Computer law is a relatively new field, although the practice of law enforcement regarding computer crimes is emerging, in this area there are still many circumstances that are not regulated by law. The first article that opens the chapter of the Criminal Code of the Russian Federation on computer crimes is Art. 272 of the Criminal Code of the Russian Federation Illegal access to computer information. This is one of the articles establishing punishment for hacking. But the specifics of criminal prosecution in Russia are such that it is often not malicious hackers who are subject to criminal prosecution, but ordinary users by an absurd accident - a gift for the brutal Russian justice system.
What is unauthorized access to computer information
According to the Federal Law “On Information, Information Technologies and Information Protection,” access to computer information means searching and obtaining any information in any form and from any source, subject to compliance with the requirements established by law.
Restriction of access to computer information can be established on the basis of federal laws, for example “On State Secrets”, “On Personal Data”, “On Trade Secrets”, etc. Of course, such information requires protection from unauthorized access. Access to such information by a person who does not have permission or authority to do so will circumvent the protection and will be considered unauthorized access. CRIMINAL LAWYER call now: ☎ 8 (495) 532-75-40
Commentary to Art. 272 of the Criminal Code
1. The subject of the crime is computer information protected by law (note 1 to the article). Such information, as a rule, represents information about persons, objects, facts, events, phenomena and processes on external media, in computer memory or a computer network. Information is protected by law insofar as the person does not have access rights to this information; the nature of the information, its protection by legislation on copyright and related rights, legislation on state secrets, etc. does not matter.
2. The objective side of the crime is characterized by unlawful access to legally protected computer information. Access to information involves obtaining a real opportunity to familiarize yourself with, change, move or delete information in the absence of properly obtained rights to perform all or a number of these actions. In most cases, the receipt of the corresponding rights is evidenced by the consent of the owner of the information, expressed either directly in the form of opening access to otherwise inaccessible information (providing a login, password, etc.), or implied in relation to specifically unprotected information. In this case, access rights may be limited to the ability to review, review and copy information; in this case, other actions with information should be considered illegal access.
3. Gaining access to information is not enough to recognize a crime as completed. It is necessary that the consequence of actions committed during unauthorized access is the destruction, blocking, modification or copying of information. For the content of these actions, see the commentary to Art. 159.6 CC; blocking should be understood as restricting access to information to other persons without deleting it; “modification” means any change in information; Copying should be understood as creating a copy of information on external media or another computer.
4. Actions regarding information with limited access (information constituting state secrets, commercial, tax or banking secrets, etc.) should be qualified according to the totality of Art. 272 of the Criminal Code and the corresponding other elements of the crime.
For what actions is liability provided under Art. 272 of the Criminal Code of the Russian Federation
Under illegal access to computer information according to Art. 272 of the Criminal Code of the Russian Federation refers to unlawful access to computer information if this act entailed the destruction, blocking, modification or copying of computer information. That is, to form a crime under Art. 272 of the Criminal Code of the Russian Federation requires such signs as illegal access to computer information and if certain consequences occurred as a result of this access. This is a simple composition provided for in Part 1 of Art. 272 of the Criminal Code of the Russian Federation, liability for which is up to two years in prison. Belongs to the category of a crime of minor gravity. The subsequent parts 2, 3 and 4 of the article provide for qualified offenses - causing major damage or committed out of selfish interest (Part 2), by a group of persons by prior conspiracy or by an organized group, or using official position (Part 3), if the acts entailed grave consequences , or created a threat of their onset (Part 4). The composition provided for in part two already belongs to the category of moderate severity and provides for a maximum punishment of up to four years of imprisonment, the third and fourth parts belong to the category of serious and provide for a maximum punishment of up to five and up to seven years, respectively.
Features of computer fraud (Article 159.6 of the Criminal Code of the Russian Federation)
Lawyer Antonov A.P.
The peculiarity of this type of fraud is that it can only be committed using computer technology. The crime includes a wide range of actions, namely the theft of someone else’s property or the acquisition of rights to someone else’s property by entering, deleting, blocking, modifying computer information or otherwise interfering with the functioning of means of storing, processing or transmitting computer information or information and telecommunication networks. Due to the fact that we are talking about a specific area and the legislator uses special terms, it is first necessary to understand them. According to the note to Art. 272 of the Criminal Code of the Russian Federation, computer information is understood as information (messages, data) presented in the form of electrical signals, regardless of the means of their storage, processing and transmission. In accordance with paragraph 4 of Art. 2 of the Federal Law of July 27, 2006 N 149-FZ “On information, information technologies and information protection”, an information and telecommunication network is a technological system designed to transmit information over communication lines, accessed using computer technology. Based on Art. 6 of this Law, information resources are owned by legal entities and individuals, are included in their property, and are subject to civil legislation. Modification of computer information also means a change in the software through which information is collected, stored, processed, transmitted, and a change in the information array itself. According to the Resolution of the Plenum of the Supreme Court of the Russian Federation dated November 30, 2017 N 48 “On judicial practice in cases of fraud, misappropriation and embezzlement” within the meaning of Art. 159.6 of the Criminal Code of the Russian Federation, interference in the functioning of means of storing, processing or transmitting computer information or information and telecommunication networks recognizes the purposeful impact of software and (or) software and hardware on servers, computer equipment (computers), including portable (portable) laptops , tablet computers, smartphones - equipped with appropriate software, or on information and telecommunication networks, which violates the established process of processing, storing, transmitting computer information, which allows the culprit or another person to illegally take possession of someone else’s property or acquire the right to it. As an example, consider the following situation. Citizen P., by entering, deleting, blocking, modifying computer information (hacking passwords, changing logins, accessing the Bank-Client system), committed the theft of funds from the current account of LLC B in the amount of 25 million rubles, which he disposed of at his own discretion, transferring them to the settlement accounts of third-party organizations controlled by him. It is also worth noting that fraud committed through unauthorized access to computer information or through the creation, use and distribution of malicious computer programs will most likely be additionally qualified under Art. Art. 272 (“Illegal access to computer information”), 273 (“Creation, use and distribution of malicious computer programs”) or 274.1 (“Unlawful influence on the critical information infrastructure of the Russian Federation”) of the Criminal Code of the Russian Federation. Thus, we are talking about elements of a crime adjacent to the one under consideration. Moreover, in the case of fraud in the field of computer information, depending on the specific situation, practice follows the path of imputation and Art. 159.6, and Art. 272 of the Criminal Code of the Russian Federation (or Art. 273, 274.1 of the Criminal Code of the Russian Federation). Article 272 of the Criminal Code of the Russian Federation provides for criminal liability for unlawful access to computer information. In this case, a prerequisite for liability is the presence of consequences in the form of destruction, blocking, modification or copying of computer information. As we see, it is the nature of the consequences that distinguishes Art. 159.6 from Art. 272 of the Criminal Code of the Russian Federation. If we are talking about taking possession of someone else’s property, then qualification is carried out according to Art. 159.6 of the Criminal Code of the Russian Federation. If, in the process of theft of property, destruction, blocking, modification or copying of computer information occurs, then the actions of the perpetrator are additionally qualified under Art. 272 of the Criminal Code of the Russian Federation. At the same time, as we have already indicated, practice follows precisely this path. For example, to steal funds from an “electronic wallet,” you first need to obtain an access code to this wallet. If a person hacks it using technical capabilities and steals funds, the actions will be qualified under Art. Art. 159.6 and 272 of the Criminal Code of the Russian Federation. Practice follows the same path if the theft of property occurs with the help of malicious computer programs (Article 273 of the Criminal Code of the Russian Federation). Our advice is the following. In order to prevent a company from becoming a victim of computer fraud, it is necessary to pay special attention to information security, namely to have highly qualified IT specialists, as well as specialists in the field of information security and reliable software. It is important to carefully select persons who have the right to access closed files, the Bank-Client system, and also have information about the corresponding passwords. If doubts arise about the employee’s reliability, measures should be taken to change access passwords and exclude from his functional responsibilities work with confidential information, in particular with the organization’s current accounts. Managers and owners of companies are recommended to personally constantly monitor transactions related to the movement of funds through current accounts, as well as information about persons who have access to them. As qualifying features of this crime, the legislator establishes the commission of these actions: - by a group of persons by prior conspiracy, as well as causing significant damage to a citizen; - by a person using his official position, in large amounts, from a bank account, as well as in relation to electronic funds; - by an organized group or on a particularly large scale.
Still have questions for your lawyer?
Ask them right now here, or call us by phone in Moscow +7 (499) 288-34-32 or in Samara +7 (846) 212-99-71 (24 hours a day), or come to our office for a consultation (by pre-registration)!
What does judicial practice show under this article?
Responsibility for email hacking is criminal or administrative. Judicial practice under this article is extensive, since with the development of the Internet, criminals are increasingly encroaching on protected information for the sake of profit or use for criminal purposes.
Judicial practice in the case:
- Citizen S. confessed to the police, where he admitted that he had repeatedly deleted or changed information from the computer network of an enterprise in the city of E. at the request of his manager N. S. was a software engineer and had the highest access to the network. At the request of V., who received bribes from higher authorities, he made changes for selfish purposes. The court found him guilty and sentenced him to arrest for a year. V. was also convicted with deprivation of the right to office and a fine.
- Citizen E. was convicted under Art. 272 and 165 of the Criminal Code of the Russian Federation for illegal use of the Internet. According to the testimony of the victims, he paid for the use of the network to a certain A., who used the data of other victims V. and R., entering their logins and email passwords on E’s computer. The information was lost and it became public knowledge. A. was also sentenced to arrest.
- Citizen M. was convicted under Art. 272, when, as a system administrator, she entered the password-protected email account of the accounting department and became familiar with the data on the company’s accounts. With this data, she blackmailed the director of the company, threatening to disclose it to the public and all employees of the enterprise. The director was forced to go to court for protection. M. was sentenced to a fine and imprisonment for a year, and was deprived of his position.
What decisions are most often made under Article 272?
Article 172 often results in convictions for account hacking. This is due to the fact that the guilt of the criminals is provable. It is extremely rare to come across accusations that cannot be proven. Criminals receive fines and forced labor. If their crime involves serious consequences or access to state secrets, then imprisonment is inevitable.
Criminal liability for disclosing bank secrets to third parties (Article 183 of the Criminal Code of the Russian Federation)
Art. 183 of the Criminal Code of the Russian Federation provides for penalties for illegal receipt and disclosure of information constituting bank secrecy in the form of:
- monetary penalty in the form of a fine;
- correctional labor;
- forced labor;
- imprisonment.
Find out in ConsultantPlus whether it is possible to fire an employee who has divulged a professional secret. Get trial demo access to the K+ system and upgrade to the Ready Solution for free.
A detailed breakdown of punishments under this article is presented in the diagram:
Learn about the responsibility of taxpayers in the tax sphere from the section “Tax Responsibility”.
Who, according to Law No. 395-1, is responsible for the disclosure of bank secrecy
Persons and institutions that guarantee the safety of information that constitutes bank secrecy are listed in Art. 26 of the Law “On Banks and Banking Activities” dated December 2, 1990 No. 395-1. What information and by whom cannot be disclosed due to legal requirements is shown in the diagram:
How to hold a bank accountable for disclosing banking secrets of an individual? The answer to this question is in ConsultantPlus. If you do not have access to the K+ system, get a trial demo access for free.
