March 30, 2011 at 11:59DDoS attacks will be included in the Criminal Code (Articles 272–274)
A number of Russian Internet companies with the support of Group-IB have initiated amendments to the Criminal Code of the Russian Federation. It is proposed to supplement Chapter 28 of the Criminal Code in the field of computer information with new qualifying features, including the organization and commission of DDoS attacks, for phishing and spam.
The structure of crimes will be designated and the evidence base on them will be clarified, the places of the crime will be established.
Group-IB is engaged in the investigation of IT crimes by order of commercial companies (including catching the organizers of DDoS attacks). A company representative explained that existing legislation allows prosecution only for computer infection, but not for DDoS itself. That is, in the case of a botnet, you need to look for “victims” from among the owners of zombie PCs, which distorts the essence of the matter, where the real victim is a large company or a financial institution affected by DDoS.
Chapter 28 of the Criminal Codecontains three articles: article 272 “Unlawful access to computer information”, article 273 “Creation, use and distribution of malware for computers” and article 274 “Violation of the rules for operating a computer, computer system or network”. These articles provide for a variety of sentences, including fines, corrective labor, compulsory labor (up to 240 hours), arrest or imprisonment for up to seven years.
The draft amendments to the Criminal Code are currently at the stage of approval of the concept.
The structure of crimes will be designated and the evidence base on them will be clarified, the places of the crime will be established.
Group-IB is engaged in the investigation of IT crimes by order of commercial companies (including catching the organizers of DDoS attacks). A company representative explained that existing legislation allows prosecution only for computer infection, but not for DDoS itself. That is, in the case of a botnet, you need to look for “victims” from among the owners of zombie PCs, which distorts the essence of the matter, where the real victim is a large company or a financial institution affected by DDoS.
Chapter 28 of the Criminal Codecontains three articles: article 272 “Unlawful access to computer information”, article 273 “Creation, use and distribution of malware for computers” and article 274 “Violation of the rules for operating a computer, computer system or network”. These articles provide for a variety of sentences, including fines, corrective labor, compulsory labor (up to 240 hours), arrest or imprisonment for up to seven years.
The draft amendments to the Criminal Code are currently at the stage of approval of the concept.