Responsibility for the distribution of malware international experience. Creation, use and distribution of computer malware

Creating computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network, as well as the distribution of such programs or machine media with such programs is punishable by imprisonment for a term of up to three years with a fine in the amount of up to two hundred thousand rubles or in the amount wages convicted for a period of up to 18 months.

Part 1 of Article 273 of the Criminal Code Russian Federation(hereinafter referred to as the Criminal Code of the Russian Federation)

Nowadays, even a person not associated with computers has an idea of ​​​​what a virus is and calls any malicious program for a computer a virus, which is not entirely correct, since viruses are only part of the malicious program. software. Today, the number of known viruses cannot be strictly counted and is constantly increasing. According to rough estimates by anti-malware experts, on average about 30 new viruses appear every day.

There are three big groups malware, namely: Trojan horses, network worms and viruses themselves.

The most “harmless” are network worms. Network worm - malicious program code, distributing its copies over the network with the goal of penetrating a victim computer, launching its copy on this computer and further distribution. Most worms are distributed in files that contain the worm code, and, in turn, are distributed through E-mail, ICQ, etc. As soon as the user saves an infected file on the computer, received, for example, via e-mail, the worm gets onto the computer and begins to look for a way to further spread, for example, it can independently send copies of itself to all addresses found in the computer. mailbox, some worms are capable of automatically replying to received letters.

The most common type of malware is Trojan horses. A Trojan program is a malicious code that performs actions not authorized by the user, such as stealing information, destroying or modifying information, etc. There are several types of Trojans. Evgeniy Kaspersky Lab identifies the following: Trojan remote administration utilities (backdoors), password thieves, Internet clickers, downloaders, installers, Trojan proxy servers, spyware, archive bombs and others. The most dangerous of them are the so-called backdoors, the owner (owner) of which can carry out various operations with an infected computer, starting from turning off the computer to all kinds of file operations. A rather interesting type of Trojan program is the so-called archive bomb. When the archiver tries to process the archive, the program calls non-standard actions archiver, which leads to a significant slowdown of the computer or to its freezing. At the same time, it can be created on the computer great amount identical files. At the same time, the size of the bomb itself is small, so 10 GB of repeated data fit into a 500 KB RAR archive.

Criminal liability under this article begins at the age of 16. The legislator classified this crime as formal, which means that in order to bring a person to criminal liability, the very fact of creating a program is sufficient, regardless of whether there have been public dangerous consequences or not. If serious consequences do occur, the creator of the program will bear more severe responsibility. So, for example, if a virus penetrated a hospital computer and turned off the patient’s life support system, then its creator will be prosecuted under Part 2 of Art. 273 UKRF (from three to seven years of imprisonment), although he did not foresee similar consequences. A virus can also be an instrument of crime, so if the creator of the virus in the previous example specifically launched it into the network in order to turn off the life support system of a certain patient, then he will be liable to the law under Article 105 of the Criminal Code of the Russian Federation - murder.

To incur criminal liability under Art. 273 of the Criminal Code of the Russian Federation, it is sufficient to commit one of the following actions:

Creating a computer program that knowingly leads to unauthorized destruction, blocking, modification or copying of information, or disruption of the computer hardware; - introducing changes into existing programs that have similar properties;

Using the two types of programs mentioned above;

Their distribution;

Use of machine media with such programs; - distribution of such media.

This crime is considered completed from the moment the creation of the malicious program is completed. That is, from the moment when the program is capable of harming the computer. This means that the maximum possible deadline(3 years) the person will receive only after completing work on the program. Criminal liability, if there is a sufficient evidence base, may also arise for an attempt to create a virus, i.e. behind unfinished crime. However, the maximum possible punishment for an unfinished crime is 3/4 of the punishment for a completed crime.

The subjective side of the crime, or what was going on “in the head” of the criminal, is of great importance. IN in this case This is guilt in the form of direct intent: when the guilty person was aware public danger of his actions, foresaw the possibility or even the inevitability of dangerous consequences, but, nevertheless, wanted to carry out these actions. Thus, criminal liability will not happen if a person tried to create a new one computer game, but accidentally created a virus. Criminal liability will not arise even if the person did not know that the e-mail file or the transferred disk contains viruses.

It is also a criminal offense to make changes to an already existing, even harmless and legal program, through which the program commits certain harmful actions. It doesn't matter whether the changes themselves are malicious, all that matters is that the program, after making changes to it, itself becomes malicious. It is also a crime to create a program that, after minor changes, becomes malicious. Yes, Soviet district court Lipetsk was convicted by N., who, in the interests and at the request of Sh., created an algorithm in the Pascal programming language, i.e. source data for a malicious program called N. "sss.pas". This program would destroy the directory tree without authorization after introducing it to any remote Personal Computer and would function without notifying its owner when turning on (booting) the computer, i.e. would perform an unauthorized modification of information stored on the hard drive.

During court session it was found that the “sss.pas” algorithm created by N. is not a finished program, but the initial data for such a program, which, after some modification and giving it a certain command when rebooting remote computer would work and perform modifications of information stored on the hard drive that are not authorized by the user. Therefore, according to the conclusion of the examination, the program written by N. was inherently malicious.

Distribution of computer programs means providing access to the reproduced version in any material form computer program or database, including through network and other means, as well as by sale, rental, rental, lending, including import for any of these purposes. Thus, the distribution of malware will be considered both the transmission of a virus via the Internet and using a CD, flash drive, etc.

Evidence base this crime may be the presence of malicious program files on the suspect’s computer, the presence of so-called kits for creating programs of this type. Also postal correspondence suspect (including via the Internet), discovery of disks or other media with malicious software in the apartment, etc.

Proving the facts of the use and distribution of malicious programs is facilitated by the timely production of information technology expertise, with the help of which it is possible to determine what changes were made to the program and when, as well as the consequences of the use and distribution of malicious programs. The examination can also establish the method used by the criminal to overcome software and hardware protection (selection of keys and passwords, disabling the lock, using special software).

To summarize, the following main conclusions can be drawn.

1. The creation of malicious programs is recognized as a completed crime from the moment the program is created or changes are made to existing program, regardless of whether such a program was used or distributed by a person.

2. When making changes to existing programs prerequisite to incur criminal liability is the introduction into programs of such functions that would lead to the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their network. Criminal liability for modifying a malicious program should arise if the intent of the person was aimed at giving the program new properties, regardless of whether the functions introduced into it are malicious or not.

3. Distribution of malicious programs is qualified as the actions of a person distributing this program using a computer, as well as the transfer of computer media with the program to third parties under any conditions. 4. Criminal liability occurs only if a person intentionally wanted to create a malicious program.

(edited) Federal Law dated 07.12.2011 N 420-FZ)

1. Creation, distribution or use of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection means -
   is punishable by restriction of freedom for a term of up to four years, or forced labor for a term of up to four years, or imprisonment for the same term with a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months.
2. Acts, provided for by part first of this article, committed by a group persons according to prior agreement or organized group or by a person using his official position, as well as those who caused major damage or made from selfish interest, —
   shall be punishable by restriction of freedom for a term of up to four years, or forced labor for a term of up to five years with deprivation of the right to occupy certain positions or study certain activities for a term of up to three years or without it, or by imprisonment for a term of up to five years with a fine in the amount of one hundred thousand to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of two to three years or without it and with deprivation the right to hold certain positions or engage in certain activities for a period of up to three years or without it.
3. Acts, provided for in parts first or second of this article, if they entailed grave consequences or created a threat of their occurrence, -
   shall be punishable by imprisonment for a term of up to seven years.

Commentary on Article 273 of the Criminal Code of the Russian Federation

1. The object of the commented crime is public safety And public order, as well as the totality public relations on the lawful and safe use of information.
The objective side is the fact of the creation of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection measures. The most common types of malware are computer viruses, worms, scanner programs, and emulators. electronic means protection, computer information flow control programs, patcher programs.
2. The method of committing this crime can only be an action expressed in the form of creating malicious computer programs, as well as the use or distribution of such programs or other computer information.
The creation of a malicious program or other computer information (for example, a virus program) is the result of an activity, expressed in the representation in objective form a set of data and commands intended for the functioning of information and telecommunication networks, computer devices for the purpose of destroying, blocking, modifying, copying information, as well as for the purpose of disrupting the operation of information and telecommunication networks.
The use of computer programs is the release, reproduction, and other actions to introduce such programs or bases into economic circulation (including in a modified form).
Software distribution is the provision of access to a computer program reproduced in any material form, including through network and other means, as well as through sale, rental, rental, lending for any of these purposes. One of the most typical ways to spread malware is to place it on various sites and pages of the Internet information and telecommunications network.
3. This composition is formal and does not require the occurrence of any consequences; criminal liability arises as a result of the creation, use or distribution of the program, regardless of whether any socially dangerous consequences resulted from this. Within the meaning of the article being commented on, the presence of source codes of virus programs is already grounds for prosecution. However, it should be borne in mind that in some cases the use of such programs will not be criminally punishable. This applies to the activities of organizations developing anti-virus programs and having a license for this activity. Responsibility arises for any action provided for by disposition, alternatively. For example, someone may be responsible for creating the malware, another for using it, and another for distributing the malware.
4. C subjective side the crime provided for in Part 1 of the commented article is characterized by guilt in the form of direct intent, as evidenced by the legislator’s indication of the deliberate nature of the activities of the perpetrator. This article defines that the creation, use or distribution of malicious programs known to the culprit is intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection measures.
From the subjective side, the crime provided for in Part 1 of the commented article is characterized by guilt in the form of direct intent, as evidenced by the legislator’s indication of the deliberate nature of the activities of the perpetrator.
5. The subject of this crime can be any sane person over 16 years of age.
6. Part 2 of the commented article provides for increased criminal liability for acts provided for in Part 1 of the same article, committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as those that caused major damage or were committed out of selfish interest. The content of these qualifying features corresponds to the content of similar features of previously considered crimes (see commentary to Article 272).
7. Part 3 of this article, in contrast to the previously valid wording (part 2 of article 273, as amended on June 13, 1996), as a qualifying feature provides for increased criminal liability for acts provided for in its part 1 or 2, if they caused grave consequences or created the threat of their occurrence. The development of malware is available only to qualified programmers who, by virtue of their vocational training can and should foresee possible consequences use of these programs. Therefore, increased criminal liability is established in the presence of not only an intentional, but also a careless form of guilt in relation to the grave consequences that have occurred.
The severity of the consequences is established in relation to specific situation. Any consequences that the court, taking into account the specific circumstances of the case, may recognize as such, can be considered grave. These may include, for example, causing particularly large material damage, death of people or causing them serious harm, accidents and disasters, etc.
8. The elements of the crime provided for in the commented article have some common features with the elements of a crime under Art. 272 of the Criminal Code. The difficulty of distinguishing between these crimes lies in the fact that both unlawful access to computer information and the creation, use and distribution of malicious computer programs lead to unauthorized destruction, blocking, modification or copying of information or neutralization of computer information protection measures. However, they also have many differences. The subject of the crime under Art. 272 of the Criminal Code, is only information that is protected by law. On the contrary, the subject of the creation, use and distribution of malicious programs is any information contained on computer media or in information and telecommunication networks.
The corpus delicti provided for in Part 1 of the commented article is constructed as formal. To recognize a crime as completed, no actual occurrence is required harmful consequences in the form of destruction, blocking, modification or copying of information or neutralization of means of protecting computer information, which is typical for the composition constructed in Art. 272 of the Criminal Code. Compound unauthorized access to computer information is constructed as material.

Computer viruses are very common in modern world. Creation malicious utilities who spread infection is a crime. Moreover, it is of a criminal nature. But what is the price for this? Possible penalties in Russia are provided for in Article 273 of the Criminal Code of the Russian Federation. What does it say? What should developers and creators of computer malware prepare for?

Without burden

The first scenario is when “harmful” programs are written, distributed and created by one person without any special features. This crime is considered the simplest. If you believe Article 273 of the Criminal Code of the Russian Federation, the punishments are not the worst for such an act. What exactly does the law provide?

The creator or distributor of malicious software for computers may have their freedom restricted. The punishment lasts up to 4 years. is far from the most serious measure applied to criminals.

It is also possible to assign forced labor. Their maximum duration coincides with the limit of the suspended sentence. Namely 4 years.

Deprivation of liberty also occurs. It is indicated that you will have to “serve” 48 months, and also pay an additional fine of up to 200,000 rubles. Or, in addition to imprisonment, lose 1.5 years of earnings.

Groups

The creation, use and distribution of malicious computer programs may be punished by other measures. If the crime was committed for personal gain, caused major damage or there was a preliminary conspiracy, as well as actions organized group or acts involving the use of official position, then other forms of punishment will be applied to the criminals.

As in the previous case, it is assumed suspended sentence. 48 months - that's it maximum duration. Forced labor is also not excluded. It can last up to 5 years. In addition to social work, a restriction on certain activities and certain positions is imposed for 3 years. The “taboo” may not apply.

Imprisonment is imposed for 5 years, with an additional fine ranging from 100 to 200 thousand rubles. Imprisonment may also impose a “taboo” on activities and work positions. Such punishment, according to Art. 273 of the Criminal Code of the Russian Federation, can last up to 36 months.

Dire consequences

If the creation and distribution, as well as the use of malicious software caused serious harm or created a threat of their appearance, criminals can be “imprisoned” for a maximum of 7 years.

In Article 273 of the Criminal Code of the Russian Federation, the commentary says that the corpus delicti is of a formal nature. This means that consequences are not necessary at all. From the moment the malicious software is created, the criminal’s guilt begins. And it doesn’t matter whether the actions were carried out publicly dangerous character or not. The motive also does not play a role in the crime.

The age of the offender is important. He must be at least 16 years old. Only then does responsibility arise under Article 273 of the Criminal Code.

1. Creation, distribution or use of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of computer information protection means, -

shall be punishable by restriction of liberty for a term of up to four years, or forced labor for a term of up to four years, or imprisonment for the same term with a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months.

2. Acts provided for in part one of this article, committed by a group of persons by prior conspiracy or by an organized group or by a person using their official position, as well as those that caused major damage or were committed out of selfish interest, -

shall be punishable by restriction of freedom for a term of up to four years, or forced labor for a term of up to five years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years or without it, or imprisonment for a term of up to five years with a fine of one hundred thousand to two hundred thousand rubles or in the amount of wages or other income of the convicted person for a period of two to three years or without it and with or without deprivation of the right to hold certain positions or engage in certain activities for a period of up to three years.

3. Acts provided for in parts one or two of this article, if they entailed grave consequences or created a threat of their occurrence, -

shall be punishable by imprisonment for a term of up to seven years.

Commentary on Article 273 of the Criminal Code of the Russian Federation

1. A malicious program is a program that leads to the authorized destruction, blocking, modification or copying of information, disruption of the operation of computers, their systems or networks. It is enough if the program is designed to achieve this result at least once. The concept of a malicious program is broader than the concept of a virus program, which, in addition to being malicious, must have the ability to self-propagate.

2. Unauthorized blocking, modification, etc. means achieving this result without the permission of the computer owner or other legal authority.

In practice, there are cases of qualification under Art. 273 of the Criminal Code of the use of programs designed to break the protection of licensed software, which is difficult to admit correct use law. Such actions are performed on your own computer and do not pose a threat information security. Of course, installing a “pirated” copy on your computer operating system or other program is an illegal act. But it entails administrative, criminal and civil liability as copyright infringement. Such actions do not pose a threat to information security. (See also paragraph 5 of the commentary to Article 273 of the Criminal Code.)

3. Creating (including modifying an existing program) a malicious program means any activity aimed at writing a malicious program. It's not only creative activity its author, but also technical assistance provided to him by others. Creating a malicious program also means writing a malicious program that lacks the property of novelty. The creation of a program will be completed from the moment of receiving in an objective form a set of data and commands intended for the operation of computers and other computer devices in order to obtain a certain result, if this has the property of being malicious.

4. The use of a malicious program means its direct use for unauthorized destruction, blocking, modification, copying of information, disruption of the operation of computers, their systems or networks.

5. Distribution of a malicious program means both its transmission and reproduction via communications and simple transfer it to another person in any form (including in the form of a record on paper). Distributing computer media of malicious software means transferring the media to another person, including copying or allowing the program to be copied onto another person's media.

6. The subjective side of this crime is characterized by direct intent.

7. Grave consequences (Part 2 of Article 273) - an evaluative sign, the presence of which is established in each specific case, taking into account all the circumstances of the case (for example, the death of a person, harm to health, real danger technological or military disaster, disruption of transport or communications, causing major property damage). Causing grave consequences with intent in accordance with Part 2 of Art. 24 of the Criminal Code cannot be qualified under Part 2 of Art. 273 CC.

Accordingly, from the point of view of the law, programs that are installed without notifying users and/or perform actions that are not reflected in the documentation are classified as malicious from the point of view of the law.

"I System Administrator, I install RAdmin over the network for everyone - am I going to go to court?

Installing programs without notification is a fairly common occurrence in companies and organizations. Therefore, it is advisable to work out this question, approve the list of software used and include consent for its remote installation in documents signed by company employees. To avoid.

“Oh, I spread a virus across the network!”

Let's start with the funniest quote:

The use of malware refers to their use ( by any person), which activates their harmful properties.

Above I promised to look at examples of discrepancies. The law does not use the word “knowingly” very well. The phrase “distribution... of computer programs... known to be intended” can be read in two ways. Let's imagine a situation where a user or company administrator spreads a malicious program over the network. If we imagine that “knowingly” refers to malicious programs, then any unintentional distribution of a known malicious program is not good from the point of view of the law. And here the differences in approach in the first and second parts of the article play a role. Let us remind you that “Acts provided for in the first part of this article, committed ... by a person using his official position ... are punishable.” There is no clarification that the actions were committed unintentionally - no!

From the subjective side, the crime provided for in Part 1 of the commented article can only be committed with direct intent, since this article determines that the creation of malicious programs, known to the creator of the program, should lead to unauthorized destruction, blocking, modification or copying of information, disruption of work COMPUTER.
The use or distribution of malicious programs can also only be carried out intentionally, since in accordance with Part 2 of Art. 24 of the Criminal Code, an act committed through negligence is recognized as a crime only if it is specifically provided for by the relevant article of the Special Part of the Criminal Code.
Part 2 of the commented article, in contrast to part 1, provides for the occurrence of grave consequences due to negligence as a qualifying feature.

Another opinion on part 2:

The content of these qualifying features corresponds to the content of similar features of previously considered crimes

Another:

From the subjective side, a crime can be committed both through negligence in the form of frivolity, and with indirect intent in the form of an indifferent attitude towards possible consequences. When direct intent is established in the actions of the perpetrator, the crime is subject to classification depending on the goal that the perpetrator set for himself, and when the consequences that he sought to achieve occurred - and depending on the consequences that occurred. In this case, the actions provided for in Art. 273 of the Criminal Code turn out to be only a way to achieve the goal. Perfect deed subject to qualification based on the totality of crimes committed.

Funny opinion by the way:

The development of malware is available only to qualified programmers who, due to their professional training, must foresee the possible consequences of using these programs.

In accordance with Article 274 of the Criminal Code of the Russian Federation, criminal liability arises for violation of the rules for operating means of storing, processing or transmitting computer information and information and telecommunication networks.

“I only started it for myself!”

Another place where interpretations differ. In most interpretations, it is believed that there is no difference for oneself or not:

The crime in question will be completed from the moment of creation, use or distribution of such programs or information that create a threat of the consequences specified in the law, regardless of whether these consequences actually occurred or not. At the same time, the offender must be aware that the programs he creates or uses will obviously lead to the socially dangerous consequences specified in the law. The motive and purpose do not affect the qualification of the crime.

The answer I think is obvious.

True, the same interpretation makes leniency for shots in the leg:

However, the use of malicious computer program for personal needs (for example, to destroy your own computer information) is not punishable.

“I’m not spreading the virus, I posted it on Github for general information and that’s all.”

Distribution of programs is the provision of access to a computer program reproduced in any material form, including through network and other means, as well as through sale, rental, rental, lending for any of these purposes. One of the most typical ways to spread malware is to place it on various sites and pages of the Internet information and telecommunications network.

Thus, any publication is already distribution. Naturally, the question immediately arises about publishing exploits demonstrating vulnerability. From a legal point of view, this is not good. It is possible to recommend publication with changes that make the code inoperable - but whether the court will accept this as an argument is not known.

“Yes, I didn’t even compile, I just threw in the code for fun.”

This composition is formal and does not require the occurrence of any consequences; criminal liability arises as a result of the creation, use or distribution of the program, regardless of whether any socially dangerous consequences occurred as a result. Within the meaning of the article being commented on, the presence of source codes of virus programs is already grounds for prosecution.
Responsibility arises for any action provided for by the disposition, alternatively. For example, someone may be responsible for creating the malware, another for using it, and another for distributing the malware.

Even more fun:

The creation of programs is an activity aimed at developing and preparing programs that are capable, in their functionality, of unauthorized destruction, blocking, modification, copying of computer information or neutralizing means of protecting computer information.
Art. 273 of the Criminal Code of the Russian Federation establishes liability for illegal actions with computer programs recorded not only on machine media, but also on other media, including paper. This is due to the fact that the process of creating a computer program often begins with writing its text, followed by entering it into the computer or without it. Taking this into account, the presence of source texts of malicious computer programs is already grounds for prosecution under Art. 273 of the Criminal Code of the Russian Federation.

Of course, it’s cool to write source texts on paper, but it doesn’t change the meaning. Storing source codes, and especially malware, if you are brought to trial for some reason, is not good. Arbitrage practice on this score is clear. The presence on the computer of programs that can be classified as malicious and the ability, due to qualifications, to use them (insanity, I agree, but this is the practice) - serves as aggravating circumstances

“Yes, I’m only on the command line...”

Previously, we only talked about programs. But Article 273 also contains something else: “... distribution or use... of computer information known to be intended.” Let us remember that information is any bit on a computer.

Civil Code The Russian Federation defines a computer program as “a set of data and teams, intended for the operation of computers and other computer devices in order to obtain a certain result, including preparatory materials, obtained during the development of a computer program, and the audiovisual displays generated by it"

Therefore, any actions that knowingly modify, destroy, etc., fall under 273 of the Criminal Code of the Russian Federation.

Even copying malware can fall under the terms of the law

The only form of committing this crime can be an action expressed in the form of creating malicious programs for computers, making changes to existing programs, as well as the use or distribution of such programs. Distribution of computer media with such programs is fully covered by the concept of “use”.

“I’m not 18 yet!”

The subject of this crime can be any sane person over 16 years of age.

"For what?"

Depending on the actions performed by the malicious program and the consequences, liability may be not only under Art. 273 of the Criminal Code of the Russian Federation. Two examples

If the creation, use or distribution of malware acts as a means of committing another intentional crime, then the act must be classified as a set of crimes. For example, in cases where malware is created or used to defeat copyright holder-installed tools personal protection computer program, liability arises under the relevant parts of Articles 146 and 273 of the Criminal Code of the Russian Federation.
In the event that the perpetrator, when using or distributing malicious programs, deliberately destroyed or damaged computer equipment what caused significant damage victim, his behavior forms a set of crimes, provided for in articles 167 and 273 of the Criminal Code of the Russian Federation.

“I am from another country and am not subject to the laws of your country!”

Alas, this is not so. All actions of creation (including, as we remember, storage), distribution and use are subject to the Criminal Code of the Russian Federation. That is, if they take you with source code on the territory of the Russian Federation, you carry out any actions against citizens and institutions of the Russian Federation - you are subject to the laws of the Russian Federation.

Examples of criminals who ended up in US prisons are proof of this.

Whether you refuse responsibility or not, the law does not care. Law care committed actions. Whether you quit or not - the same. There are actions committed and there is responsibility for them.

LeakedSource (a leak aggregator that collected databases of VKontakte, Mail.ru, Rambler, Last.fm, Linkedin, Dropbox, Myspace and many other resources that had leaked onto the Internet and provided access to the passwords of leak victims to anyone who was willing to pay for them) argues that California laws do not apply to the company because it is based outside the United States.

“Why are there so few landings?”

As far as I personally know, the problem is not related to the desire to imprison, but to shortcomings in the procedures. Difficulties in combining small cases from various departments in one, experience in collecting evidence

Other countries. We won’t consider everything, we’ll limit ourselves to two

Kazakhstan

Article 206 of the Criminal Code of the Republic of Kazakhstan. Unlawful destruction or modification of information

1. Intentional unlawful destruction or modification of legally protected information stored on electronic media contained in the information system or transmitted over telecommunications networks, as well as entering into the information system knowingly false information, if this entailed significant violation rights and legitimate interests citizens or organizations or interests of society or state protected by law,...

Article 210. Creation, use or distribution of malicious computer programs and software products

1. Creating a computer program, software product or making changes to an existing program or software for the purpose of unlawful destruction, blocking, modification, copying, use of information stored on electronic media, contained in an information system or transmitted over telecommunications networks, disrupting the operation of a computer, subscriber device, computer program, information system or telecommunications networks, as well as the intentional use and (or) distribution of such a program or software product...

Pretty much the same. But the intentionality of the actions is clearly stated; accidental distribution is not subject to punishment. But illegal actions have been added - something that in Russia is carried out under Article 274. The article does not contain a definition of information, as in the previous version of Art. 273 of the Criminal Code of the Russian Federation, which made it possible to include personal data and some other categories of data in such information.

And in the case of Kazakhstan, actions are not mandatory. Enough of inaction

Article 207. Disruption of the operation of an information system or telecommunications networks

1. Deliberate actions(inaction) aimed at disrupting the operation of an information system or telecommunications networks...

Ukraine

1. Creation using the method of using, distributing or creating, as well as distributing or creating, useless software and technical devices intended for the unauthorized insertion into work of electronic computing machines (computers), systems, computer "yuternich merezh chi merezh elektrozv" language , - is punishable by a fine of five hundred to one thousand non-compliant minimum incomes of citizens, either by proper robots on lines up to two years, or by abrogation of will on that very line.
2. Those same actions, committed again either behind the front group of people, or because they have become seriously ill, are punishable by reduction of liberty for up to five years.

The wording “Creation for the purpose of use” is unclear. Write but not check? In any case, the law covers the activities of any programs or technical means to change the operation of computers or networks. There is the word distribution - there is no clarification of whether it is intentional or not. I'm afraid that the unintentional falls under the law

Tags: Add tags