Punishment for creating viruses. Creation and distribution of computer viruses and malware

1. Malicious programs in the sense of the article being commented on mean programs specifically created to disrupt the normal functioning of computer programs. Normal operation means performing the operations for which these programs are intended, as defined in the program documentation.
Currently, the most common are programs designed to collect information and programs for unauthorized access to a computer or other programs.
“Computer viruses” are programs that can reproduce themselves in several copies, modify (change) the program they are attached to, and thereby disrupt its normal functioning.
“Logic bombs” are a deliberate change in program code that partially or completely disables a program or computer system under certain predetermined conditions, for example, the arrival of a certain time.
The fundamental difference between "logical bombs" and " computer viruses"is that they are initially part of the program and do not transfer to other programs, and "computer viruses" are dynamic programs and can even spread across computer networks.
2. Objective side this crime constitutes the fact of creating computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network (see commentary to Article 272), as well as the use of distribution of such programs or machine media with such programs.
The use of the program means publication, reproduction, distribution and other actions to put them into circulation. Use can be carried out by recording the program into the computer memory, on material carrier, distribution over networks or through other transmission to others.
This composition is formal and does not require any consequences; criminal liability arises as a result of the creation of the program, regardless of whether this program was used or not. Within the meaning of the article being commented on, the presence of source codes of virus programs is already grounds for prosecution. However, it should be borne in mind that in some cases the use of such programs will not be criminally punishable. This applies to the activities of organizations developing anti-virus programs and having a license for information protection activities issued by the State technical commission under the President of the Russian Federation.
The form of committing this crime can only be an action expressed in the form of creating malware for computers, making changes to existing programs, as well as using or distributing such programs. The distribution of computer media containing such programs is fully covered by the concept of "use".
3. From the subjective side, the crime provided for in Part 1 of the commented article can only be committed with direct intent, since this article determines that the creation of malicious programs, known to the creator of the program, should lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer.
The use or distribution of malicious programs can also only be carried out intentionally, since in accordance with Part 2 of Art. 24 of the Criminal Code, an act committed through negligence is recognized as a crime only if it is specifically provided for by the relevant article of the Special Part of the Criminal Code.
4. Part 2 of the commented article, in contrast to part 1, provides for the occurrence of grave consequences due to negligence as a qualifying feature. The development of malware is available only to qualified programmers who, by virtue of their vocational training must anticipate possible consequences use of these programs.
If direct intent is established, including the onset of grave consequences, the qualification of this crime should be based on the goal that the perpetrator had in mind. In this case, creating a program or making changes to the program will only be a method of committing a crime and Part 2 of Art. 17 of the Criminal Code.
5. The subject of this crime can be any citizen over 16 years of age.

(edited) Federal Law dated 07.12.2011 N 420-FZ)

1. Creation, distribution or use of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection means -
   is punishable by restriction of freedom for a term of up to four years, or forced labor for a term of up to four years, or imprisonment for the same term with a fine in the amount of up to two hundred thousand rubles or in the amount wages or other income of the convicted person for a period of up to eighteen months.
2. Acts, provided for by part first of this article, committed by a group persons according to prior agreement or organized group or by a person using his official position, as well as those who caused major damage or made from selfish interest, —
   shall be punishable by restriction of freedom for a term of up to four years, or forced labor for a term of up to five years with deprivation of the right to occupy certain positions or study certain activities for a term of up to three years or without it, or by imprisonment for a term of up to five years with a fine in the amount of one hundred thousand to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of two to three years or without it and with deprivation the right to hold certain positions or engage in certain activities for a period of up to three years or without it.
3. Acts, provided for in parts first or second of this article, if they entailed grave consequences or created a threat of their occurrence, -
   shall be punishable by imprisonment for a term of up to seven years.

Commentary on Article 273 of the Criminal Code of the Russian Federation

1. The object of the commented crime is public safety And public order, as well as the totality public relations on the lawful and safe use of information.
The objective side is the fact of the creation of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection measures. The most common types of malware are computer viruses, worms, scanner programs, and emulators. electronic means protection, computer information flow control programs, patcher programs.
2. The method of committing this crime can only be an action expressed in the form of creating malicious computer programs, as well as the use or distribution of such programs or other computer information.
The creation of a malicious program or other computer information (for example, a virus program) is the result of an activity expressed in the presentation in an objective form of a set of data and commands intended for the operation of information and telecommunication networks, computer devices for the purpose of destroying, blocking, modifying, copying information , as well as for the purpose of disrupting the operation of information and telecommunication networks.
The use of computer programs is the release, reproduction, and other actions to introduce such programs or bases into economic circulation (including in a modified form).
Distribution of programs is the provision of access to the reproduced version in any material form computer program, including through network and other means, as well as by selling, renting, leasing, lending for any of these purposes. One of the most typical ways to spread malware is to place it on various sites and pages of the Internet information and telecommunications network.
3. This composition is formal and does not require the occurrence of any consequences; criminal liability arises as a result of the creation, use or distribution of the program, regardless of whether any socially dangerous consequences occurred as a result. Within the meaning of the article being commented on, the presence of source codes of virus programs is already grounds for prosecution. However, it should be borne in mind that in some cases the use of such programs will not be criminally punishable. This applies to the activities of organizations developing anti-virus programs and having a license for this activity. Responsibility arises for any action provided for by disposition, alternatively. For example, someone may be responsible for creating the malware, another for using it, and another for distributing the malware.
4. From the subjective side, the crime provided for in Part 1 of the commented article is characterized by guilt in the form of direct intent, as evidenced by the legislator’s indication of the deliberate nature of the activities of the perpetrator. This article defines that the creation, use or distribution of malicious programs known to the culprit is intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection measures.
From the subjective side, the crime provided for in Part 1 of the commented article is characterized by guilt in the form of direct intent, as evidenced by the legislator’s indication of the deliberate nature of the activities of the perpetrator.
5. The subject of this crime can be any sane person over 16 years of age.
6. Part 2 of the commented article provides for increased criminal liability for acts provided for in Part 1 of the same article, committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as those that caused major damage or were committed out of selfish interest. The content of these qualifying features corresponds to the content of similar features of previously considered crimes (see commentary to Article 272).
7. Part 3 of this article, in contrast to the previously valid wording (part 2 of article 273, as amended on June 13, 1996), as a qualifying feature provides for increased criminal liability for acts provided for in its part 1 or 2, if they caused grave consequences or created the threat of their occurrence. The development of malware is available only to qualified programmers who, due to their professional training, can and should foresee the possible consequences of using these programs. Therefore, increased criminal liability is established in the presence of not only an intentional, but also a careless form of guilt in relation to the grave consequences that have occurred.
The severity of the consequences is established in relation to specific situation. Any consequences that the court, taking into account the specific circumstances of the case, may recognize as such, can be considered grave. These may include, for example, causing particularly large material damage, death of people or causing them grievous harm, accidents and disasters, etc.
8. The elements of the crime provided for in the commented article have some common features with the elements of a crime under Art. 272 of the Criminal Code. The difficulty of distinguishing between these crimes lies in the fact that both unlawful access to computer information and the creation, use and distribution of malicious computer programs lead to unauthorized destruction, blocking, modification or copying of information or neutralization of computer information protection measures. However, they also have many differences. The subject of the crime under Art. 272 of the Criminal Code, is only information that is protected by law. On the contrary, the subject of the creation, use and distribution of malicious programs is any information contained on computer media or in information and telecommunication networks.
The corpus delicti provided for in Part 1 of the commented article is constructed as formal. To recognize a crime as completed, no actual occurrence is required harmful consequences in the form of destruction, blocking, modification or copying of information or neutralization of means of protecting computer information, which is typical for the composition constructed in Art. 272 of the Criminal Code. Compound unauthorized access to computer information is constructed as material.

An ordinary PC user is not aware of all the threats that lie in wait for him during normal Internet use. Moreover, he does not know that great amount people are working to create and distribute malicious software over the network. Attackers do this by various reasons, but there must be clearly defined laws for all offenses.

So, today we will talk about computer viruses, methods, ways and means of their spread, development, infection prevention and other nuances of this.

Features of the crime

New types of offenses, unfortunately, are not always processed in a timely manner by legislative bodies. To a greater extent this relates to the area information technologies. Rather vague boundaries and definitions of crimes do not always allow the perpetrators to be punished to the fullest extent.

The creation and distribution of computer viruses is difficult to prove. The offender can escape liability if the court does not prove that he was at the computer at the time the malware was created or distributed.

What distinguishes this crime is the variety of not only the viruses themselves, but also the degree of harm from them. Some people create viruses not for the purpose of profit; there are also worms that are quite harmless for people’s wallets and documents, which are created only for the purpose of breaking protection. There are also virtual bank robbers whose loot amounts to millions. As you can see, the scale of the crimes is difficult to even compare.

We'll talk about the creation, use and distribution of malicious computer programs as a crime later.

Concept and criminal legal characteristics

The law formalizes this crime as the creation, distribution or use of malicious programs that can destroy, disrupt, or copy information. Brief description of the criminal legal aspects of the crime:

Composition of the crime and qualifying characteristics

The crime is considered complete starting from the moment the virus or other malicious program is created. It is not necessary to wait for it to spread, so the crime includes several stages of formation:

• Creation;
• Implementation;
• Spreading;
• Causing damage.

These are its main qualifying features; on their basis, the corpus delicti of the crime is formed, its complexity is determined, and the consequences are assessed. We'll talk about ways to transmit malicious computer programs distributed by people in the next section.

Distribution methods

When preventing the computer of ordinary users or office workers from becoming infected, it is necessary to clearly explain to everyone exactly how viruses and other programs get into the PC. There are many ways, let's look at the most popular ones:

• Loading information from an infected removable storage device – disk, flash card, etc.;
• On the Internet - spam to mailboxes, visiting suspicious sites, downloading illegal software, etc.

The main symptoms of PC infection are previously undisturbed “braking”, “freezing”, especially when accessing the Internet, incorrect operation regular applications(Word, Adobe and others text editors surrender first), sudden reboot and shutdown of the PC.

Sending viruses to mobile devices is also punishable under Article 273 of the Criminal Code of the Russian Federation, as the video below will tell you about:

Investigation methodology

Employees law enforcement The investigation of cases involving the creation and distribution of computer viruses is divided into two large blocks:

1. Establishing the fact of creation of unfriendly programs;
2. Search for people associated with this fact - creators and distributors.

In the first block, if we are talking about the security of organizations, surveys of employees of the affected enterprises help to detect the criminal. Suspicious activity and interest in the structure of programs and programming of persons whose profession does not imply this should alert investigators. Inspection accounting documentation It will also help in solving a crime.

Punishment and liability under Article 273 of the Criminal Code of the Russian Federation for the creation and distribution of computer viruses in Russia

• According to Art. 273 of the Criminal Code of the Russian Federation, the defendant can receive up to four years, or under the first part of the article.
• An organized group under the second part of the article will increase its punishment to five years in imprisonment and forced labor.
• Behind severe consequences creation and distribution of viruses severe punishment– up to seven years in prison.

Arbitrage practice

Judicial practice under Article 273 of the Criminal Code of the Russian Federation is very extensive, here are just a few examples from it.

Creating computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network, as well as the distribution of such programs or computer media with such programs is punishable by imprisonment for a term up to three years with a fine of up to two hundred thousand rubles or in the amount of the convicted person’s salary for a period of up to 18 months.

Part 1 of Article 273 of the Criminal Code Russian Federation(hereinafter referred to as the Criminal Code of the Russian Federation)

Nowadays, even a person not associated with computers has an idea of ​​​​what a virus is and calls any malicious program for a computer a virus, which is not entirely correct, since viruses are only part of malicious software. Today, the number of known viruses cannot be strictly counted and is constantly increasing. According to rough estimates by anti-malware experts, on average about 30 new viruses appear every day.

There are three large groups of malware, namely: Trojan horses, network worms and viruses themselves.

The most “harmless” are network worms. Network worm - malicious program code, distributing its copies over the network with the goal of penetrating a victim computer, launching its copy on this computer and further distribution. Most worms are distributed in files that contain the worm code, and, in turn, are distributed through E-mail, ICQ, etc. As soon as the user saves an infected file on the computer, received, for example, via e-mail, the worm gets onto the computer and begins to look for a way to further spread, for example, it can independently send copies of itself to all addresses found in the computer. mailbox, some worms are capable of automatically replying to received letters.

The most common type of malware is Trojan horses. A Trojan program is a malicious code that performs actions not authorized by the user, such as stealing information, destroying or modifying information, etc. There are several types of Trojans. Evgeniy Kaspersky Lab identifies the following: Trojan remote administration utilities (backdoors), password thieves, Internet clickers, downloaders, installers, Trojan proxy servers, spyware, archive bombs and others. The most dangerous of them are the so-called backdoors, the owner (owner) of which can carry out various operations with an infected computer, starting from turning off the computer to all kinds of file operations. A rather interesting type of Trojan program is the so-called archive bomb. When the archiver tries to process the archive, the program calls non-standard actions archiver, which leads to a significant slowdown of the computer or to its freezing. At the same time, a huge number of identical files can be created on the computer. At the same time, the size of the bomb itself is small, so 10 GB of repeated data fit into a 500 KB RAR archive.

Criminal liability According to this article, it begins at the age of 16. The legislator attributed this composition crime to formal, this means that to bring a person to criminal liability, the very fact of creating a program is sufficient, regardless of whether socially dangerous consequences have occurred or not. If serious consequences do occur, the creator of the program will bear more severe responsibility. So, for example, if a virus penetrated a hospital computer and turned off the patient’s life support system, then its creator will be prosecuted under Part 2 of Art. 273 UKRF (from three to seven years of imprisonment), although he did not foresee similar consequences. A virus can also be an instrument of crime, so if the creator of the virus in the previous example specifically launched it into the network in order to turn off the life support system of a certain patient, then he will be liable to the law under Article 105 of the Criminal Code of the Russian Federation - murder.

To incur criminal liability under Art. 273 of the Criminal Code of the Russian Federation, it is sufficient to commit one of the following actions:

Creating a computer program that knowingly leads to unauthorized destruction, blocking, modification or copying of information, or disruption of the computer hardware; - introducing changes into existing programs that have similar properties;

Using the two types of programs mentioned above;

Their distribution;

Use of machine media with such programs; - distribution of such media.

This crime is considered completed from the moment the creation of the malicious program is completed. That is, from the moment when the program is capable of harming the computer. This means that the maximum possible deadline(3 years) the person will receive only after completing work on the program. Criminal liability, if there is a sufficient evidence base, may also arise for an attempt to create a virus, i.e. behind unfinished crime. However, the maximum possible punishment for an unfinished crime is 3/4 of the punishment for a completed crime.

Of great importance subjective side crimes, or what was going on “in the head” of the criminal. IN in this case This is guilt in the form of direct intent: when the guilty person was aware public danger of his actions, foresaw the possibility or even the inevitability of an offensive dangerous consequences, but, nevertheless, wanted to perform these actions. Thus, criminal liability will not occur if a person tried to create a new computer game, but accidentally created a virus. Criminal liability will not arise even if the person did not know that the e-mail file or the transferred disk contains viruses.

It is also a criminal offense to make changes to an already existing, even harmless and legal program, through which the program commits certain harmful actions. It doesn't matter whether the changes themselves are malicious, all that matters is that the program, after making changes to it, itself becomes malicious. It is also a crime to create a program that, after minor changes, becomes malicious. Yes, Soviet district court Lipetsk was convicted by N., who, in the interests and at the request of Sh., created an algorithm in the Pascal programming language, i.e. source data for a malicious program called N. "sss.pas". This program would destroy the directory tree without authorization after introducing it to any remote Personal Computer and would function without notifying its owner when turning on (booting) the computer, i.e. would perform an unauthorized modification of information stored on the hard drive.

During court session it was found that the “sss.pas” algorithm created by N. is not a finished program, but the initial data for such a program, which, after some modification and giving it a certain command when rebooting remote computer would work and perform modifications of information stored on the hard drive that are not authorized by the user. Therefore, according to the conclusion of the examination, the program written by N. was inherently malicious.

Distribution of computer programs means providing access to a computer program or database reproduced in any material form, including through network and other means, as well as through sale, rental, rental, lending, including import for any of these purposes. Thus, the distribution of malware will be considered both the transmission of a virus via the Internet and using a CD, flash drive, etc.

The evidence base for this crime may be the presence of malicious program files on the suspect’s computer, the presence of so-called kits for creating programs of this type. Also postal correspondence suspect (including via the Internet), discovery of disks or other media with malicious software in the apartment, etc.

Proving the facts of the use and distribution of malicious programs is facilitated by the timely production of information technology expertise, with the help of which it is possible to determine what changes were made to the program and when, as well as the consequences of the use and distribution of malicious programs. The examination can also establish the method used by the criminal to overcome software and hardware protection (selection of keys and passwords, disabling the lock, using special software).

To summarize, the following main conclusions can be drawn.

1. The creation of malicious programs is recognized as a completed crime from the moment the program is created or changes are made to existing program, regardless of whether such a program was used or distributed by a person.

2. When making changes to existing programs prerequisite to incur criminal liability is the introduction into programs of such functions that would lead to the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network. Criminal liability for modifying a malicious program should arise if the intent of the person was aimed at giving the program new properties, regardless of whether the functions introduced into it are malicious or not.

3. Distribution of malicious programs is qualified as the actions of a person distributing this program using a computer, and transferring to them machine media with the program on any terms to third parties. 4. Criminal liability occurs only if a person intentionally wanted to create a malicious program.

Creating computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or encoding of information, disruption of the operation of a computer, computer system or their network, as well as the use or distribution of such programs or computer media with such programs is punishable by imprisonment. for a term of up to three years with a fine in the amount of two hundred to five hundred minimum wages or in the amount of wages or other income of the convicted person for a period of two to five months.

The object of this crime is legal relations in the field of ensuring safe production, collection, processing, accumulation, storage, search, transmission, distribution and consumption of computer information, the use of information computer technologies and means of supporting them, the protection of computer information and the rights of subjects participating in information processes and informatization using computers, their systems and networks. The subject of this type of criminal attack is primarily computer information.

Objective side of this crime is expressed in the creation of computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network, as well as in the use or distribution of such programs or computer media with them.

The generalized concept of “malware” for computers refers to programs specifically created to disrupt the normal functioning of computer programs, without which the normal functioning of computers, their systems and networks is ultimately impossible. The most common types of malware are:

– “computer viruses” (programs that can spontaneously attach to other programs and, when the latter is launched, perform various unwanted actions, reproduce themselves in several copies, modify (change) the program to which they have attached and disrupt its normal functioning, spoil separate files and catalogues, distort calculation results, etc.),

– “Trojan horses” (programs whose operation is associated with the presence in them, along with external utility, of a hidden module that performs various unauthorized, often harmful to the user, functions),

– “logic bombs” (a deliberate change in program code that partially or completely disables a program or computer system under predetermined conditions, for example, the arrival of a certain time) and others.

The harmfulness of computer viruses and other similar programs is associated with their ability to self-replicate and interfere with work on a computer without the knowledge and permission of bona fide users. Virus programs are also usually designed to perform self-copying and camouflage functions.

In general, the harmfulness of a computer program is determined not by its purpose and ability to destroy, block, modify, copy information (these are quite typical functions of legal programs), but by whether its action involves, firstly, prior notification of the owner of the computer information or another bona fide user about the nature of the program, and secondly, obtaining his consent (sanction) for the program to implement its purpose. Violation of one of these requirements makes the computer program malicious.

A program is considered malicious if its operation causes spontaneous destruction, blocking, modification, or copying of computer information.

Normal functioning should be understood as the execution of operations for which these programs are intended, as defined in the program documentation.

The creation of a malicious program for a computer is understood as the result of an activity expressed in the presentation in an objective form of a set of data and commands intended for the operation of a computer and other computer devices for the purpose of destroying, blocking, modifying, copying information, as well as for the purpose of disrupting the operation of a computer or computer system. or their networks.

In this article of the Criminal Code of the Russian Federation we're talking about not only about programs recorded on machine media, but also about programs recorded on paper. This is due to the fact that the process of creating a computer program often begins by writing its text with its subsequent introduction into the computer’s memory or without it. Taking this into account, the presence of source texts of virus programs is already a basis for prosecution under Art. 273 of the Criminal Code of the Russian Federation.

Making changes to an existing program means changing its text by excluding its fragments, replacing them with others, or adding to the program text. Making changes to an existing program can be an element of the objective side of this crime only if the corrections are made to a working computer program or a program with changes made distributed on any computer storage medium. Correction of the program set out on paper is not in itself implied by this provision of the criminal law, if this paper version will not necessarily be used to create a working program and is not intended for distribution. Responsibility under this provision of the criminal law should also occur if changes to an existing program are made by a person not directly, but through a special computer program developed to make the appropriate changes.

Using the program means publishing, reproducing, and other actions to put them into circulation. Use can be carried out by recording the program into computer memory, onto a tangible medium, distributing it over networks, or by otherwise transferring it to others. The use of computer media with such a program means any use of it for the purpose of using a computer program recorded on it. Using a malicious computer program for personal needs (for example, to destroy your own computer information) is not punishable.

Distribution of a program is the provision of access to a computer program reproduced in any material form, including through network and other means, as well as through sale, rental, rental, lending, as well as creating conditions for self-distribution of the program.

The distribution of computer media containing malicious software for a computer is its transfer to third parties.

The corpus delicti under Part 1 of Art. 273 of the Criminal Code of the Russian Federation, is formal, in connection with which it is recognized as completed from the moment of commission of any of the actions listed in its disposition (creation, modification, distribution, use, distribution of malicious programs), regardless of whether this program was used or not in cases , when its use is not incriminated against guilty persons. The occurrence of harmful consequences is not required to qualify the offense under this article of the criminal law.

Grave consequences, the occurrence of which is a qualifying feature of Part 2 of Art. 273 of the Criminal Code of the Russian Federation, belong to the assessment category. These may include the irretrievable loss of particularly valuable information, failure of important technical equipment, resulting in loss of life, accidents, disruption of production, etc.

The subjective side of the crime in question is characterized only with direct intent, when the perpetrator is aware of the social danger of his actions, foresees the possibility of socially dangerous consequences, and desires their occurrence.

In part 2 art. 273 of the Criminal Code of the Russian Federation provides for a careless attitude to the consequences of the crime.

In cases where direct intent also includes the onset of grave consequences, the act is subject to qualification according to the totality of crimes provided for in Part 1 of Art. 273 of the Criminal Code of the Russian Federation and the corresponding articles of the special part of the Criminal Code of the Russian Federation.

If the action of the malicious program was a condition for the commission of another crime, the act must be classified in its entirety, regardless of the severity of the other crime.

The subject of the crime in question can be any sane individual who has reached the age of 16.