Re: Malaysia moots draconian reply to hackers

[InfoSec News <isn () C4I ORG>]

Forwarded by: Peter Thomas <peter.thomas () securitywatch com>

Dear ISN,

Having checked at the source of this story, I think it's premature -
at least with regards to cybercrime laws - to begin comparing the
Malaysian Peninsula with the Gulag Archipelago. The Minister's remarks
were made during unrelated work relating to the rehabilitation of drug
addicts. At the event he was obviously put under pressure to respond
to the recent hacks on gov.my sites by Brazilian script kiddies.

As to the extension of the ISA to deal with hackers, Malaysia's April
1997 Computer Crime Act is clear about the penalties available for
defacements, as well as other forms of cyber attacks. Section 5 of the
Act mentions that the "unauthorized modification of the contents of
any computer (permanent of temporary)" is liable to one of two bands
of punishment:

- a fine not exceeding one hundred thousand ringgit (USD 26400) or
imprisonment for a term not exceeding seven years, or both; - a fine
not exceeding one hundred and fifty thousand ringgit (USD 39500) or
imprisonment for a term not exceeding ten years, or both.

These are harsh penalties - particularly in terms of Malaysian
purchasing power. They should be sufficient deterrent to domestic
hackers. As a comparison, Deputy Home Minister Zainal Abidin Zin's
annual salary is likely to be in the region of USD 40,000, while a
junior software developer's is likely to be around USD 10,000.

So the issue seems to be not with Malaysia's own laws but with its
lack of jurisdiction in prosecuting crackers working from beyond its
borders. I trust that, if the Malaysian government really is serious
about extending the ISA, it will be reminded of the facts by its
opposition politicians. Meanwhile, the admins of .gov.my domains
should perhaps be less complacent about backing up the contents of
their websites.

Useful links:

Bernama - Malaysian news agency story
http://www.bernama.com/bernama/archives/2001_01_06/general/ge0601_19.htm

Malaysia's Computer Crime Act
http://www.ktkm.gov.my/organisation/acts/crimeact.html

Attrition.org's list of defaced .my domains (39 relate to .gov.my domains) -
http://www.attrition.org/mirror/attrition/my.html

AsiaWeek's 2000 Salary Survey - Malaysia
http://www.asiaweek.com/asiaweek/features/salaries/2000/popups/content/malay.html

Amnesty International's human rights pages for Malaysia
http://web.amnesty.org/ai.nsf/countries/malaysia?OpenView&Start=1&amp;Count=30&amp;Expandall&amp;ft=S328.htm

Kindest regards,

Pete Thomas - Editor - http://www.securitywatch.com
tel +32 (0)16 28 73 14 - fax +32 (0)16 28 7288
Grensstraat 1b - B-3010 Leuven - Belgium
*E-security rule #1: ignorance is never a defense*


InfoSec News wrote:
      http://www.hk-imail.com/inews/public/article_v.cfm?articleid=14909&intcatid=3

      8 January 2001 / 01:21 AM
      Associated Press

      KUALA LUMPUR: Authorities may use a controversial law that allows for
      indefinite detention without trial against Malaysians who hack into
      government-owned websites.

      Deputy Home Minister Zainal Abidin Zin said the government may use the
      Internal Security Act to deter hackers from jeopardising public
      interest, the national news agency, Bernama, reported on Saturday. The
      40-year-old law is often used against political dissidents.

      Opposition leaders say it has become a convenient tool for the state
      to suppress dissent and debate. The government has pledged to boost
      defence of its Internet sites after a hacker last week breached
      Parliament's homepage. The hacker, who identified himself as
      ``Topeira'', wiped out the entire website.

      Sources say about 50 of 700 government-owned websites have been hacked
      in recent years.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".