Assoc Prof Dr.

Manique Cooray
Faculty of Law, MMU

Tutorial 3

(Week 4)

Question 1

Lim is an employee of “Bank XX”, a well-known overseas bank located in Malaysia with several
branches in the country. He was assigned to the credit section of the Bank’s office in Kuala Lumpur as
a systems analyst.

In his daily work, it was possible for him to access all customers’ accounts. However, he was only to
access those accounts that were assigned to him. Despite this ruling, he accessed various other
accounts and files. After having gained entry to those accounts, he communicated the information
contained, as well as how to access them in the future by sharing the passwords, with Ben, who was
not employed by Bank XX. In fact, Ben is a Malaysian citizen working and living in Thailand. Ben used
the information given to him to encode other credit cards in Bank XX and supply Personal Identification
Number (PIN) which could then be used to obtain large sums of money from automatic teller machines
in Thailand and Malaysia.

To cover his tracks on the computer Lim deleted some of the logs in the computer network belonging
to Bank XX. Despite this attempt the computer records in Bank XX indicated that he accessed 289
accounts that did not fall within the scope of his duties. Using the confidential information obtained,
Lim and Ben defrauded Bank XX of approximately RM1,000,000. Ben was arrested in Thailand with
forged credit cards in his possession and was photographed using one such card to transfer money
from an Automatic Teller Machine in Thailand to Lim’s account in Malaysia.

a) Advise Bank XX as to the possible charges, if any, against Lim under the relevant statutory
provisions in Malaysia. Support your answer with relevant case law.

(15 marks)

b) The Government of Malaysia wishes to bring an action against Ben. Does the current legislative
framework in Malaysia allow for such a charge to be brought against him?

(10 marks)

(Total: 25 marks)

(Past Year Exam Question)

Continued …
Question 2

On 3 March 2020, Alex launched a Denial of Service (“DOS”) attack on the Multimedia University
website. One of the system administrators at the website discovered that there were a large number
of requests from a particular Internet Provider (IP) address.

The overwhelming requests from this IP address caused the site to be unresponsive. The administrator
blocked the address, and normal service resumed. However, after the block was put in place, the attack
migrated to other sites. On 23 March 2020, Alex sent to the University an e-mail signed SL1NK which
said: "You Just Don’t Learn!”. On 3 December 2020 he sent it a further e-mail which read: “I have
warned you once and I am going to do it again that I have access to your SQL users and password
database, they are encrypted as you obviously know but it won’t take long and by the time you have
read this message I will have sold the two databases and what is needed to have been done will have
been done.” On 10 December 2020 Alex made an anonymous telephone call to Mr. David from
Multimedia University. He told Mr. David that all of his personal and financial information was available
on the Internet as a result of a Trojan which had been placed on his computer. Mr. David immediately
tried to log on to his bank account with his original password. It did not work. Mr. David had to cancel
his bank cards and order replacements. Later, Mr. David also noticed that some illegal transactions has
been done without his permission. He lodged a complaint with the police.

On 2nd January 2021, Alex launched a further DOS attack on the MMU website between 0221 hours
and 1540 hours. He used a program called CyberGhost. This disrupted the University’s business and
may have resulted in damage to its reputation. It was detected as the requests forming the attack
contained the same data string contained in the previous attack.

On 4 January 2021 police executed a warrant and searched Alex’s home. He was arrested and told that
his computers would be seized. Alex said the files were all encrypted and refused to provide passwords.

You have been appointed as his lawyer. You are required to classify the offences Alex has committed
and to advise him of the penalties stated in the law.

(Total: 25 marks)

(Past Year Exam Question)