COMPUTER

CRIME Prepared By:

Zuhri Arafah Binti Zulkifli
 CONTENT OVERVIEW

Scam and Search and Emergence

Fraud and Analytical Tools
Hacking Digital Seizure of in Cybercrime Cyber Law in
Identity Theft
Forgery Computer Malaysia
HACKING
 What is Hacking?
 Hacking is refer to the hobby or profession of working with
computers and breaking into computer systems.
 Many computer hackers go on to have successful productive careers
as computer security experts.
 Term “hacker” is now used to describe people who explore the
particulars of computer and telephone networks and carry out serious
pranks as well as people who intentionally destroy files, release
computer viruses, steal sensitive personal, business and government
information, expose personal information, steal money, crash web
sites and destroy files.
 THE PHASE OF HACKING
 Phase One: The early years
 1960s and 1970s.
 Originally, hacker referred to a creative programmer wrote clever code.
 The first operating systems and computer games were written by hackers.
 The term hacking was a positive term.
 Hackers were usually high-school and college students.
 Phase Two: Hacking takes on a more negative meaning.
 1970s through 1990s.
 Authors and the media used the term hacker to describe someone who used computers, without
authorization, sometimes to commit crimes.
 Early computer crimes were launched against business and government computers.
 Adult criminals began using computers to commit their crimes.
 Cont…
 Phase Three: The Web Era
 Beginning in the mid-1990s.
 The increased use of the Internet for school, work, business transactions, and
recreation makes it attractive to criminals with basic computer skills.
 Crimes include the release of malicious code (viruses and worms).
 Unprotected computers can be used, unsuspectingly, to accomplish network
disruption or commit fraud.
 Hackers with minimal computer skills can create havoc by using malicious
code written by others.
 WHO IS THE TOP HACKERS
AROUND THE WORLD?
There are three types of hacker now days that is:
1. Black Hat Hackers
 Black hat is used to describe a hacker (or, if you prefer,
cracker) who breaks into a computer system or network
with malicious intent.
 Black hat hacker takes advantage of the break-in, perhaps
destroying files or stealing data for some future purpose.
 Jonathan James (a.k.a COmrade): James gained bad
reputation when he became the first juvenile to be sent to
prison for hacking.
2. White Hat Hackers
 Hackers that use their skills for good are
classified as “white hat”.
 These white hats often work as certified "Ethical
Hackers," hired by companies to test the integrity
of their systems.
 They often start out as black hat hackers and white
hat hackers sometimes are paid consultants or
actual employees of a company that needs its
systems protected.
 Barnaby Jack: When Jack took the stage at Black
Hat in 2010, he showed how using just a laptop, he
could wirelessly reprogram some ATMs to spit out
cash
 Cont…
3. Grey Hat Hackers
 Grey hat hackers are hackers that perform both malicious
activities and helpful ones.
 HACKTIVISM
 Hacktivism is the use of computers and computer networks as a
means of protest to promote political cause.
 As more and more companies put more of their operations online, the
Internet becomes an increasingly attractive place to conduct a protest.
For example, taking down important websites and denying access to
legitimate business use of those sites gets a lot more attention.
 A hacktivist uses the same tools and techniques as a hacker, but does
so in order to disrupt services and bring attention to a political or
social cause.
 Eg. Hactivism: Anonymous Malaysia wants
PM Najib Razak to resign, threatens cyber attack
on Aug 29, 2015

Anonymous Malaysia posted an eight-minute video on its Facebook page on Aug 4, calling for the
resignation of Prime Minister Najib Razak
 Eg. Hacktivism: Malaysia Website
 Hundreds of Sites Hacked in Conflict Between Malaysia and Philippines
Hacktivists
 Anonymous Malaysia launched distributed denial-of-service (DDOS) attacks
against several Philippines government websites, Filipino hackers went on
the offensive, defacing a large number of commercial websites.
 The incident was followed by DDOS attacks being launched against at least
11 Malaysian government websites.
 The Pinoy Tech News reports that a total of around 157 websites from the
Philippines and around 170 from Malaysia were impacted during this cyber
battle.
 Eg. Hacktivism: Malaysia Government Website

 Dell.com.my, Malaysia.gov.my and many other

51 Malaysia website was hacked by a group
called “Tiger – M@te, #Bangladeshi HackeR” in
the #operationMalaysia in 2013.
 The hacker identified himself as Tiger-M@te
who claimed to be a Bangladeshi.
 The provocative message left was "Hello
Malaysia, you think you are more advanced
than us? Respect our workers, we will respect
you! Running it since 2007".
 Eg. Hactivism: Malaysia ATM Machine
 Local banks whose automated teller machines (ATM) were
hacked by a Latin American gang with the lost of RM 3
Million.
 NuSource Financial Inc, a US manufacturer of the NCR
5587 ATM, had informed that their machines were
vulnerable to hacking via the “Backdoor.Padpin”
“ulssm.exe” malware.
 The “NCR 5877” model is an old machine and has not been
updated for over five years. It does not have an exterior
alarm system on its upper panel, allowing the thieves to open
it up to gain access.”
 Example of bank is Affin Bank, Al-Rajhi Bank and Bank
Islam
 EXAMPLE OF HACKING TECHNIQUE
1. DDoS Attack – Distributed Denial Of Service Attack
2. SQL Injection
3. Cross Site Scripting Attack (XSS)
4. Broken Authentication and Session Management Attacks.
5. Phishing
6. Social Engineering Attacks
7. Packet sniffing
8. Trojan horse programs
9. Bruteforce Attack
 HOW TO CATCH A HACKER?
 Requires law enforcement to recognize and respond to numerous hacking attacks.
 Computer forensics tools may include:
 Undercover agents

 Honey pots (sting operations in cyberspace),

 Archives of online message boards,

 Tools for recovering deleted or coded information.

 Computer forensics agencies and services in Malaysia include:

 Cyber Security Malaysia under MOSTI

 MyCert (Malaysia Computer Emergency Response Team)

 Malaysian Communication And Multimedia Commission (MCMC)

 Private companies specializing in recovering deleted files and e-mail, tracking

hackers via Web site and telephone logs
Fraud and Identity
Theft
 Definition

Biometrics

Identity
Theft and
Techniques Credit Card
Fraud

Preventing
methods
Responses
 DEFINITION
Identity theft - various crime in which criminal use the identity
of an unknowing, innocent person
 Use credit/debit card numbers, personal information, and
social security numbers
 18-29 year-olds are the most common victims because they
use the Web most and are unaware of risks
 E-commerce has made it easier to steal and use card numbers
without having the physical card
 TECHNIQUES
 There are several techniques used to steal personal and financial
information.
 Requests for personal and financial information disguised as legitimate
business communication
 Phishing – E-mail
 Smishing – Text messaging
 Vishing – Voice Phishing
 Pharming – false Web sites that fish for personal and financial information
by planting false URLs in Domain Name Servers
 Online resumé and job hunting sites may reveal SSNs, work history, birth
dates and other information that can be used in identity theft
 G
HIN
HIS
P

SMISHING

VISHING
PHARMING
 Responses To Identity Theft …

• Authentication of email and Web sites

• Use of encryption to securely store data, so it is useless if stolen
• Authenticating customers to prevent use of stolen numbers, may
trade convenience for security
• In the event information is stolen, a fraud alert can flag your credit
report; some businesses will cover the cost of a credit report if your
information has been stolen
 Cont…
 Authenticating customers and preventing use of stolen
numbers
 Activation for new credit cards

 Retailers do not print the full card number and expiration

date on receipts
 Software detects unusual spending activities and will
prompt retailers to ask for identifying information
 Services, like PayPal, act as third party allowing a
customer to make a purchase without revealing their
credit card information to a stranger
 Type of Sinister Programs In Cyber Crime
 Worm
 Does not destroy files

 Designed to copy and send itself

 Brings computers down by clogging memory

 Trojan horse
 Does not copy itself

 Often remains hidden to the user

 Logic bombs and time bombs

 Variations of Trojan horse

 Do not disrupt computer function until triggering event/operation

 RECOMMENDED SAFEGUARDS
 Implement a security plan to prevent break-ins
 Have a plan if break-ins do occur
 Make backups!
 Only allow access to key employees
 Change passwords frequently
 Keep stored information secure
 Use antivirus software
 Use biometrics for access to computing resources
 Hire trustworthy employees
 COMPUTER SECURITY
 Encryption – The process of encoding messages before they enter the network or
airwaves, then decoding them at the receiving end of the transfer
 Internet Security
 Firewall – hardware and software designed to keep unauthorized users out of network
systems
 Virus prevention
 Install antivirus software
 Make backups
 Avoid unknown sources of shareware
 Delete e-mails from unknown sources
 BIOMETRICS
 Biological characteristics unique to an individual
 No external item (card, keys, etc.) to be stolen
 Used in areas where security needs to be high, such as identifying airport
personnel
 Biometrics can be fooled, but more difficult to do so, especially as more
sophisticated systems are developed
Scam and Digital
Forgery
 SCAM AND FORGERY
 Four areas of online crime:
 Auction Fraud
 Click Fraud
 Stock Fraud
 Digital Fraud
 AUCTION FRAUD
 Selling and buying goods online has become popular
 Online auction sites are one of the top sources of fraud complaints
 Problems:
 sellers don’t send the goods,
 sellers send inferior goods,
 price is driven up by shill bidding, and
 illegal goods sold.
 Solutions:
 educate customers to be cautious,
 read seller “reviews,”
 use third-party escrow, and
 more…
CLICK FRAUD
 repeated clicking on an ad to either increase a site’s revenue or
to use up a competitor's advertising budget
STOCK FRAUD
 most common method is to buy a stock low, send out e-mails
urging others to buy, and then sell when the price goes up,
usually only for a short time
 DIGITAL FORGERY
 Imitating pictures, documents, signatures, etc for a fraudulent
purpose or a copy made for fraudulent purpose.
 Cheap high tech and increased ease of forgery and counterfeiting
threatens the security of financial institutions and U.S. currency.

 There are 3 issues

 Photographic Evidence
 Naked Children and
 Dead Celebrities
 Photographic Evidence
 Many cameras now record digital images, they do not
used film. This will ease the process of changing the
picture.
 Photographs are used as evidence in legal proceedings.
(Eg: crime scene photos) it should be trusted and reliable.
 News organization (newspaper, TV news program,
magazines and online new services) should not modify
photographs because news organization and individual
publishers are working out their policies.
 Naked Children
Pornographer used computer graphic to alter the image of
the faces and bodies of children, so they appear to be
engaged in explicit sexual acts ever though the original
images depicted completely unrelated activity.
 Dead Celebrities
 Brought back to life by computer to perform in ways
they never did in real life and perhaps never would have.
 Departed celebrities have began to rise the grave for
extended encores
 Eg: KRU sing along with P Ramlee in the music video
“Getaran Jiwa”
 CAUSES AND DEFENCE OF FORGERY
 Forgery
 Some Causes
 new technologies (copiers, scanners and high quality printers) are used to
create fake checks, passports, visas, birth certificates, etc., with little skill and
investment
 Powerful computers and digital manipulation software.
 Some Defenses
 Educate consumers and employees.
 Use anti-counterfeiting techniques during production.
 Use counterfeit detection methods.
 Create legal and procedural incentives to improve security.
Search and Seizure
of Computer
 SEARCH AND SEIZURE OF COMPUTERS
 Requires a warrant to search and seize a computer
 Court rulings inconclusive about whether information found on
computers, but not covered by a warrant, is considered in ‘plain
view’
 Automated searches
 Can monitor constantly and less likely to miss suspicious activity
 Can be programmed to only look for what is covered in a warrant
Analytical Tools in
Cyber Crime
ANALYTICAL TOOLS FOR CYBER CRIME
 Fraud Analytical Tool
 Detect fraud early
 Identify the right claims to focus on
 Automate time-consuming processes
 Streamline workflow
 Quickly identify suspicious participants or patterns in claims.
 Hacking Analytical Tool
 Sense and detect suspicious/doubtful applications which are able to leak private information
/ financial settlement / company’s secret.
 ANALYTICAL TOOLS IN CYBER CRIME
 Fraud detection tools:
 Fraud.net Guardian
 Splunk – for e-commerce purposes - protect customers and reputation, and avoid fraud-related costs
 FICO – Fraud Management System
 Fractals - Class-leading integrated, intelligent fraud detection and prevention framework for payment
card issuers and acquirers.
 Hack detection tools
 NetPatrol
 sXe Injected
 SMS – smishing hacking detector
Emergence of Cyber
Law in Malaysia
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

1. DIGITAL SIGNATURE ACT 1997

AKTA TANDATANGAN DIGITAL 1997

 Date came into effect : 1st October 1998

 It is an Act to make provision for, and to regulate the use of digital signatures
and to provide for matters connected with it.
It describes the followings:
1. the format of one’s process of getting a certification,
2. the requirements to acquire such certificate,
3. the duties of certification authorities and subscribers,
4. the effect of digital signature
5. the prohibition of the act and penalty for offending corporate bodies.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

2. COPYRIGHT (AMENDMENT) ACT 1997

AKTA HAK CIPTA (PINDAAN) 1997

 Date of amendment came into effect: 1st April 1999

 It amends Copyright Act of 1987 (and Copyright Act of 1969).

 It covers the transmission of copyrighted materials over the Internet.
 It also explain that any circumvention via any technological measures aimed at
restricting access to copyright works is an infringement of copyright.
 These changes are aimed at giving adequate protection of Intellectual Property
rights for the companies involved in ICTs and multimedia creation.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

3. COMPUTER CRIMES ACT 1997

AKTA JENAYAH KOMPUTER 1997

 Date came into effect: 1st June 2000

 It outlines the offences in the misuses of computers.

 It covers
1. The process in dealing with unauthorized access to computer,
2. The use of computer with intention of committing other offences
3. Unauthorized modification of computer contents
4. It also explain the ways for enforcing the Act by the government
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

4. COMMUNICATIONS AND MULTIMEDIA ACT 1998

AKTA KOMUNIKASI DAN MULTIMEDIA 1998

 Date came into effect: 1st April 1999

 It provides a regulation framework to cater for the convergence of the

telecommunication, broadcasting and computing industries.
 The Act aim is to make Malaysia a major global centre for communication and
multimedia content and services.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

5. MALAYSIAN COMMUNICATIONS AND MULTIMEDIA

COMMISSION ACT 1998
AKTA SURUHANJAYA KOMUNIKASI DAN MULTIMEDIA MALAYSIA 1998

 Date came into effect: 1st November 1998

 It provide the framework of self-regulation by various ICT industries including

multimedia content industries.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

6. PAYMENT SYSTEMS ACT 2003 

AKTA SISTEM PEMBAYARAN 2003

 Date came into effect: 1st November 2003

 It cover the payments system and issuer of designated payment instruments

(DPIs).
 It contains provisions that gives Bank Negara Malaysia (BNM) to perform its
roles on any online transaction.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

7. ELECTRONIC COMMERCE ACT 2006 

AKTA PERDAGANGAN ELEKTRIK 2006

 Date came into effect: 19th October 2006

 This act give legal recognition of transaction done in electronic ways.

 It also define the legal requirements that need to be fulfilled for using electronic
transactions.
 It allow the use of electrical instruments to do transaction.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

8. ELECTRONIC GOVERNMENT ACTIVITIES ACT 2007 

AKTA AKTIVITI KERAJAAN ELEKTRONIK 2007

 Date came into effect: 1st January 2008

 It is an Act to provide legal recognition of electronic messages in dealing

between the Government and the public, the use of the electronic messages to
fulfill legal requirements and to enable and facilitate the dealings through the
use of electronic means and other matters connected with it.
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

9. PERSONAL DATA PROTECTION ACT 2010

AKTA PERLINDUNGAN DATA PERIBADI 2010

 Date came into effect: 1st January 2013

 It is an Act to regulate the processing of personal data in commercial

transactions and to provide for any matter connected therewith and incidental
thereto.
 However, this will not be applicable to the government both federal or states
and data processed outside of Malaysia (other countries).
 6.6 EMERGENCE OF CYBER LAW IN MALAYSIA

10.SEDITION ACT 1948

AKTA HASUTAN 1948
 Date came into effect: 19 July 1948

 While, it is not explicitly an ‘cyber’ related act. It still limits the communication of the public,
including written online communication.
 The public need to be aware of a penalty of RM500,000 if persecuted.
 It limits on regard of the public ‘sedition tendency’, which includes any speeches that are :
 “to bring into hatred or contempt or to excite disaffection against any Ruler or against any
Government.”
 “to promote feeling of ill will and hostility between different races or classes of the
population of Malaysia.”
 “to bring into hatred or contempt or excite disaffection against the administration of justice
in Malaysia or in any State.”
THANK YOU
 Prepared By:
 Zuhri Arafah Binti Zulkifli
 UiTM Kampus Jasin