(Petaling Jaya, Wednesday): Telekom Malaysia should reward the two hackers into TMnet homepage last week for pointing out the poor security system of TMnet and to highlight public unhappiness at Telekom services.
It is clear that the two instances of hacking into the TMnet homepage were not criminal or malicious in the strict sense of the word but to make the Telekom authorities bestir from their complacency.
The Telekom authorities have promised a better security system, the Minister for Energy, Telecommunicatons and Posts, Datuk Seri Leo Moggie is taking a second look at the proposed bill on computer crime while the Police is seeking the co-operation of their more experienced foreign counterparts in dealing with computer hackers.
Yesterday, Leo Moggie said that the the proposed cyberlaws would be national in scope and would not be confined to the Multimedia Super Corridor, and that those involved in computer crimes would be prosecuted under the law regardless of whether they are committed inside the MSC or without.
Malaysia must be realistic when approaching the problem of computer crimes. Electronic fraud, for instance, can easily take place internationally. In the case of transnational electronic crimes, it is not always clear who is responsible for their investigation, for the prosecution of the criminals or for insurance purposes. The situation may arise where criminals choose to act from a country without extradition agreements, or from a country without a sufficiently sophisticated police force to catch them.
Have the drafters of the cyberbill on computer crime to be presented to the forthcoming Parliament envisaged and provided for these contingencies?
At this stage of our IT development, there may be merit in taking a more relaxed attitude towards computer hacking where the purpose is to point out the poor security and to highlight the need to tighten up the lax system rather than to commit computer fraud or crimes.
In the United States, the years prior to 1974 had been described as an “era of forgiveness” for computer hackers. Youthful “hackers” who broke into computer systems were regarded as budding geniuses and were punished only by having to write essays on how they did it.
It was only in the mid-1970s, when the cost of computer crimes mounted, that the process began to criminalise computer offences.
Although the Police is seeking the co-operation of their more experienced foreign counterparts in dealing with computer hackers, the government must also be realistic about the problem of computer hacking.
For instance, a report of the United States General Accounting Office (GAO) last year revealed that the computers of the US Department of Defence had been subject to 160,000 hacker attacks in 1995.
It further revealed that 65 per cent of the 38,000 attacks led by the US Defence Information System Agency (DISA) on government computers to test security levels were successful, amongst which only 4 per cent were detected and even fewer reported to DISA.
It has rightly been pointed out that the term “computer security” is a misnomer, as there is no such thing as computer security. There are only various degrees of insecurity.
Under these circumstances, any measures which could help in improving the computer security of institutions or networks should be encouraged, provided there is no criminal or malicious intent.
This is why I am suggesting that Telekoms should reward the two “hackers” into TMnet last month for giving it the opportunity to realise and rectify weak security system.