Questions about this topic? Sign up to ask in the talk tab.

Cyberlaw

From NetSec
Revision as of 21:15, 27 November 2011 by DPYJulietowbaijc (Talk | contribs) (Definititons of Cybercrime as per the Budapest Convention)

Jump to: navigation, search
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.


Australian Cyberlaw

Acts Applying to Cybercrime in Australia

  • Crimes Act 1914
  • Australian Security Intelligence Organisation Act 1979
  • Telecommunications (Interception) Act 1979
  • Criminal Code Act 1995
  • Education Services for Overseas Students Act 2000
  • Cybercrime Act 2001

Cybercrime Act 2001 Offences

These are the main federal offences in Australia, state laws can and are usually applicable to cybercrime as well but are not mentioned here due to the diversity.

Division 477—Serious computer offences

  • 477.1 Unauthorised access, modification or impairment with intent to commit a serious offence
  • 477.2 Unauthorised modification of data to cause impairment
  • 477.3 Unauthorised impairment of electronic communication

Division 478—Other computer offences

  • 478.1 Unauthorised access to, or modification of, restricted data
  • 478.2 Unauthorised impairment of data held on a computer disk etc.
  • 478.3 Possession or control of data with intent to commit a computer offence
  • 478.4 Producing, supplying or obtaining data with intent to commit a computer offence

Case Study: First Cybercrime Conviction in Australia

There were no laws prior to the late 1980’s in Australia regarding cybercrime. For this reason, Australian hackers were quite prevalent as all and any actions on computers and between networks. Nahshon Even-Chaim born in May 1971 went by the nickname Phoenix. He was actively involved in computer network intrusion and unauthorized modification of files to maintain access. Near the end of 1987, Even-Chaim begun breaking into US networks used for energy and nuclear research. Once the US authorities were alerted of this, there was huge political pressure for Australia to have laws regarding cybercrime.

Responding to that pressure, in June 1988, the Australian government enacted the first computer crime laws. Thanks to the new computer crime legislation, the Australian Federal Police obtained a warrant in January 1990 to wiretap the suspects’ phone conversations as well as all data going in and out of his computer. These lasted 8 and 6 weeks respectively, with the AFP extracting and analyzing all data. This was the first time in the world a remote data intercept had been used to gain evidence to prosecute computer crime.

On 6 October 1993, Even-Chaim, had negotiated a deal to plead guilty for his charges to be dropped from 48 to 15. He was then sentenced to 500 hours of community service, with a 12 month suspended jail term.

European Cyberlaw

The Budapest Convention on Cybercrime is the first international convention relating to cybercrime, intended to improved cooperation and methodology between nations. As an international treaty, it is signed and ratified by many countries in and out of the European Union. You can find a detailed list of countries currently participating here. The laws only apply if the government of a country has ratified the treaty.

Definititons of Cybercrime as per the Budapest Convention

  • Any form of intentional illegal access (e.g. bruteforcing some pw to gain ssh access to a box) is prohibited. the ratifying party may require that the offence must be committed with dishonest intent and/or through an outside source (via networking).
  • Any form of intentional illegal interception (e.g. packet sniffing) is prohibited. again: the ratifying party may require that the offence must be committed with dishonest intent and/or through an outside source (via networking).
  • The intentional alteration of data (e.g. deleting files from a box that's not yours, alteration of newsarticles on public websites etc.) without right is prohibited. the ratifying party may require that the offence results in serious harm.
  • Any form of system interference (e.g. replacing cat with rm, installing a malicious virus on a system thats not yours, probably even DoS etc.) is prohibited.
    • Interference is defined as: inputting, transmitting, damaging, deleting, deteriorating, alteration or suppression of computer data without right.
  • The intentional production, sale, procurement for use, import, distribution or otherwise making available of:
    • devices (incl. computer programs) designed for the purpose of committing any of the offences mentioned previously.
    • a password/access code with intent that it be used for the purpose of committing any of above mentioned offences is prohibited.
  • The possession of an item referred to in the previous point with intent that it be used for said purposes is prohibited.
Notice: The possession of items that are designed for committing the offences detailed do not include any rightful performed penetration tests or tools used for such.