Criminal law and cybercrime

Cybercriminality

Back
Previous topic

Cyber crime

Covers crimes committed on or through computers and computer systems, provided that they occur in a virtual environment, in cyberspace.

Types of cybercrimes

Direct cybercrime: Crimes or offenses where a computer, program, data, information system, etc. are the target of an attack.
Examples:: Theft, unauthorized use of another's property, fraud, copyright infringement.

Indirect cybercrime: Crimes or offenses where a computer, program, data, information system, etc. are the instrument of the perpetrator's criminal activity.
Examples: Violation of the confidentiality of transmitted messages, damage to another's property, unauthorized business, unauthorized handling of personal data.

3824232
Source: Freepik

Unauthorized access to a computer system

According to Section 247 of the Criminal Code, anyone who overcomes a security measure and thereby gains unauthorized access to a computer system or part thereof shall be punished by imprisonment for up to two years.
In the context of this crime, overcoming a security measure means, for example, testing login credentials, e.g. using tools in the Kali Linux operating system or abusing session hijacking.  

Unauthorized interference with a computer system

According to Section 247a of the Criminal Code, whoever restricts or interrupts the functioning of a computer system or part thereof:

  • By unauthorized insertion, transmission, damage, deletion, deterioration of quality, alteration, suppression or denial of access to computer data, or
  • By making unauthorized interference with the technical or software equipment of a computer and unlawfully destroying, damaging, deleting, altering or reducing the quality of the information obtained, shall be punished by imprisonment for a term of six months to three years.

Examples: An example of an activity that could be considered as this criminal offense is the use of denial of service attacks. These are either DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks. Another example is the use of malicious software (malware) that can block the operation of some parts of the system, or cause the system to shut down.

Unauthorized interception of computer data

According to Section 247b of the Criminal Code, anyone who intentionally damages, deletes, alters, suppresses or makes computer data inaccessible or impairs its quality within a computer system or part thereof shall be punished by imprisonment for a term of six months to three years.
The term “disabling of computer data” includes acts such as the dissemination of malicious software such as ransomware, which can damage or disrupt the integrity of computer data.
Importantly, for the act to be criminal, it is not necessary for specific damage to occur. It is sufficient that the computer data is altered or damaged.

Unauthorized interference with computer data

According to Section 247b of the Criminal Code, anyone who unlawfully intercepts computer data through technical means of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system containing such computer data, shall be punished by imprisonment for a term of six months to three years.  
In addition, according to the second paragraph of Section 247b of the Criminal Code, anyone who as an employee of an electronic communications service provider, commits the act referred to in Section 1 (previous paragraph) or intentionally enables another to commit such an act, or alters or suppresses a message submitted via an electronic communications service, shall be punished by imprisonment for a term of one to five years.

An example of an activity that could be qualified as this crime is the interception of network traffic (sniffing), whether within a local network or via Wi-Fi.
In this case, it is irrelevant whether the data is encrypted or not, and whether or not it contains sensitive data.

Production and possession of an access device, password to a computer system or other data

According to Section 247d of the Criminal Code, whoever, with the intention of committing the crime of unauthorized access to a computer system under Section 247, unauthorized interference with a computer system under Section 247a, unauthorized interference with computer data under Section 247b or unauthorized interception of computer data under Section 247c, produces, imports, procures, buys, sells, exchanges, puts into circulation or in any way makes available:

  • a device, including a computer program, created for unauthorized access to a computer system or part thereof, or  
  • a computer password, access code or similar data enabling access to a computer system or part thereof, shall be punished by imprisonment for up to two years.

An example of conduct that could be considered this crime could be obtaining passwords from computers or databases.

Infringement of the rights of others

According to Section 376 of the Criminal Code, anyone who unlawfully violates the confidentiality of a document or other written document, audio recording, video recording or other recording, computer data or other document kept in the privacy of another by publishing or making it available to a third party or using it in any other way and thereby causing serious harm to the rights of another shall be punished by imprisonment for up to two years.
An example of an activity that can be considered a criminal offense of infringement of the rights of others is if someone publishes intimate photographs of another person on a social network.

Blackmail
This is another example of a criminal offense that can be classified as damaging
It is regulated in Section 189 of the Criminal Code, which states that whoever forces another person to do, omit or suffer something by force, threat of violence or threat of other serious harm, shall be punished by imprisonment for two to six years.

Cyberbullying

Cyberbullying is intentional and often long-term activities that include insults, threats, ridicule or harassment of others through modern information and communication media, usually over a longer period of time
It mainly takes place through: social networks, video portals, e-mails, chats, blogs, mobile phones (e.g. SMS messages or annoying phone calls).
It may have elements of the following criminal offenses:

  • Participation in suicide (§ 154 of the Criminal Code)
  • Violation of the secrecy of transmitted messages (§ 196 of the Criminal Code)
  • Endangering morality (§ 371, 372 of the Criminal Code)
  • Dangerous threats (§ 360 of the Criminal Code)
  • Defamation (§ 373 of the Criminal Code), extortion (§ 189 of the Criminal Code), fraud (§ 221 of the Criminal Code)

 

Source: vectorjuice / Freepik

Cyberstalking

This is an act in which the perpetrator targets a specific person, harasses them, threatens them or their close ones, and thus provokes in their victim. According to Section 360a of the Criminal Code, whoever stalks another person for a long time in such a way that it may raise reasonable concern for their life or health, the life or health of a person close to them, or significantly worsens their quality of life, by

  1. threatening bodily harm or other harm to them or a person close to them,
  2. seeking their personal proximity or following them,
  3. contacting them through a third party or electronic communication service, in writing or otherwise against their will, 
  4. misusing their personal data for the purpose of obtaining personal or other contact, or
  5. otherwise restricting them in their usual way of life,

shall be punished by imprisonment for up to one year.
An example is constant posting on a social network where the perpetrator threatens the victim to harm them or someone close to them, either physically or psychologically.

Spreading hoaxes

According to Section 361 of the Criminal Code, anyone who intentionally causes a risk of serious concern to at least part of the population of a place by spreading a hoax that is false, or commits another similar act capable of causing such a risk, shall be punished by imprisonment for up to two years.
A hoax is a message spread via email and social networks that contains inaccurate, misleading information, purposefully modified half-truths, and a mix of half-truths and lies.
A hoax is a false report that may cause fear and anxiety about some future events

  • it must be not only alarming, but also false
  • it must adversely affect the lives of certain users

Copyright infringement

According to Section 283 of the Criminal Code, anyone who unlawfully infringes on the legally protected rights to a work, artistic performance, sound recording or audio-visual recording, radio broadcast or television broadcast or database shall be punished by imprisonment for up to two years.
An author is a physical person who created the work (for example, a painter, programmer, poet, photographer).
Both uploading and downloading of copyrighted works can be qualified as a criminal offense of copyright infringement.

When can a work be used?
According to Act No. 185/2015 Coll. Copyright law:

  1. The author has given consent to a specific way of using his work
  2. Consent has been given by another person – either based on an agreement with the author or based on legal authorization (employer, school, authors' association, etc.)
  3. Free work – the author's rights have already expired (use occurs later than 70 years after the author's death)
  4. Statutory license – copyright law allows the use of the work even without the author's consent – ​​e.g. citation
    • Use of the work for the purposes of freedom of expression and the right to information
    • Use of the work for social, educational, scientific, cultural, official and other purposes
    • Use of the work within the framework of religious and official ceremonies and holidays
    • Use of the work for the purpose of archiving