Cyberlaw (Trimester 2510)

Tutorial 2: Week 3

Question 1

Mr. Y is 37 years old and was the Managing Director of a company called
“du Lexbuild International Sdn Bhd” (“du Lexbuild”), a company that was
commissioned to produce materials for the Armed Forces. In early 2007,
the Ministry of Defence invited tenders from various contractors, including
du Lexbuild, to tender for a contract to build the Armed Forces Storage
Container System. Prior to the invitation to tender, Mr. Y and his colleague,
Mr. X met the project manager in charge of the Armed Forces Storage
Container System. That meeting took place in the lobby in the Ministry of
Defence. The project manager left his laptop computer when he went to
answer a telephone call. Mr. Y took the opportunity and looked at the
laptop screen. He recognised a file name displayed on the screen and
realised that it might have information useful to him. He inserted his
thumb-drive into the laptop and copied the file into the thumb drive by
the “drag-and-drop” method. Once the meeting was over, he studied the
information that he has obtained and compiled the program codes of this
exploit into a program which he executed on the Ministry of Defence
network. The execution of the program caused the Ministry of Defence
network to process and grant access request to Mr. Y, allowing him to
secure access to further computer files contained the Ministry of Defence.
He was even able to get personal details of some of the officers and their
personal details including bank details.

He mentioned this to Mr. X and shared some of the access codes to the
Ministry of Defence network with him. Both planned a very detailed
“attack” to secure financial benefits from some of the Armed Officers in
the future.

Advise Mr. X and Mr. Y on the possible charges against them under the
Computer Crimes Act 1997.

Complete the question by looking into the other offences (other than
section 3, CCA 1997).

(Total: 25 marks)

TRIMESTER 2, 2022/2023
Issue 1: Whether Mr. Y is liable for unauthorized access under S3 of the
CCA 1997

Law:

Section 3(1) of the Computer Crimes Act 1997 states that a person
commits an offence if he causes a computer to perform any function with
intent to secure unauthorized access to any program or data held in any
computer. Section 3(3) provides that on conviction, the person shall be
liable to a fine not exceeding RM50,000 or imprisonment for a term not
exceeding five years, or both.
Section 2(5) defines unauthorized access as access where the person is
not entitled to control access to the data or program and does not have
the consent from the person entitled.

Application:

Mr. Y accessed the Ministry of Defence (MOD) project manager’s laptop

without permission while the official was away. He inserted a thumb drive
and copied files using the drag-and-drop method. Later, he used this data
to gain further access to the MOD network. Mr. Y was clearly not
authorized to access either the initial file or the broader network, and he
clearly had the intention to gain access for his own advantage. He also
had knowledge that the access was unauthorized.

Conclusion:

Mr. Y is liable under Section 3 of the Computer Crimes Act 1997.

Issue 2: Whether Mr. Y and Mr. X are liable under S4 of the CCA 1997 for
commit fraud and dishonesty.

Law:

Section 4(1)(a) of the CCA 1997 states that a person is guilty of an

offence if he commits an offence under Section 3 with intent to commit an
offence involving fraud, dishonesty, or injury. Section 4(3) increases the
penalty to a fine not exceeding RM150,000 or imprisonment not
exceeding ten years.
“Dishonestly” is defined in Section 24 of the Penal Code as doing
something with the intention of causing wrongful gain or wrongful loss.
Section 23 defines “wrongful loss” as loss by unlawful means.

Application:

Mr. Y gained unauthorized access to MOD files and used the information to
compile and execute a program that allowed further infiltration into
sensitive systems. He even obtained personal data, including bank details
of armed officers. The sharing of this data with Mr. X and their plan to use
it for future financial gain clearly indicates dishonest intention. Their
actions meet the requirement of intent to commit fraud or
dishonesty, as contemplated in Section 4.

Conclusion:

Both Mr. Y and Mr. X are liable under Section 4(3) of the CCA 1997 for
dishonest access and use of data with intent to commit financial fraud.

Issue 3: Whether Mr. Y is liable for unauthorized modification under S5(1)

of the CCA 1997.

Law:

Section 5(1) states that a person commits an offence if he does any act
that causes unauthorized modification of the contents of any computer.
Section 5(4) provides for penalties including a fine up to RM100,000 or
imprisonment for ten years.
Under Section 2(7), modification includes introduction or addition of
programs or data. Under Section 2(8), such modification is unauthorized
if done without consent.

Application:

Mr. Y compiled program codes based on the stolen data and executed the
program on the MOD network. This program altered the normal
functioning of the network to grant him elevated access. This action
qualifies as an unauthorized modification of the system, as it altered
computer functions and was done without consent.

Conclusion:

Mr. Y is liable under Section 5(4) of the CCA 1997 for unauthorized
modification of computer systems.

Issue 4: Whether Mr. Y is liable for wrongful communication of access

codes under S6(1) of the CCA 1997

Law:

Section 6(1) states that it is an offence to communicate any number,

code, password, or access means to another person without authorization.
Section 6(2) sets the penalty as a fine not exceeding RM25,000 or
imprisonment for up to three years.
Application:

Mr. Y shared access credentials obtained through illegal means with Mr. X.
Mr. X was not authorized to receive such information. Mr. Y had
knowledge that this communication was unauthorized, fulfilling the mens
rea. The communication of access codes without consent makes this act a
direct breach of Section 6.

Conclusion:
Mr. Y is liable under Section 6(2) of the CCA 1997 for wrongful
communication of access credentials.
Question 2

With reference to five specific examples explain what is meant by

“Computer Crimes.”

(10 marks)

Computer crimes, also known as cybercrimes, refer to illegal activities

committed using or targeting a computer or computer network. These
crimes have rapidly evolved alongside technology, creating new
challenges for law enforcement and legal systems. The following are five
specific examples of computer crimes, each demonstrating how digital
tools can be exploited to commit offenses.

The first example is phishing, which involves cybercriminals

impersonating trusted entities to deceive victims into revealing sensitive
information such as passwords or banking details. Typically, attackers
send fraudulent emails or messages that appear to be from legitimate
sources, tricking users into clicking malicious links or downloading harmful
attachments. Once victims engage, attackers can freeze accounts or steal
personal data. Despite improvements in email filtering systems, many
phishing emails bypass spam detection due to their increasingly
sophisticated design.

A more advanced form of phishing is known as pharming. While phishing

relies on luring victims to fake websites via links, pharming silently
redirects users to fraudulent websites by exploiting vulnerabilities in the
domain name system (DNS) or through malicious code. The victim may
believe they are visiting a legitimate site, such as a bank’s website, when
in fact they are interacting with a counterfeit interface designed to
harvest confidential data. Pharming is often more difficult to detect
because it does not require user interaction with a suspicious link.

Another common computer crime is hacking, which refers to gaining

unauthorized access to a computer system or network. Hackers may be
motivated by various reasons, ranging from personal curiosity to political
agendas or financial gain. One notorious example is the RBS WorldPay
heist, where hackers stole over $9 million within 12 hours by breaching a
payment processing system. Similarly, Vitek Boden caused environmental
damage in Australia by hacking into a sewage system, while a more
politically charged attack involved a virus-worm designed to disrupt Iran’s
nuclear facilities. These examples highlight the severity and diverse
impact of hacking incidents.

Computer viruses are also a prominent category of computer crimes. A

virus is a self-replicating program designed to disrupt, damage, or gain
control of a computer system. Various types exist, including the resident
virus, which infects a computer's RAM and can attach to antivirus
programs, and the overwrite virus, often spread via USB drives, which
erases original files. Another variant, the browser hijacker, manipulates
web browsers to redirect users to malicious websites. Though viruses may
appear as technical nuisances, they can lead to serious data loss and
security breaches.

Finally, Distributed Denial of Service (DDoS) attacks aim to

overwhelm a server or website with excessive traffic from multiple
sources, rendering the service unavailable. These attacks are typically
executed using networks of infected computers, known as botnets, which
are controlled by hackers. By crashing the system or slowing down access,
attackers can cause significant disruption, especially to organizations
relying on online platforms for their operations.

In conclusion, computer crimes encompass a wide range of illegal

activities involving computers, from deception-based scams like phishing
and pharming to highly technical attacks such as hacking, virus
deployment, and DDoS attacks. As society continues to rely heavily on
digital technologies, understanding these cyber threats is crucial to
developing robust legal protections and cybersecurity measures.

Question 3

Name five (5) possible criminal activities commonly known as “emerging

computer crimes” in Malaysia.

(5 marks)

Cyberbullying, Pornography, Identity Theft, Online Gambling, Cyber

Extortion.