CYBER CRIMES IN MALAYSIA AND U.S.A.: WHAT SHOULD WE DO IN MALAYSIA?

INTRODUCTION

As time goes on, people and technology becomes apart that they work together, even depends on each other to get tasks done. Everywhere people are using technology to aid and enhance our work. Particularly information technology, as mentioned it becomes sophisticated, widely used and even taken advantaged by some people.

Information technology evolved and makes a crime that requires new laws and action upon it. Cybercrimes as sophisticated and techno as it may sounds it should have never bailed out from law enforcement, no matter what.

First of all, let us go through the various definitions of cyber crimes that media and academicians have already find out.

Wall (2007) in his article Cybercrime, media and insecurity: The shaping of public perceptions of Cybercrime, quotes the term cybercrime is widely used today to describe the crimes or harms that result from opportunities created by networked technologies. He further discussed cybercrime means different things to different groups of people and so it is viewed differently by each in terms of their respective functions. These days, many debates about cybercrime include a range of legalpolitical, technological, social, and economic discourses that have led to some very different epistemological constructions of cybercrime.

The legaladministrative discourse explores what is supposed to happen by establishing and clarifying the rules that identify boundaries of acceptable and unacceptable behavior; the criminological and general academic discourse mainly provides an informed analysis about what has happened, and why; the security expert identifies what is actually happening and what, from their own perspective, the tactical solutions might be, and what will happen if those solutions are not adopted.

Cybercrimes in Malaysia and USA: What should we do in Malaysia.

In business perspective, cyber crimes visibility is a bit different. According to Smith (2007), a business author, in her articles Case studies of cybercrime and their impact on marketing activity and shareholder value , state that cybercrime, also called e-crime, are crimes that cost publicly traded companies billions of dollars annually in stolen assets and lost business. Cybercrime totally disrupt a companys marketing activities. She further said, when a company falls prey to cyber criminals, this may cause customers to worry about the security of their business transactions with the company. As a result, a company can lose future business if it is perceived to be vulnerable to cybercrime. Kevin Poulsen (2011,) however in his book Kingpin: How One Hacker Took Over the MillionDollar Cybercrime Underground mentioned that cybercrime is criminal activity that use computers technology and the internet. It may include anything from downloading illegal music files to stealing money via transaction from online bank accounts. He further said that cybercrime also includes non-monetary offenses, such as creating and distributing viruses, Trojans, worms on other computers or posting confidential business information on the Internet. Cyber Security Malaysia produces guidelines regarding cybercrimes. In their websites, it states not everything computer-related is cybercrime, and not everything computer-related is computer crime. A person using a stolen telephone code to make free calls, even though the number is processed by a computer, is engaging in toll fraud, not computer crime. A person who embezzles $200 from the ATM of a company they work for still commits embezzlement, not cybercrime. The use of computers as incidental to another offense is not cybercrime. There are plenty of laws on the books already to classify many types of related crime. One way to do this involves thinking along the lines of asset forfeiture, or whether computers make up the fruits or instrumentalities of crime. This is a classification of cybercrime with the computer as target and computer as tool.
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Despite all the definition above perhaps we can always tell the most major form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing. The method lure users to fake websites that appear almost the same to the websites that they intended to go, where they are asked to enter personal information. This includes login information, such as usernames and

passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to falsify another person's identity.

.CLASSIFICATION OF CYBER CRIMES The classification of cybercrimes may vary depending on laws, academicians, enforcement and even popular votes. Cyber Security Malaysia classifies cybercrimes into two which are computer as target and computer as tools.

1. COMPUTER AS TARGET: Cyber Security Malaysia in its websites said that this kind of activity is the wrongful taking of information or the causing of damage to information. Targeting a computer just to obtain unauthorized access is the hallmark of hacking, and the most serious criminal offense here is theft of information, followed by maliciousness, mischief, and wayward adventuring. Bypassing a password protected website to avoid payment would be theft of services, and foreign intelligence break-ins would be espionage.
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Further explained that these are all familiar types of crimes, but hacking is typically done in furtherance of a larger scheme since the hacker wants to exploit all computational and encryption capabilities of a hacked system in order to weave through related computer systems. The activity can range from large-scale disruption to elegant hacking. DNS rerouting and denial of service attacks (DOS) are the most disruptive. Subtle changes to a web page are elegant. Hackers also generally collect password lists, credit card info, proprietary corporate info, and warez (pirated commercial software). A list of specific offenses in this category might include:

Arson (targeting a computer center for damage by fire) Extortion (threatening to damage a computer to obtain money) Burglary (break-ins to steal computer parts) Conspiracy (people agreeing to commit an illegal act on computer) Espionage/Sabotage (stealing secrets or destroying competitors records) Forgery (issuing false documents or information via computer)

Larceny/Theft (theft of computer parts) Malicious destruction of property (destroying computer hardware or software) Murder (tampering with computerized life-sustaining equipment) Receiving stolen property (accepting known stolen good or services via computer)

2. COMPUTER AS TOOL: Another classification by Cyber Security Malaysia is Computer as Tool. This kind of activity involves modification of a traditional crime by using the Internet in some way. The traditional analogue here is fraud. It can be something as simple as the online illegal sale of prescription drugs or something as sophisticated as cyberstalking. Pedophiles also use the Internet to exchange child pornography, pose as a child, and lure victims into real life kidnappings. Laws governing fraud apply with equal force regardless if the activity is online or offline, but a few special regulations apply at the federal level:

Internet fraud (false advertising, credit card fraud, wire fraud, money laundering) Online child pornography; child luring (sexual exploitation; transportation for sexual activity) Internet sale of prescription drugs & controlled substances (smuggling; drug control laws) Internet sale of firearms (firearms control laws) Internet gambling (interstate wagering laws; lottery laws; illegal gambling businesses) Internet sale of alcohol (liquor trafficking) Online securities fraud (securities act violations) Software piracy & Intellectual Property theft (copyright infringement; trade secrets) Counterfeiting (use of computer to make duplicates or phonies)
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

However apart from that Provos (2009) in his articles, classifies cybercrimes by Insiders and Outsiders Threat. In his articles he mentioned that another way of classifying cybercrime is to use a location-based approach that distinguishes between insiders and outsiders. This is the approach the FBI uses, which is also based on an evaluation of societal costs and the capabilities of law enforcement.

1. INSIDER THREATS: The disgruntled insider is the principle source of computer crime. As much as 75% of computer crimes are done by employees. This makes cybercrime against business the number one type of cybercrime, and it's growing, with the estimated loss to business running about $500 million per year, in the form of crimes like theft of proprietary information, theft of customer databases, and theft of product databases. Their average age of an insider offender is 29, and they generally hold managerial or professional positions (USDOJ CCIPS data of 2003 puts the age profile like this -- 34% are between 20-29, 36% between 30-35, and 27% over 35). Older offenders generally do more damage.

The FBI regards disgruntled employees as motivated by a perception of unfair treatment by management or snubs by co-workers. Another fraction of incidents are caused by blunders, errors, or omissions. The FBI regards the insiders here as incompetent, inquisitive, or unintentional. The difference appears to be in the intent to disrupt. Crimes involving the computer only incidentally are treated as traditional crimes -- theft, for example, if an employee tampers with the payroll system (called "data-diddling").
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Every organization has them, and here are some of the signs:

missing computer supplies when the employee is around missing software when the employee is around numerous logon sessions, some attempts under different name sloppy password management unusual interest in computer system printout mixes personal equipment with company equipment

2. OUTSIDER THREATS: Hackers are the most common group in this category. Their typical age is between 14 and 19, and they are generally part of the cyberpunk subculture. Hacking for illicit financial gain has been increasing, and less-skilled "script kiddies" (using point-and-click software instead of programming) are increasing in number. Distributed Denial of Service Attacks are also increasing, which plant a tool such as Trinoo, Tribal Flood Net (TFN), TFN2K, or Stacheldraht (German for barbed wire) on a number of unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against the real target system. 2001 was also the Year of the Virus, and several large-scale hacks were accompanied by viruses released in the wild, which led authorities to suspect that hackers and virus writers were uniting. The FBI uses the following typology to classify outsider threats:

industrial espionage - theft of proprietary information or trade secrets terrorism - attempts to influence or disrupt U.S. policy national intelligence - attempts by foreign governments to steal economic, political, or military secrets

infowarfare - cyber attacks by anyone on the nation's infrastructure to disrupt economic or military operations
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

COMPARISON OF CYBER CRIMES IN MALAYSIA AND USA According to a newspaper report, NST dated March 2011, a total of 8,090 reports were made to Cyber Security Malaysia last year compared with 3,564 in 2009. In the first two months of this year, there were 2,136 cases. Cyber Security Malaysia chief executive Lt-Col (R) Husin Jazri said the figures showed there was a lack of awareness of cyber security in the country and this led to cyber crime, such as fraud, forgery, hacking and unauthorized access of the Internet. Most of the cases reported are classified as computer as a tool and as well as computer as a target. Cybercrime scene in Malaysia however majorly become unreported as many of us still not aware of these crimes According to NST newspaper dated February 2011 said that many white-collar cyber crimes go unreported due to the reluctance to report or ignorance, Deputy Minister of Information Communication and Culture Datuk Joseph Salang informed. As a result, he said, it was difficult to collect reliable statistics of such crimes for assessing the extent of the problem. As a result, he said, Malaysia would not treat cyber crimes lightly because obtaining information communication technology through the Internet and broadband was fraught with dangers which needed to be addressed. He said hacking, spoofing and botnet attacks were capable of causing serious security breaches in the information systems of vital installations and the potential damage on account of such attacks to the national security was immense. In the context of cyber law enforcement, he said, unless domestic efforts were leveraged with instruments of international cooperation, combat efforts would be ineffectual.
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

However in United States information can be widely collected as people are very aware about cybercrime. According to Academy of Marketing Studies Journal (2011), almost 70% of cybercrimes in US are classified as Computer as tools and Insider threats to do cybercrimes. Riem (2001) found that the greatest threat to computer security comes from employees,

consultants and contractors working within the company, rather than from outside hackers attempting to obtain access. Yapp (2001) agrees that the greatest threat to security is still from the inside, which is where nearly 70% of all frauds, misuses and abuses originate. Inadequate password policies and controls are the root of the most problems In U.S., despite the increased efforts to strengthen Internet security in recent years, cybercrime has jumped enormously, as shown in the annual 2007 cybercrime survey conducted by the Computer Security Institute. According to the survey, the average loss per cybercrime in 2007 for U.S. companies escalated to $350,000 from $160,000 the previous year. Data breaches, credit card fraud, fraudulent websites, eavesdropping, and identity theft all fall under the umbrella term cybercrime. To execute these crimes, hackers and con artists use tools such as fraudulent e-mails, network sniffers, Internet cookies, scripting languages, software vulnerabilities, and wireless networks. These falls under computer as tools.

Cybercrimes in Malaysia and USA: What should we do in Malaysia.

SUGGESTIONS

Cyber crime can easily be combat if everyone using the technology are well aware of the threats exist and understand it consequences. Though not in depth knowledge, surface information might as well help to prevent cybercrimes from even happening.

As an individual, there are many tips and steps that can be easily applied to avoid being a victim of cybercrime. Leon (2008) shares a few tips in the CPA Journal.

Identify suspicious emails Emails which you find suspicious should never be opened. Such sender you never heard of, and fishy titles must straight away delete from your inbox. Known Trojan and malicious attacks started from emails. Some of these emails able to steal your personal information from your PC and that information can be use to steal or make transactions without you realizing.

Create a Link Homepage To be safe from phishing, you can create a homepage where, it links all your favorites link such as your e-banking page. Therefore you will save yourself from going to the fake websites, that you will probably enter your information and it will be used.
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Apart from that we can also encrypt and digitally sign e-mail with clients, disallow permanent cookies in web browsers, Disable Scripts in Web Browsers, Understand Software Vulnerabilities and finally install a Firewall within your system.

Apart from individual action, government or nation, must revise enforcement and laws as well guidelines in information security. Considering a wide usage of information technology, which open a wider opportunity of cybercrimes, nation must be made aware through campaign awareness and education started at a very young age.

CONCLUSION

Cybercrimes are costing businesses, especially banks and credit-card companies, and consumers billions of dollars every year. The battle against cybercrimes must be waged on many fronts. Technological and non-technological measures can reduce the externality effects. At micro level, technological and behavioral factors should be considered in design and implementation of computer networks to provide negative cognitive feedback to cybercriminals. Technological measures range from disconnecting databases containing sensitive information from the Internet to the deployment of sophisticated antifraud technologies.

Similarly, behavioral measures such as trainings to enable consumers, employees and the public to identify fraudulent email messages may reduce phishing. Research indicates that time taken to report a crime is among the most important factors affecting the probability of arrest. This is especially important for crimes for which preserving evidence is critical for successful prosecutions. Preservation of physical and digital evidence is important to successfully prosecute cyber-criminals. Timely reporting of cybercrimes to authorities thus sends negative cognitive feedback to criminals.
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Because cybercrime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cybercrimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spyware blocking software and being careful where you enter your personal information

With all precautions taken by individual as well as nation, cybercrimes can be easily managed, provided all efforts must be continuous and with supports from the user itself.

(2729 words)

10

REFERENCES

Arthur, W.B. Increasing returns and the new world of business. Harvard Bus. Rev. (Jul-Aug. 1996), 101-109.

Banisar, D. Computer hackers sentence spotlights high-tech crime prosecutions. Criminal Justice Weekly, (Aug. 3, 1999).

FBI, BOT Roast II: Cracking Down on Cyber Crime, FBI Headline Archives, 29 November 2007. Available at http://www.fbi.gov/page2/nov07/botnet112907.html (accessed 10 November 2011. Stewart, J. Danmec/Asprox SQL injection attack tool analysis. Secure Works Online, May 2008; www.secureworks.com/research/threats/danmecasprox
Cybercrimes in Malaysia and USA: What should we do in Malaysia.

Provos, N. Using htaccess To Distribute Malware. Dec.2008; www.provos.org/index.php?/archives/55-Usinghtaccess-To-Distribute-Malware.html.

CyberSecurity Malaysia URL: http://www.cybersecurity.my/en/media_centre/news_coverage/2009/main/detail/1703/ind ex.html Excerpt: cybersecurity malaysia 2009 cybercrimes rise calls dedicated court handle

11