What is the penalty for installing pirated software?

After publishing an article about my research as a Gray hat, in the comments to the article and in the Telegram chat (@router_os) people began to write that I had broken all the laws and that I would be imprisoned. And as promised, a few months later I am writing this article and not even from a pretrial detention cell

Moreover, yesterday I received another MTCRE certificate.

There are a lot of articles on the Internet about hackers and attitudes towards them in different countries. But I haven’t found a single clear article on how hackers are treated in the Russian Federation within the framework of current laws. Perhaps I was looking in the wrong place, but still.

I propose to understand the types of hackers in more detail, including from the point of view of judicial practice in the Russian Federation. What follows is purely my opinion, based on my experience and information obtained from open sources.

Therefore, I would like to see your opinion and comments in the comments.

Today there are three types of hackers:

White hat or ethical hacker

Most often, these are hired security specialists whose tasks include searching for vulnerabilities in computer systems according to the order or technical specifications of the system owner.
They are also called pentesters.

In most cases, they have specialized education. There are not many fanatics among them. They do what they have been taught and asked to do. They don’t try to jump above their heads.

Participants in competitions and programs like “Bug Bounty” can also be classified as White hat.

Main motivation: guaranteed reward for their work.

Black Hat or cybercriminal

These are the super villains that we are used to seeing in various films and which are talked about on TV.
As a rule, these are the same highly qualified specialists as ethical hackers, but they may be without higher education and have selfish personal motivation. For example, steal another database and sell it on the Darknet.

The activities of the Black Hats are illegal almost throughout the world. The chance of getting rich is much higher than that of the “White Hat”, but the risk of leaving for places not so remote is also high.

They always have criminal intent.

Gray hat

Although the color of these hats is intermediate, they are fundamentally different from cybercriminals and ethical hackers.
Usually these are young people who still believe in justice in this world and are ready to help others for free. They study the IT system under study with genuine curiosity.

If a vulnerability is discovered that can be exploited by attackers, they try to influence its further development:

Someone reports this bug to the owner of the IT system
Someone is trying to fix it themselves
Someone publishes a description of this bug on a public resource.

Their activities are not aimed at making a profit.
Human nature is such that everyone wants recognition in society.

But, “Whoever helps people is wasting his time.”

(Shapoklyak). Therefore, not receiving the desired recognition, students take off the “Grey Hat”.

Former altruists have several paths forward:

Look for legal work related to the topic being researched.
Shoot and forget.
Get on the slippery slope of a cybercriminal.

And I'm no exception.
I became acquainted with Mikrotik equipment back in 2015, when I got a job at an organization that used this equipment. But the network was built extremely disgustingly (for example, each segment of the NAT network had direct links) and I began to study Mikrotik with the aim of properly building the network.

A year later, I changed jobs and Mikrotik began to come to me much less often. But I continued to tinker with this system in a sluggish manner.

Without any material benefit from knowledge of RouterOS, I passed the MTCNA exam in 2022 and yesterday received MTCRE

Sooner or later, my curiosity about Mikrotik will fade away if professional interest does not appear.

Pirates

They are essentially cybercriminals.
And the vast majority are far from IT, but I must mention them as part of this article. Still, their goal is to steal content, deactivate the protection, and resell it without paying any compensation to the content owner. Moreover, they are judged on “hacker” articles.

What is pirated software?

Pirated software includes the use of any unlicensed software. When using software, businessmen should not forget about the so-called copyright. But licensed software costs money, and not a small one at that, and businesses need accounting programs, antivirus programs, as well as various kinds of specialized programs for designers, etc.

Police officers are conducting surprise raids on companies using pirated software in their businesses. Thus, the most expensive counterfeit program found by the police is the Solidworks design program. For a licensed program with a minimum configuration you will have to pay about 800 thousand rubles.

Types of software piracy

Let's look at the main types of piracy:

Illegal copying. This type of piracy occurs most often. This could be the incorrect installation of a significant number of copies of the product, much more than what is provided for in the license agreement. Also included in this type is illegal copying of a product onto disks.
Installing software on the hard drive. This action should mean the illegal installation of unlicensed programs on your computers or one specific licensed product, but on several computers at once.
Manufacturing of counterfeit products. In this case, we are talking about large-scale copying of a certain product for the purpose of its further distribution.
Violation of the license agreement when selling certain types of products. This refers to the sale of a licensed product to a client to whom the requirements and conditions of the license agreement itself do not apply.
Internet piracy. Everything is simple here, this is the distribution of pirated products via the Internet.

Piracy has an extremely negative impact on the work of companies.

Such companies receive less profit and, accordingly, cannot develop new products.

In this case, not only companies suffer, but the state as a whole, since it does not receive taxes from the sale of IT technologies. Additionally, we note that if the level of piracy decreases, the level of IT technologies will increase sharply.

There are many organizations in the world that fight piracy, the BSA being considered the leading one. Companies that try to save significantly on purchasing software and resort to the services of pirates thereby acquire a lot of problems for themselves. These can be not only huge fines, but also a complete lack of support from the software manufacturer.

What is the punishment for illegal software?

In Russia, pirated software may face administrative and criminal liability. There are fines for the illegal use of illegal software (Article 7.12 of the Code of Administrative Offenses of the Russian Federation):

for individuals - from 1.5 thousand to 2 thousand rubles;
for managers and individual entrepreneurs - from 10 thousand to 20 thousand rubles;
for companies - from 30 thousand to 40 thousand rubles.

Not only the head of the company can be fined, but also the programmer or other person who installed and maintained pirated programs.

In addition to a fine, violators face confiscation of equipment on which pirated software is installed.

If the damage from the use of pirated software amounts to more than 100 thousand rubles, the offender will already face criminal liability (Clause 2 of Article 146 of the Criminal Code of the Russian Federation):

a fine of up to 200 thousand rubles or in the amount of the salary or other income of the convicted person for up to 18 months;
assignment of compulsory labor for a period of up to 480 hours or correctional labor for a period of up to 2 years;
imprisonment for up to 2 years.

If the damage from pirated software amounts to more than 1 million rubles, then the offender will face a more severe punishment (Clause 3 of Article 146 of the Criminal Code of the Russian Federation):

assignment of forced labor for up to 5 years;
imprisonment for up to 6 years with or without payment of a fine in the amount of 500 thousand rubles.

Considering the high cost of software, criminal liability for pirated software is not that uncommon.

However, the punishment for pirated software in Russia is more lenient than in other countries.

For example, Japan has the harshest penalties for intellectual property violations. Thus, for distributing counterfeit music and videos in Japan, you can go to prison for 10 years or pay a huge fine. Simply downloading an unlicensed program can cost the user 2 years in prison.

How is it going with practice?

If you are hoping that copyright protection in Russia does not work, I hasten to disappoint you. Out of curiosity, I went to the website of the Association of Software Suppliers (“NP SPP”). Passions are running high! It turns out that someone is still buying CDs

. Moreover, you can grab a real deadline for them:

Source: sm.news

The essence of the matter is this: three entrepreneurs produced 22 thousand pirated discs and were caught in this unseemly activity. The total cost of counterfeit products was about 6 million rubles. The Leninsky District Court of Perm gave them relatively mild, but still criminal penalties

: suspended sentences and fines in the range of 100-400 thousand rubles. In addition, the verdict incorrectly resolved the fate of the material evidence, which is why the materials made a second pass at the first instance.

In Verkhnyaya Pyshma, the director of the Management Company illegally used 1-C. I just want to add: shock! The total damage caused to the copyright holder amounted to 455 thousand rubles. The convict received a suspended sentence of 2 years in prison

. And, presumably, if she continues to deny copyright, she may actually go to prison.

Source: veved.ru

Are you often punished for using pirated software?

Most businessmen believe that this will not affect him, because no one will know about the fact of using illegal programs.

But here is the real story that recently happened in the Urals. A mother of many children was tried for installing pirated software. The woman was the founder of a small pipe manufacturing company for more than 14 years. During the inspection, OBEP discovered an unlicensed 1C program on the company’s computers. A criminal case was opened against the woman and taken to court, the damage was estimated at 2.5 million rubles.

This story has a happy ending; 1C representatives entered into a settlement agreement in court, and the woman got off with a fine of 165 thousand rubles.

But here's another story. In one company, an unlicensed 1C program was installed on laptops. Police officers of the Department of Internal Affairs carried out an inspection, as a result of which damage was established in the amount of 545 thousand rubles.

Naturally, the head of the company denied guilt, claiming that the laptops were purchased with a recorded program. But the court is skeptical of such justifications. The manager’s actions were qualified under clause 3 of Art. 146 of the Criminal Code of the Russian Federation on an especially large scale using one’s official position.

The manager was saved from actually serving his sentence by the presence of young children, his state of health, and the commission of a crime for the first time (sentence of the Shpakovsky District Court dated September 24, 2020 No. 1-108/2020).

In another case, the use of unlicensed 1C and 1C-Soft software cost the director a year of freedom. True, then the real sentence was replaced with a suspended sentence (sentence of the Revdinsky City Court dated July 16, 2020 No. 1-201/2020).

Unfortunately, not all such stories have a happy ending.

So, the real criminal sentence under Art. 146 of the Criminal Code of the Russian Federation received an individual entrepreneur who stored and sold pirated software. The individual entrepreneur stored unlicensed software products “Windows” and “ArchiCAD” on his hard drive. An entrepreneur installed pirated software for money. The total amount of damage amounted to 559 thousand rubles (appeal resolution of the Shatura City Court dated July 15, 2020 No. 10-4/2020).

How are violations actually detected?

The police have nothing else to do - just sit on the Internet and look for software thieves. I’ll tell you a secret: this is done by copyright holders, as well as the lawyers they hire.

. Specialists are primarily interested in software sellers, but buyers can also be targeted. And the Internet, as you know, remembers everything. As well as digital devices on which pirated products were installed illegally.

Schematically, the search for a violation looks like this:

a “legal sheriff” buys a product from an illegal seller and records the transaction;
the electronic detective contacts the police department with a request to conduct an investigation;
law enforcement officers initiate criminal or administrative proceedings;
draw up a report or initiate a criminal case - and that’s it.

A dilemma arises: the seller needs to promote an illegal product, but then it immediately comes to the attention of the “sheriffs”. To evade responsibility, sellers use different schemes

. However, the most zealous ones are still identified.

Protection against computer pirates

Nowadays, every home has a computer with Internet access. How to protect yourself and not fall for the tricks of pirates?

Name	Precautionary measures
Social media	Protection is carried out through the settings in your personal profile. You do not need to provide your personal information, phone number and email address. You should also not indicate your current location.
Online services	When registering on sites, try to provide as little information about yourself as possible. If an unofficial site asks you for data, be very careful.
Password	You should not use the same password on several resources at once. Moreover, create a password from a large number of numbers and letters.
Security software	Be sure to install an antivirus program on your computer, which you should always remember to update. Viruses can not only slow down your PC, but can also be a major cause of leakage of your personal information and data. Recently, accusations of creating a virus have not been uncommon.
Letters with attachments	If you receive an email from a subscriber you do not understand, and the email contains an attachment, do not open it under any circumstances. The risk is not appropriate in this case.
Internet links of dubious origin.	Often, such links contain malicious software code that steals your data from your computer. If you are not sure about the link, you do not need to follow it. Before opening such a link, carefully study its network address.
Wi-Fi network protection	If you have a Wi-Fi network installed at home, be sure to set a password for it. This precaution can save you from many problems.

The police issued an order to check the software: what to do?

Often, law enforcement agencies, having received information that a particular company uses unlicensed software, send the address of this company an order to conduct an independent inspection of the programs used by the company.

In this case, the company can:

Report missing software;
Provide licenses confirming the right to use this or that software.

In order to protect your company from possible problems, you need to provide:

Documents from the copyright holder: agreement, certificate of authenticity, boxes, stickers, etc.
Documents from your company: checks and cash documents (for cash payments), agreement and payment order (for non-cash payments), gift or renewal agreement.

Such requests are made with one simple purpose - to exclude possible management maneuvers in the future. Here is the prescription, here is the answer - what kind of ignorance are we talking about? But ignorance of the law does not excuse one from responsibility.

An example from real practice: The head of a company hired a person through an advertisement who installed pirated software for him. The director stated in court that he did not monitor the specialist, was not aware of the installed software, did not understand and should not have understood all the intricacies. The court rejected all the director’s arguments, pointing out that it was the director who was responsible for everything that happened in the company. However, the specialist who installed the software was never found.

Therefore, “ignorance of the law” does not excuse one from responsibility. At all!