The Computer Misuse and Cybersecurity Act
Section 5 of the Computer Misuse and Cybersecurity Act (CMCA) (Cap.50) of Singapore provides as follows:
Unauthorised modification of computer material
5.—(1) Subject to subsection (2), any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both.
(2) If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
(3) For the purposes of this section, it is immaterial that the act in question is not directed at —
(a) any particular program or data;
(b) a program or data of any kind; or
(c) a program or data held in any particular computer.
(4) For the purposes of this section, it is immaterial whether an unauthorised modification is, or is intended to be, permanent or merely temporary.
Reported Cases in Singapore
We set out below the most recent reported CMCA cases in Singapore.
- In PP v Ang Han Siong  SGDC 168, the accused pleaded guilty to 7 charges for dishonestly misappropriating victims’ wallets and using the victim’s credit cards to purchase a mobile phone and a GoPro camera. Out of these 7 charges, one of the charges was in relation to section 3(1) CMCA. The accused was traced. The accused had clearly profited from his illicit actions. The accused made no restitution. The accused was sentenced to 5 months’ imprisonment for the section 3(1) CMCA offence.
- In PP v Koh Chee Tong  SGDC 37, the accused was a compliance officer with United Overseas Bank (“UOB”) at the time of the commission of the offences. He was charged with 24 counts of unauthorised access to data in the computer system of UOB under section 3(1) of the CMCA. The prosecution proceeded with four counts, to which he pleaded guilty. The remaining 20 charges were taken into consideration for the purpose of sentence on the application by the prosecution and with the consent of the accused.
- In Koh Chee Tong, the accused had committed the offences for (a) financial gain and (b) harm was caused to his employer, UOB, because the personal particulars of bank customers were disclosed to unlicensed moneylenders.
- In PP v Ricky Widjaja  SGDC 201, the accused was a sports betting trader with Singapore Pools. One of the accused’s roles as a sports betting trader was to balance the supply and demand for opposite sides of a bet through adjustment of the odds. The accused and his accomplice hatched a plan to misuse their access to Singapore Pools’ computer systems to adjust the odds in their favour for brief moments in order to place risk-free bets. As a result of their offences, they made a net profit of S$198,500. The accused pleaded guilty to 13 charges under section 4(3) read with section 10(1) of the Computer Misuse Act.
- In Ricky Widjaja, the accused had conspired with another to commit the offences for (a) financial gain and (b) harm was caused to his employer, Singapore Pools, as it caused a “loss in confidence in the integrity of Singapore Pools’ computer system” (at ). In addition, the offences were not detected initially and only discovered out of chance when the Tote Board Group Internal Audit Department was auditing an unrelated matter. The accused had therefore plotted and carried out an elaborate scheme to evade detection. Fortunately for his employer, he was caught.
- In PP v Tan Wei Kwang  SGDC 317, the accused faced a grand total of 304 charges, out of which 4 charges related to a sophisticated conspiracy to perform unauthorised fund transfers under section 3(1) read with section 10 of the CMCA. In fact, the accused was part of a syndicate which used other people’s credit cards to purchase goods fraudulently. In order to avoid detection, all the accomplices wore caps while withdrawing money from the ATMs. The learned District Judge Chay Yuen Fatt observed that the offences were committed “on multiple levels, and the accused performed a wide spectrum of banking/commercial fraud using stolen credit or debit cards and cloned ATM cards” (at ). The learned DPP Hon Yi called for a global sentence of not less than 8 years imprisonment which the Court agreed and subsequently imposed.
- Last but not least, in Public Prosecutor v James Raj s/o Arokiasamy  SGDC 36, the accused carried out computer attacks on several websites under the moniker of “The Messiah”. He hacked into Standard Chartered Bank’s server, the fan website of Sun Ho, the pastor of City Harvest Church, three websites linked to City Harvest Church, a Straits Times journalists blog, the PAP Community Foundation website and Ang Mo Kio Town Council’s website. The accused also scanned and penetration tested various government servers. He pleaded guilty to 39 offences under the CMCA and one charge under the Misuse of Drugs Act (Cap 185, 2008 Rev Ed) (“MDA”) with a further 119 charges under the CMCA and 2 charges under the MDA being taken into consideration for the purposes of sentencing. The accused was sentenced to a total sentence of 56 months. There is no doubt that the accused in that case acted maliciously and harm had been caused to his victims.
- In all of the above cases, we can see that the respective accused persons had clearly acted wrongly and selfishly. They had to be charged and punished for their actions.