What responsibility do hackers bear for hacking a computer or VK page?

What do hackers hack?

One of the most common types of hacking in a computer environment is penetration into someone else's email , which all users usually have, since it is necessary to have it to register on websites and applications on a smartphone.

Access to it can also mean access to other resources of a citizen, which is why it so often becomes the subject of crime. The same applies to enterprise mail, which is common to all employees, and therefore easier prey for offenders.

Most often, someone else's email is hacked.

Sometimes this is done for the purpose of subsequent extortion of money if criminals have found some personal information of a citizen or gained access to company secrets.

Often, a consequence of email hacking is penetration into other people's social networks. By getting into the user's account, the attacker gains access to his personal life, photographs and information that he would like to leave undistributed.

Hacking websites or blogs is also very popular. This is done either for selfish purposes (blackmail), or to simply mock the site owner.

Case in Krasnoyarsk

A resident of Krasnoyarsk received 4.5 years in prison for hacking online store sites. The court also satisfied the claims of the victims in the amount of over 1.5 million rubles, the prosecutor's office of the Krasnoyarsk Territory reports on its website. The decision was made by the Oktyabrsky District Court of Krasnoyarsk.

The convict is 38 years old. As the trial established, from October 2015 to January 2021, he hacked the websites of online stores of automobile spare parts. Having hacked the site, the hacker negotiated on behalf of the store for the sale of spare parts, received money, but did not supply any spare parts to anyone. In total, the criminal managed to implement this scheme more than 80 times. He himself was in Krasnoyarsk all this time, but residents of different regions of Russia suffered from his actions.

The case was considered as a special trial, since the convict admitted his guilt. Before this, he had no criminal record; in addition, there are mitigating circumstances, including a young child whom the convicted person supports. Despite this, the court sentenced him to serve his sentence in a general regime colony.

Brief content of the article. 272 of the Criminal Code of the Russian Federation with comments

Responsibility for hacking is provided for under Art. 272 of the Criminal Code of the Russian Federation, consisting of 4 parts and 2 notes. The first part talks about those preventive measures that are prescribed for illegal access to computer information if this entails any changes or copying.

The first note defines the term computer information. This is information that is presented in the form of electrical signals, regardless of the type of storage or processing.

The following parts indicate the penalties that are imposed for this offense, taking into account the presence of certain aggravating circumstances:

in part 2 - when causing major damage (note No. 2 states that major damage starts from a million rubles ) or when committed for personal gain;
in part 3 - if the criminals were united in a whole group of people who planned the offense in advance, or if the person used his official position (having access to general email or special company information);
in part 4 - about the same crimes, but if they entailed serious consequences for the injured party or their threat.

Example

There is a precedent in history for opening a criminal case for account theft.

A 20-year-old resident of Volgodonsk (Rostov region) could spend two years in a colony if he is found guilty of stealing a virtual character from the popular online game Lineage 2. A hacker stole from a resident of Murmansk one of the most advanced characters in the game under the nickname BSL; a Murom resident estimated his damage at 5,000 rubles. The creators of the game note that such thefts occur every day, but few people turn to the police for help.

A resident of the city of Volgodonsk was detained on suspicion of stealing a virtual character from the game Lineage 2, the press service of the Ministry of Internal Affairs for the Rostov Region officially reported. Now he faces up to two years in prison under Article 272 of the Criminal Code of the Russian Federation (illegal access to computer information). The suspect is now under recognizance not to leave the place; an employee of the press service of the Ministry of Internal Affairs refused to name the criminal, citing the presumption of innocence. The former owner of the character under the nickname BSL contacted the Murmansk police department. The man said that he had been subjected to a hacker attack; he had been leveling up his character for several years, and the total amount of money spent on improving it exceeded 5,000 rubles.

General Director of Innova Gevorg Sargsyan explained that character thefts in the computer game Linage occur quite often, but not all users turn to law enforcement agencies. “Virtual characters are stolen every day, we are fighting these illegal actions, including advising users to introduce additional protection for their accounts. Frauds are also quite common: for example, a user who has agreed to sell his character, after the transaction, declares it stolen. We also try to stop this,” says Mr. Sargsyan.

Telecommunications lawyer Anton Bogatov explained to RBC daily that such cases still rarely come to court, since gamers do not like to contact law enforcement agencies on such issues. “As a rule, players simply do not come to the local police station. However, now there is reason to believe that the police solved this cybercrime quite quickly and efficiently. The main thing is to quickly seek help,” the expert believes.

What is considered unauthorized access

According to Art. 272 of the Criminal Code of the Russian Federation, this term means illegally obtaining the opportunity to become familiar with information or use it.

Illegal access is the illegal use of someone else's information.

This is done using an algorithm of certain actions and using special technical and software tools that allow you to overcome security systems or use someone else’s passwords or codes. To do this, criminals can also disguise themselves as ordinary users using their passwords.

Attention! Also, unauthorized access is carried out by a person who does not have any rights to work with this information, for which special measures have been taken to limit the circle of people who have access to this information.

Such information, protected by the legislation of the Russian Federation, refers to objects of intellectual property, official and commercial secrets, personal data, etc.

Corpus delicti

We have analyzed what article is used for hacking a page on a social network or a website, but in order to qualify this offense as illegal access to computer information, it is necessary to determine whether the corpus delicti corresponds to it.

The objective side here is precisely the illegal access to information by a citizen who does not have any rights to it. The object of this offense is the security of computer information , and the subject is computer information.

The subjective side is a deliberate form of guilt in relation to the actions performed. In this case, a careless form is also allowed, but only if we are talking about the consequences that occurred as a result of the offense.

The subject of the crime is computer information.

In the latter case, criminal liability arises if the person knew about the possible results of the crime, but expected that something would prevent them from being realized. It is also provided for in cases where a citizen, although he did not expect their occurrence, should have and could have done so.

The subject of the crime is a capable person who has already reached the age of 16.

Email hacking

Almost every adult and young generation now has email; even the youngest users register it, for example, as a tool for installing applications.

At work, staff have one “box”, at home – another, but each of them can store personal, valuable and even prohibited information for most ordinary people, access to payment systems and social networks. The attacker, naturally, wants to get them for personal gain, often this is extortion with significant financial gain.

The following video will tell you more about such a crime as email hacking:

Concept and criminal legal characteristics

A crime characterized by hacking of an electronic mailbox can be committed under both Article 272 of the Criminal Code of the Russian Federation and Article 138. Let us determine the criminal law for each article:

138 of the Criminal Code of the Russian Federation	272 of the Criminal Code of the Russian Federation
An object	The right to maintain confidentiality of correspondence	Citizen's right to information
Objective side	Violation of the integrity of the corresponding object	Illegal access to protected information, if as a result it was changed, copied, blocked and/or destroyed
Subject	Adequate individual at least 16 years of age
Subjective side	Direct intent, the degree of which does not affect the severity of the punishment

Qualifying features

Crimes in the field of computer security are very diverse. Their composition is quite formal, and an offense is considered committed - recording the fact of hacking an electronic mailbox and classifying it as one of the articles of the Criminal Code of the Russian Federation.

The qualifying features of a crime depend on the conditions under which the crime was committed. If the work box was hacked, then their role will be the use of their official position.

Any action that led to a hack, carried out illegally and without the knowledge of the victim, is considered a qualifying characteristic.

Methods of crime

Many have been led to believe that if no one sees your password, then the system is safe. But this is far from true. The password itself is now a small grain in the process of gaining access to your email account. Mechanical password selection is the last thing to do.

Here are some of the most popular email hacking activities:

Social engineering - simple passwords containing personal information (date of birth, first and last name, etc.), placing pieces of paper with passwords in visible places on the computer desktop in the form of a text document.
Spam mailings are a bright letter, most often about a win or a lucrative offer, with a link that turns out to be a malicious site or executable file.
Phishing is a fake website that copies the design of the original almost 100%, where an inattentive user enters his data.
Distribution of unlicensed software containing viruses.

Read on to find out which article “shines” for hacking a social network page (for example, VKontakte (VK), Odnoklassniki, etc.).

The following video will tell you more about phishing for hacking email and social network accounts:

How is guilt proven, on what basis can you file an application?

Hacking, according to the Criminal Code of the Russian Federation, is proven on the basis of specific facts, namely hacking of an email account, website or social network account.

It may also mean that personal data or trade secrets fall into the wrong hands, to people who do not have any rights to process or store them.

It is quite difficult to obtain such evidence, especially on the Internet, where it is very easy to remain anonymous. There are only a few options on how to get them:

send a letter to the managers of a postal service or social network with a request to provide a list of IP addresses used to log into them;
some social networks allow you to track the list of those who have access to your account;
If your name sends spam to your friends and family, but your profile is inaccessible, then most likely it has been hacked.

Liability for unauthorized access

Certain preventive measures are prescribed under various parts of this article. In this section we will find out which ones and for which part of Art. 272 of the Criminal Code of the Russian Federation they are determined.

If the offense was classified under Part 1, then the following penalties may be imposed:

a fine of 200,000 rubles or 1.5 years’ salary;
corrective labor for a year;
restriction of a person’s movements for 2 years;
forced labor for the same period;
imprisonment for the same period of time.

Under Part 2, penalties may be as follows:

a fine in the amount of 100,000 to 300,000 rubles or wages for 1-2 years;
correctional labor for 1-2 years;
restriction of movement for 4 years;
forced labor for the same period;
imprisonment in a colony for the same period.

If the court has determined that the crime is committed under Part 3 of Art. 272 of the Criminal Code of the Russian Federation, then more serious sanctions may be used:

a fine of up to 500,000 rubles or wages for 3 years with the introduction of a ban on holding certain positions or certain types of activities for a period of up to 3 years;
restriction of a citizen’s movements for 4 years;
forced labor for 5 years;
imprisonment for the same period of time.

Part 4 provides for only one type of punishment - imprisonment for a period of up to 7 years.

Additional Responsibility

Depending on the circumstances of the incident, other articles of the Criminal Code of the Russian Federation may be applied. For example, if a criminal used viruses or other malicious programs to harm other users, then Art. 273 of the Criminal Code of the Russian Federation.

In cases where a criminal has gained access to the personal data of citizens or their correspondence, Art. 137 and 138 of the Criminal Code of the Russian Federation.

When assigning a preventive measure, all circumstances of the case are taken into account.

Also, when publishing any information, the criminal could cause hostility or hatred among users. In this case, Art. 282 of the Criminal Code of the Russian Federation. If he tried to slander another citizen, then Art. 128.1 of the Criminal Code of the Russian Federation.

Examples from judicial practice

The student hacked the email of another citizen, after which he began to extort money from him, threatening to disseminate his personal data. He was found by law enforcement officers, and his actions were qualified under two articles: 272 and 138 of the Criminal Code of the Russian Federation. He was sentenced to 7 years in prison.

An employee of a company providing communication services downloaded a list of calls from another citizen for personal purposes. Since she had no criminal record, reconciliation of the parties was used.

An employee of one organization destroyed, on his own initiative, certain information that discredited his name. His actions were determined under Part 3 of Art. 272 of the Criminal Code of the Russian Federation.

Criminal liability for “hacking” of government information resources. Expert opinions

In the near future, the government of the country plans to submit it for consideration to the State Duma of Russia. According to RBC

, in accordance with the bill, it is proposed to supplement the Criminal Code of the Russian Federation with Art. 272.1. The size of the sanction for “hacking” government information resources is proposed to be set at 3 years of imprisonment.

Article 272.1. implies liability for unlawful access to state information systems and (or) state information resources contained in them, and for criminal liability to occur, it will be necessary that such a “hacking” entails the destruction, blocking, modification or copying of information, disruption of the functioning of the state information system.

The same acts committed by a group of persons by prior conspiracy or by an organized group or by a person who has access to state information systems, including those operating as part of critically important facilities, and (or) state information resources contained in them due to his official position, must shall be punishable by imprisonment for a term of 3 to 7 years.

In this case, critically important objects are understood as objects whose disruption or cessation of functioning leads to loss of control, destruction of infrastructure, irreversible negative change or destruction of the economy of a country, a subject of the Russian Federation or an administrative-territorial unit, or a significant deterioration in the safety of life of the population living in these territories, on long term.

TatCenter.ru asked the experts:

How do you feel about this initiative of the Russian government?
In your opinion, is this punishment adequate for the crime committed?

Andrey Bakhtin, head of department at the City Information and Diagnostic Center

1. Any law preventing the destruction of public resources must be severe. Hacking a government resource does not mean infiltrating the “president’s website.” This means illegally invading databases that may contain confidential data: taxes, income, passport data, and the like.

Penetrating deep into the state electronic storage cannot be done by accident - there is always a certain intent: from profit to disclosing state secrets. Such acts must be punished by law and very severely.

The existence of a law will make it possible to initiate criminal cases and conduct investigative measures to find the source of information leakage. When counterfeit money is discovered, they look not only for the counterfeit bills and their distributors, but also for the machine that printed them. The same should be true in the case of disclosure, for example, of a database of cell phone numbers distributed in markets. You need to look not only for disks, but also for the unscrupulous employee who downloaded them, and other “weak points” in information security systems.

Some may see this law as an attack on democracy. But democracy is not anarchy. The stealing or destruction of state resources, and in the 21st century, including electronic resources, only weakens democratic institutions. Another thing is that the concepts of “state (municipal, etc.) information resource” must be defined as precisely and specifically as possible.

2. If there was intent, then the punishment should be the most severe. Databases, just like the “secrets” of an ordinary building, have several degrees of protection. And if a person was able to penetrate into the very core of an information resource, just as if, having overcome all barriers, he penetrated into a safe, this speaks of his most direct intention.

The appearance in the Criminal Code of the Russian Federation of a law related to the intangible property of the state suggests that electronic government and state information resources are today becoming an integral part of the institutions of state power, and IT technologies are the natural environment of society. The 21st century is coming...

Boris Maslov, legal lawyer:

1. Whether the bill will be adopted in the form in which it exists now is still a question. Currently, the Criminal Code has three types of crimes in the field of computer information. The fact that the number of crimes in this area is now expanding is, in my opinion, very good. Internet technologies are developing very quickly and the law must keep up with this development; we must work ahead of the curve. Although, of course, it is too early to say what the final version of the law will be like.

2. Punishment for “hacking” government information sites depends on the consequences that will follow the “hacking.” The severity of the punishment will depend on whether the information on the site is distorted or deleted. The average sentence under the Criminal Code is now five years. This is the strictest deadline compared to European laws. By awarding a long term, the court hopes to reduce the number of crimes, but this does not always work. In order for citizens to live in peace, it is necessary to punish for every offense, and not increase the term. In principle, a punishment of imprisonment for a term of 3 to 7 years for “hacking” government information sites is an average term. Since the site is state-owned, then the punishment should be of appropriate severity.

Mikhail Samusenko, head of the legal department of Softline:

1. In my opinion, the initiative of the Russian government is timely and is a logical continuation of a series of innovations related to the computerization of government information flows.
At the same time, changes to the Criminal Code of the Russian Federation should be considered only in conjunction with amendments to the Federal Law “On Information...” and the Code of Administrative Offenses. All of these changes are provided for by the draft federal law “On Amendments to Certain Legislative Acts of the Russian Federation on Ensuring the Security of Use of State Information Resources.” So, for example, the Federal Law “On Information...” provides for updating the definition of the Internet itself, introducing detailed definitions of a domain name, website, network node, etc.
It should be noted that the main idea of the above changes, in addition to establishing the rules of relationships within the network Internet, is to allocate state information resources into a separate category and increase penalties for illegal activities of “hacking” them.

2. In light of the manifestation of trends in the state posting information on the Internet, as well as the possible consequences of its unlawful use, this step seems justified, and the punishment provided for in Art. 272.1. The Criminal Code of the Russian Federation is adequate.

Dmitry Sokolov, information security department analyst at TaxNet-Service CJSC:

1. Of course, the improvement of legislative measures for cybercrimes in itself can only be welcomed, because our laws in this area are too soft and generalized. But in this particular case we are talking about shifting the focus of the protective mechanisms of the law to government organizations. So, now the stability of the functioning of the private sector of the economy is not a priority for the state? This is at least unfair, and at most short-sighted. Let's then draw the following line throughout the Criminal Code of the Russian Federation: for theft from the state - one sentence, for business and citizens - another.

2. The fact of the matter is that this paragraph does not provide the desired differentiation of responsibility according to the severity of the crime committed. If, say, the Sayano-Shushenskaya hydroelectric power station was subject to a hacker attack, resulting in what happened, would it be correct to punish the attacker with only three years in prison, equating him to an ordinary hacker? Indeed, in terms of the severity of the consequences, such an atrocity would be tantamount to terrorism.

Alexander Yurtaev, Head of the Information and Analytical Department of the Office of the Cabinet of Ministers of the Republic of Tatarstan

1. I have an unequivocal positive attitude towards the initiative of the Russian government. Imagine that your apartment or car was hacked, naturally this will cause a completely negative reaction, especially since we are talking about the resources of government agencies. Hacking the Ministry's information resource is like breaking down its door. Nowadays, virtual representations of government bodies are no different from “real” ones. They are endowed with the same powers, have official status, and are levers of control. Any intrusion must be considered a crime.

2. Of course, specialists and professionals with extensive experience in legal practice should prescribe penalties for intrusion into the information resources of government agencies. At the same time, for me, who is closely involved in e-government issues, it makes no difference what kind of hacking we are talking about: the Internet site of the Government or an office in its building, the measure should be equally strict. Any person has the opportunity from any computer to use official information posted on the Internet on the websites of government agencies; one can only imagine what consequences hooligan interference in this resource could lead to... And, not only representatives should have an adequately negative attitude towards such actions state power, but also for the whole society.

Photo - website www.aif-nn.ru