Alina Vislobokova, the lawyer of S&K Vertikal made comments on amendments to the RF Criminal code concerning computer security
Hackers shall be punished more severely
The Federation Council adopted amendments to Chapter 28 of the RF Criminal code “Crimes in the Sphere of Computer Information”. Some concepts were changed, and sanctions subject to some articles were made more severe.
For instance, Article 272 “Unauthorised Access to Computer Information” earlier provided an imprisonment for up to two years for an offence committed by individual and up to five years for a crime committed by a group of people. From now on offenders shall be punished more severely. Maximum term of imprisonment for a crime committed out of lucrative impulses or resulting in heavy damage (over 1 million roubles) will be four years. Any offences which resulted in grave consequences or created a threat of such consequences shall be penalized by imprisonment for a term up to seven years.
Subject to Article 274 “Misuse of (computerized) data storage, processing, or communication media, and data telecommunications networks”, should a heavy damage be inflicted, the offender shall be penalized with a fine up to 500 thousand roubles or imprisoned for a term up to two years. If misdeeds committed by the offender had severe consequences, they may be penalized with imprisonment for a term up to five years, i. e for 1 year longer than subject to previous version of the law.
“From year to year, such crimes become more sophisticated, better planned and profitable for organizers and perpetrators of such violations involving computerized data which, in turn, stimulates evil-doers to associate in criminal groups, to schedule their activity for years to come, and to devise evasion schemes with ever increasing frequency. Amendments involve (and for a good reason) an increase in actual terms of imprisonment and amounts of fines, because it is hard to imagine that, for committing a major offence on a national basis, the organizer will be sanctioned with an insignificant fine, while the “profit” derived from such crime and the scope of damage will number into millions of roubles,” said Alina Vislobokova, representative of the law firm S&K Vertikal.
The new version of law also involves changes in the concept of “computerized data" which is construed as “information (messages, data) presented in the form of electric signals, regardless of storage, processing, or communication media used”.
Such flawed wording gave rise to unfavorable criticism, even with analysts from the RF Supreme Court, still, it was not corrected,” commented Tatiana Nikitina in the Kaspersky Lab blog. “Experts also complained that such an important evidence of intrusion as “operating trouble of a computer, computer system, or network” was deleted from definition of “Unauthorized Access”. The former wording enabled investigators to inquire into all the DDoS-attacks cases subject to article of 272, and now even Pavel Vrublevsky has a real chance to get off with a whole skin.”
This being said, Alina Vislobokova reminded that cases of criminal prosecution for DDoS attacks are extremely rare, contradictory and provides no a unambiguous position concerning such cases.
“Courts pointed to the fact that a DDoS-attack as such cannot be deemed an immediate threat, and what matters is the aftermath of such attack: loss, damage, blocking (temporary or permanent) of data, as well as alteration of such data which resulted in adverse consequences for the network owner. Both wordings are not exactly perfect, however, legislators attempted to give up on obsolete concepts and, in my opinion, we should first put into practice updated provisions of Chapter 28 of the Criminal Code, then we shall know whether there is a need for another corrections to these wordings,” said the attorney.
Alina Vislobokova added that amendments to Chapter 28 of the RF Criminal Code can hardly be described as clear-cut and unequivocal. Tatiana Nikitina hopes that “defects that occur (in amendments) will not get in the way of justice or will be routinely corrected.”