cyber Security Industry
Alliance (CSIA) Survey 2005
1 Public policy & advocacy group
1 1003 respondents
+= 97% - TD theft as serious problem
1 93% - spyware as serious problem
1 48% - avoid making online purchases
due to fear of theft of financial info
1 71% - new laws needed to protect
‘consume privacy
4 Risky Internet
+ Fear of ID theft is making many
‘American consumers from doing online
transactions or buying things online
3 Nature of property stolen
«Intangible form
+ Tangible ~ paper statements (8 times
than those committed ontine)2 Who are the cyber thieves?
Better Business Bureau Report, USA (2005)
+ 10 millon Americans were victims of 10 theft
# Costs about USDSObilion
132% - family members/relatives
1 26% - strangers outside workplace
' 18% - neighbours & in-house employees.
1 13% - company employee with access to
personal info
4 Who are the cyber thieves?
CSIA Survey 2005
+ Teenagers - 45%
«= Terrorist organisations ~ 36%
= Enemy nation
+ Organised crime syndicate
How to make Internet
transactions safe?
(SIA Report 2005
'= Co-ordinated and comprehensive approach
1 Tough punishment through better laws
2 High information security standards from
companies
Partnership wth consumer groups
‘Consumer protection nationwide
4 Legal Protection in Malaysia
+= Penal Code, ss. 378 & 379
«= Data Protection ‘awe (bill has not been
tabled In Parliament)
Traditional Criminal Law
af, Protection
5. 378 Penal Code
+= Taking or moving property
+ Taking or moving out of possession of
owner
+ No consent of such person
= Movable property
+ Dishonest intention
Penalty in
Fist offence
Maximum jal sentence of 7 years; oF
Fine; oF
Both
‘Subsequent offence
Imprisonment; and
Fine; or
‘whipping
379q Information as property?
= As information is_an intangible thing, it
can't be “taken or move" within s. 378
‘= Owner of information did not lose
possession within s, 378 meaning
When its "stolen" because it wil stil
remain with him (unlike a car) ~ no
physical deprivation of info
x Information as property?
1S. 378 8 379 does not cover
immovable/intangible thing such as
information
= See 5. 22 definition
What is movable property?
= 522 Penal Cove
Any corporeal property
+ Wortigs eat t rea or personal
property or right
= Exclude:
5 Land or
2 Things attached to land or
3. Things permanenty fastened to earth
Information is not property for
2 theft charge in the UK
‘= Oxford v Moss (1978) Cr App R 183
1 Theft of examination paper intending to.
copy its contents and returning it to the
university
‘= Charge - theft of confidential info in the
exam paper
Information is not property for
4 theft charge in the UK
(Oxford v Moss (1978) Cr App R 183
= Held —
1 confidential information could not be
regarded as property
2, Hence it could not be stolen
2. Civil law may apply to protect owner
bbut not criminal law
Where information is not
4 property for theft charge
Rv Absolon (1979) 68 Cr App R 183
1 Df attempted to sell data/info (valued
‘at+100,00) relating to oll company’s
‘exploration work ¢£13M) to @
‘competitor
«= Held ~ the info is not property and
hence no theft of confidential infoq Information is property in USA q Ry Stewart 138 DLR (3d) 73
1 Info can be a subject-matter of theft Supreme Ct held:
= US v Girard & Lambert 60 1 F 2d 69 + Info even confidential in nature cannot
be regarded as property
+ For info to be protected by the criminal
law, it must be decided by Parliament
rot the judiciary
Criminal or civil law
+ protection?
= Competing interests between:
+ Free flow of info
2 Right to confidentiality
= Big business involved
‘Should criminal law be used to protect
business when they can afford to
protect themselves?