About IT crimes in simple terms

Effective provision of information security is impossible without knowledge of the basics of legislation in the field of information technology. In this article we will look at the so-called computer articles of the criminal code. At the same time, we will not dive into legal subtleties and nuances, but will try to understand in simple language with examples what and how they are punished for certain offenses.

First, let's look at what articles of the Criminal Code we are talking about:

  • Article 272. Illegal access to computer information.

  • Article 273. Creation, use and distribution of malicious computer programs.

  • Article 274. Violation of the rules for operating means of storing, processing or transmitting computer information and information and telecommunication networks.

  • Article 274.1. Unlawful influence on the critical information infrastructure of the Russian Federation.

  • Article 274.2. Violation of the rules for centralized management of technical means of countering threats to the stability, security and integrity of the functioning of the information and telecommunications network “Internet” and the public communications network on the territory of the Russian Federation.

Hacking, just hacking

Article 272 (not to be confused with the “extremist” Article 282) is devoted to unlawful access to computer information. If unlawful access to legally protected computer information results in the destruction, blocking, modification or copying of computer information, you may be punished with a fine of up to two hundred thousand rubles in the best case, or imprisonment for up to two years in the worst case. Moreover, if a crime was committed by a group of persons by prior conspiracy and resulted in grave consequences, then there is a possibility of being imprisoned for up to seven years.

Here it is immediately worth paying attention to the wording, namely, that the absence of the listed consequences excludes the presence of a crime under this article. This example was found on one of the legal resources:

“Citizen I., wanting to check citizen P.’s loyalty to her, by visiting the website of the electronic mail service, using the previously illegally obtained login and password of citizen P., visually scans the contents of his mailbox. She does not take any actions to copy, change or destroy information.”

In this case, there is no corpus delicti. But if she copied at least one letter, for example, to collect evidence, then there would be composition 272.

About malware

The next computer article is 273. It talks about the creation, use and distribution of malicious computer programs. Thus, the creation, distribution or use of computer programs or other computer information, knowingly intended for unauthorized destruction, blocking, modification, copying of computer information or neutralization of means of protecting computer information, is punishable by a fine of up to two hundred thousand rubles or up to seven years in the case of conspiracy and serious crimes. consequences.

Well, it would seem that everything is clear here: if you write malware, you will get a prison term. But the article talks not only about creation, but also about use and distribution, and here everything is somewhat more complicated. Let's give a couple of examples.

“One system administrator downloaded a cracker on the Internet to activate the Microsoft office suite of programs and recorded them on a flash drive. To do this, he needed to temporarily disable his antivirus software.

Border firewalls installed on the computer network of the plant where this citizen worked detected unauthorized outgoing traffic from the plant's computer network. The data transfer lasted for a short time and then stopped; the end point for receiving information was certain servers in the USA. The fact was established by employees of the enterprise’s security departments, data about the incident was transferred to the FSB Directorate for the Perm Territory, where a case was opened and investigated.”

The comrade was acquitted under 274.1 (we’ll talk about this article later), but was sentenced under 273, since the files he downloaded contained malicious code.

This was an example of an “unsuccessful” application of malware. Let’s also look at how malware can be “unsuccessfully” distributed.

On the Internet you can find many “zoos” – resources from which you can download artifacts – samples of malware. On these sites, artifacts are stored in a secure form: password-protected archive, extension, format, etc. But if desired, such an artifact can be brought into fully working condition. Why might this be needed for law-abiding purposes? For example, for the purpose of testing security measures. In this case, if the artifacts are not used very carefully, there is a non-zero risk of becoming a distributor of malicious applications.

When admins work poorly

If the previous two articles were intended primarily for willful offenders, that is, those who knowingly carried out unauthorized access or distributed malware, now we will talk about how irresponsible service personnel – administrators and engineers who did not ensure the work of IT – can be punished systems

Article 274 is devoted to violations of the rules for operating means of storing, processing or transmitting computer information and information and telecommunication networks. Thus, violation of the rules for operating means of storing, processing or transmitting protected computer information or information and telecommunication networks and terminal equipment, as well as rules for access to information and telecommunication networks, resulting in the destruction, blocking, modification or copying of computer information, causing large damage, is punishable by a fine of in the amount of up to five hundred thousand rubles to imprisonment for a term of up to five years.

With the advent of Federal Law No. 187 “On the security of critical information infrastructure of the Russian Federation,” another similar article appeared in the criminal code, dedicated specifically to critical infrastructure. Article 274.1. Unlawful influence on the critical information infrastructure of the Russian Federation.

This article, in separate paragraphs, examines the creation, distribution and (or) use of programs knowingly intended to unlawfully influence the critical information infrastructure of the Russian Federation.

Also, violation of the rules for operating means of storing, processing or transmitting protected computer information contained in CII is considered. It is noteworthy that the maximum penalty under this article can reach ten years in prison.

You can find several examples of using this article. For example, if anyone doesn’t remember, three years ago the agenda related to the pandemic, vaccination and the corresponding vaccination certificates was relevant. So, one example of the use of 274.1 is entering information about vaccinations into the database without actually performing them. The fact is that, according to the investigation, when making false entries in the KII information systems, the accused persons violate the integrity of this information system, as a result of which the information circulating in the system loses its objectivity, reliability and relevance.

Another example from this article. The citizen worked for a large railway company. He had to pass a test on his knowledge of the rules of working with equipment. He couldn’t think of anything better than downloading a crack to the testing program so that the test would give the correct answers. However, the computer on which the testing was carried out turned out to be part of the CII, and the result was composition 274.1.

Again all the same cracks, and computers that are part of the CII. So, before installing or disinfecting any software on work computers, check whether they are part of a critical infrastructure.

About the sovereign Internet

And today’s set of computer articles will be completed by provider article 274.2. Violation of the rules for centralized management of technical means of countering threats to the stability, security and integrity of the functioning of the information and telecommunications network “Internet” and the public communications network on the territory of the Russian Federation.

Here we are talking about negligent providers who supplied equipment “on the side” to ensure the operation of the sovereign Internet, that is, they did not comply with the requirements set by regulators for the installation of this equipment.

The penalties here also range from fines to three years in prison. Information on the application of this article could not be found in the public domain.

Conclusion

In this short article, we examined in simple language what computer articles are in the Russian criminal code. Be careful not to encounter these articles in reality.

OTUS experts share their knowledge in the field of information information within practical online courses. With a complete catalog of courses you can check out the link.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *