Cybercrimes in Singapore

In the digital age, crime has migrated onto the internet. Find out how to protect yourself and the information that matters most to you.

By Javern Sim, Practice Trainee Associate, Gloria James-Civetta & Co (GJC Law)

 

In 2013, a computer hacker who called himself ‘The Messiah’ carried out a series of cyber-attacks on major government websites in Singapore. The objective, according to the Messiah himself, was to “protest the Internet licensing framework” imposed by the government. The Messiah succeeded in defacing the websites of 13 government schools, the People’s Action Party’s Community Foundation, the Ang Mo Kio Town Council, the Prime Minister’s website and the blog of The Straits Times reporter Irene Tham.
 
That is not the end of The Messiah’s exploits. On the morning of 2 Sep, the website of Sun Ho, wife of Pastor Kong Hee of the City Harvest Church, was hacked into. Kong and several senior church members have been charged with misusing church funds to the tune of $50 million, the bulk of which was used to finance Ho’s pop music career. The hacker bragged that he took less than 15 minutes to gain access to the website.
 
The Messiah, however, could not evade the long arm of the law and was arrested by the Singapore Police and charged in court for his exploits.
 
The case of The Messiah is unfortunately not an isolated one. The fact is that cybercrimes are prevalent in Singapore. Some 61% of adults here will experience some form of cybercrime in their lifetime, while 37% have experienced cybercrimes.
 
Often, substantial damages result from the commission of cybercrimes. On average, each victim in Singapore suffers a loss of $1,448. This is the highest of the nations surveyed in the 2013 Norton Report; it is approximately four times the global average. What is worrying is that two in five mobile users in Singapore do not take basic precautions, such as the use of passwords and security software, on their devices.
 
This article is written with two objectives in mind: to provide a brief overview of some of the legislation governing cybercrimes in Singapore and offer some advice to concerned readers on how to avoid falling victim to cybercrimes.
 

What are cybercrimes?

 
Cybercrimes are more than hacking into and defacing websites. The Oxford English Dictionary defines cybercrime as “criminal activities carried out by means of computers or the Internet.” In Singapore, most cybercrimes are punishable under the Computer Misuse and Cybersecurity Act (Cap 50A, 2007 Rev Ed). The key sections are explained below:
 

A. Unauthorised access to computer material

 
Anyone who “knowingly causes a computer to perform any function for the purpose of securing access without authority to any programme or data held in any computer” is guilty under this section.
 
An example of how this section can be contravened is found in the 2007 case of one Song Yick Biau. Song tricked his victims into sending him a file that contained their usernames and passwords. Song proceeded to change the illegally obtained passwords and took over the identities of his victims to chat with their friends online. This was not all. Song doctored photographs, superimposing victims’ faces onto naked bodies. He threatened to release such photographs of one particular victim should she refuse to send him compromising photographs of herself. Song was sentenced to 27 months in prison.
 
It should be noted that the mere act of tricking his victims into sending him their login details for the purpose of securing access into their accounts without their approval would have rendered Song liable under Section 3(1) of the Computer Misuse and Cybersecurity Act. If, consequentially, any damage is caused to the offender’s victim(s), the offence would attract a heavier penalty under Section 3(2) of the Act.
 
 
 

"Cybercrimes are more than hacking into and defacing websites. The Oxford English Dictionary defines cybercrime as “criminal activities carried out by means of computers or the Internet.”"

 

B. Access with intent to commit or facilitate commission of offence

 
Under this section, anyone “who causes a computer to perform any function for the purpose of securing access to any programme or data held in any computer with intent to commit an offence” is guilty. The offence referred to in this section is an offence “involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than two years.”
 
In the case of Public Prosecutor v Navaseelan Balasingam [2006] SGDC 156, the accused pleaded guilty to five charges under Section 4 of the Computer Misuse Act (the predecessor to the Computer Misuse and Cybersecurity Act) “for causing various Automated Teller Machines (ATMs) to access data held in the central computer systems of the United Overseas Bank (UOB) Limited with the intention to commit theft of monies.” In addition, he faced charges of theft under the Penal Code. This case is a good illustration of how Section 4 of the computer Misuse and Cybersecurity Act works. The section is meant to deal with instances whereby the act of securing access to any programme or data comes with the objective of committing an offence such as theft in the case Navaseelan Balasingam.
 

C. Unauthorised modification of computer material

 
Under this section, anyone “who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence.” Similar to Section 4 of the Act, if damage is caused, the offender may be subjected to harsher penalties.
 
In the case of Public Prosecutor v Ooi Lye Guan [2005] SGDC 228, the accused pleaded guilty to unauthorised modification of contents of ‘Service Data Point 2’ belonging to telecommunication company SingTel. The accused’s primary objective in committing the offence was “to reset the monetary balance on a pre-paid SingTel Hi Card” linked to his mobile number to induce SingTel to provide call services without payment on his part. Unauthorised modification of the contents of any computer, as in the unauthorised modification of the contents of SingTel’s Service Data Point 2 in this case, would lead to conviction under this section.
 

D. Others

 
Other possible offences involving computers and falling under the purview of the Computer Misuse and Cybersecurity Act include:
 
(a) Unauthorised use or interception of computer service;
(b) Unauthorised obstruction of use of computer; and
(c) Unauthorised disclosure of access code.
 
If an offence is committed under section 3, 5, 6 or 7 of the Computer Misuse and Cybersecurity Act and involves protected computers, punishments will be enhanced.
 
Finally, even if one did not actually commit the abovementioned offences, but instead abets the commission or does any act preparatory to the commission of any offence under the Computer Misuse and Cybersecurity Act, he will be treated as if he has committed the particular offence.
 
 
-END-
COMMENT
VIEW COMMENT
 
BACK TO TOP