MWKA ONLINE TALKS
SpeakerLESLEY LIMPartner
ModeratorCAROLYN NGPupil in Chambers
MWKA ONLINE TALKS
SpeakerLESLEY LIMPartner
ModeratorCAROLYN NGPupil in Chambers
About Us
● Welcome to MahWengKwai & Associates!
● Trusted by small medium enterprises (SMEs), family businesses and individuals.
● Established in 1985 by Dato’ Mah Weng Kwai, now a consultant with the firm.
● Medium-sized law firm with 22 lawyers and 19 staff.
● Full-service law firm with 4 Departments:
○ Corporate
○ Dispute Resolution
○ Employment
○ Individuals & Families
Our Services
● 5 Practice Groups:
○ ASEAN-China Desk
○ Construction
○ Foreign Direct Investment
○ Real Estate
○ Sports & eSports
Our Practice Groups
● To share knowledge, raise awareness, encourage networking
● For clients, potential clients, in-house counsel
● Recent MWKA Online Talk:
○ 13.1.2021: Retention Sums in Construction Contracts : Rights and Remedies
● Upcoming MWKA Online Talk:
○ 24.2.2021: Introducing MWKA Academy
MWKA Online Talks
Lesley Lim ● Partner of the Technology & Esports team as well as Media,
Entertainment & Sports.
● Bachelor of Laws from University of Tasmania, Australia.
● Admitted to the Malaysian Bar in 2011.
● Experienced in general civil litigation matters, drafting of corporate and commercial agreements and Sports Law.
● Nominated for the “Woman Lawyer of the Year (Law Firm)” category at the 2020 Asian Legal Business (ALB) Malaysia Law Awards.
● Key team member of the Sports Law Practice Group at MWKA which won the “Sports Law Firm of the Year Award” 2018 and 2019 ALB Malaysia Law Awards.
● Captained the first national women’s dragon boat team to the 2018 Asian Games and the 2019 SEA Games.
Ask Questions on Slido
Please scan this QR Code to access Q&A and poling platform for this talk.
Post the questions that you would like to ask.
Upvote/Like the questions you like. Most liked / popular questions will be discussed and answered by the speaker(s) during the Q&A session.
Or visit https://www.sli.do
and enter #39551
Talk Points
Cyber Crime Landscape in Malaysia
Malaysian Cyber Laws
Cyber Crime Case Studies
Challenges and Strategies
https://www.google.com/search?ei=tc77X4bTEeDez7sPgpG2qAI&q=cyber+security+law+malaysia&oq=cyber+security+law+malaysia&gs_lcp=CgZwc3ktYWIQAzICCAA6BAgAEEc6BAgAEA1QtZYBWJmYAWCdnAFoAHACeACAAUuIAZQCkgEBNJgBAKABAaoBB2d3cy13aXrIAQjAAQE&sclient=psy-ab&ved=0ahUKEwjGgfe2gJPuAhVg73MBHYKIDSUQ4dUDCA0&uact=5
https://www.upcounsel.com/cyber-law
https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/malaysia
https://asialawportal.com/2019/11/19/why-malaysia-should-amend-its-cyber-security-laws/
https://globalcompliancenews.com/cyber-security/cyber-security-around-the-world/cyber-security-in-malaysia/
https://www.cybersecurity.my/en/media_centre/media_faqs/media_faqs/main/detail/1691/index.html
https://www.rajahtannasia.com/media/3126/cyb19_chapter-21-malaysia.pdf
https://www.mcmc.gov.my/skmmgovmy/media/General/pdf/DSP-Mahfuz-Majid-Cybercrime-Malaysia.pdf
https://mcchr.org/cyber-harassment-survivorskit
https://www.skmm.gov.my/en/make-a-complaint/make-a-complaint
https://www.netacad.com/courses/cybersecurity/introduction-cybersecurity?utm_source=Riot-Games&utm_medium=webpage&utm_campaign=RiotGamesSponsorship&utm_content=link-from-page
Berita RTM - https://www.facebook.com/BeritaRTM/videos/1329441030755802
Kevin Mitnick - https://www.leadingauthorities.com/uk/speakers/kevin-mitnick
KKM : Ancaman Siber - Adakah Malaysia Bersedia? - https://www.facebook.com/KEMENTERIANKOMUNIKASIDANMULTIMEDIA/videos/412250029837881/
Talk Points
Cyber Crime Landscape in Malaysia
Malaysia - early development in ICT more than 20 years ago
Cyber Landscape in Malaysia
Global Cybersecurity Index 2018Countries with Best Cybersecurity
1 United Kingdom
2 United States of America
3 France
4 Lithuania
5 Estonia
6 Singapore
7 Spain
8 Malaysia
9 Norway
10 Canada
Global Cybersecurity Index 2018
Source : https://www.kkmm.gov.my/pdf/KPI/Laporan%201.pdf
Global Cybersecurity Index 2018
Source : https://www.kkmm.gov.my/pdf/KPI/Laporan%201.pdf
Countries with the highest commitment to cyber security based on the Global Cybersecurity Index (GCI) in 2018
Source : https://www.statista.com/statistics/733657/global-cybersecurity-index-gci-countries/
Talk Points
Source : https://passwordmanagers.co/cybersecurity-exposure-index/
An illegal act by using technology / computers / devices that have access to the internet / network.
Cyber Crime in Malaysia
Source : https://www.malaysia.gov.my/portal/content/30878
Computer-related Crimes● Cyber Fraud● Telecommunications Scam● Online Dating Fraud● E-Commerce Scams● E-Commerce Fraud
Computer Crimes● Illegal Interception● Data Interference● Hacking● Malware / DDoS /
Botnet
Ransomware
A computer malware that secretly installs on a victim’s computer, performing cryptovirology attacks which affects and demands ransom for recovery.
Cyber-Bullying
Persistent harassment / humiliation done in cyberspace through the use of telecommunications and internet technologies.
Phishing
Intended to trick recipients through email to steal their personal information (eg: login name and password, credit card details, etc).
Internet banking users → financial information
Cyber Crime in Malaysia
Source : https://www.malaysia.gov.my/portal/content/30878
Cyber Crime in Malaysia in 2020(as at September 2020)
January - August 2020 7,765 incidents reported
Fraud - 5,697Highest - April 2020
Hacking (intrusion) - 933
Cyber Harassment - 409
Malicious Codes - 351
Source : https://www.nst.com.my/news/nation/2020/09/622861/spike-cyber-threats-fraud-tops-list
2019 = 10,772 cases
Cyber Crime in Malaysia
Source : https://www.mycert.org.my/portal/statistics-content?menu=b75e037d-6ee3-4d11-8169-66677d694932&id=2650ed29-88be-4cec-86cc-13f8e07ae228
Malaysian Cyber Laws
NCSP Vision:Malaysia’s Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation.
NCSP Objective:● Assess the current situation of cyber security risks within the
Critical National Information Infrastructure (CNII) sectors● Ensure that critical infrastructures are protected to a level that
commensurate the risks faced● Develop and establish a comprehensive program and action
plans for the implementation of a Cyber Security Framework
National Cyber Security Policy (NCSP)
Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782
Critical National Information Infrastructure (CNII)CNII is defined as “Assets (physical and virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on the:
● National economic strength ● National image ● National defence and security● Government capabilities to function; and ● Public health and safety
The policy further identified ten sectors in Malaysia which are considered CNII:
1. Banking & Finance 2. Transportation3. Defense & Security 4. Energy 5. Water 6. Health Services 7. Emergency Services 8. Information & Communication 9. Government Services
10. Food & Agriculture
National Cyber Security Policy (NCSP)
Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782
NCSP Thrusts and Drivers:
National Cyber Security Policy (NCSP)
No. Policy Thrust Thrust Driver
1. Effective Governance National Security Council
2. Legislative & Regulatory Framework Attorney General’s Chambers
3. Cyber Security Technology Framework Ministry of Science, Technology & Innovation
4. Culture of Security & Capacity Building Ministry of Science, Technology & Innovation
5. R&D Towards Self-Reliance Ministry of Science, Technology & Innovation
6. Compliance & Enforcement Ministry of Information, Communication & Culture
7. Cyber Security Emergency Readiness National Security Council
8. International Cooperation Ministry of Information, Communication & Culture
Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782
Pillar 1Effective Governance and Management
Pillar 2Strengthening Legislative Framework and Enforcement
Pillar 3Catalysing World Class Innovation, Technology, R&D and Industry
Pillar 4Enhancing Capacity & Capability Building, Awareness and Education
Pillar 5Strengthening Global Collaboration
National Cyber Security Strategy 2020 - 2024
Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf
National Cyber Security Strategy 2020 - 2024
Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf
National Cyber Security Strategy 2020 - 2024
Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf
● Computer Crimes Act 1997 ● Communications and Multimedia Act 1998● Personal Data Protection Act 2010● Copyright Act 1987● Penal Code ● Digital Signature Act 1997● Electronic Commerce Act 2006● Electronic Government Activities Act 2007● Consumer Protection Act 1999 ● Consumer Protection (Electronic Trade Transactions)
Regulations 2012 ● Case laws ● Other applicable regulations / guidelines / policies
Malaysian Cyber Laws
An Act to provide for offences relating to the misuse of computers.
Part II lists 4 offences - activities of unauthorized entry into computer systems :
Section 3 - Unauthorized access to computer material
A person shall be guilty of an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer.
Section 4 - Unauthorized access with intent to commit or facilitate commission of further offence
A person shall be guilty of an offence if he commits an offence referred to in section 3 with intent to commit an offence involving fraud and dishonesty.
Computer Crimes Act 1997
Section 5 - Unauthorized modification of the contents of any computer
A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modification of the contents of any computer.
Section 6 - Wrongful communication
A person shall be guilty of an offence if he communicates directly or indirectly a number, code, password or other means of access to a computer to any person other than a person to whom he is duly authorized to communicate.
Computer Crimes Act 1997
Objects
3. (1) The objects of this Act are—
(a) to promote national policy objectives for the communications and multimedia industry;
(b) to establish a licensing and regulatory framework in support of national policy objectives for the communications and multimedia industry;
(c) to establish the powers and functions for the Malaysian Communications and Multimedia Commission; and
(d) to establish the powers and procedures for the administration of this Act.
Communications and Multimedia Act 1998
Chapter 2
231. Offence if use apparatus or device without authority
232. Fraudulent use of network facilities, network services, etc.
233. Improper use of network facilities or network service, etc.
234. Interception and disclosure of communications prohibited
235. Damage to network facilities, etc.
236. Fraud and related activity in connection with access devices, etc.
Communications and Multimedia Act 1998
Sectors :
● Broadcasting ● Postal and Courier Services● Mobile Services● Fixed Services● Broadband● Digital Signature● Strategic Trade● Universal Service Provision
Malaysian Communications and Multimedia Commission (MCMC)
What is the MCMC's role in protecting consumers' interests?
The MCMC regulates and promotes the communications and multimedia industry encompassing telecommunications, broadcast, Internet services, postal and courier services, and digital certification. The MCMC delicately balances the overall interests of the consumer, industry and investor. The MCMC also ensures that consumers have access to competitive pricing, wide choices, quality of service, overcome digital divide (through USP funding) and suitable broadcast content for Malaysians. The MCMC plays its part by ensuring that consumers enjoy choice and satisfactory level of services at affordable price, consumers benefit through provisioning of necessary services and complaints are handled fairly and effectively, as well as monitor the level of complaints received from consumers, in accordance with the provision of Sections 195 and 196 of the Communications and Multimedia Act 1998.
Malaysian Communications and Multimedia Commission (MCMC)
Source : https://www.mcmc.gov.my/en/faqs/complaints/what-is-the-mcmc-s-role-in-protecting-consumers-in#:~:text=The%20MCMC%20regulates%20and%20promotes,the%20consumer%2C%20industry%20and%20investor.
empowered to regulate the information technology and communications industries. The Act empowers the Commission with broad authority to regulate online speech, providing that “no content applications service provider, or other person using a content applications service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person”. Publishers of media content in violation of this provision may face criminal penalties.
The Act also enabled the establishment of the Communications and Multimedia Content Forum of Malaysia, which formulates and implements the Content Code – voluntary guidelines for content providers concerning the handling of content deemed offensive or indecent.
In practice, the Malaysian Government has pledged not to censor the Internet. There is no evidence of technological Internet filtering in Malaysia. However, state controls on traditional media spill over to the Internet at times, leading to self-censorship and occasional investigation of bloggers and online commentators.
Malaysian Communications and Multimedia Commission (MCMC)
Offences Related to Content on the Internet
Source : https://www.mcmc.gov.my/en/faqs/online-content-problems/what-are-the-steps-required-for-me-to-lodge-compla
Malaysian Communications and Multimedia Commission (MCMC)
Source : https://www.mcmc.gov.my/en/faqs/online-content-problems/what-are-the-steps-required-for-me-to-lodge-compla
An Act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto.
7 Personal Data Protection Principles:
(a) the General Principle; (b) the Notice and Choice Principle; (c) the Disclosure Principle; (d) the Security Principle; (e) the Retention Principle; (f) the Data Integrity Principle; and (g) the Access Principle.
Personal Data Protection Act 2010
The law the codifies criminal offences related to fraud :
● Criminal breach of trust● Cheating● Theft● Criminal misappropriation of property ● Forgery● Fraudulent deeds and dispositions of property
“Dishonestly”
24. Whoever does anything with the intention of causing wrongful gain to one person, or wrongful loss to another person, irrespective of whether the act causes actual wrongful loss or gain, is said to do that thing “dishonestly”.
“Fraudulently”
25. A person is said to do a thing fraudulently if he does that thing with intend to defraud, but not otherwise.
Penal Code
Digital Signature Act 1997
An Act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.
Electronic Commerce Act 2006
An Act to provide for legal recognition of electronic messages in commercial transactions, the use of electronic messages to fulfil legal requirements and to enable and facilitate commercial transactions through the use of electronic means and other matters connected therewith.
Electronic Government Activities Act 2007
An Act to provide for legal recognition of electronic message in dealings between the Government and the public, the use of electronic messages to fulfil legal requirements and to enable and facilitate the dealings through the use of electronic means and other matters connected therewith.
Malaysian Cyber Laws
Consumer Protection Act 1999
An Act to provide for the protection of consumers, the establishment of the National Consumer Advisory Council and the Tribunal for Consumer Claims, and for matters connected therewith.
This Act applies in respect of all goods and services that are offered or supplied to one or more consumers in trade including any trade transaction conducted through electronic means.
Consumer Protection (Electronic Trade Transactions) Regulations 2012
Regulates disclosure of information by any person who operates a business for the purpose of supply of goods or services through a website or an online marketplace.
Malaysian Cyber Laws
Cyber Crime Case Studies
[1] The Plaintiff is a victim of a cross-border cyber fraud known as a “push payment fraud” where the victim is tricked over emails to make a payment for a legitimate transaction into a different bank account under the control of the fraudster. Such a fraud has become increasingly common.
[2] In this case, through exchanges of emails, the fraudster (described below as Persons Unknown) deceived the Plaintiff into making payment of EUR 123,014.65 (approximately close to RM 600,000.00) (‘Plaintiff's Monies’) into a CIMB bank account in Malaysia. The Plaintiff thought it was making a genuine payment to its South Korean counterparty for a commission payment. Instead, the fraudster has now siphoned the Plaintiff's Monies away.
Zschimmer & Schwarz v Persons Unknown & Anor.
[3] The 2nd Defendant, Mohammad Azuwan, is the owner of the sole proprietorship of Premier Outlook Services.
[4] This judgment deals with 2 broad reliefs sought by the Plaintiff on an urgent ex parte basis via a hearing through the e-review platform: (i) | A proprietary injunction and Mareva injunction relief against the Defendants [Enclosure 3]; and (ii) | Substituted service by way of email and advertisement against the fraudster 1st Defendant [Enclosure 4].
Zschimmer & Schwarz v Persons Unknown & Anor.
Zschimmer & Schwarz v Persons Unknown & Anor.
The 1st Attempted Fraud
Fake Email Addresses:
Genuine Email Address:
Zschimmer & Schwarz v Persons Unknown & Anor.
Zschimmer & Schwarz v Persons Unknown & Anor.
The 2nd Fraud
Decision and Significance :
1. First known Malaysian Court decision to grant an injunction against persons unknown.
2. First known Malaysian decision to allow for a proprietary injunction.
[33] A proprietary injunction is used to preserve and restrain a defendant from dealing with the assets of the Plaintiff or with assets in which the Plaintiff has an existing proprietary interest in.
3. Judicial Commissioner Ong Chee Kwan allowed an order for substituted service against the 1st Defendant by way of email (to the fraudster’s fake email addresses used in the scheme) and advertisement. The Court also allowed the Plaintiff’s prayer to include a link to an online Dropbox folder in the email sent to the 1st Defendant.
Zschimmer & Schwarz v Persons Unknown & Anor.
Challenges and Strategies
● Development of the legal framework vs advancement of technology
● Ensuring competent tracking and analysis equipment for law enforcement
● Borderless environment may involve numerous jurisdictions
● Raising awareness and implementation of information security practises
Challenges
Building Cyber Resilience
PeopleMulti-stakeholder approach
(Government, authorities, institutions, netizens, parents, schools, public and private sectors)
ProcessLegal framework, risk management,
security defences and solutions.
TechnologyRaise awareness to general public and vulnerable segments, partnership with thought leaders, tech
giants and tech universities.
Local and international cooperation
Develop or attract tech-related talents
Building Cyber Resilience
PeopleMulti-stakeholder approach
(Government, authorities, institutions, netizens, parents, schools, public and private sectors)
Local and international cooperation
TechnologyRaise awareness to general
public and vulnerable segments, partnership with thought
leaders, tech giants and tech universities.
Develop or attract tech-related talentsProcess
Legal framework, risk management, security
defences and solutions.
Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html
Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html
Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html
Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html
1. Cyber Security Malaysia – a national cyber security agency formed under the Ministry of Science, Technology and Information, which is tasked with roles of providing a wide range of cyber security services to strengthen the national cyber security interest.
2. Malaysia Computer Emergency Response Team ('MyCERT') - the response arm of Cyber Security Malaysia, to provide a point of contact for internet users who are affected by security related incidents which operates Cyber999 as an emergency response agency to private companies and home users.
3. Cyber Security Malaysia’s Outreach & Corporate Commitment Department ('CyberCSI') - In court, we often see CyberCSI being lead as the prosecution witness in substantiating the prosecution case against cyber criminals. CyberCSI also provides full-fledged digital forensics investigations.
https://chialee.com.my/knowledge-hub/basics-of-cyber-security-law-in-malaysia
Cyber Security Agencies in Malaysia
Best Practises (Before)Mindset
“Nothing much to steal” SMEs have less secure networks, easier to breach
Training and Education Raise awareness and alertness
(ignore pop-ups, unknown links, unnecessary messages and avoid unsecured websites)
Implement/enforce and document cyber security policies
- use firewall protection- secure password
practices/management- use multi-factor authentication (MFA)- data protection and backup system- install anti-malware and security
softwares updates- mobile devices safety- IT department
Avoid a messy desk!
Time is of the essence
● Collate / keep evidence -Date, time, location- Description of persons involved - name, age, gender, relationship (when and how you
know each other)- Description of offence / actions involved-Documents - emails, Whatsapp conversations, SMSs, -Call logs-Screen shots, photographs, etc. -Work with forensic or intelligence companies
● Prevent dissipation / onward transmission of funds - Injunctive Orders
● Recover sums - Disclosure Order (domestic/international)- Tracing Order
Best Practises (After)
-
To promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.
Source : https://www.saferinternetday.org/
Mixture of civil and criminal proceedings (assist law enforcement authorities)
● Injunctive Orders● Disclosure Order - Bankers Trust Disclosure Order / Norwich Pharmacal
Disclosure Order ● Tracing Order
Work with forensic and intelligence companies
https://www.at-mia.my/2021/02/02/persons-unknown-asset-recovery-against-unknown-fraudsters-in-a-time-of-cyber-fraud/
Potential Remedies
Questions?
Date Topic Speakers
24 February 2021 (Wednesday)
Introducing MWKA Academy Sarah Kambali, Lesley Lim & Cassandra Thomazios
Upcoming Talks
Sign up for more MWKA Online Talks at
https://mahwengkwai.com/talks-signup/
YouTube:
Twitter:
Instagram:
Linkedin:
Facebook:
Follow us on Social Media
Complimentary Consultation
Schedule a complimentary 30 minute video-consultation with our lawyers by filling up the form at
https://mahwengkwai.com/schedule-a-meeting/
Notice: This presentation does not constitute legal advice and its contents should not
be relied upon as such. The facts and circumstances of each and every case will differ
and therefore will require specific legal advice. Feel free to contact us for
complimentary legal consultation.
Complimentary Consultation
Schedule a complimentary 30 minute video-consultation with our lawyers by filling up the form at
https://mahwengkwai.com/schedule-a-meeting/