A recent local newspaper report covered the use of hacking services. These will, for a fee, hack into anyone's computer account like an e-mail account, and then provide the customer with the password to access the target account. Many of the hacking services are performed by parties who are overseas.
The above is clearly a case of unauthorised access under section 3 of the Computer Misuse Act. The issue that arises is when does such activity fall under the jurisdiction of the Singapore Court. Under Section 11 of the Act, the Act applies if the computer, program or data was in Singapore at the relevant time, or the accused was in Singapore at the relevant time.
Assuming in all the cases discussed below that the hacker is overseas, let's discuss the following situations (we will refer to the owner of the hacked account as the target and the person using the services of hackers as the customer) -
a) the target is a Singaporean or resident in Singapore. However, the customer uses the password obtained from the hacking services to access this account while the customer is in Singapore. Here, the accused is in Singapore so the offence is committed under the Act;
b) the target is a Singaporean or resident in Singapore, but the customer illegally accesses the account while he is overseas. Here, a big problem arises as to where the computer, program or data is. Even if the Internet Service Provider (ISP) is a Singapore company, there is still a problem since the relevant computer servers may be overseas. So no computer, program or data is in Singapore, and no offence is commmitted under Singapore law. Where the ISP or e-mail service is a foreign one, for example, Yahoo or Google e-mail services, it is even easier to argue that all relevant acts have taken place overseas, and therefore the Singapore courts have no jurisdiction.
A suggestion - the law should be amended to provide that where the account holder is resident in Singapore (to use the language of section 11 of the Act - "where the computer, program, or data is habitually used by a person resident in Singapore"), then the offence should be considered to have been committed in Singapore. This will protect the secrets and interests of Singaporeans and other local residents.
Showing posts with label Computer crime. Show all posts
Showing posts with label Computer crime. Show all posts
Wednesday, September 23, 2009
Thursday, September 10, 2009
Former cop jailed for computer misuse
Peck Weihong, a fomer police sergeant, was jailed for misusing a police database to check on whether a criminal complaint of rape was lodged agaisnt a friend. Under the Computer Misuse Act, since he was not authorised to carry out this check, he had committed the offence of unauthorised access.
For this offence, he was jailed for 3 weeks. The court agreed with the prosecutor that a jail term was customary for such offences. Although he only committed one offence, the stiff sentence shows the court's attitude to protecting confidential government data.
An issue pointed out previously - if he had looked a paper file rather than a computer file, in similar circumstances, would he have been punished in the same way.
For this offence, he was jailed for 3 weeks. The court agreed with the prosecutor that a jail term was customary for such offences. Although he only committed one offence, the stiff sentence shows the court's attitude to protecting confidential government data.
An issue pointed out previously - if he had looked a paper file rather than a computer file, in similar circumstances, would he have been punished in the same way.
Sunday, August 23, 2009
Blogshop woman jailed
Diana Koh, a young woman aged 21 years, cheated 37 buyers using her blogshop to sell branded accessories and handbags at bargain prices.
She collected over $1,000 but never delivered at all. For this, she was recently jailed for 3 months.
Cheating schemes using blogshops have started appearing on the crime scene here. A website - www.safeblogshopper.com provides a useful service in providing information about dishonest blogshop sellers.
She collected over $1,000 but never delivered at all. For this, she was recently jailed for 3 months.
Cheating schemes using blogshops have started appearing on the crime scene here. A website - www.safeblogshopper.com provides a useful service in providing information about dishonest blogshop sellers.
Wednesday, May 27, 2009
Jail for commercial/industrial espionage
Charles Tan Chye Guan (Managing Director of a company called “du Lexbuild International Pte Ltd) is probably the first man in Singapore to be sent to jail for 3 weeks and fined $5,000, for a commercial or industrial espionage case. In this particular case, he had downloaded a confidential computer file from a notebook computer belonging to the DSTA into his thumbdrive. Defence Science and Technology Agency or DSTA is the consulting arm of the Ministry of Defence.
By doing this unauthorised downloading, the accused committed an offence under section 3(1) of the Computer Misuse Act. The key relevant words of this sub-section are
"any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer".
He pleaded guilty to the offence and was sentenced by the Subordinate Courts. He then appealed to the High Court regarding his sentence but Justice Choo Han Teck dismissed his appeal. Among the facts justifying his jail sentence when previous offenders who were former employees of Citibank were only fined, were the information related to a tender for a contract to build the SAF’s Munitions Storage Container System (“MSCS”) (in other words, an ammunition rack) and this information was "not devoid of military signifance" (to quote the judge).
It is possible that the accused could also have been charged under section 9 of the Computer Misuse Act which deals with protected computers which includes computers containing national defence information. The punishment for this could be up to 20 years jail.
One important point to note is that if the accused had seen hard copy of the relevant information and had used a handphone camera to take pictures of it, it is unlikely that he would have committed any criminal offence, although an offence under the Copyright Act might be a remote possibility.
By doing this unauthorised downloading, the accused committed an offence under section 3(1) of the Computer Misuse Act. The key relevant words of this sub-section are
"any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer".
He pleaded guilty to the offence and was sentenced by the Subordinate Courts. He then appealed to the High Court regarding his sentence but Justice Choo Han Teck dismissed his appeal. Among the facts justifying his jail sentence when previous offenders who were former employees of Citibank were only fined, were the information related to a tender for a contract to build the SAF’s Munitions Storage Container System (“MSCS”) (in other words, an ammunition rack) and this information was "not devoid of military signifance" (to quote the judge).
It is possible that the accused could also have been charged under section 9 of the Computer Misuse Act which deals with protected computers which includes computers containing national defence information. The punishment for this could be up to 20 years jail.
One important point to note is that if the accused had seen hard copy of the relevant information and had used a handphone camera to take pictures of it, it is unlikely that he would have committed any criminal offence, although an offence under the Copyright Act might be a remote possibility.
Friday, April 3, 2009
Computer crime - obstructing use of computer
Section 7 deals with obstructing the use of a computer in short. The section in full covers a person who
(a) interferes with, or interrupts or obstructs the lawful use of, a computer; or
(a) interferes with, or interrupts or obstructs the lawful use of, a computer; or
- (b) impedes or prevents access to, or impairs the usefulness or effectiveness of, any program or data stored in a computer.
Punishment includes a fine of up to $10,000 and/or jail time of up to 3 years, with enhanced punishment for repeat offenders
Where damage is caused (as defined in section 2), then jail of up to 7 years and/or a fine of up to $50,000 may be imposed.
l
Computer crime - forensics
Computer forensics refers to the use of computer contents and data for litigation (or lawsuit) purposes. There are strict rules to follow to ensure that the contents or data are not compromised as they will be used as evidence often to establish civil or criminal liability of the defendant or accused.
Various companies claim expertise in this area. I have no personal knowledge of anyone of them.
For additional information about computer forensics, I have adopted, with permission, information from Adriot Data Recovery Centre as at 1 April 2009 (http://www.adrc.com/forensic_investigation.html). The portion in blue below is taken straight from the webpage.
Various companies claim expertise in this area. I have no personal knowledge of anyone of them.
For additional information about computer forensics, I have adopted, with permission, information from Adriot Data Recovery Centre as at 1 April 2009 (http://www.adrc.com/forensic_investigation.html). The portion in blue below is taken straight from the webpage.
What is Computer Forensics?
Specialized and scientific techniques and methodologies which are used to acquire and analyze computers, computer networks and storage media in order to discover evidence related to fraud, crime or unauthorized activities.
"Who needs or who uses Computer Forensic Services?
Mostly, companies may engage in computer forensics investigation when they suspect a breach in data security or illegal activities in a network or computer system, for instance, employees' activities such as internet abuse or porno, unauthorized disclosure or intentional deletion of sensitive or confidential information, industrial espionage or computer fraud.
Whether you are looking for digital evidence in a law suit, or determining exactly what an employee has been up to, ADRC is well equipped with Certified Computer Forensic Experts who know how to secure and document digital evidence with full audit trail suitable for court submission.
One should not attempt to do the investigation without proper techniques and expertise. Evidence could be easily destroyed or altered by just booting up the suspected computer with a quick browse."
Thursday, April 2, 2009
Computer crime - unauthorised modification of computer contents
Section 5 covers unauthorised modication of the contents of any computer. Even if no financial loss or real harm is caused, the offence is committed.
For example, if a website is hacked into and the webpages are changed as a joke, the crime will have been completed.
The normal punishment is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both. There are enhanced punishments for repeat offenders. Finally, if any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
It could be argued that anyone hacks into a computer will have modified without authorisation some part the computer contents, and therefore will have committed an offence under section 5 as well. However, in order to ensure that the basic offence of hacking under section 3 is not rendered redundant, section 5 should be interpreted to refer to significant modification of computer contents.
For example, if a website is hacked into and the webpages are changed as a joke, the crime will have been completed.
The normal punishment is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both. There are enhanced punishments for repeat offenders. Finally, if any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
It could be argued that anyone hacks into a computer will have modified without authorisation some part the computer contents, and therefore will have committed an offence under section 5 as well. However, in order to ensure that the basic offence of hacking under section 3 is not rendered redundant, section 5 should be interpreted to refer to significant modification of computer contents.
Computer crime - unauthorised use or interception
Section 6 of the Computer Misuse Act covers
Unauthorised interception of computer services is committed when a person "intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro-magnetic, acoustic, mechanical or other device." The wording here is very wide and even reading the screen of someone else's computer by capturing the electro-magnetic impulses transmited through the airwaves (relying on what is sometimes called the Tempest effect) would be considered an offence.
Again, the keyword here is the fact that the acts here must be unauthorised. Punishment here is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both. If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
- unauthorised use and
- unauthorised interception of computer services.
Unauthorised interception of computer services is committed when a person "intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro-magnetic, acoustic, mechanical or other device." The wording here is very wide and even reading the screen of someone else's computer by capturing the electro-magnetic impulses transmited through the airwaves (relying on what is sometimes called the Tempest effect) would be considered an offence.
Again, the keyword here is the fact that the acts here must be unauthorised. Punishment here is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both. If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
Wednesday, April 1, 2009
The Computer Misuse Act - application to foreign acts
The Computer Misuse Act makes it clear that it applies to acts done outside Singapore. In lawyers' jargon, it has extra-territorial application.
Under section 11, the Act applies if either or both of the following occur -
a) the person involved was in Singapore at the time of committing the offences, or
b) the computer, program or data was in Singapore when the offence is committed. The nationality of the person is irrelevant.
For example, if someone in Singapore hacks into a foreign computer, then by virtue of section 11, the Act applies. Also, if someone outside Singapore hacks into a local computer system, the Act will also apply. The Singapore authorities will then have to obtain the assistance of foreign authorities to arrest the person outside Singapore and arrange for him to be brought to Singapore (or extradited) to fact trial here.
Under section 11, the Act applies if either or both of the following occur -
a) the person involved was in Singapore at the time of committing the offences, or
b) the computer, program or data was in Singapore when the offence is committed. The nationality of the person is irrelevant.
For example, if someone in Singapore hacks into a foreign computer, then by virtue of section 11, the Act applies. Also, if someone outside Singapore hacks into a local computer system, the Act will also apply. The Singapore authorities will then have to obtain the assistance of foreign authorities to arrest the person outside Singapore and arrange for him to be brought to Singapore (or extradited) to fact trial here.
Tuesday, March 31, 2009
Computer crime - hacking
Hacking, an offence under section 3 of the Computer Misuse Act, is committed when a person knowingly causes a computer to perform a function for the purpose of securing access without authority to any program or data held in any computer. The keywords here are "without authority". It therefore covers outsiders trying to penetrate a company's computer system as well as employees trying to access company data knowing that they had no right to do so.
Hacking is now no longer regarded as a harmless prank. Punishment is $5,000 maximum fine and/or jail of up to 2 years. There are enhanced penalties for repeat offenders as well as those who cause damage as a result of the offence.
Section 4 covers what I call aggravated hacking - this is hacking for the purpose of committing a further offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years. Again, enhanced punishment is provided for - up to 10 years jail, up to a $50,000 fine or both.
Various professionals including a few lawyers and government servants have been convicted for hacking or related offences.
Hacking is now no longer regarded as a harmless prank. Punishment is $5,000 maximum fine and/or jail of up to 2 years. There are enhanced penalties for repeat offenders as well as those who cause damage as a result of the offence.
Section 4 covers what I call aggravated hacking - this is hacking for the purpose of committing a further offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years. Again, enhanced punishment is provided for - up to 10 years jail, up to a $50,000 fine or both.
Various professionals including a few lawyers and government servants have been convicted for hacking or related offences.
Subscribe to:
Posts (Atom)