Question :
a) Andrew is a computer science attached with Microhard Corporation in Cyberjaya as a practical trainee. One day he managed to crack the company's information system but did not do anything afterwards. The following day he also managed to intrude into Microhard Corporation's website system and then posted his picture on the front page of the website and left his mobile number below his picture, hoping that someone will call him and make friends. Subsequently his phone rang, but unfortunately it was his training manager who called and later warned him that actions will be taken. Upon investigations, it was also revealed that Andrew had previously leaked the company's system access code to his friend at University, to whom he also sent emails telling bad things about his manager. Advise Microhard Corporation on various potential liabilitites of Andrew from the above incident, with reference to various cybercrime laws applicable in Malaysia.
Answer :
a) Issue 1 :
- Andrew cracked company's information system but did not do anything afterwards.
- Cracking a computer system can be defined as hacking a computer system or legally defined as accessing a computer system without authority.
-
Computer Crimes Act, Section 3(1): A person shall be
guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b)
the access he intends to secure is unauthorized; and (c) he knows at the time when he causes the computer to perform the function that that is the case.
By virtue of this provision, the following acts are prohibited:
a.
Unauthorized access to computer, computer system and computer network;
b.
Recreational hacking;
c. Computer cracking to explore loopholes in the system;
d. System intrusion;
e. System and e-mail spoofing
The person guilty under this section is
liable to a maximum RM 50,000.00 fine or to 5 years imprisonment or to both. [taken from the article "Computer Crimes in Malaysia" by Sonny Zulhuda]
Issue 2 :- Andrew intrude company's website system and posted his picture and mobile number on the front page of the website.
- CCA Section 3(1):
By virtue of this provision, the following acts are prohibited:
a.
Unauthorized access to computer, computer system and computer network;d. System intrusion
Liable to a maximum
RM 50,000.00 fine or to 5 years imprisonment or to both. [ "Computer Crimes in Malaysia" by Sonny Zulhuda]- Computer Crimes Act, Section 5(1): A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modification of the contents of any computer.
By virtue of this provision, the following acts are punishable offences:
a.
Unauthorized alteration, amendment and modification of data;
b. System intrusion and sabotage;
c. Website defacing;
d. System and website destruction;
e. Spreading virus that will cause data alteration or system destruction
The
offences under this section are
punishable with a maximum RM 100,000.00 fine or to 7 years imprisonment or to both. However, if the act is done with further intention of causing injury, it can be punished up to RM 150,000.00 fine or 10 years imprisonment or both.
[ "Computer Crimes in Malaysia" by Sonny Zulhuda]Issue 3 :
- Andrew leaked company's system access code to his friend.
-
Computer Crimes Act, Section 6(1): A person shall be
guilty of an offence
if he communicates directly or indirectly a number, code, password or other means of access to a computer to any person other than a person to whom he is duly authorized to communicate.- This type of offence is
punishable by a maximum RM 25,000.00 fine or a 3 years imprisonment or both. [ "Computer Crimes in Malaysia" by Sonny Zulhuda]
Issue 4 :- Andrew sent emails to his friend telling bad things about his manager.- Communication and Multimedia Act, Section 211(1) stipulates that no content applications service provider, or other person using a content application service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.By virtue of this provision, among other things, the
Internet application and
service providers as well as
end users are
prohibited from providing and distributing offensive contents through the computer system. This
includes prohibition of offensive emails and offensive web pages from being published. It also makes the following actions as offences:
a. Online harassment through email or websites or other Internet content;
b.
Hatred and abusive content;
c.
False rumor spreading;
d. Indecent and/or obscene materials;
e. Threat Email
- The punishment for such an offence is a
fine at maximum RM 50,000.00 or imprisonment of maximum one year or both. The provision also prescribes
additional fines or jail term if the offence is continuing. [ "Computer Crimes in Malaysia" by Sonny Zulhuda]
