Topic 2

Computer Crimes
(part A)

Prepared by Mr. George Lee

 Pornography
and
obscenity

Online
Hacking
Gambling

EXAMPLES OF
COMPUTER
CRIMES

Online
Spoofing
defamation

Phishing
THE INTERNET : CYBERSECURITY &
CRIMES
Types of Computer Crimes

What is “Hacking”/ “Unauthorised access to computer material”?

•Hacking means gaining unauthorized access to any computer system
with or without intention to commit further offence
(David I BainBridge, Introduction to Computer Law, 4th ed.,
(England: Pearson Education, 2000)
Early Days of “Hacking”
• A creative programmer who wrote very elegant or clever programs.
• A “good hack” was an especially clever piece of code. Hackers have been
called “computer virtuous.”
• Outside the social mainstream, spending many hours learning as much as they
could about computer systems and making them to new things.
• High school and college students who “hacked” the computers at their school.
• Primarily in learning and in intellectual challenges and the thrill of going where
they did not belong.
• Most had no intention of disrupting services.
• As more computers became attached to networks, hacker activities expanded to the networks
and the work hacker often suggest breaking into computers on which the hacker did not have
legitimate access.
• Brought a sense of accomplishment. Some people use the term “cracker” for those who break
into systems without authorization to steal or cause damage. One writer describes crackers
simply as “mean spirited hackers.”
• Usually the computer hackers’ intention is to modify or erase the information or data kept in the
computer or to commit computer frauds.
• Create great trouble to online business enterprise.
• Online enterprises are required to spend millions of dollars to investigate.
• Sometime they steal credit card numbers of customers which the business companies store in
their computer database
Examples of COMPUTER CRIMES
 Computer Crimes Act 1997

Defined in s 2(1) CCA 1997.

• What is “computer”?
This definition appears to be
derivative of the definition set
out in the American legislation
on computer fraud and abuse.
S3.Unauthorized access to computer material

Section 3 of the Act provides for offences of unauthorized access to computer material. It reads:
(1) A person shall be guilty of an offence it:
(a)he causes a computer to perform any function with intent to secure access to
any program or data held in any computer;
(b) the access he intends to secure is unauthorized; and
(c) he knows at the time when he causes the computer to perform the function that that
is the case.
(2) the intent a person has to have to commit an offence under this section need not be directed
at-
(a) any particular program or data
(b) a program or data or any particular kind; or
(c) a program or data held in any particular computer.
 S3.Unauthorized access to computer
material
• The ingredients of the offence under this section may be as follow:

At the time he
causes the
computer to
perform any
Causes a computer function, it must be He has that
The access is
to perform any coupled with knowledge (mens
unauthorized
function (actus reus) intention to secure rea)
access to any
program or data in
any computer (mens
rea)
CREATIVE PURPOSE SDN BHD & ANOR v INTEGRATED TRANS
CORP SDN BHD & ORS [1997] 2 MLJ 429
• This case is about Copyright infringement of software .
• The Plaintiffs were companies engaged in the business of designing, developing and marketing
software programs.
• In around January 1991 the plaintiff made a software program called MEP3 and improved the
MEP3 program.
• So far they have four upgrades, namely MEP 3.30, MEP 3.31, MEP 3.32 and MEP 3.33 and they
were published for the sale and distribution in Malaysia.
• This particular software was never published in Singapore or any where. The main issue is
about the ownership of the program.
•The plaintiffs argue that the Defendants had infringed the copyright of
their software programs by reproducing and distributing them to the
public.
• The Plaintiffs submitted that the Defendants had hacked or modified the
programs to circumvent the ‘dongle’ which was a security feature of the
programs.
•The plaintiffs’ case is that the software programs were designed as
comprising two main modules, namely: (a) a ‘loader program’, and (b)
the ‘main program’.
•The loader is encoded with a special protection code as a deliberate
protection against unauthorized copying.
• The loader functions to start up the main program, but the main program cannot be accessed
if the special code in the loader fails to detect the presence of a particular copy protection
device.
• Between 1985 up till June 1994, the copy protection device used was the “key diskette”. In
mid 1994, the “key diskette” was replaced by a new method of protection involving the use of
a “dongle”, a hardware attachment fitted to the printer part of a computer.
• The dongle functions in the same way as the key diskette.
• Instead of detecting the presence of the key diskette, the protection code in the loader
program looks for the presence of the dongle
• The facts is :
• 1. The definition of “computer programs” in the copyright act as follows:
• “Computer Program” means an expression, in any language, code or notation, of a set of
instructions (whether with or without related information) intended to cause a device having
an information processing capability to perform a particular function either directly or after
either or both of the following:
• a) conversion to another language, code or notation;
• b) reproduction in a different material form; (s. 3)

• From the definition of the computer program, “dongle” includes a device which is a copy
protection or circumventing device for the main program. In the case the defendant infringed
the copyright in MEP 3, 3.32, 3.33 by reproducing without license or consent, these software
programs, and distributing the infringing copies to the public.
• 2. The defendants have modified these soft wares to circumvent the dongle.
• 3. The defendants deny that the creator of the software the plaintiffs.
• 4.. The also deny that the plaintiffs has published it first in Malaysia.

• It was held by the High Court, Kuala Lumpur and the judges name is Kamalanathan Ratnam
JC. Copyright protection for software program is strongly entrenched and such protection
extends to both the object and source codes. Kamalanathan J found the liability of the
defendant for the circumvention of a “dongle”, a piece of hardware that is used by the plaintiff
to secure the work from unauthorized access.

• So the judgement According to the Computer Crime Act 1997 section 3 about Unauthorized
access to computer material :
• A person guilty of an offence under this section shall on conviction be liable to a fine not
exceeding fifty thousand ringgit or to imprisonment for a term not exceeding five years or to
both.
 R v Gold and another [1988] 2 All ER 186
• The respondents, using their own microcomputers, gained entry to a computer databank by
'hacking', ie by using customer identification numbers and passwords of other persons obtained
without permission, in order to obtain information without payment and to alter data without
authority.
• When the customer identification numbers and passwords were keyed in, in the form of
electronic impulses, they were held in the computer momentarily while they were verified and
were then irretrievably expunged when the respondents were admitted to the database.
• The respondents' object was not to make an illegal gain but to demonstrate their skill as hackers.
• They were charged with and convicted of contravening s1a of the Forgery and Counterfeiting Act
1981 by making a 'false instrument' with the intention of using it to induce the databank to accept
it as genuine to the prejudice of the company operating the system.
•…
R v Gold and another [1988] 2 All ER 186

•Held – A device could not be an instrument under s 8(1)(d) of the 1981 Act by which
information was recorded or stored by electronic means unless it preserved the information for
an appreciable time with the object of subsequent retrieval or recovery.
•Since the momentary holding of the customer identification numbers and passwords while they
were verified did not amount to the recording and storage of information, the respondents had
not made an instrument within s 8(1)(d) and could not be guilty of an offence under s 1.
•The Crown's appeal would therefore be dismissed .

Note
•s8.—(1) Subject to subsection (2) below, in this Part of this Act “instrument” means … (d) any
disc, tape, sound track or other device on or in which information is recorded or stored by
mechanical, electronic or other means