Fraud in the field of computer information: article of the Criminal Code of the Russian Federation and punishment, features of the investigation, elements of the crime

The development of the high-tech market has created fertile ground for the development of a fundamentally new type of crime - fraud in the field of computer information. People store important information on digital media, which easily falls into the hands of criminals. It is important to understand here that we are not talking about innocently connecting to someone else’s wireless network by hacking the Wi-Fi password, although such actions are also considered illegal. Computer crimes involve the theft of someone else's property by modifying data or interfering with the operation of telecommunication systems. These actions fall under the provisions of the Criminal Code and can lead to a very real prison term.

Features of illegal actions

Computer fraud is a controversial crime that is rarely classified into one crime.
This is due to the fact that in order to gain access to personal data, the criminal has to commit additional illegal actions, which entails other articles of the Criminal Code. It looks like this. Fraud in the field of computer information directly falls under Article 159.6 of the Criminal Code of the Russian Federation, which provides punishment for the illegal taking of someone else's property by substituting or entering data, changing information on digital media and other interference in the operation of computer systems. Download for viewing and printing: Article 159.6. Fraud in the field of computer information of the Criminal Code of the Russian Federation

However, to commit such a crime, attackers usually use the following methods:

hacking a computer system or password using special equipment falls under Article 272: unauthorized access to computer data;
creation of malware for the purpose of infecting a victim’s computer and stealing data: classified under Article 273 of the Criminal Code, which provides punishment for the distribution and use of virus software for personal gain.

Download for viewing and printing:
Article 272. Unlawful access to computer information of the Criminal Code of the Russian Federation

Article 273. Creation, use and distribution of malicious computer programs of the Criminal Code of the Russian Federation

As a result, punishment under several articles of the Criminal Code may be applied for an unlawful act.

Third commentary to Article 159.6 of the Criminal Code of the Russian Federation

1. Currently, the so-called computer fraud is very common, when the perpetrator uses unlawful access to legally protected computer information related to the ownership of property or rights to property to steal. This was repeatedly the subject of investigation and interpretation by the Plenum of the Supreme Court of the Russian Federation, which served as the basis for the creation of a special article on liability for fraud in the field of computer information. Blanket disposition presupposes knowledge of the following regulations: Federal Law dated July 27, 2006 N 149-FZ “On information, information technologies and information protection” (as amended on July 28, 2012); the fourth part of the Civil Code of the Russian Federation; Federal Law of July 29, 2004 N 98-FZ “On Trade Secrets” (as amended on July 11, 2011); Federal Law of December 2, 1990 N 395-1 “On Banks and Banking Activities” (as amended on December 3, 2012), etc.

2. The legislator included the subject of this crime as someone else’s property and the right to someone else’s property. In this case, the disposition of the general article on liability for fraud is repeated, although this approach has been repeatedly criticized. The right to property in the full sense of the word is not the subject of a crime, but only presupposes the emergence of a subjective right to own, use and dispose of property. Moreover, the moment of the end of the crime in this case is associated only with state registration, which does not correspond to the generally accepted moment of the end of the theft. It would be better to provide a special rule with the acquisition of rights to property through deception or abuse of trust. An additional subject of the crime is computer information, with the help of which the perpetrator carries out fraudulent actions and takes possession of property or acquires the right to property. Therefore, illegal access to protected computer information and other illegal actions in this area require qualification in conjunction with Art. Art. 272 or 273 of the Criminal Code.

3. From the point of view of the objective side, the act is carried out through various actions of both a technical and intellectual nature, namely by entering, deleting, blocking, modifying computer information or otherwise interfering with the functioning of means of storing, processing or transmitting computer information or information and telecommunication networks . Moreover, if consequences in the form of material damage to the owner or other holder of property do not occur for reasons beyond the will of the perpetrator, his actions should be qualified as an attempt to commit this crime and in combination with actions for which liability is provided for in Art. Art. 272 or 273 of the Criminal Code. In case of disclosure of confidential information, liability may also arise under other articles of the Criminal Code.

4. All other elements and signs of this type of special fraud correspond to the general composition of fraud (see commentary to Article 159 of the Criminal Code).
5. Qualifying and specially qualifying characteristics are similar to those specified in Art. 159.3 CC. ‹Article 159.5. Fraud in the field of insuranceUp Article 160. Misappropriation or embezzlement ›

general characteristics

Like any methods of fraud, crimes in the field of high technology involve the theft of someone else's property, but in this case, we are talking not only about money.
The target of attackers is often information: databases, design developments and intellectual property. Cyber fraud should not be underestimated: a well-designed malicious program can not only completely paralyze the banking system, but completely ruin a financial structure in 3-4 days. Illegal actions can be carried out in several ways, which can be considered a characteristic of the crime committed:

entering personal data from a keyboard or other device;
deliberate distortion of information on digital media by manual entry or infection of the computer with virus programs;
deletion of any information without the possibility of subsequent recovery;
creating algorithms that block user access to necessary information.

In general, any unauthorized influence on the operation of a computer network with mercenary intent can be considered a crime.

Protection of consumer rights when purchasing in an online store

In terms of turnover, online shopping has already become equal to regular retail trade. The legislative framework controlling purchases through online stores is also extensive: the Law “On the Protection of Consumer Rights” No. 2300-1 (as amended in 2022), the Civil, Criminal and Code of Administrative Offenses.

When purchasing an item online, the buyer has the same rights and obligations that he receives in a regular store.

In accordance with the Law “On Protection of Consumer Rights”, the client has the right:

Know all the necessary information about the product. On the website, the seller is obliged to provide all the necessary information about the product. If the store client at the time of the transaction did not have information about the price, configuration, condition of the item (new or used), warranty, delivery and packaging, he can invalidate the purchase in court and receive compensation. In addition, the seller will receive a fine.
Things on the Internet have the same warranty conditions as those off the Internet, only the deadlines for fulfilling the obligation change. The legislator does not take into account the time that the goods spent in the mail. The first day of the guarantee begins when the item arrives at the client. If the fraudster claims the opposite and thus wants to reduce the period of protection of the citizen’s right to warranty obligations, then the victim can go to court.
Items purchased online can also be returned within 14 days, even if the seller's website states otherwise. If the packaging and receipt have been preserved, but the purchase has not been used, then the client’s money will be returned on the same day when the unsold goods are collected from the post office. Shipping times and public holidays on which the post office is closed are not taken into account when calculating the 14 days.

Watch the video: “Real footage of the arrest of an Internet fraudster.”

Corpus delicti

Considering that this area of criminal activity looks rather vague, the composition of the committed illegal act must be clearly visible. Criminal liability occurs in cases where the crime includes three fundamental factors:

the attacker is already 16 years old - illegal actions in this direction are not considered serious, therefore persons under the specified age are exempt from liability;
the crime has already been committed and the guilt of the accused has been proven;
there is a selfish motive - the initial goal is to steal someone else's property.

Important! If the totality of the listed signs is not included in the crime, the perpetrators are exempt from punishment.

The corpus delicti under Art. 159 of the Criminal Code of the Russian Federation (simple composition)

To bring a citizen to justice under Art. 159 of the Criminal Code of the Russian Federation, it is necessary to prove the presence of corpus delicti in his actions:

1. The object of fraud is property relations. The subject may be various property and property rights (movable things and real estate, cash and non-cash funds, securities)

2. The objective side is characterized by a special method of committing a crime: deception or abuse of trust. Deception may consist of deliberately reporting false information, or suppressing information, or deliberate actions (imitation of cash transactions) aimed at misleading the owner of the property or another person. Abuse of trust - actions aimed at selfish use of trust, based on personal acquaintance, relationship or official position, of the owner of the property.

A criminal case under this article will be initiated when the victim himself voluntarily transfers property to the criminal without the use of any violence. This is the essence of fraud.

The crime is completed when the property has passed into the possession of the criminal or other persons and they have a real opportunity to use and dispose of it.

If the subject of the theft was property or property rights that are subject to registration, then the crime will be completed at the time of registration (for example, rights to real estate or rights to a share in an LLC in special registers).

3. The subject can be general or special (entrepreneur, programmer, borrower of loan funds, official).

4. The subjective side is characterized not only by guilt in the form of direct intent, but also by the presence of a selfish motive.

Article providing for punishment

It was mentioned above that these crimes provide for liability under Article 159.6 of the Criminal Code of the Russian Federation.
Punishment is imposed in proportion to the severity of the crime and can be expressed in the form of a fine, compulsory/corrective labor, or imprisonment. Considering that these crimes entail other articles, the penalties are cumulative. It is necessary to understand that it can be extremely difficult to prove involvement in such crimes. The accused may enter false information into the digital storage while performing official duties, and plead basic negligence and inattention. Therefore, the evidence base is important for law enforcement officials:

photo-video recording of illegal actions by surveillance cameras;
installation of fraudulent activities by checking the event log;
premeditation of actions and selfish intent of the accused.

If these facts are not established, it is almost impossible to prove the crime committed.

What should the victim do?

In order to prevent scammers from continuing to deceive citizens with impunity and to protect their rights, the victim must contact law enforcement agencies.

The first instance is the police or the regional department of the Ministry of Internal Affairs, which deals with fraud. There is no significant difference in where to apply, the main thing is to do it as quickly as possible - collect the entire evidence base and competently draw up a statement.

There is no time limit for turning to law enforcement agencies to protect your violated rights.

If the police have not taken the necessary actions to solve the crime, the citizen has the right to contact the prosecutor's office. The prosecutor will not deal with the affairs of the policeman; his duty is to conduct an investigation and force the Ministry of Internal Affairs to act according to the law.

Once the fraud is proven, the police take the case to court. In the general procedure for hearings, the victim will be able to protect his rights. To do this, both parties have three stages - the court of first instance, appeal and cassation. Usually in petty fraud cases the hearing ends at the first stage.

Evidence base

How to avoid falling for scammers.

The difficult thing in cases of Internet fraudsters is collecting evidence. For justice in the Russian Federation, there are two types of evidence: sufficient and insufficient.

Evidence obtained legally and having due regulatory support is considered sufficient. For example, recordings of dialogues with the manager of a deceiver’s online store will not be considered sufficient evidence of a crime. The court believes that such a recording could be falsified by a party, since it was not made using special recording devices.

Does this mean that when purchasing online, a citizen will not be able to protect himself in any way? No, he can provide any information - from recordings to screenshots, but they cannot serve as direct evidence.

Based on the data received, the police are obliged to initiate an investigation, but in order to send the case to court, law enforcement agencies need sufficient evidence.

The evidence base in an Internet fraud case is:

Checks, bank receipts that confirm payment for goods. If the money transfer was accompanied by a note indicating the purpose of payment, then such evidence is considered sufficient.
The fact of purchase of goods recorded on the guarantor’s website. You can submit a screenshot of your personal account to the police, and for the court you need to request written confirmation from the guarantor of the transaction between the victim and the fraudster.
Any correspondence or voice recordings of dialogues.
Information about the fraudster that is known to the victim. This could be your full name, phone and bank card numbers, pages on social networks and forums, and the address of an online store.

How to write a statement to the police

A fraud complaint is a simple form of citizen reporting to law enforcement agencies. This document does not have a special template and can be written in free form, in compliance with the basic rules of legal literacy.

For the convenience of citizens, law enforcement agencies provide an application template, but it can also be compiled at home.

The document must indicate:

FULL NAME. applicant, residential address, contact telephone number. Email is optional, but recommended.
A statement of the factual circumstances of the case - when, on what website the victim was deceived, how much money he lost.
All evidence in the case is attached. Their list must be indicated at the end of the application in a numbered list.

Computer fraud schemes

Classification can be made according to several criteria, which are expressed in the methods of obtaining the information of interest. For example, by type of access to digital storage:

cracking a password or bypassing antivirus software;
obtaining user passwords through Internet phishing: mass mailing of emails containing links to a scam site;
hacking networks using password decryptors and other special equipment;
counterfeit electronic keys.

Crimes are classified according to the purpose of malicious actions:

theft of intellectual property - unique information of interest;
changing/deleting data - to mislead or devalue information;
blocking access to files or accounts.

By instruments used:

manual input;
virus infection;
installation of malware.

Important! The technical process does not stand still, so methods for committing cyber fraud are constantly being improved.

Types of fraudulent schemes

Every day there are more and more options for fraud on the Internet. It’s not for nothing that attackers choose the World Wide Web to enrich themselves, because here you can pretend to be anyone and do anything. Criminals play on people's feelings, intimidate and mislead them. Today there are several types of deception via the Internet, the most common among them are:

Illegal enrichment and fraud in Article 159 of the Criminal Code of the Russian Federation with comments

deception in order to transfer money to your accounts, determining codes and personal information;
fictitious charities;
scams in the marriage and porn industry;
infection of computers with viruses;
Internet trading;
building financial pyramids.

Phishing is a type of fraudulent scheme aimed at obtaining PIN codes for credit cards and bank cards, passwords from social networks. networks and other citizen accounts.

This type of fraud can be carried out in different ways. Sometimes you receive a message by email or phone that your account or card is blocked, and to unlock it you need to send a password and card number. In some cases, attackers offer to take part in a competition and fill out a form that requires important data, for example, passport number, credit card, etc. Most often, people in times of economic crisis are led by messages about winning a big prize, to receive which they must indicate their card number or immediately transfer money for winning insurance.

Under the guise of charitable foundations or organizations helping stray cats, children, disabled people or anyone else, scammers, playing on people's feelings, collect huge sums. They can post photos of really sick people who have no idea about their “involvement” in the scam.

Online trading is now at a fairly high level; websites with goods are in no way inferior to real markets. In this scheme, the user is offered to buy things at a low price. People, wanting to save money, deposit money into the scammer’s account, but never receive the goods. Creating a fake website with clothes, for example, takes only a few hours, but the criminals receive enormous benefits. Their main goal is to deceive a large number of people in a minimum period of time. Until people come to their senses, the site is simply deleted or moved to another address.

Among modern citizens, registration on dating sites in order to find a soul mate has become very popular. The topic of meeting foreigners is often used. Experienced programmers create a website where they require payment for access to people of the opposite sex. People who are determined to settle their personal lives do not spare money and, of course, contribute it at the request of the administrator. For some time, administrators may even correspond with the victim on behalf of the chosen one and beg for more money for travel, for example.

On social networks, people safely post photos of themselves, without even realizing that this increases the risk of becoming a victim of a scammer. Thanks to the Photoshop program, you can attach anything to anyone, and accordingly, attackers often blackmail with fake porn photos that show the victim’s face.

In the early 2000s, the scheme of infecting a computer with a virus was very popular. By clicking on the link sent in the letter, the person infected the computer with a virus. The picture on the screen did not move, but had a note that if the victim deposited a sum of money into a specific account, the computer would start working. There are also scams on the theme “save a friend.” Sometimes criminals, hacking a page on a social network, write on behalf of the owner to all their friends that they need help and ask to urgently transfer money to a certain account.

The most brilliant of the schemes is considered to be the construction of a financial pyramid. As a rule, it is difficult for one person to carry out a scheme, so there are several criminals. The scheme is based on depositing a small amount of money and increasing this amount by attracting other “adherents”. At the initial stage, victims may even be paid dividends so as not to arouse suspicion and to stir up interest in new income.

Article for attempted and attempted fraud in the Criminal Code of the Russian Federation

Conducting an investigation

Law enforcement agencies are characterized by three types of investigative actions:

the attacker has been identified or has confessed - here it is necessary to determine cause-and-effect relationships and find out the amount of damage caused;
the hacking mechanism has not been established, the identity of the criminal is known, but he is hiding from justice - search activities and detention of the attacker are added;
Only the fact of the crime and the amount of damage have been established - here the entire chain of crime and the identity of the criminal are revealed.

The tactics of investigative and search activities at a crime scene boil down to the following actions:

removal of all unauthorized and interested persons from the premises;
the remaining civilians are deprived of access to computers and power supplies;
ensures uninterrupted connection of the computer to the power source.

Investigators then review computer information and paper records. The latter option must be examined by forensic experts to remove fingerprints.

Responsibility measures

The provisions of Article 159.6 can be divided into 4 parts, depending on the severity of the crime committed:

fraudulent actions in the field of computer technology - punishable by a fine of up to 120,000 rubles, compulsory service of up to 360 hours, administrative arrest of up to 4 months;
an atrocity committed by an organized group and causing significant damage - up to 300,000 rubles, compulsory labor of up to 480 hours, imprisonment for 5 years;
using official authority or causing major damage - a fine of up to half a million rubles, imprisonment for 6 years with possible restriction of freedom of movement for 1.5 years;
a crime that caused damage on an especially large scale - a fine of up to 1,000,000 rubles, detention for up to 10 years.

Important! This article defines large damage as amounts from 1.5 million rubles, especially large damage - over 6,000,000.

Computer fraud: analysis of judicial practice

L.M. BOLSUNOVSKAYA

Computer fraud is considered by the courts as a new form of theft, as provided for by law, and most criminologists share this approach.

Federal Law No. 207-FZ of November 29, 2012 supplemented the Criminal Code with a provision on liability for fraud in the field of computer information. In the explanatory note to the draft, the authors of the bill justified the proposals to supplement the criminal law with this norm: “It is also proposed to identify fraud in the field of computer information as an independent crime (Article 159.6 of the bill), when the theft or acquisition of the right to someone else’s property involves overcoming the computer protection of property (property rights) and is carried out by entering, deleting, modifying or blocking computer information or otherwise interfering with the functioning of means of storing, processing or transmitting computer information or information and telecommunication networks. Such crimes are committed not by deception or abuse of trust of a specific subject, but by gaining access to a computer system and performing the above actions, which result in the theft of someone else’s property or the acquisition of rights to someone else’s property” <2>.

———————————

<2> Resolution of the Plenum of the Supreme Court of the Russian Federation dated April 5, 2012 N 6 “On introducing to the State Duma of the Federal Assembly of the Russian Federation the draft Federal Law “On Amendments to the Criminal Code of the Russian Federation and other legislative acts of the Russian Federation” // SPS “ConsultantPlus” "

The method of committing the crime in Art. 159.6 of the Criminal Code of the Russian Federation names such actions as entering, deleting, blocking, modifying, or other interference with the functioning of means of storing, processing or transmitting computer information or information and telecommunication networks. Thus, deception and breach of trust are not methods of committing computer fraud. Consequently, the legislator provided for liability for a new form of theft.

N., while in a shopping and entertainment center, realizing his criminal intent aimed at stealing funds, asked S. to use his bank card in order to establish Internet service. At the same time, N. misinformed S., who, unaware of N.’s criminal intentions, carried out transactions dictated by N. at the ATM using his card, and provided him with two receipts issued by the ATM with information about his bank card and the money on it. means. Having taken possession of confidential information, N. transferred funds in the amount of 12 thousand rubles. from S.’s bank card to the bank card of his friend Z. via the Internet. Next, N., using Z.’s bank card, received the stolen funds from an ATM. As a result of the secret theft, the victim S. suffered significant damage.

The Presidium of the Altai Regional Court reclassified N.’s actions from paragraph “c” of Part 2 of Art. 158 of the Criminal Code of the Russian Federation at Part 2 of Art. 159.6 of the Criminal Code of the Russian Federation, indicating the following in support of its decision.

The court qualified N.’s actions under Part 2 of Art. 159 of the Criminal Code of the Russian Federation as theft of someone else’s property, committed by deception, causing significant damage to the victim. The decision of the cassation court to re-qualify N.’s actions from Part 2 of Art. 159 of the Criminal Code of the Russian Federation on Part 2 of Art. 158 of the Criminal Code of the Russian Federation should be recognized as erroneous. The panel of judges motivated its conclusions by the fact that the convict’s action to seize funds was secret, and the deception of the victim was a means of facilitating the theft. At the same time, the board did not take into account the special method of committing theft, identified by the legislator as a separate crime and which is a special norm in relation to Art. 159 of the Criminal Code of the Russian Federation.

As the court established, the convict, through deception, obtained information about the details of the victim’s bank card, after which he was able to manage S.’s account through an electronic system via the Internet and transferred funds from his bank card to another account. Thus, the described method of theft indicates interference in the functioning of means of storing, processing, and transmitting computer information, which falls under Art. 159.6 of the Criminal Code of the Russian Federation <3>.

———————————

<3> Resolution of the Presidium of the Altai Regional Court of September 3, 2013 in case No. 44у224/13 // ATP “ConsultantPlus”.

The above example shows that deception as a method of committing theft is not typical for computer fraud <4>. Deception was not a way of seizing and turning over someone else's property in favor of the culprit, but a way of obtaining confidential information, which subsequently became a means of committing computer fraud. In this case, the deception was outside the scope of the objective side of computer fraud; it relates to the preparatory stage of theft, and therefore does not affect the qualification of the act. The theft itself was rightfully recognized as completed not at the moment the culprit received cash from Z.’s account at an ATM, but from the moment it was credited to the specified account, when the funds had not yet acquired a material form and therefore could not, according to the doctrine and established judicial practice, be considered as an object theft.

———————————

<4> For brevity, we use the criminological concept of computer fraud, which from a substantive point of view is different from criminal legal fraud in the field of computer information.

FULL NAME1 was accused of the fact that in the period from December 2011 to November 2012, using the ICQ application (centralized service for instant messaging on the Internet) installed on his mobile phone (Nokia-E52), he got acquainted and installed trusting relationships with ICQ users for the purpose of committing fraud - stealing someone else's property by deception. Subsequently, FULL NAME1, under various pretexts, received from ICQ users access to their accounts in this mobile application, after which he sent messages on behalf of these persons to other ICQ users in the form of requests for the transfer of funds to the telephone numbers of the cellular operator "Beeline". After the funds arrived at the subscriber numbers controlled by FULL NAME1, he disposed of them at his own discretion. The actions of FULL NAME1 were qualified by the court as fraud in the field of computer information causing significant damage to a citizen, committed by deception and abuse of trust, i.e. as a crime under Part 2 of Art. 159.6 of the Criminal Code of the Russian Federation <5>.

———————————

<5> The verdict of the court of the city of Dagestan Lights of the Republic of Dagestan in case No. 1-28/2013 // https://www.gcourts.ru/case/22900134 (date of access: 01/01/2015).

In this case, in our opinion, the criminal law was applied incorrectly. The act committed by FULL NAME1 falls under the elements of a crime under Part 2 of Art. 159 of the Criminal Code of the Russian Federation, since the method of committing the crime was fraudulent deception. It was the deception, which in form was an electronic text message, and in content represented distorted information perceived by the victims as true, and served as a way to mislead them, and as a result of such delusion, resulted in the transfer of property to the perpetrator.

Unlike the first example, in this case deception was a mandatory sign of the objective side of fraud. Even if we assume that the input of computer information and other interference in the functioning of means of storing, processing or transmitting computer information on the part of FULL NAME1 took place, then they did not relate to the objective side of taking over someone else’s property, but again to its preparatory stage.

According to the verdict, Kh., having the intent to secretly steal someone else's property, namely the funds of OJSC AKB "XXX" on a large scale, found the necessary components and materials to commit the crime, from which he made two devices. The first device made it possible to receive (intercept) information entered by cardholders through the ATM keyboard, namely PIN codes of bank cards, and the second ensured the receipt (interception) of information from the magnetic stripes of bank plastic cards.

To realize his criminal intentions, Kh. arrived at the additional office of OJSC AKB "XXX", where, under the guise of installing a device that controls access to the premises with an ATM, he installed on the front door a device he had made for receiving (intercepting) information from the magnetic stripes of bank plastic cards. Thus, X. deliberately created conditions under which access to the ATM of the additional office of JSC JSCB "XXX" became possible only after copying computer information from the magnetic strip of a bank plastic card into the memory of the specified device. Kh. installed the second device he made directly above the screen of the front panel of the ATM to receive (intercept) information entered by bank clients from the ATM keyboard, namely PIN codes of bank cards, after which he disappeared from the crime scene.

To access the ATM in the above-mentioned office, clients of OJSC AKB XXX scanned their bank cards through a device installed on the front door of X., as a result of which the computer information recorded on the magnetic strip of plastic cards was copied into the device’s memory. The balance of funds in the accounts to which the scanned cards were attached varied from several rubles to several hundred thousand rubles and amounted to a total of 487,521 (four hundred eighty-seven thousand five hundred twenty-one) rubles and 10 kopecks.

When trying to dismantle the devices installed by him in order to use the computer information copied and stored in their memory from the magnetic stripes of bank cards and PIN codes for them for the purpose of secretly stealing on a large scale the funds in the accounts belonging to OJSC AKB "XXX", Kh. was detained and therefore was unable to complete his criminal intent due to circumstances beyond his control. Kh. was convicted of preparation for theft on a large scale, as well as for unlawful access to legally protected computer information, resulting in copying of computer information, committed out of selfish interest (Part 1 of Article 30 of the Criminal Code of the Russian Federation, paragraph “c” of Part 3 of Art. 158 of the Criminal Code of the Russian Federation, Part 2 of Article 272 of the Criminal Code of the Russian Federation) <6>.

———————————

<6> Verdict of the Moscow City Court of April 24, 2013 in case No. 10-2268/2013 // SPS “ConsultantPlus”.

The validity of such qualification raises doubts regarding the qualification under Art. 158 of the Criminal Code of the Russian Federation. In passing, we note that the act provided for in Part 2 of Art. 272 of the Criminal Code of the Russian Federation (on the basis of “committed out of selfish interest”) was assessed by the court correctly as a completed crime, regardless of whether the subject of the crime had a real opportunity to use illegally copied computer information, the crime was completed according to the structure of the crime at the time of the occurrence of one or more of the specified in the law of consequences, in our case there was copying of information.

As for the encroachment on property, in this case there was direct, unspecified (undefined) intent. The perpetrator, trying to steal as much money as possible, could not know for sure what the criminal result would be: how many victims and in what amount of damage would be caused to them. Based on the theory of qualification, in the presence of unspecified direct intent, the deed is qualified according to the actual consequences <7>. If, with unspecified intent, the consequences did not occur for reasons independent of the will of the perpetrator, then his socially dangerous behavior should be qualified as preparation (attempt) to cause the least dangerous of all desired harmful consequences <8>. This qualification rule for unspecified intent follows from the principle of the need to interpret any doubt in favor of the accused <9>.

———————————

<7> Korneeva A.V. Theoretical foundations for qualifying crimes: Textbook. allowance / Answer. ed. A.I. Rarog. 2nd ed. M.: Prospekt, 2012. pp. 69 - 70.

<8> Ibid. P. 96.

<9> Ibid.

If the subject of the crime had carried his intent to the end, then the credit organization would have become the victim, provided that the individuals from whose accounts the funds were stolen would have had time to exercise the right enshrined in clauses 11 and 12 of Art. 9 of the Federal Law of June 27, 2011 N 161 “On the National Payment System” <10>. But suppose that one of the plastic card holders did not manage to notify the credit institution in a timely manner about the illegal write-off of funds, in this case, both AKB XXX LLC and the specified individual will be victims, to whom the bank, therefore, will not reimburse the lost funds . As you can see, qualification will depend on the specific circumstances of the case and the actual consequences that occurred.

———————————

<10> It is stated here that “in the event of the loss of an electronic means of payment and (or) its use without the client’s consent, the client is obliged to send a corresponding notification to the money transfer operator in the form provided for in the contract immediately after discovering the fact of the loss of the electronic means of payment and (or) its use without the client’s consent, but no later than the day following the day the money transfer operator receives notification of the transaction completed” (clause 11), whereas “after the money transfer operator receives the client’s notification in accordance with part 11 of this article the money transfer operator is obliged to reimburse the client for the amount of the transaction performed without the client’s consent after receiving the specified notification” (clause 12).

Let us assume that in the case we are considering, the culprit managed to achieve a criminal result: he managed to gain access to illegally copied computer information, and then, using a special technical device “encoder” connected to a personal computer, as well as the corresponding software, made duplicates of their owners’ bank cards and, having PIN codes, received funds from an ATM. In this case, computer information protected by law, copied from the magnetic stripes of bank cards, would act as a means of committing a crime, and entering a PIN code from the ATM keyboard would act as a method of theft.

In this case, the number of self-qualifying criminal episodes would depend on the number of victims. If only the bank is the victim, then all operations to enter information would result in damage to only one victim bank <11>. Therefore, what was done would form a single ongoing crime; there would be no totality here. In this case, the deed would be qualified under Part 1 of Art. 159.6 of the Criminal Code of the Russian Federation, since the large amount of theft must exceed one million five hundred thousand rubles <12>. However, if, due to the reasons given above, both the bank and individuals turn out to be victims, then the act must be qualified according to the totality of crimes provided for in Art. 159.6 of the Criminal Code of the Russian Federation. Since the criminal activity of the person was stopped at the preparatory stage, his responsibility under Part 1 of Art. 30 and part 1 art. 159.6 of the Criminal Code of the Russian Federation is excluded (taking into account, as we justified above, the qualification rules for unspecified intent) by virtue of Part 2 of Art. 30 of the Criminal Code of the Russian Federation <13>.

———————————

<11> According to paragraph 2 of paragraph 16 of the Resolution of the Plenum of the Supreme Court of the Russian Federation of December 27, 2002 No. 29 “On judicial practice in cases of theft, robbery and robbery” “Continued theft, consisting of a number of identical criminal actions, should be distinguished from a set of crimes committed by taking someone else's property from the same source

(emphasis added -
L.B.
), united by a single intent and collectively constituting a single crime.”

<12> See: note to Art. 159.1 of the Criminal Code of the Russian Federation.

<13> Even if a person in a similar situation had direct, specific intent (he would know exactly how much money is in the account of which of the victims), then criminal liability, taking into account the direction of intent, for preparation for crimes provided for in Part 2 and Part 3 Art. 159.6 of the Criminal Code of the Russian Federation would also be excluded by virtue of the same provision of the law (Part 2 of Article 30 of the Criminal Code of the Russian Federation).

The PIN was obtained not through unauthorized access to computer information, but through the use of a camera mounted above the ATM's front panel screen. Consequently, these actions were outside the scope of the objective side of fraud in the field of computer information, preceded it and require additional qualifications.

But even if we assume that unlawful access to computer information is covered by such a crime under Art. 159.6 of the Criminal Code of the Russian Federation, as other interference in the functioning of means of storing, processing or transmitting computer information, is a method of committing this crime (fraud in the field of computer information), such access, provided that it entails those specified in Art. 272 of the Criminal Code of the Russian Federation, the consequences, requires an independent criminal legal assessment, since this act (theft from an ATM) encroaches on two different objects of criminal legal protection.

Comparison of sanctions Art. 272 of the Criminal Code of the Russian Federation and Art. 159.6 of the Criminal Code of the Russian Federation shows that unauthorized access is a more socially dangerous crime. Therefore, theft from an ATM requires additional qualification under Art. 272 of the Criminal Code of the Russian Federation. The vast majority of criminologists agree that the objective side of fraud in the field of computer information does not cover the actions (inaction) enshrined in Chapter. 28 of the Criminal Code of the Russian Federation <14>.

———————————

ConsultantPlus: note.

Article by O.S. Guzeeva “Qualification of fraud in the Russian segment of the Internet” is included in the information bank according to the publication - “Legality”, 2013, No. 3.

<14> See: Tretyak M.I. Rules for the qualification of computer fraud and crimes provided for in Ch. 28 of the Criminal Code of the Russian Federation // Criminal law. 2014. N 4. P. 69 - 74; Guzeeva O.S. Qualification of fraud in the Russian segment of the Internet // Laws of Russia: experience, analysis, practice. 2014. N 6. P. 74 - 77; Shesler A. Fraud: problems of implementing legislative innovations // Criminal law. 2013. N 2. P. 70 - 71.

Courts view computer fraud as a new form of theft, as provided for by law, and most criminologists share this approach <15>. And therefore, according to the correct remark of M.I. Tretyak, the Supreme Court in the Resolution of the Plenum of December 27, 2007 N 51 “On judicial practice in cases of fraud, misappropriation and embezzlement” needs to reconsider its position regarding the qualification of theft from an ATM using a counterfeit payment card, recognizing that in this case it is not committed theft, but fraud in the field of computer information <16>.

———————————

<15> Khilyuta V.V. Computer theft or computer fraud? // Criminologist Library. 2013. N 5 (10); Shumikhin V.G. The seventh form of theft of someone else’s property // SPS “ConsultantPlus”.

<16> In the international classification of subtypes of computer fraud proposed by the Interpol working group, the analyzed act related to the theft of cash from an ATM also refers to computer fraud. See about this: Komarov A.A. Internet fraud: problems of determination and prevention: Monograph. M., 2013. P. 12.

Article bibliographic list

ConsultantPlus: note.

Article by O.S. Guzeeva “Qualification of fraud in the Russian segment of the Internet” is included in the information bank according to the publication - “Legality”, 2013, No. 3.

1. Guzeeva O.S. Qualification of fraud in the Russian segment of the Internet // Laws of Russia: experience, analysis, practice. 2014. N 6.

2. Komarov A.A. Internet fraud: problems of determination and prevention: Monograph. M., 2013.

3. Korneeva A.V. Theoretical foundations for qualifying crimes: Textbook. allowance / Answer. ed. A.I. Rarog. 2nd ed. M.: Prospekt, 2012.

4. Tretyak M.I. Rules for the qualification of computer fraud and crimes provided for in Ch. 28 of the Criminal Code of the Russian Federation // Criminal law. 2014. N 4.

5. Khilyuta V.V. Computer theft or computer fraud? // Criminologist Library. 2013. N 5 (10).

6. Shesler A. Fraud: problems of implementing legislative innovations // Criminal law. 2013. N 2.

7. Shumikhin V.G. The seventh form of theft of someone else’s property // SPS “ConsultantPlus”.

Administrative responsibility

If the crime caused minor damage, it can be classified as petty theft: Article 7.27 of the Administrative Code.
If the damage caused does not exceed 1,000 rubles, the accused shall compensate it 5 times the amount, be sentenced to correctional labor for 50 hours, or be arrested for 15 days. Article 7.27. Petty theft Code of Administrative Offenses

In cases of fraudulent actions that caused damage in the range of 1,000-2,500 thousand rubles, compensation is also assigned in a 5-fold amount, compulsory work of up to 120 hours or administrative arrest for 15 days is applied.

Legal practice

Let's look at Section 159.6 in action.
For example, citizen A asked friend B for a bank card to check the functionality of the bank transfer system. B provided the suspect with ATM receipts and personal information. Using the data received, A transferred cash in the amount of 1,000,000 rubles from the victim’s card to the account of his accomplice B. Considering that the crime was committed by a group of persons by prior conspiracy through Internet banking, with the preliminary misleading of the victim and causing him significant damage , accused A and B received 3 years in prison. Video about computer fraud

What to do if a crime has been revealed?

Where to go and submit an application?

If a person has become a victim of online fraud, then to restore his rights he should contact government agencies that catch scammers in real life. The application, drawn up in writing and in any form, must be sent to a special department of the Ministry of Internal Affairs (department for working with Internet fraudsters). The competence of this unit includes all matters related to computer information and data.

Citizens who have become victims of fraud should send applications to this structure at their place of residence.

Timely filing of a complaint at your place of residence will facilitate a quick investigation of the case.

What to include in the document?

When contacting an authorized person at the police department, you must provide all known information about the fact of the crime that occurred, as well as about the alleged culprits.

In addition to personal data, the application must indicate:

The site where the fraudulent activity occurred.
Correspondence with attackers.
Information about the data of a plastic card or electronic wallet from which money transfers or thefts were made.
Fraudster's email address (phone number and other important information known to the victim).