| Cyber Theft sr Peat Hon nae Draft 2 4 Issues + What is cyber theft? = What is stolen? + Methods of commission += Vulnerabilities + Legal protection « Status of information as property 1 Which taw applicable ~ criminal or civil? 3 What is cyber theft? 1 Information or electronic funds are taken or moved from the possession of rightful owner by illegal means 1» Medium of transfer or movement is via the Internet or electronic means (e.9., 4 What is stolen? ' Proprietary information 1 Corporate information * Confidential information = Trace secrets + Personal data (1D) banking systems) + Financial info (e., credit cards numbers) 1 Social security numbers (USA) + Telecommunication services Methods employed by cyber thieves Spyware + Hacking 1 Armalicious software = Spyware + Aprogram which can be used to spy on «= Phishing emai individual's every move or even take ‘over a person's computerooo + Victims are asked to go to legitimate ‘government website + Victims are automatically directed to ‘sham website once they get into the legitimate site + Victims are deceived into disclosing personal info Vulnerabilities + Victims deceived into giving info over telephone or email ‘= Thieves buy info either on the Internet. of other thieves hey es om oo application form filled out by victims ‘= They obtain from hospital, banks, school or business victims dealt with 3 Vulnerabilities + They obtain info from dustbins outside such companies 1 They hacked into victims computers + Employees/family members who have access to info ‘= Employer steal from employee (personal tax documents) The Cyber Security Industry Alliance (CSIA) Survey 2005 1 Public policy & advocacy group 1 1003 respondents += 97% - TD theft as serious problem 1 93% - spyware as serious problem 1 48% - avoid making online purchases due to fear of theft of financial info 1 71% - new laws needed to protect ‘consume privacy 4 Risky Internet + Fear of ID theft is making many ‘American consumers from doing online transactions or buying things online 3 Nature of property stolen «Intangible form + Tangible ~ paper statements (8 times than those committed ontine)2 Who are the cyber thieves? Better Business Bureau Report, USA (2005) + 10 millon Americans were victims of 10 theft # Costs about USDSObilion 132% - family members/relatives 1 26% - strangers outside workplace ' 18% - neighbours & in-house employees. 1 13% - company employee with access to personal info 4 Who are the cyber thieves? CSIA Survey 2005 + Teenagers - 45% «= Terrorist organisations ~ 36% = Enemy nation + Organised crime syndicate How to make Internet transactions safe? (SIA Report 2005 '= Co-ordinated and comprehensive approach 1 Tough punishment through better laws 2 High information security standards from companies Partnership wth consumer groups ‘Consumer protection nationwide 4 Legal Protection in Malaysia += Penal Code, ss. 378 & 379 «= Data Protection ‘awe (bill has not been tabled In Parliament) Traditional Criminal Law af, Protection 5. 378 Penal Code += Taking or moving property + Taking or moving out of possession of owner + No consent of such person = Movable property + Dishonest intention Penalty in Fist offence Maximum jal sentence of 7 years; oF Fine; oF Both ‘Subsequent offence Imprisonment; and Fine; or ‘whipping 379q Information as property? = As information is_an intangible thing, it can't be “taken or move" within s. 378 ‘= Owner of information did not lose possession within s, 378 meaning When its "stolen" because it wil stil remain with him (unlike a car) ~ no physical deprivation of info x Information as property? 1S. 378 8 379 does not cover immovable/intangible thing such as information = See 5. 22 definition What is movable property? = 522 Penal Cove Any corporeal property + Wortigs eat t rea or personal property or right = Exclude: 5 Land or 2 Things attached to land or 3. Things permanenty fastened to earth Information is not property for 2 theft charge in the UK ‘= Oxford v Moss (1978) Cr App R 183 1 Theft of examination paper intending to. copy its contents and returning it to the university ‘= Charge - theft of confidential info in the exam paper Information is not property for 4 theft charge in the UK (Oxford v Moss (1978) Cr App R 183 = Held — 1 confidential information could not be regarded as property 2, Hence it could not be stolen 2. Civil law may apply to protect owner bbut not criminal law Where information is not 4 property for theft charge Rv Absolon (1979) 68 Cr App R 183 1 Df attempted to sell data/info (valued ‘at+100,00) relating to oll company’s ‘exploration work ¢£13M) to @ ‘competitor «= Held ~ the info is not property and hence no theft of confidential infoq Information is property in USA q Ry Stewart 138 DLR (3d) 73 1 Info can be a subject-matter of theft Supreme Ct held: = US v Girard & Lambert 60 1 F 2d 69 + Info even confidential in nature cannot be regarded as property + For info to be protected by the criminal law, it must be decided by Parliament rot the judiciary Criminal or civil law + protection? = Competing interests between: + Free flow of info 2 Right to confidentiality = Big business involved ‘Should criminal law be used to protect business when they can afford to protect themselves?