Cyber Crime: Protect Your Privacy!

Here is something that was published on Women’s Health online magazine:

A woman was having lunch with a friend and she took a snapshot of what she was having and posted it up on Twitter. (Doesn’t this sound like what we do now everyday?) A completed stranger tweeted her back, having found her public Twitter feed and tracked her down to the area she was having lunch at that time.

We see many people, if not ourselves, do this with their smart phones, taking pictures of food or with friends having a meal somewhere and posting them up on Facebook, Twitter, Instagram, FourSquare or some other social networks. Fortunately for that woman, the stranger was security engineer from a watchdog website called ICanStalkU.com that alerts Twitter users of the dangers of geotags. Geotags are GPS coordinates which are used in smart phones with the purpose of embedding the tags to the photographs automatically. With that, anyone can locate where you are when you share a photograph online publicly or update your status in your Facebook or any other social networks.

This is no paranoia as there can be more people tracking or stalking you than you think. Information is king and key to the extent of what a person can do. Just like in the case of a hacker who stole tens of thousands of credit card details and posted the numbers on CD Universe offering to provide further details for merely $1 per card (source: NBCNews.com).

Hence, the ball is first in your court to protect your personal information and privacy. The Privacy Awareness Week (an annual awareness campaign initiated by the Asia Pacific Privacy Authorities) in 2011 and 2012 focused on the theme Privacy: It’s All About You, in the race to create awareness on issues such as privacy protection and protection of personal information in the online environment.

A ten step guide was launched by the OAIC (Office of the Australian Information Commissioner) during the campaign, out of which everyone should take note of some of the steps:

• Always read privacy policies and notices and go through the settings when you create a new online account 
• Only give out personal information that you need to, do not provide more information than necessary 
• Ask for access to your personal information when you provide them to an organization and find out what that information is used for 
• Take steps to protect your online privacy such as installing and updating trusted anti-virus, anti-spyware, firewall protection, other security tools, deleting cookies and temporary internet files or clearing your cache, use trusted websites for banking and payments, and run through the account/profile/privacy settings to choose the settings that you want.

For more information on protecting your privacy on Facebook, please click here.

Sources: Privacy Awareness Week 2011; Privacy Awareness Week 2012; Kate Ashford, 20 December 2010, Online Privacy Predators, WomensHealthMag.com

Cybercrime and the protection of children against sexual exploitation and abuse

While local rules and regulation are inadequate to cover any ascertainment or accident happened. Following the reference of Human Rights and Rule of Law from Council of Europe to be your reference as Commonwealth country.

Fostering children’s trust and confidence in the Internet coupled with the protection of their dignity, security and privacy is a priority for the Council of Europe.  The Internet is a space of freedom to express and communicate, to search for information and to learn, to work and to play. Access to the Internet thus offers great potential for children to exercise and enjoy their rights and values through the Internet.

At the same time, threats such as cybercrime and the sexual exploitation and abuse of children through information and communication technologies pose particular challenges. 

Council of Europe standards related to the protection of children and the promotion of their rights include numerous treaties and recommendations, in particular the: 

• Convention for the Protection of Human Rights and Fundamental Freedoms (CETS 005)
• European Social Charter (CETS 035)
• European Convention on the Adoption of Children (CETS 202 as revised)
• European Convention for the Prevention of Torture and Inhuman or Degrading Treatment or Punishment (CETS 126)
• European Convention on the Exercise of Children's Rights (CETS 160)
• Convention on Cybercrime (CETS 185)
• Council of Europe Convention on Action against Trafficking in Human Beings (CETS 197)
• Council of Europe Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse (CETS 201)
• Recommendation Rec(2006)12 of the Committee of Ministers to member states on empowering children in the new information and communications environment
• Declaration on protecting the dignity, security and privacy of children on the Internet, adopted by the Committee of Ministers on 20 February 2008
• Recommendation CM/Rec(2009)5 of the Committee of Ministers to member states on measures to protect children against harmful content and behaviour and to promote their active participation in the new information and communications environment, adopted on 8 July 2009.

(Note: above sources redirect from Council of Europe, Human Rights and Rule of Law , http://www.coe.int)

Cyber Bullying: Are the laws curbing cyber bullies?

The Star Online published several articles in 2012 on the controversial amendment of Section 114(a) of the Evidence Act which shoved the burden, responsibility and ownership of any offending postings on the internet to the account owner. Section 114(a) of the act includes:

• If your name, photograph or pseudonym appears on any publication depicting yourself as the author, you are deemed to have published the content; 
• If a posting comes from your Internet or phone account, you are deemed to be the publisher unless the contrary is proved.

Logically speaking, of course all internet users should bear the responsibility of what messages or pictures they post on the internet under their account. This is to “educate” internet users to be responsible about what they write about, publicly and socially, so as not to offend or harass anyone. Well, it seems this could also be a way to curb dissent. But, what about curbing cyber bullies? What would happen to the innocent victims being framed for offending messages, pictures or postings they never actually posted on their own? It’s no surprise to anyone that teenagers hack into friends’ accounts nowadays just for fun. It is so common today for one’s accounts to be hacked; therefore, it is just as easy to post malicious messages using someone else’s Facebook or Twitter.

Here are some existing cyber laws of Malaysia in hope of curbing cyber bullies:

Computer Crime Act 1997

Section 3: Unauthorized access to computer material

A person convicted of this offence will be liable to a fine of not more than RM50,000 or not more than five years imprisonment or both.

Section 4: Unauthorized access with intent to commit or facilitate commission of further offence

A person convicted of this offence will be liable to a fine of not more than RM150,000 or not more than ten years imprisonment or both.

Section 5: Unauthorized modification of the contents of any computer

A person convicted of this offence will be liable to a fine of not more than RM100,000 or not more than seven years imprisonment or both.

Communications and Multimedia Act 1998

Section 211: Prohibition on provision of offensive content

A person who provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.

Section 233: Improper use of network facilities or network service, etc.

A person who makes, creates or solicits and initiates the transmission of any comment, request suggestion or other communication which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person.

Upon conviction of any of the above offences, the person shall be liable to a fine of not more than RM50,000 or not more than one year imprisonment or both.

The Cyber Security Malaysia posted a cover story on Cyber Bully in 2004 which included a sub topic on “How to deal with online harassment”.

Here is what to do when you have been harassed, flamed or spammed online:

• Do not ever reply to spam or junk mail as this would confirm your email address and end up receiving more spam 
• Ignore all hate and flaming mails as much as possible because these criminals usually anticipate your response. 
• If these mails cause you distress or you feel your life might be threatened or in danger, please lodge a report to the nearest police station

Apart from the above, please also lodge a report to MyCert (Malaysia Computer Emergency Response Team). The website contains a Cyber999 Help Centre where internet users can report any computer crime incidents through web reporting, email, SMS, phone or fax.

Sources: ReginaLee, 27 May 2012, Cyber bullies and stalkers often get away because of lack of evidence, The Star Online; Regina Lee, 19 August 2012, Backing for Section 114, The Star Online; Edmund Ngo; 24 August 2012, Section 114A of the Evidence Act stays, The Star Online; Anita Anandarajah, 30 September 2004, Cover Story: Cyber Bully, CyberSecurity.my

Cyber Warfare: News Feed - US and China accuse each other of cyber warfare

US security experts claim a 12-story office building outside of Shanghai is the headquarters of a hacking unit in China established to attack international computer networks. Beijing has rejected the allegations, calling the reports “unreliable”.

Source: http://rt.com

Please click on each of the summary content for further details.

Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000 Indicators

Highlights of the report include:

• Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398) 
• A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries 
• APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity 
• The timeline and details of over 40 APT1 malware families 
• The timeline and details of APT1′s extensive attack infrastructure

Source: https://www.mandiant.com/

Chinese military never supports cyberattacks: defense ministry

• China's laws ban any activities disrupting cyber security, Geng Yansheng said at a briefing.  
• Chinese government always cracks down on cyber crimes, the spokesman said. 
• The spokesman further said China actually is a major victim of cyber attacks.

Source:  http://news.xinhuanet.com

China opposes hacking allegations: FM spokesman

• A FM spokesman on Tuesday said allegations of Chinese hacker attacks are groundless. 
• Hong said cybercrime is an international problem and should be solved through int'l cooperation. 
• China has been a major victim of cyber attacks and opposes all forms of such activity.

Source: http://news.xinhuanet.com

China steps up defence on hacking allegations

Chinese state media stepped up the war of words Thursday over allegations of sophisticated cyberattacks on US firms, branding the accusations a "commercial stunt" and accusing Washington of ulterior motives.

American Internet security firm Mandiant earlier this week said that a Chinese military cyberspy unit is targeting US and other foreign firms and organisations with hacking attacks.

Source: http://thestar.com.my

Please click here for: APT1 Exposing One of China’s Cyber Espionage Units Report in PDF