What do hackers hack?
One of the most common types of hacking in a computer environment is penetration into someone else's email , which all users usually have, since it is necessary to have it to register on websites and applications on a smartphone.
Access to it can also mean access to other resources of a citizen, which is why it so often becomes the subject of crime. The same applies to enterprise mail, which is common to all employees, and therefore easier prey for offenders.
Sometimes this is done for the purpose of subsequent extortion of money if criminals have found some personal information of a citizen or gained access to company secrets.
Often, a consequence of email hacking is penetration into other people's social networks. By getting into the user's account, the attacker gains access to his personal life, photographs and information that he would like to leave undistributed.
Hacking websites or blogs is also very popular. This is done either for selfish purposes (blackmail), or to simply mock the site owner.
Why do email accounts, social networks and other Internet resources get hacked?
Hacking an Internet account involves gaining illegal access to user data on a social network or other resource.
Attention! The goals of such crimes are different:
- theft of funds from electronic wallets. With the spread of online payments, the number of scammers seeking to get other people’s money in this way is also increasing.
- sending spam letters. This is done to gain access to someone else’s page, most often on social networks (Vkontakte, Odnoklassniki, and so on),
- extortion and blackmail. Fraudsters gain access to other people’s information, and then blackmail people with this information, extorting money,
- personal motives. Experience knows cases when close relatives and friends try to obtain information in this way. The motives are different: jealousy, revenge and so on.
There are also cases of hacking for fun, this is how children have fun, but in the end they do not suffer any sanctions.
Statement regarding fraud to the Police and Prosecutor's Office.
Brief content of the article. 272 of the Criminal Code of the Russian Federation with comments
Responsibility for hacking is provided for under Art. 272 of the Criminal Code of the Russian Federation, consisting of 4 parts and 2 notes. The first part talks about those preventive measures that are prescribed for illegal access to computer information if this entails any changes or copying.
The first note defines the term computer information. This is information that is presented in the form of electrical signals, regardless of the type of storage or processing.
The following parts indicate the penalties that are imposed for this offense, taking into account the presence of certain aggravating circumstances:
- in part 2 - when causing major damage (note No. 2 states that major damage starts from a million rubles ) or when committed for personal gain;
- in part 3 - if the criminals were united in a whole group of people who planned the offense in advance, or if the person used his official position (having access to general email or special company information);
- in part 4 - about the same crimes, but if they entailed serious consequences for the injured party or their threat.
How to identify and prove account hacking
Since account hacking is not always obvious, there are several practical ways to identify and prove unauthorized access to a page:
- studying user login statistics,
- establishing the fact of changes in profile information,
- checking messages marked as read, but not actually viewed by the account owner,
- receiving a notification about account blocking.
Printouts and information letters from technical support of a social network and other Internet resource will serve as evidence for initiating a criminal case.
What is considered unauthorized access
According to Art. 272 of the Criminal Code of the Russian Federation, this term means illegally obtaining the opportunity to become familiar with information or use it.
This is done using an algorithm of certain actions and using special technical and software tools that allow you to overcome security systems or use someone else’s passwords or codes. To do this, criminals can also disguise themselves as ordinary users using their passwords.
Attention! Also, unauthorized access is carried out by a person who does not have any rights to work with this information, for which special measures have been taken to limit the circle of people who have access to this information.
Such information, protected by the legislation of the Russian Federation, refers to objects of intellectual property, official and commercial secrets, personal data, etc.
We have analyzed what article is used for hacking a page on a social network or a website, but in order to qualify this offense as illegal access to computer information, it is necessary to determine whether the corpus delicti corresponds to it.
The objective side here is precisely the illegal access to information by a citizen who does not have any rights to it. The object of this offense is the security of computer information , and the subject is computer information.
The subjective side is a deliberate form of guilt in relation to the actions performed. In this case, a careless form is also allowed, but only if we are talking about the consequences that occurred as a result of the offense.
In the latter case, criminal liability arises if the person knew about the possible results of the crime, but expected that something would prevent them from being realized. It is also provided for in cases where a citizen, although he did not expect their occurrence, should have and could have done so.
The subject of the crime is a capable person who has already reached the age of 16.
Comments on Article 272
Illegal access to computer information is also regulated by Federal Law No. 420. It presents changes in the elements of crime due to circumstances: the rapid development of information and communication technologies, modifications of the conceptual apparatus, an increase in the number and types of cybercrimes, the need to clarify the objective aspects of the elements and differentiate the perpetrators.
Comments on the article:
- The emergence of automatic systems containing a lot of information, processing technologies, information management, legal documents transmitted through encryption created the preconditions for using processes to commit crimes. There is a need to strengthen protection, including criminal legal methods.
- The danger of the crime is that the destruction or modification of data can lead to the death of people, harm to their health, destruction of property, and economic harm. This is especially related to the use of data in the defense, economic, manufacturing, and banking sectors.
- Presidential Decree No. 537 states that improving the security of information and telecommunication systems of extremely important facilities is part of national security.
- Human activity in the field of information and technology is specific, and the technologies themselves are developing dynamically. They convey the technical terminology disclosed in Federal Law No. 149.
Computer information includes not only data transferred from one computer to another, but also contained in mobile phones, cash registers, and the on-board computer of a car.
- Due to special concepts, trials for violation of the article are conducted by special experts.
- The objective side of a criminal act is illegal access to information. This is getting the opportunity to familiarize yourself with or use it. Access is the performance of certain actions, expressed in penetration into a computer system through the use of technical and software tools that overcome protection. Criminals use valid passwords or codes and hack the system under the guise of infiltrating an ordinary user.
- Unauthorized access to information by a person who does not have the rights to receive and work with information or a system for which protection measures have been taken is limited to a limited number of persons.
- Information protected by law – for which a legal protection regime has been established (state, commercial, official secrets, personal data, copyright and related rights).
The corpus delicti is of a material nature and presupposes the onset of consequences. Destruction – bringing information into an unusable state. Blocking is the creation of inaccessibility, the impossibility of using it properly. Reworking – making changes to programs, texts, databases. Copying is the illegal transfer of information onto a tangible medium.
When assessing a crime, it is important to establish a causal link between illegal access and consequences. The violation of the law ends when the consequences occur.
Other comments on the article:
Creation, distribution and use of malicious computer programs in Article 273 of the Criminal Code of the Russian Federation
- The subjective side is an intentional form of guilt, but it can also be careless. Criminal liability arises if the offender saw the possibility of consequences, but without reason arrogantly believed that they would be prevented. Or if the person did not see, but should have seen the onset of consequences.
- The subject of the crime is a sane individual over 16 years of age. The qualifying criteria are indicated in part 2 - major damage or commission of a crime for personal gain. Selfish interest is the desire, by committing a crime, to obtain for oneself or other persons a property benefit that is not associated with the illegal gratuitous circulation of property in one’s favor.
- Part 3 of the article specifies qualification criteria in the form of a group of persons in conspiracy, an organized group, and use of official position.
In practice, questions arise of limiting unlawful access to information from other elements of the crime (violation of copyrights, punishable under Article 146 of the Criminal Code of the Russian Federation). Sometimes the culprit gains access to a copyrighted program and uses it to his advantage. Such crimes have a different composition. In case of copyright infringement, the object is intellectual property, the subject is objects of copyright (programs, databases), the objective side is the onset of socially dangerous consequences (major damage in the form of lost profits or moral harm).
Copyright infringement involves misappropriation of authorship or illegal use of objects. Further use of the information is optional. If a criminal copies a program with the aim of appropriating rights, and uses the copies for criminal purposes, the crime is regarded as causing major damage and is qualified under Art. 146 and 272.
How is guilt proven, on what basis can you file an application?
Hacking, according to the Criminal Code of the Russian Federation, is proven on the basis of specific facts, namely hacking of an email account, website or social network account.
It may also mean that personal data or trade secrets fall into the wrong hands, to people who do not have any rights to process or store them.
It is quite difficult to obtain such evidence, especially on the Internet, where it is very easy to remain anonymous. There are only a few options on how to get them:
- send a letter to the managers of a postal service or social network with a request to provide a list of IP addresses used to log into them;
- some social networks allow you to track the list of those who have access to your account;
- If your name sends spam to your friends and family, but your profile is inaccessible, then most likely it has been hacked.
Hacking a social network account
Hacking social network accounts is directly related to gaining access to email accounts. Users also make a number of mistakes when registering and opening access to personal information (photos, videos, documents). However, in practice, hacking a social network is easier than gaining illegal access to an email address.
Concept and qualifying characteristics
The principle of committing a crime related to hacking an account on social networks is similar to gaining illegal access to email. It is important to remember the formality of the crime.
Please note! If a user independently leaves an open profile on social networks, for example in a cafe, and someone studies the available information, then such actions will not be recognized as a crime.
Methods of crime
To the methods of obtaining passwords, in addition to the above options, you can add such methods as leaving an open session on social networks, transferring information to third parties, and using unsecured Wi-Fi networks to access the Internet.
Watch the video. Cybercrime:
Liability for unauthorized access
Certain preventive measures are prescribed under various parts of this article. In this section we will find out which ones and for which part of Art. 272 of the Criminal Code of the Russian Federation they are determined.
If the offense was classified under Part 1, then the following penalties may be imposed:
- a fine of 200,000 rubles or 1.5 years’ salary;
- corrective labor for a year;
- restriction of a person’s movements for 2 years;
- forced labor for the same period;
- imprisonment for the same period of time.
Under Part 2, penalties may be as follows:
- a fine in the amount of 100,000 to 300,000 rubles or wages for 1-2 years;
- correctional labor for 1-2 years;
- restriction of movement for 4 years;
- forced labor for the same period;
- imprisonment in a colony for the same period.
If the court has determined that the crime is committed under Part 3 of Art. 272 of the Criminal Code of the Russian Federation, then more serious sanctions may be used:
- a fine of up to 500,000 rubles or wages for 3 years with the introduction of a ban on holding certain positions or certain types of activities for a period of up to 3 years;
- restriction of a citizen’s movements for 4 years;
- forced labor for 5 years;
- imprisonment for the same period of time.
Part 4 provides for only one type of punishment - imprisonment for a period of up to 7 years.
Depending on the circumstances of the incident, other articles of the Criminal Code of the Russian Federation may be applied. For example, if a criminal used viruses or other malicious programs to harm other users, then Art. 273 of the Criminal Code of the Russian Federation.
In cases where a criminal has gained access to the personal data of citizens or their correspondence, Art. 137 and 138 of the Criminal Code of the Russian Federation.
Also, when publishing any information, the criminal could cause hostility or hatred among users. In this case, Art. 282 of the Criminal Code of the Russian Federation. If he tried to slander another citizen, then Art. 128.1 of the Criminal Code of the Russian Federation.
The student hacked the email of another citizen, after which he began to extort money from him, threatening to disseminate his personal data. He was found by law enforcement officers, and his actions were qualified under two articles: 272 and 138 of the Criminal Code of the Russian Federation. He was sentenced to 7 years in prison.
An employee of a company providing communication services downloaded a list of calls from another citizen for personal purposes. Since she had no criminal record, reconciliation of the parties was used.
An employee of one organization destroyed, on his own initiative, certain information that discredited his name. His actions were determined under Part 3 of Art. 272 of the Criminal Code of the Russian Federation.
Punishment and responsibility
Current legislation provides for several options for punishment for committing the crime in question. Coercive measures should also be assessed within the framework of two articles: 138 and 272 of the Criminal Code.
Attention! The sanctions of these norms include the following:
- penalties. According to Art. 138, the maximum amount of recovery is three hundred thousand rubles, according to Art. 272 – five hundred thousand rubles,
- compulsory work. This type of punishment is applied only under Article 138 of the Criminal Code of the Russian Federation,
- correctional work. According to Art. 272 – up to two years, under Article 138 – up to one year,
- forced labor. In practice they are not used. At the same time, the amount of sanctions has been determined. According to Art. 272 – up to five years, according to Art. 138 – up to four years,
- arrest. It also applies only under Article 138 of the Criminal Code of the Russian Federation,
- restriction of freedom. Established only under Article 272 of the Criminal Code of the Russian Federation,
- imprisonment. Under Article 272 of the Criminal Code of the Russian Federation, imprisonment is established for a period of up to seven years, under Article 138 - up to four years.
The specific type of punishment is determined by the severity of the act, the presence of qualifying features and the nature of the consequences.
Persecution of a person: article of the Criminal Code of the Russian Federation.