Cybercrimes are every lawless action made via computer devices, where the objective is an improper use of any computer device. Like any other crime there is a passive entity and an active one. The active entity has diverse knowledge of computer science, enough to manipulate computer information, though nowadays there are few software tools that allow a someone without knowledge to cause atacks. The passive entity is usualy a business and governament, those who use the computer systems.
Due to computers developing faster than legislation, there are criminal behaviors through computer devices that cant be cosidered crimes, and are labeled as computer abuses.
Network probes are ping sweeps and port scans. Port scaning is the action of analizyng the ports of a device in a net. There are diferent tools that are used for this, an example is nmap This isnt contemplated as a crime in the the Spanish Penal Code, but the different ISPs have suggested internationally to prevent this type of abuses.
Ping sweeps are another type of network probes the intruder sends packets to a network of machines to see which ones respond. This way the can determinate which devices are on, so now they can work in atacking those devices. Though ping sweeps can also be used to do dignostics of the network by the administrator.
A Distributed Denial of Service atack is an cyber atack done to a specific network sending huge amounts of trafic (mostly worthless requests) so the network wont realise which of the request are true or bots collapsing the service. ( Distributed Denial of Service ) es un ataque informático que se realiza a una determinada red enviando grandes cantidades de tráfico inútil haciendo que no sepa distinguir entre las peticiones falsas y las legítimas haciendo que el servicio se interrumpa.
You can see the DDoS atacks being done in real time via IPViking
Reference to the Spanish penal code.
Código Penal Art. 264.2:
Seizing without authorization and dealing an interruption or obstaculization of a system or network which whom he doesnt own will be punished with 2 to 3 years of inprisonment.
“El que por cualquier medio, sin estar autorizado y de manera grave obstaculizara o interrumpiera el funcionamiento de un sistema informático ajeno, introduciendo, transmitiendo, dañando, borrando, deteriorando, alterando, suprimiendo o haciendo inaccesibles datos informáticos, cuando el resultado producido fuera grave, será castigado, con la pena de prisión de seis meses a tres años.”
Using the system vulnerabilities to obtain privileged information which shoulndt be accesible.
Reference to the spanish penal code.
- 1.-Seizing data from another busines via any mean will be punished from 2 to 4 years of inprisonment and a fee of 12 to 24 months.
- 2.-Penalty of 3 to 5 years and a fee od 12 to 24 months to those who revealed to thirpartys the secrets seized.
- 3.-This is without taking in accout the damage dealed with the seizure or destruction of the systems of the passive entity.
Código Penal Art. 278:
- 1.- El que, para descubrir un secreto de empresa se apoderare por cualquier medio de datos, documentos escritos o electrónicos, soportes informáticos u otros objetos que se refieran al mismo, o empleare alguno de los medios o instrumentos señalados en el apartado 1 del artículo 197, será castigado con la pena de prisión de dos a cuatro años y multa de doce a veinticuatro meses.
- 2.- Se impondrá la pena de prisión de tres a cinco años y multa de doce a veinticuatro meses si se difundieren, revelaren o cedieren a terceros los secretos descubiertos.
- 3.- Lo dispuesto en el presente artículo se entenderá sin perjuicio de las penas que pudieran corresponder por el apoderamiento o destrucción de los soportes informáticos.
Cybercrimes investigation techniques
One of the most direct technique to elighten the authorship of a cybercrime is the IP. Depending of the crime, this direccion can be obtained from the webmaster of the delictive content with a court order, to contact the webmaster you can look in whois of the domain of the site. Once the webmaster gives the IP the ISP shall be found via www.ripe.net. The ISP will offer the owner of the internet services with that IP, though its hard to condemn a person just by his IP since it can be hiden or making use of services as VPNs and posing as someone else.
Cibercrime Regulations in Spain
In Spain ,this kind of crimes are sanctioned by the Penal Code, in wich a criminal uses a computer device to commit a crime. This sactions are compiled in the "Ley Orgánica 10/1995", from 23rd of november in the State Official Newslater number 281, from 24th of november 1995. This are sanctioned as their non cibercrime counterparts. As an example there is the same sanction when you prive in someones mail or his email.
Once they have to proceed to investigation, since a single accion can have different consecuences in different places of Spain, the investigation will be done by the judicial party which first has knowledge of the cibercrime.If during the investigation the author of the cibercrime is found and he belongs to another judicial party it can be done an inhibition accion in favor of the latter so the investigation of the cybercrime can continue.
Prision Penaltys for Cybercrimes in Spain
Abusive acces to a system: When, withouth authorization, a system, protected or not, is accessed, and maintain that acces against the will of the one with the rights to exclude, would icur with penalty of 48 to 96 months of inprisonment
Ilegitimate obstaculization of a system or network When, withouth being empowered for it, is obstructed access to a system or denied the access, will incur wih a penalty of 48 to 96 months of inprisonment.
Interception of computer data: When data is intercepted (without a court order) from the origin, destination or from the system, will incur with penalty of 36 to 72 months of inprisonment.
System damages: When(without being empowered for it) computer data is damaged, deleted, deteriorated or altered,, will incur with penalty of 48 to 96 months of inprisonment and a fee of 100 to 1000 minimum salarys.
Use of malware:When(without being empowered for it) malware is produced, traficked with, adquired, distributed ,sent, imported or exported from national borders, will incur with penalty of 48 to 96 months of inprisonment.
Personal data violation: When(without being empowered for it) personal data, codes , files, etc is used for profif, be it for a third party or for oneself, obtained, substracted ,offered , sold, changed, bought, intecepte, divulged, modified, or used, will incur with penalty of 48 to 96 months of inprisonment.