Intro
We very often hear and read news that tells about new hacking of computer systems, theft of confidential data, financial fraud, leaks of databases of users of the largest online stores or social networks. Moreover, the actions of some hackers, for example, the Fancy Bears group, who hacked the anti-doping agency WADA and published a number of documents indicating that American athletes took illegal drugs at the Rio Olympics, evoke sympathy rather than a desire to punish them. The same can be said about hacks, as a result of which materials incriminating the NSA or the CIA were posted on WikiLeaks.. However, despite this, computer hacking and unauthorized access to information is equated with crimes, and as for any other offenses, measures of responsibility are provided for them.
Impunity or Responsibility?
From numerous summaries and news feeds distributed by the Internet media, as well as on specialized information security portals, in analysts' reports and other materials, we every day learn about new incidents, hacks, leaks, and hacker activity. Crimes in the computer world have become commonplace, and the damage is sometimes even greater than from crimes committed in real life. Therefore, it is not surprising that all developed countries, in one form or another, have their own set of legislative acts dedicated to confronting and punishing hacking, electronic theft, and fraud using IT technologies. Moreover, activists are increasingly trying to make such laws even more stringent.
Accountability for cyber crime in Russia
Free distribution of information is allowed in Russia, subject to all requirements established by the legislation of the Russian Federation. Thus, the basic law regulating freedom of access to information is FZ-149 "On Information, Information Technologies and Information Protection". This legislative act is intended to regulate the relations arising between the subjects in the exercise of the right to search, receive, transfer, produce and disseminate information; the use of information technology, as well as ensuring the protection of information.
The law also says that restriction of access to information of any kind can be established by federal laws in order to protect the foundations of the constitutional order, morality, health, rights and legitimate interests of others, to ensure the country's defense and state security. Federal laws establish the conditions for classifying information as information constituting a commercial secret, official secret and other secrets, the obligation to maintain the confidentiality of such information, as well as liability for its disclosure.
The law also says: it is prohibited to require a citizen (individual) to provide information about his private life, including information constituting personal or family secrets, and to receive such information against his will.
Such information is usually referred to as Personal Data, which is regulated by the federal law of the same name FZ-152 "On Personal Data"
All of the above refers to the fundamental principles of law related to information, and in particular with information technology. Specific acts and responsibility for them on the territory of the Russian Federation, depending on the purpose and motives, may imply criminal, administrative and civil liability.
The easiest form is administrative responsibility for hacker activities that may arise in the event of violation of Article 13 of the RF Code of Administrative Offenses. This article assumes responsibility for the disclosure of information with limited access, as well as violation of the established procedure for storing, using or distributing personal data information. Liability is imposed in the form of a fine, and depending on the severity of the offense, it ranges from several thousand to hundreds of thousands of rubles.
For more serious offenses, criminal liability is provided. The most famous section in the Criminal Code of the Russian Federation is chapter 28, crimes in the field of computer information. The section includes three articles - 272, 273, 274.
And so, let's take a closer look at each one.
Article 272 "Illegal access to computer information"
Unlawful access to legally protected computer information, that is, information on a machine medium, in an electronic computer (computer), a computer system or their network, if this entailed the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their networks.
This is the most popular article in cases of cyber crimes, since it is it that provides for such qualifying acts as the destruction and copying of information, modification of information (deface), blocking the operation of the computer system (DoS attack), disruption of the computer system and blocking access (exploiting malware or system vulnerabilities). Under this article, most of the people who are called "hackers" by the media and law enforcement agencies are condemned.
Article 273 "Creation, use and distribution of malicious programs for computers"
Creation of computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of computers, computer systems or their network, as well as the use or distribution of such programs or machine media with such programs.
This is the second most popular article aimed at distributors of virus software, as well as threatening responsibility for those who are engaged in hacking programs (reversing) using emulators and other special tools. Also, this article can be applied to those who use or simply distribute software for DDoS attacks and various hacker tools, etc.
Article 274 "Violation of the rules for the operation of computers, computer systems or their networks"
Violation of the rules for the operation of computers, computer systems or their networks by a person having access to computers, computer systems or their networks, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm.
According to the source, the article was once calculated to punish negligent employees by the management of firms for improper operation of equipment, which led to any negative consequences. At the moment, it practically does not work - partly due to the fact that it does not belong to the category of crimes, even of moderate severity.
If we are talking about the use of other people's logins and passwords (in fact, work under someone else's account), then the articles of Article 165 of the Criminal Code of the Russian Federation "Causing property damage by deception or abuse of trust" are also included in the cases. sign under Article 183 of the Criminal Code of the Russian Federation "Illegal receipt and disclosure of information constituting a commercial secret", and the banal article 159 of the Criminal Code of the Russian Federation "Fraud".
More recently, it became known that Sberbank and the Ministry of Internal Affairs (MVD) have developed a joint bill, which was also supported by representatives of the Central Bank. The bill requires the recognition of cybercrimes as thefts, and not qualifying them as fraud, and also establish more serious penalties for their commission.
Foreign practice in punishing cyber criminals
1. US Legislation
As you know, the first IT companies were born in the United States. Therefore, the first bill establishing criminal liability for crimes in the field of information technology was developed in the United States back in 1977. And already later, on the basis of this bill in October 1984, was adopted the Computer Fraud and Abuse Act.
The law establishes responsibility for several basic elements of crimes: computer espionage;
2. UK legislation
In foggy Albion, the Computer Abuse Act has been in effect since August 1990. The first paragraph of this document deals with "unauthorized access to computer data". It has established that a person commits a crime when he uses a computer to perform any function with the intent to provide access to any program or data contained in any computer, if this access is knowingly unauthorized.
It is also worth mentioning one confirmation of the seriousness of the problem of computer crimes is the entry into force in the United Kingdom of the Terrorism Act 2000. For the first time, the law expands the definition of terrorism to include cyberspace. For example, thanks to this document, the British law enforcement agencies have the right to consider terrorist actions that "seriously interfere with or seriously disrupt the operation of any electronic system."
3. German legislation
The German Penal Code uses a special term - Daten, the definition of which is given in Article 202 of the Criminal Code - data that are stored or transmitted electronically, magnetically or in another way that is not directly visually perceivable, ie in the language of the layman, it is computer data.
Also, paragraph "b" of Article 303 of the Criminal Code covers such crimes as DNS attacks (computer sabotage) and the creation of malware. The article contains the term computer sabotage - interference with data processing that is essential to an enterprise, government agencies, or anyone else's way of doing business, which is a serious crime. Interference can be carried out by destroying, damaging, disabling, altering a computer system, or interfering with data transmission.
4. Spanish legislation
According to article 197 of the Criminal Code of Spain, the disclosure and dissemination of secret information without the consent of its owner, including information from e-mail, information stored in databases, interception of telecommunications or the use of recording and eavesdropping devices is punishable by a fine or imprisonment for a period of one up to four years.
5. Italian Legislation
The Italian Penal Code prohibits "unauthorized third party access to a computer or telecommunications system", ie access to computers or systems protected by security measures, or access against the owner's expressed or implied desire to exclude such access. Responsibility for these offenses is imprisonment for up to three years (Article 615 of the CC).
Biggest hacker attacks and consequences
1. Mitnick vs Pentagon
Back in 1983, the then young Kevin Mitnick, before daringly hacking into the Pentagon's website, for several years hacked and used the US telephone networks with impunity. In those years, while still a student, from a TRS-80 computer, Mitnick entered the global network ARPANet, the predecessor of the Internet, and through a computer at Los Angeles University he reached the servers of the US Department of Defense.
Soon the break-in was recorded, and the young cybercriminal was quickly found, as a result, he served six months in a correctional center for young people. Much later, in the mid-nineties, Mitnick was accused on a number of episodes of causing damage to $ 80 million and, after a guilty verdict, was imprisoned for several years. After serving his sentence in prison, the cyber terrorism pioneer reformed and now plays for the team of the strong.
2. Levin and the biggest Citibank hack
The action took place in 1994. This robbery was the first in a chain of confrontation between Russian hackers and the western giant Citibank. From the materials of the case, it is known that in the mid-1990s, a resident of St. Petersburg, Vladimir Levin, penetrated the internal network of an American bank, hacking an analog modem connection, and managed to transfer $ 10.7 million to accounts in different countries: the USA, Finland, Germany, Israel and the Netherlands. The accomplices turned over the Russian to the authorities. After Levin was arrested in March 1995 in London, and three years later the investigation was sentenced to three years in prison.
3.15-year-old James found a hole in NASA
It's already 1999. And 15-year-old hacker Jonathan James was the first to break into the system of the US National Space Agency. He managed to gain access by cracking the password of a server belonging to another government agency, after which James stole several important files from NASA, including the source code of the international space station. At that moment, the agency estimated the damage at $ 1.7 million. Due to his young age, James was able to escape jail.
4.Russian trace and payment system PayPal
It's already 2000. Chelyabinsk guys, 26-year-old Vasily Gorshkov and his 20-year-old friend Alexei Ivanov were arrested by the FBI in November 2000 in Seattle. They were accused of illegal penetration into the corporate computer networks of PayPal, Western Union, and the American bank Nara Bank. Attackers stole 16,000 credit card numbers from home computers, causing $ 25 million in damage. As a result, Ivanov received four years in prison, and his accomplice Gorshkov - three, but with the obligation to pay $ 700,000 in compensation.
5 Leaked Windows 2000 source code
Moving on, now it's 2004. The news spread all over the world that on February 12, 2004 Microsoft announced the theft of the source code of the Windows 2000 operating system. About 600 million bytes of data, 31 thousand files and 13.5 million lines of code were stolen. The information leak also affected the Windows NT4 system. At first, the corporation said that the code was stolen through its partner company Mainsoft, but later it turned out that the data was stolen directly from the Microsoft network itself. This did not lead to serious financial losses, since Microsoft had already refused to develop this version of the OS by that time, but neither the company nor the FBI were able to find the attackers.
6. Again, Russian hackers against the American stock exchange
And now it's 2013. In July 2013, the US authorities charged five Russian citizens and one Ukrainian resident with fraud and computer hacking. According to the investigation, we are talking about "one of the largest cybercrimes in history." The defendants managed to hack the security systems of the NASDAQ electronic exchange, the largest retail chains and leading banks in Europe and the United States. As a result, 160 million credit card data were stolen and funds were withdrawn from 800 thousand bank accounts around the world. Only Muscovite Dmitry Smilyanets appeared before the court in Newark, he was arrested at the request of the FBI in the Netherlands. The rest of the guroppa members managed to escape and escape punishment.
7. Malvar Stuxnet and Iran's nuclear program
2010 is not so distant. The Stuxnet worm successfully attacked and partially disabled Iran's nuclear system. According to Iranian data, in the fall, the virus blocked the work of a fifth of the Iranian centrifuges, while copying the video surveillance recording and replaying it during the operation so that the security service would not suspect anything. Since the attack was successful, it was suggested that this was a development of the Israeli intelligence services, which were assisted by the United States. Later, Kaspersky Lab experts saw it as "a prototype of a cyber weapon, the creation of which will entail a new arms race."
8. Anonymous hacktivists against everyone
Location USA, Israel and Russia, period 2012–2014. In January 2012, the MegaUpload site was closed. In protest, Anonymous launched the largest DDoS attack in history, using a special LOIC program. For several hours, the websites of the US departments were disabled: the FBI, the White House, the Department of Justice, as well as the recording holding Universal Music Group, the American Recording Industry Association, the American Film Companies Association, and the American Copyright Office. In April 2013, Anonymous attacked over 100 thousand Israeli websites. The hackers themselves estimated the total damage from the attack at $ 3 billion. The action was a response to the "Cloud Pillar" operation, which took place in November 2012. Also, during the Ukrainian crisis in March, hacktivists heavily attacked the government websites of the Russian Federation and the websites of the Russian media.
In recent years, many people have been convicted of hacking and illegal access to information. Some of these cases are:
Government hackers from the FSB and the GRU
The name of the hacker group Fancy Bear is well known among information security specialists, this is how Western colleagues call the supposedly Russian group of government hackers, also known as Sofacy, APT28, Sednit, Pawn Storm and Strontium, and so on.
It is noted that these groups of hackers are involved in hacking government organizations, technology companies, military contractors, energy and manufacturing companies and universities in the United States, Canada, Europe and Asia. In particular, the Cozy Bear group was able to gain unauthorized access to the email systems of the White House, Department of State and the Joint Chiefs of Staff in 2014.
And on September 13, 2016, hackers calling themselves Fancy Bears published on their website a number of documents stolen from the World Anti-Doping Agency (WADA). So, hackers released evidence that during the competition American athletes took illegal drugs, but were still allowed to participate in the Olympics. At the same time, WADA representatives confirmed the fact of hacking their systems and data leakage, saying that they were attacked by hackers from Russia.
We very often hear and read news that tells about new hacking of computer systems, theft of confidential data, financial fraud, leaks of databases of users of the largest online stores or social networks. Moreover, the actions of some hackers, for example, the Fancy Bears group, who hacked the anti-doping agency WADA and published a number of documents indicating that American athletes took illegal drugs at the Rio Olympics, evoke sympathy rather than a desire to punish them. The same can be said about hacks, as a result of which materials incriminating the NSA or the CIA were posted on WikiLeaks.. However, despite this, computer hacking and unauthorized access to information is equated with crimes, and as for any other offenses, measures of responsibility are provided for them.
Impunity or Responsibility?
From numerous summaries and news feeds distributed by the Internet media, as well as on specialized information security portals, in analysts' reports and other materials, we every day learn about new incidents, hacks, leaks, and hacker activity. Crimes in the computer world have become commonplace, and the damage is sometimes even greater than from crimes committed in real life. Therefore, it is not surprising that all developed countries, in one form or another, have their own set of legislative acts dedicated to confronting and punishing hacking, electronic theft, and fraud using IT technologies. Moreover, activists are increasingly trying to make such laws even more stringent.
Accountability for cyber crime in Russia
Free distribution of information is allowed in Russia, subject to all requirements established by the legislation of the Russian Federation. Thus, the basic law regulating freedom of access to information is FZ-149 "On Information, Information Technologies and Information Protection". This legislative act is intended to regulate the relations arising between the subjects in the exercise of the right to search, receive, transfer, produce and disseminate information; the use of information technology, as well as ensuring the protection of information.
The law also says that restriction of access to information of any kind can be established by federal laws in order to protect the foundations of the constitutional order, morality, health, rights and legitimate interests of others, to ensure the country's defense and state security. Federal laws establish the conditions for classifying information as information constituting a commercial secret, official secret and other secrets, the obligation to maintain the confidentiality of such information, as well as liability for its disclosure.
The law also says: it is prohibited to require a citizen (individual) to provide information about his private life, including information constituting personal or family secrets, and to receive such information against his will.
Such information is usually referred to as Personal Data, which is regulated by the federal law of the same name FZ-152 "On Personal Data"
All of the above refers to the fundamental principles of law related to information, and in particular with information technology. Specific acts and responsibility for them on the territory of the Russian Federation, depending on the purpose and motives, may imply criminal, administrative and civil liability.
The easiest form is administrative responsibility for hacker activities that may arise in the event of violation of Article 13 of the RF Code of Administrative Offenses. This article assumes responsibility for the disclosure of information with limited access, as well as violation of the established procedure for storing, using or distributing personal data information. Liability is imposed in the form of a fine, and depending on the severity of the offense, it ranges from several thousand to hundreds of thousands of rubles.
For more serious offenses, criminal liability is provided. The most famous section in the Criminal Code of the Russian Federation is chapter 28, crimes in the field of computer information. The section includes three articles - 272, 273, 274.
And so, let's take a closer look at each one.
Article 272 "Illegal access to computer information"
Unlawful access to legally protected computer information, that is, information on a machine medium, in an electronic computer (computer), a computer system or their network, if this entailed the destruction, blocking, modification or copying of information, disruption of the operation of a computer, computer system or their networks.
This is the most popular article in cases of cyber crimes, since it is it that provides for such qualifying acts as the destruction and copying of information, modification of information (deface), blocking the operation of the computer system (DoS attack), disruption of the computer system and blocking access (exploiting malware or system vulnerabilities). Under this article, most of the people who are called "hackers" by the media and law enforcement agencies are condemned.
Article 273 "Creation, use and distribution of malicious programs for computers"
Creation of computer programs or making changes to existing programs, knowingly leading to unauthorized destruction, blocking, modification or copying of information, disruption of computers, computer systems or their network, as well as the use or distribution of such programs or machine media with such programs.
This is the second most popular article aimed at distributors of virus software, as well as threatening responsibility for those who are engaged in hacking programs (reversing) using emulators and other special tools. Also, this article can be applied to those who use or simply distribute software for DDoS attacks and various hacker tools, etc.
Article 274 "Violation of the rules for the operation of computers, computer systems or their networks"
Violation of the rules for the operation of computers, computer systems or their networks by a person having access to computers, computer systems or their networks, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm.
According to the source, the article was once calculated to punish negligent employees by the management of firms for improper operation of equipment, which led to any negative consequences. At the moment, it practically does not work - partly due to the fact that it does not belong to the category of crimes, even of moderate severity.
If we are talking about the use of other people's logins and passwords (in fact, work under someone else's account), then the articles of Article 165 of the Criminal Code of the Russian Federation "Causing property damage by deception or abuse of trust" are also included in the cases. sign under Article 183 of the Criminal Code of the Russian Federation "Illegal receipt and disclosure of information constituting a commercial secret", and the banal article 159 of the Criminal Code of the Russian Federation "Fraud".
More recently, it became known that Sberbank and the Ministry of Internal Affairs (MVD) have developed a joint bill, which was also supported by representatives of the Central Bank. The bill requires the recognition of cybercrimes as thefts, and not qualifying them as fraud, and also establish more serious penalties for their commission.
Foreign practice in punishing cyber criminals
1. US Legislation
As you know, the first IT companies were born in the United States. Therefore, the first bill establishing criminal liability for crimes in the field of information technology was developed in the United States back in 1977. And already later, on the basis of this bill in October 1984, was adopted the Computer Fraud and Abuse Act.
The law establishes responsibility for several basic elements of crimes: computer espionage;
- unauthorized access to information;
- computer fraud;
- intentional or negligent damage to protected computers;
- threats, extortion, blackmail, committed with the use of computer technology and others.
2. UK legislation
In foggy Albion, the Computer Abuse Act has been in effect since August 1990. The first paragraph of this document deals with "unauthorized access to computer data". It has established that a person commits a crime when he uses a computer to perform any function with the intent to provide access to any program or data contained in any computer, if this access is knowingly unauthorized.
It is also worth mentioning one confirmation of the seriousness of the problem of computer crimes is the entry into force in the United Kingdom of the Terrorism Act 2000. For the first time, the law expands the definition of terrorism to include cyberspace. For example, thanks to this document, the British law enforcement agencies have the right to consider terrorist actions that "seriously interfere with or seriously disrupt the operation of any electronic system."
3. German legislation
The German Penal Code uses a special term - Daten, the definition of which is given in Article 202 of the Criminal Code - data that are stored or transmitted electronically, magnetically or in another way that is not directly visually perceivable, ie in the language of the layman, it is computer data.
Also, paragraph "b" of Article 303 of the Criminal Code covers such crimes as DNS attacks (computer sabotage) and the creation of malware. The article contains the term computer sabotage - interference with data processing that is essential to an enterprise, government agencies, or anyone else's way of doing business, which is a serious crime. Interference can be carried out by destroying, damaging, disabling, altering a computer system, or interfering with data transmission.
4. Spanish legislation
According to article 197 of the Criminal Code of Spain, the disclosure and dissemination of secret information without the consent of its owner, including information from e-mail, information stored in databases, interception of telecommunications or the use of recording and eavesdropping devices is punishable by a fine or imprisonment for a period of one up to four years.
5. Italian Legislation
The Italian Penal Code prohibits "unauthorized third party access to a computer or telecommunications system", ie access to computers or systems protected by security measures, or access against the owner's expressed or implied desire to exclude such access. Responsibility for these offenses is imprisonment for up to three years (Article 615 of the CC).
Biggest hacker attacks and consequences
1. Mitnick vs Pentagon
Back in 1983, the then young Kevin Mitnick, before daringly hacking into the Pentagon's website, for several years hacked and used the US telephone networks with impunity. In those years, while still a student, from a TRS-80 computer, Mitnick entered the global network ARPANet, the predecessor of the Internet, and through a computer at Los Angeles University he reached the servers of the US Department of Defense.
Soon the break-in was recorded, and the young cybercriminal was quickly found, as a result, he served six months in a correctional center for young people. Much later, in the mid-nineties, Mitnick was accused on a number of episodes of causing damage to $ 80 million and, after a guilty verdict, was imprisoned for several years. After serving his sentence in prison, the cyber terrorism pioneer reformed and now plays for the team of the strong.
2. Levin and the biggest Citibank hack
The action took place in 1994. This robbery was the first in a chain of confrontation between Russian hackers and the western giant Citibank. From the materials of the case, it is known that in the mid-1990s, a resident of St. Petersburg, Vladimir Levin, penetrated the internal network of an American bank, hacking an analog modem connection, and managed to transfer $ 10.7 million to accounts in different countries: the USA, Finland, Germany, Israel and the Netherlands. The accomplices turned over the Russian to the authorities. After Levin was arrested in March 1995 in London, and three years later the investigation was sentenced to three years in prison.
3.15-year-old James found a hole in NASA
It's already 1999. And 15-year-old hacker Jonathan James was the first to break into the system of the US National Space Agency. He managed to gain access by cracking the password of a server belonging to another government agency, after which James stole several important files from NASA, including the source code of the international space station. At that moment, the agency estimated the damage at $ 1.7 million. Due to his young age, James was able to escape jail.
4.Russian trace and payment system PayPal
It's already 2000. Chelyabinsk guys, 26-year-old Vasily Gorshkov and his 20-year-old friend Alexei Ivanov were arrested by the FBI in November 2000 in Seattle. They were accused of illegal penetration into the corporate computer networks of PayPal, Western Union, and the American bank Nara Bank. Attackers stole 16,000 credit card numbers from home computers, causing $ 25 million in damage. As a result, Ivanov received four years in prison, and his accomplice Gorshkov - three, but with the obligation to pay $ 700,000 in compensation.
5 Leaked Windows 2000 source code
Moving on, now it's 2004. The news spread all over the world that on February 12, 2004 Microsoft announced the theft of the source code of the Windows 2000 operating system. About 600 million bytes of data, 31 thousand files and 13.5 million lines of code were stolen. The information leak also affected the Windows NT4 system. At first, the corporation said that the code was stolen through its partner company Mainsoft, but later it turned out that the data was stolen directly from the Microsoft network itself. This did not lead to serious financial losses, since Microsoft had already refused to develop this version of the OS by that time, but neither the company nor the FBI were able to find the attackers.
6. Again, Russian hackers against the American stock exchange
And now it's 2013. In July 2013, the US authorities charged five Russian citizens and one Ukrainian resident with fraud and computer hacking. According to the investigation, we are talking about "one of the largest cybercrimes in history." The defendants managed to hack the security systems of the NASDAQ electronic exchange, the largest retail chains and leading banks in Europe and the United States. As a result, 160 million credit card data were stolen and funds were withdrawn from 800 thousand bank accounts around the world. Only Muscovite Dmitry Smilyanets appeared before the court in Newark, he was arrested at the request of the FBI in the Netherlands. The rest of the guroppa members managed to escape and escape punishment.
7. Malvar Stuxnet and Iran's nuclear program
2010 is not so distant. The Stuxnet worm successfully attacked and partially disabled Iran's nuclear system. According to Iranian data, in the fall, the virus blocked the work of a fifth of the Iranian centrifuges, while copying the video surveillance recording and replaying it during the operation so that the security service would not suspect anything. Since the attack was successful, it was suggested that this was a development of the Israeli intelligence services, which were assisted by the United States. Later, Kaspersky Lab experts saw it as "a prototype of a cyber weapon, the creation of which will entail a new arms race."
8. Anonymous hacktivists against everyone
Location USA, Israel and Russia, period 2012–2014. In January 2012, the MegaUpload site was closed. In protest, Anonymous launched the largest DDoS attack in history, using a special LOIC program. For several hours, the websites of the US departments were disabled: the FBI, the White House, the Department of Justice, as well as the recording holding Universal Music Group, the American Recording Industry Association, the American Film Companies Association, and the American Copyright Office. In April 2013, Anonymous attacked over 100 thousand Israeli websites. The hackers themselves estimated the total damage from the attack at $ 3 billion. The action was a response to the "Cloud Pillar" operation, which took place in November 2012. Also, during the Ukrainian crisis in March, hacktivists heavily attacked the government websites of the Russian Federation and the websites of the Russian media.
In recent years, many people have been convicted of hacking and illegal access to information. Some of these cases are:
- And once again about Mitnick. He was arrested on February 15, 1995 in Rayleigh, North Carolina, after being tracked down by computer expert Tsitomu Shimomura. After Mitnik pleaded guilty on most of the charges brought against him, he was sentenced to 46 real months and three years of probation. In addition, he was ordered to pay many fines. Mitnick was released from prison on January 21, 2000.
- Pierre-Guy Lavoie, a 22-year-old Canadian hacker, was sentenced to 12 months community service and 12 months suspended imprisonment for guessing passwords to get into other people's computers. He was convicted under Canadian law.
- Thomas Michael Whitehead, 38, of Boca Rayton, Florida, became the first person convicted under the US Digital Millennium Copyright Act (DMCA). He was charged with selling devices that could be used to illegally receive broadcasting from the DirecTV satellite system, as part of the Prosecutor General's Office program to counter computer hacking and intellectual property violations.
- Serge Humpich, a 36-year-old engineer, was sentenced to 10 months in prison and ordered to pay a 12,000 franc fine and a token one franc to Groupement des Cartes Bancaires, an organization that services electronic payment cards.
- On July 1, 2003, Oleg Zezev, known as Alex, a citizen of Kazakhstan, was sentenced by a Manhattan federal court to 51 months in prison after being convicted of computer extortion.
- Mateas Kalin, a Romanian hacker, was arrested along with five US citizens on charges of stealing more than USD 10 million from Ingram Micro in Santa Ana, California. Currently (end of 2004) Mateas and his accomplices are awaiting a court decision, which could lead to 90 years in prison.
- On March 27, 2006, British couple Ruth and Michael Haephrati, convicted in Israel for developing and selling a Trojan horse, were sentenced to four and two years in prison, respectively. They were also ordered to pay compensation in the amount of 2 million shekels ($ 428,000). They sold their Trojan horse to private detectives, who used it to gain access to the personal data of their clients' business competitors.
- The infamous British hacker Gary McKinnon is awaiting extradition to the United States for hacking 97 US military and NASA computers in 2002, which one US prosecutor called "the greatest military computer hack of all time." Gary McKinnon's lawyers have filed a series of appeals and (as of this writing in March 2010) continue to challenge extradition proceedings. If he is prosecuted and convicted under American law, the hacker faces up to 70 years in prison.
Government hackers from the FSB and the GRU
The name of the hacker group Fancy Bear is well known among information security specialists, this is how Western colleagues call the supposedly Russian group of government hackers, also known as Sofacy, APT28, Sednit, Pawn Storm and Strontium, and so on.
It is noted that these groups of hackers are involved in hacking government organizations, technology companies, military contractors, energy and manufacturing companies and universities in the United States, Canada, Europe and Asia. In particular, the Cozy Bear group was able to gain unauthorized access to the email systems of the White House, Department of State and the Joint Chiefs of Staff in 2014.
And on September 13, 2016, hackers calling themselves Fancy Bears published on their website a number of documents stolen from the World Anti-Doping Agency (WADA). So, hackers released evidence that during the competition American athletes took illegal drugs, but were still allowed to participate in the Olympics. At the same time, WADA representatives confirmed the fact of hacking their systems and data leakage, saying that they were attacked by hackers from Russia.
