MWKA ONLINE TALKS

SpeakerLESLEY LIMPartner

ModeratorCAROLYN NGPupil in Chambers

http://www.youtube.com/watch?v=ilhlVqyjF3g

MWKA ONLINE TALKS

SpeakerLESLEY LIMPartner

ModeratorCAROLYN NGPupil in Chambers

About Us

● Welcome to MahWengKwai & Associates!

● Trusted by small medium enterprises (SMEs), family businesses and individuals.

● Established in 1985 by Dato’ Mah Weng Kwai, now a consultant with the firm.

● Medium-sized law firm with 22 lawyers and 19 staff.

● Full-service law firm with 4 Departments:

○ Corporate

○ Dispute Resolution

○ Employment

○ Individuals & Families

Our Services

● 5 Practice Groups:

○ ASEAN-China Desk

○ Construction

○ Foreign Direct Investment

○ Real Estate

○ Sports & eSports

Our Practice Groups

● To share knowledge, raise awareness, encourage networking

● For clients, potential clients, in-house counsel

● Recent MWKA Online Talk:

○ 13.1.2021: Retention Sums in Construction Contracts : Rights and Remedies

● Upcoming MWKA Online Talk:

○ 24.2.2021: Introducing MWKA Academy

MWKA Online Talks

Lesley Lim ● Partner of the Technology & Esports team as well as Media,

Entertainment & Sports.

● Bachelor of Laws from University of Tasmania, Australia.

● Admitted to the Malaysian Bar in 2011.

● Experienced in general civil litigation matters, drafting of corporate and commercial agreements and Sports Law.

● Nominated for the “Woman Lawyer of the Year (Law Firm)” category at the 2020 Asian Legal Business (ALB) Malaysia Law Awards.

● Key team member of the Sports Law Practice Group at MWKA which won the “Sports Law Firm of the Year Award” 2018 and 2019 ALB Malaysia Law Awards.

● Captained the first national women’s dragon boat team to the 2018 Asian Games and the 2019 SEA Games.

Ask Questions on Slido

Please scan this QR Code to access Q&A and poling platform for this talk.

Post the questions that you would like to ask.

Upvote/Like the questions you like. Most liked / popular questions will be discussed and answered by the speaker(s) during the Q&A session.

Or visit https://www.sli.do

and enter #39551

Talk Points

Cyber Crime Landscape in Malaysia

Malaysian Cyber Laws

Cyber Crime Case Studies

Challenges and Strategies

https://www.google.com/search?ei=tc77X4bTEeDez7sPgpG2qAI&q=cyber+security+law+malaysia&oq=cyber+security+law+malaysia&gs_lcp=CgZwc3ktYWIQAzICCAA6BAgAEEc6BAgAEA1QtZYBWJmYAWCdnAFoAHACeACAAUuIAZQCkgEBNJgBAKABAaoBB2d3cy13aXrIAQjAAQE&sclient=psy-ab&ved=0ahUKEwjGgfe2gJPuAhVg73MBHYKIDSUQ4dUDCA0&uact=5

https://www.upcounsel.com/cyber-law

https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/malaysia

https://asialawportal.com/2019/11/19/why-malaysia-should-amend-its-cyber-security-laws/

https://globalcompliancenews.com/cyber-security/cyber-security-around-the-world/cyber-security-in-malaysia/

https://www.cybersecurity.my/en/media_centre/media_faqs/media_faqs/main/detail/1691/index.html

https://www.rajahtannasia.com/media/3126/cyb19_chapter-21-malaysia.pdf

https://www.mcmc.gov.my/skmmgovmy/media/General/pdf/DSP-Mahfuz-Majid-Cybercrime-Malaysia.pdf

https://mcchr.org/cyber-harassment-survivorskit

https://www.skmm.gov.my/en/make-a-complaint/make-a-complaint

https://www.netacad.com/courses/cybersecurity/introduction-cybersecurity?utm_source=Riot-Games&utm_medium=webpage&utm_campaign=RiotGamesSponsorship&utm_content=link-from-page

Berita RTM - https://www.facebook.com/BeritaRTM/videos/1329441030755802

Kevin Mitnick - https://www.leadingauthorities.com/uk/speakers/kevin-mitnick

KKM : Ancaman Siber - Adakah Malaysia Bersedia? - https://www.facebook.com/KEMENTERIANKOMUNIKASIDANMULTIMEDIA/videos/412250029837881/

Talk Points

Cyber Crime Landscape in Malaysia

Malaysia - early development in ICT more than 20 years ago

Cyber Landscape in Malaysia

Global Cybersecurity Index 2018Countries with Best Cybersecurity

1 United Kingdom

2 United States of America

3 France

4 Lithuania

5 Estonia

6 Singapore

7 Spain

8 Malaysia

9 Norway

10 Canada

Global Cybersecurity Index 2018

Source : https://www.kkmm.gov.my/pdf/KPI/Laporan%201.pdf

Global Cybersecurity Index 2018

Source : https://www.kkmm.gov.my/pdf/KPI/Laporan%201.pdf

Countries with the highest commitment to cyber security based on the Global Cybersecurity Index (GCI) in 2018

Source : https://www.statista.com/statistics/733657/global-cybersecurity-index-gci-countries/

Talk Points

Source : https://passwordmanagers.co/cybersecurity-exposure-index/

An illegal act by using technology / computers / devices that have access to the internet / network.

Cyber Crime in Malaysia

Source : https://www.malaysia.gov.my/portal/content/30878

Computer-related Crimes● Cyber Fraud● Telecommunications Scam● Online Dating Fraud● E-Commerce Scams● E-Commerce Fraud

Computer Crimes● Illegal Interception● Data Interference● Hacking● Malware / DDoS /

Botnet

Ransomware

A computer malware that secretly installs on a victim’s computer, performing cryptovirology attacks which affects and demands ransom for recovery.

Cyber-Bullying

Persistent harassment / humiliation done in cyberspace through the use of telecommunications and internet technologies.

Phishing

Intended to trick recipients through email to steal their personal information (eg: login name and password, credit card details, etc).

Internet banking users → financial information

Cyber Crime in Malaysia

Source : https://www.malaysia.gov.my/portal/content/30878

Cyber Crime in Malaysia in 2020(as at September 2020)

January - August 2020 7,765 incidents reported

Fraud - 5,697Highest - April 2020

Hacking (intrusion) - 933

Cyber Harassment - 409

Malicious Codes - 351

Source : https://www.nst.com.my/news/nation/2020/09/622861/spike-cyber-threats-fraud-tops-list

2019 = 10,772 cases

Cyber Crime in Malaysia

Source : https://www.mycert.org.my/portal/statistics-content?menu=b75e037d-6ee3-4d11-8169-66677d694932&id=2650ed29-88be-4cec-86cc-13f8e07ae228

help@ikea.com.my

help@1kea.com.my

hello@shopee.com.my

hello@sh0pee.com.my

Source : https://www.facebook.com/Kehakiman

Malaysian Cyber Laws

NCSP Vision:Malaysia’s Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation.

NCSP Objective:● Assess the current situation of cyber security risks within the

Critical National Information Infrastructure (CNII) sectors● Ensure that critical infrastructures are protected to a level that

commensurate the risks faced● Develop and establish a comprehensive program and action

plans for the implementation of a Cyber Security Framework

National Cyber Security Policy (NCSP)

Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782

Critical National Information Infrastructure (CNII)CNII is defined as “Assets (physical and virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on the:

● National economic strength ● National image ● National defence and security● Government capabilities to function; and ● Public health and safety

The policy further identified ten sectors in Malaysia which are considered CNII:

1. Banking & Finance 2. Transportation3. Defense & Security 4. Energy 5. Water 6. Health Services 7. Emergency Services 8. Information & Communication 9. Government Services

10. Food & Agriculture

National Cyber Security Policy (NCSP)

Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782

NCSP Thrusts and Drivers:

National Cyber Security Policy (NCSP)

No. Policy Thrust Thrust Driver

1. Effective Governance National Security Council

2. Legislative & Regulatory Framework Attorney General’s Chambers

3. Cyber Security Technology Framework Ministry of Science, Technology & Innovation

4. Culture of Security & Capacity Building Ministry of Science, Technology & Innovation

5. R&D Towards Self-Reliance Ministry of Science, Technology & Innovation

6. Compliance & Enforcement Ministry of Information, Communication & Culture

7. Cyber Security Emergency Readiness National Security Council

8. International Cooperation Ministry of Information, Communication & Culture

Source : https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5978782

Pillar 1Effective Governance and Management

Pillar 2Strengthening Legislative Framework and Enforcement

Pillar 3Catalysing World Class Innovation, Technology, R&D and Industry

Pillar 4Enhancing Capacity & Capability Building, Awareness and Education

Pillar 5Strengthening Global Collaboration

National Cyber Security Strategy 2020 - 2024

Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf

National Cyber Security Strategy 2020 - 2024

Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf

National Cyber Security Strategy 2020 - 2024

Source : https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf

● Computer Crimes Act 1997 ● Communications and Multimedia Act 1998● Personal Data Protection Act 2010● Copyright Act 1987● Penal Code ● Digital Signature Act 1997● Electronic Commerce Act 2006● Electronic Government Activities Act 2007● Consumer Protection Act 1999 ● Consumer Protection (Electronic Trade Transactions)

Regulations 2012 ● Case laws ● Other applicable regulations / guidelines / policies

Malaysian Cyber Laws

An Act to provide for offences relating to the misuse of computers.

Part II lists 4 offences - activities of unauthorized entry into computer systems :

Section 3 - Unauthorized access to computer material

A person shall be guilty of an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer.

Section 4 - Unauthorized access with intent to commit or facilitate commission of further offence

A person shall be guilty of an offence if he commits an offence referred to in section 3 with intent to commit an offence involving fraud and dishonesty.

Computer Crimes Act 1997

Section 5 - Unauthorized modification of the contents of any computer

A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modification of the contents of any computer.

Section 6 - Wrongful communication

A person shall be guilty of an offence if he communicates directly or indirectly a number, code, password or other means of access to a computer to any person other than a person to whom he is duly authorized to communicate.

Computer Crimes Act 1997

Objects

3. (1) The objects of this Act are—

(a) to promote national policy objectives for the communications and multimedia industry;

(b) to establish a licensing and regulatory framework in support of national policy objectives for the communications and multimedia industry;

(c) to establish the powers and functions for the Malaysian Communications and Multimedia Commission; and

(d) to establish the powers and procedures for the administration of this Act.

Communications and Multimedia Act 1998

Chapter 2

231. Offence if use apparatus or device without authority

232. Fraudulent use of network facilities, network services, etc.

233. Improper use of network facilities or network service, etc.

234. Interception and disclosure of communications prohibited

235. Damage to network facilities, etc.

236. Fraud and related activity in connection with access devices, etc.

Communications and Multimedia Act 1998

Sectors :

● Broadcasting ● Postal and Courier Services● Mobile Services● Fixed Services● Broadband● Digital Signature● Strategic Trade● Universal Service Provision

Malaysian Communications and Multimedia Commission (MCMC)

What is the MCMC's role in protecting consumers' interests?

The MCMC regulates and promotes the communications and multimedia industry encompassing telecommunications, broadcast, Internet services, postal and courier services, and digital certification. The MCMC delicately balances the overall interests of the consumer, industry and investor. The MCMC also ensures that consumers have access to competitive pricing, wide choices, quality of service, overcome digital divide (through USP funding) and suitable broadcast content for Malaysians. The MCMC plays its part by ensuring that consumers enjoy choice and satisfactory level of services at affordable price, consumers benefit through provisioning of necessary services and complaints are handled fairly and effectively, as well as monitor the level of complaints received from consumers, in accordance with the provision of Sections 195 and 196 of the Communications and Multimedia Act 1998.

Malaysian Communications and Multimedia Commission (MCMC)

Source : https://www.mcmc.gov.my/en/faqs/complaints/what-is-the-mcmc-s-role-in-protecting-consumers-in#:~:text=The%20MCMC%20regulates%20and%20promotes,the%20consumer%2C%20industry%20and%20investor.

empowered to regulate the information technology and communications industries. The Act empowers the Commission with broad authority to regulate online speech, providing that “no content applications service provider, or other person using a content applications service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person”. Publishers of media content in violation of this provision may face criminal penalties.

The Act also enabled the establishment of the Communications and Multimedia Content Forum of Malaysia, which formulates and implements the Content Code – voluntary guidelines for content providers concerning the handling of content deemed offensive or indecent.

In practice, the Malaysian Government has pledged not to censor the Internet. There is no evidence of technological Internet filtering in Malaysia. However, state controls on traditional media spill over to the Internet at times, leading to self-censorship and occasional investigation of bloggers and online commentators.

Malaysian Communications and Multimedia Commission (MCMC)

Offences Related to Content on the Internet

Source : https://www.mcmc.gov.my/en/faqs/online-content-problems/what-are-the-steps-required-for-me-to-lodge-compla

Malaysian Communications and Multimedia Commission (MCMC)

Source : https://www.mcmc.gov.my/en/faqs/online-content-problems/what-are-the-steps-required-for-me-to-lodge-compla

An Act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto.

7 Personal Data Protection Principles:

(a) the General Principle; (b) the Notice and Choice Principle; (c) the Disclosure Principle; (d) the Security Principle; (e) the Retention Principle; (f) the Data Integrity Principle; and (g) the Access Principle.

Personal Data Protection Act 2010

The law the codifies criminal offences related to fraud :

● Criminal breach of trust● Cheating● Theft● Criminal misappropriation of property ● Forgery● Fraudulent deeds and dispositions of property

“Dishonestly”

24. Whoever does anything with the intention of causing wrongful gain to one person, or wrongful loss to another person, irrespective of whether the act causes actual wrongful loss or gain, is said to do that thing “dishonestly”.

“Fraudulently”

25. A person is said to do a thing fraudulently if he does that thing with intend to defraud, but not otherwise.

Penal Code

Digital Signature Act 1997

An Act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.

Electronic Commerce Act 2006

An Act to provide for legal recognition of electronic messages in commercial transactions, the use of electronic messages to fulfil legal requirements and to enable and facilitate commercial transactions through the use of electronic means and other matters connected therewith.

Electronic Government Activities Act 2007

An Act to provide for legal recognition of electronic message in dealings between the Government and the public, the use of electronic messages to fulfil legal requirements and to enable and facilitate the dealings through the use of electronic means and other matters connected therewith.

Malaysian Cyber Laws

Consumer Protection Act 1999

An Act to provide for the protection of consumers, the establishment of the National Consumer Advisory Council and the Tribunal for Consumer Claims, and for matters connected therewith.

This Act applies in respect of all goods and services that are offered or supplied to one or more consumers in trade including any trade transaction conducted through electronic means.

Consumer Protection (Electronic Trade Transactions) Regulations 2012

Regulates disclosure of information by any person who operates a business for the purpose of supply of goods or services through a website or an online marketplace.

Malaysian Cyber Laws

Cyber Crime Case Studies

[1] The Plaintiff is a victim of a cross-border cyber fraud known as a “push payment fraud” where the victim is tricked over emails to make a payment for a legitimate transaction into a different bank account under the control of the fraudster. Such a fraud has become increasingly common.

[2] In this case, through exchanges of emails, the fraudster (described below as Persons Unknown) deceived the Plaintiff into making payment of EUR 123,014.65 (approximately close to RM 600,000.00) (‘Plaintiff's Monies’) into a CIMB bank account in Malaysia. The Plaintiff thought it was making a genuine payment to its South Korean counterparty for a commission payment. Instead, the fraudster has now siphoned the Plaintiff's Monies away.

Zschimmer & Schwarz v Persons Unknown & Anor.

[3] The 2nd Defendant, Mohammad Azuwan, is the owner of the sole proprietorship of Premier Outlook Services.

[4] This judgment deals with 2 broad reliefs sought by the Plaintiff on an urgent ex parte basis via a hearing through the e-review platform: (i) | A proprietary injunction and Mareva injunction relief against the Defendants [Enclosure 3]; and (ii) | Substituted service by way of email and advertisement against the fraudster 1st Defendant [Enclosure 4].

Zschimmer & Schwarz v Persons Unknown & Anor.

Zschimmer & Schwarz v Persons Unknown & Anor.

The 1st Attempted Fraud

Fake Email Addresses:

u.diel.zschimmer-schwarz@mail.com

u.dielzschimmer-schwarz@mail.com

Genuine Email Address:

u.diel@zschimmer-schwarz.com

Zschimmer & Schwarz v Persons Unknown & Anor.

Zschimmer & Schwarz v Persons Unknown & Anor.

The 2nd Fraud

Decision and Significance :

1. First known Malaysian Court decision to grant an injunction against persons unknown.

2. First known Malaysian decision to allow for a proprietary injunction.

[33] A proprietary injunction is used to preserve and restrain a defendant from dealing with the assets of the Plaintiff or with assets in which the Plaintiff has an existing proprietary interest in.

3. Judicial Commissioner Ong Chee Kwan allowed an order for substituted service against the 1st Defendant by way of email (to the fraudster’s fake email addresses used in the scheme) and advertisement. The Court also allowed the Plaintiff’s prayer to include a link to an online Dropbox folder in the email sent to the 1st Defendant.

Zschimmer & Schwarz v Persons Unknown & Anor.

Challenges and Strategies

● Development of the legal framework vs advancement of technology

● Ensuring competent tracking and analysis equipment for law enforcement

● Borderless environment may involve numerous jurisdictions

● Raising awareness and implementation of information security practises

Challenges

Building Cyber Resilience

PeopleMulti-stakeholder approach

(Government, authorities, institutions, netizens, parents, schools, public and private sectors)

ProcessLegal framework, risk management,

security defences and solutions.

TechnologyRaise awareness to general public and vulnerable segments, partnership with thought leaders, tech

giants and tech universities.

Local and international cooperation

Develop or attract tech-related talents

Building Cyber Resilience

PeopleMulti-stakeholder approach

(Government, authorities, institutions, netizens, parents, schools, public and private sectors)

Local and international cooperation

TechnologyRaise awareness to general

public and vulnerable segments, partnership with thought

leaders, tech giants and tech universities.

Develop or attract tech-related talentsProcess

Legal framework, risk management, security

defences and solutions.

Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html

Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html

Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html

Source : https://www.cybersecurity.my/en/knowledge_banks/esecurity_bulletin/main/detail/2338/index-info.html

1. Cyber Security Malaysia – a national cyber security agency formed under the Ministry of Science, Technology and Information, which is tasked with roles of providing a wide range of cyber security services to strengthen the national cyber security interest.

2. Malaysia Computer Emergency Response Team ('MyCERT') - the response arm of Cyber Security Malaysia, to provide a point of contact for internet users who are affected by security related incidents which operates Cyber999 as an emergency response agency to private companies and home users.

3. Cyber Security Malaysia’s Outreach & Corporate Commitment Department ('CyberCSI') - In court, we often see CyberCSI being lead as the prosecution witness in substantiating the prosecution case against cyber criminals. CyberCSI also provides full-fledged digital forensics investigations.

https://chialee.com.my/knowledge-hub/basics-of-cyber-security-law-in-malaysia

Cyber Security Agencies in Malaysia

Best Practises (Before)Mindset

“Nothing much to steal” SMEs have less secure networks, easier to breach

Training and Education Raise awareness and alertness

(ignore pop-ups, unknown links, unnecessary messages and avoid unsecured websites)

Implement/enforce and document cyber security policies

- use firewall protection- secure password

practices/management- use multi-factor authentication (MFA)- data protection and backup system- install anti-malware and security

softwares updates- mobile devices safety- IT department

Avoid a messy desk!

Time is of the essence

● Collate / keep evidence -Date, time, location- Description of persons involved - name, age, gender, relationship (when and how you

know each other)- Description of offence / actions involved-Documents - emails, Whatsapp conversations, SMSs, -Call logs-Screen shots, photographs, etc. -Work with forensic or intelligence companies

● Prevent dissipation / onward transmission of funds - Injunctive Orders

● Recover sums - Disclosure Order (domestic/international)- Tracing Order

Best Practises (After)

-

To promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

Source : https://www.saferinternetday.org/

Mixture of civil and criminal proceedings (assist law enforcement authorities)

● Injunctive Orders● Disclosure Order - Bankers Trust Disclosure Order / Norwich Pharmacal

Disclosure Order ● Tracing Order

Work with forensic and intelligence companies

https://www.at-mia.my/2021/02/02/persons-unknown-asset-recovery-against-unknown-fraudsters-in-a-time-of-cyber-fraud/

Potential Remedies

Questions?

Date Topic Speakers

24 February 2021 (Wednesday)

Introducing MWKA Academy Sarah Kambali, Lesley Lim & Cassandra Thomazios

Upcoming Talks

Sign up for more MWKA Online Talks at

https://mahwengkwai.com/talks-signup/

YouTube:

Twitter:

Instagram:

Linkedin:

Facebook:

Follow us on Social Media

Complimentary Consultation

Schedule a complimentary 30 minute video-consultation with our lawyers by filling up the form at

https://mahwengkwai.com/schedule-a-meeting/

Notice: This presentation does not constitute legal advice and its contents should not

be relied upon as such. The facts and circumstances of each and every case will differ

and therefore will require specific legal advice. Feel free to contact us for

complimentary legal consultation.

Complimentary Consultation

Schedule a complimentary 30 minute video-consultation with our lawyers by filling up the form at

https://mahwengkwai.com/schedule-a-meeting/