BRIDGING BARRIERS:

LEGAL

AND

TECHNICAL

OF

CYBERCRIME CASES

Professor
Abu
Bakar
Munir


Faculty
of
Law


University
of
Malaya,
Kuala
Lumpur


5
July
2011


Session 1 :

Outline

•



Introduction

•



Cybercrime : The Growing Global Threat

•



Know The Hackers

•



The Law in Action

•



Some Recent Developments

•



Lessons from Cyber Storm

Cybersecurity is one of

the risks that the world will

Cybercrime is not a

brave new world –

It s a bad new world

2000-2003

• Cybercrooks looked for ways to turn attention towards real computer threat

• They showed off their skills by temporarily taking down popular websites such as CNN, Yahoo and E-Bay through DOS attack

2004-2005

• By this time cyber

scammers had proved their skills and it was time to move beyond doing damage and make real money

• Use softwatre to get access to computer and steal passwords and credit cards information

• Cybercriminals also spread viruses

2006-2008

• With a growing amonut of money at stake,

cybercriminals began organising into gangs

• Became more discreet in their methods, while still showing off their techs savvy

2009-2010

• Social networking sites started to take off, cybercrooks realised they could get their hands on a wealth of personal information if they played the game right

• With users posting huge amounts of information, all cybercrooks had to do was virtually interact with usese to gain access to their information

What’s

Next?

• Continuation of social-networking scams and tricks

• Phishing

• Mobile devices and application present great opportunity for

NOT slowing down

•



Internet penetration is increasing

•



Social Networking Sites are extremely popular

•



Domain Names are increasing

•



Mobile Devices and applications are increasing

•



Cybercriminals are quickly developing new

techniques

We are not afraid of the

threat because we are

prepared

_…

with the

layers and shields

created by government

technical experts, it was

not easy to hack

government portals

Their perceptions

•



Always yield the hands-on imperative

– access to computers

and anything else which might teach you about the way the world

works should be unlimited and total

•



All information should be free

•



Mistrust Authority

•



Hackers should be judged by their hacking,

not criteria such as

degrees, age, race or position

•



You can create art and beauty on a computer

Hacking subculture as a social movement

•



Minimal organization

– the hacking culture has a

significant membership of followers and its share

of leaders

•



Uninstitutionalised collectivity –

always been

considered as an out group

•



Proposes or opposes change

•



Counted by an established order

•



Significantly large in scope

They are smart; they ingenious; they

are creative; and I can tell you that on

one level, they are people you would

enjoy hanging out with.

Why Difficult to Get Them?

In the Hackers Words

_…

And at this point, many people assume we would then

proceed to copy everything we find and then thrash the

system

_…

It makes no sense. We thirst for knowledge

and information, and then you can possibly thing that we

can destroy that which is sacred to us? To take away

A hacker said,

…

and whatever you do continue the fight.

Whether you know it or not, if you are a hacker,

you are a revolution crash.

Another hacker said,

No.

Case

Court/Date

Offence

Offender

Outcome

1. R v. Zachary Woodham

Crown Court/ 13 May 2011

Unauthorized Modification

Teenager Guilty Plea 2. R v Paul Mc Loughlin Crown Court/

13 May 2011

Making, supplying or obtaining articles for use in

offence

Student Guilty Plea

3. R v. Ashley Mitchell Crown Court/ 3 Feb 2011

Unauthorized Access

Poker Guilty Plea 4. R v. Matthew

Anderson

Crown Court/ 22 Oct 2010

Unauthorized Modification

Manager and Virus Writer

Guilty Plea 5. R v. Dale Trever Crown Court/

16 Sept 2010

Unauthorized Access

Manager Guilty Plea

6 R v. Balvinder Basran Magistrates Court/ 9 Sept

2010

Unauthorized Access

Police Officer Guilty Plea

7 R v. Robert Campbell Crown Court/ 8 Jun 2010

Unauthorized Access

8. R v. Susan Holmes Magistrates Court/15 Feb

2008

Unauthorized Access

Ex employee Guilty Plea

9. R v. Mark Hopkins Magistrates Court/9 Aug

2007

Unauthorized Access

Managing Director and Website Designer

Guilty Plea

10. R v. Scott Gelsthorpe and Jeremy Young

Crown Court/ 27 Jun 2007

Unauthorized Modification and Conspiracy

Police Officer Guilty Plea

11. R v. Matthew Byrne Crown Court/

Hacker Guilty Plea

12. R v. David Lennon Youth Court/ 23 Aug 2006

Unauthorized Modification

Teenager Guilty Plea 13. R v. Daniel Cuthbert Magistrates

Court / 7 Oct 2005

Unauthorized Modification

IT Security Consultant

Found Guilty

14. R v. Joseph Mc Elroy Crown Court/ 3

15. R v. Aaron Caffrey Crown Court/ 17 Oct 2003

Unauthorized Modification/ DDoS

Attack

Teenager Acquitted

16. R v. Simon Vallore Crown Court/ 21Jan 2003

Unauthorized Modification

Web Designer Guilty Plea

17. R v. Stephen Carey Crown Court/

Found Guilty

18. Yarimaka v. Governor of HM

Prison Brixton

Queen Bench Division/ 20 Mar

2002

Unauthorized Modification

Foreigner Habeas Corpus denied 19. R v. Raphael Gray Crown Court/

6 Jul 2001

Unauthorized Modification

Teenage hacker Guilty Plea

20. R v. Paul Maxwell King

Court of Appeal/ 24Nov 2000

Unauthorized Modification

Unknown Guilty Plea

21. R v. William Culbert Crown Court/ No date

Unauthorized Access/ Unauthorized

Modification

22 Morgans v. Director of Public

Prosecutions

House of Lords/ 17 Feb 2000

Unauthorized Access Unknown Conviction Quashed 23. R v. Michelle Begley Magistrates

Court/ No date

Unauthorized Access/ Harassment

Police Officer Found Guilty

24. R v. Ian Morris and Richard Airlie

Crown Court/ No date

Unauthorized Access IT Supplier Found Guilty

25. R v. Matthew Bevan Magistrates Court/ 21 Nov

1997

Unauthorized Access/ Unauthorized

Modification

Teenage hacker Acquitted

26. R v. Simon Regan, Julian Taylor

Magistrates Court/ no date

Unauthorized Access Engineer Found Guilty

27. R v. Moody Crown Court / No date

Unauthorized Modification

Ex Employee Found Guilty

28. DPP v. Bignall & Anor

Queens Bench/ 6 Jun 1997

29 R v. Pryce Magistrates Court/ 21Mar 1997

Unauthorized Access/ Unauthorized

Modification

Teenage Hacker Guilty Plea

30. R v.Feltis Crown Court/

Found Guilty

31 R v. Spielmann Magistrates Court / No date

Unauthorized Access Ex Employee Found Guilty

32 R v. Rymer Crown Court/ no date

Unauthorized Modification

Male Nurse Found Guilty 33 R v. Alfred

Progarammer Acquitted 35 R v. Elaine Borg Court not

known/ no date

Unauthorized Access with intent to commit

further Offence

Computer Operator

Cont

_…

Ex Employee Acquitted

38. R v. Ross Pearlstone Magistrates Court / No date

Unauthorized Access

Ex Employee Found Guilty

39. R v. Bernnett Court not known/ no date

Unauthorized Access

US Current Thinking

Preemptive cyber strike?

Pentagon is contemplating an

aggressive approach to

defending its computer systems

that includes preemptive actions/

preemptive strikes.

We have to have offensive

capabilities, to, in real time, shoot

down somebody trying to attack

us.

 

General Keith Alexander 

Pentagon Cyber Command 

•



Inter agency coordination

•



Contingency Planning, risks assessment and roles and

responsibilities

•



Correlation of multiple incidents between public and private

sectors

•



Training and exercise programmes

•



Coordination between entities

•



Common framework for response and information access

•



Strategic communications and public relations plans

•



Consider reviewing the law and practice

•



Seriously consider to ratify the Council of Europe

Convention on Cybercrime

•



Target the underground cybercrime economy

•



Target the botherders

•



Tackle botnets through disruption

abmunir@um.edu.my