Kazneno djelo računalne prijevare kao oblik zlouporabe računalnih podataka i računalnog sustava

Criminal law tackles computer fraud and misuse

Introduction We turn now to consider the first distinct category of cybercrimes: those offences where a computer is itself the target. Such offences are colloquially referred to as ‘hacking’, and cover a broad range of conduct arising from an equally broad range of motivations. Given the ubiquitous presence of computers in modern life, and the dependency of modern commerce on computer networks, such offences have potentially serious consequences. We are not here concerned with those offences where a computer is physically taken or damaged. Although some surveys include offences such as theft of a computer within the definition of cybercrime, such conduct falls comfortably within the scope of existing property offences. Rather, our focus is on ‘[o]ffences against the confidentiality, integrity and availability of computer data and systems’. In essence, the conduct which these offences seek to address is: 1. the gaining of unauthorised access to a computer or computer system; 2. causing unauthorised damage or impairment to computer data or the operation of a computer or computer system; or 3. the unauthorised interception of computer data. Such conduct ranges from the technically sophisticated to the decidedly low-tech. For example, twenty-one year old Gareth Crosskey convinced Facebook staff to change the password of actress Selena Gomez's account by pretending to be her stepfather. At the other end of the spectrum, high-profile attacks by groups such as ‘Anonymous’ have well and truly brought hacking to the attention of the public and governments. While the sophisticated hacker is a very real threat, some surveys indicate that insiders are often just as likely as outsiders to be the source of cyberattacks. Any criminal law response must be capable of responding to this broad spectrum of offending conduct. The history and phenomenon of ‘hacking’ has been extensively discussed elsewhere. For our purposes it will suffice to provide an outline of the key forms of conduct which potentially fall within this class of offence. At the outset it must be acknowledged that these categories are neither mutually exclusive nor fixed. One of the great challenges of drafting cybercrime laws is ensuring that they can adapt to a broad range of overlapping and constantly evolving threats. Nonetheless, the three main categories of conduct are: 1. unauthorised access to computers or computer systems; 2. malicious software; and 3. DoS attacks.

Data security is concerned with the methods of protection of data in computer and communications systems. In chapter 1, it was shown that security in computer based information systems can be achieved only if there are comprehensive and effective security mechanisms (1) within the computer system, (2) at the user-computer interface and (3) throughout the organisation in which the information system operates. In this chapter, the security mechanisms within the computer system, that is the internal computer controls, are considered. In addition, some of the problems associated with the user-computer interface are discussed because they impinge directly upon data security by undermining internal computer controls that are otherwise perfectly designed.

Today cybercrime and computer terrorism are identified as one of the threats to Ukraine’s national security in the information sphere. Cybersecurity measures include achieving and maintaining security features in the resources of an institution or users, aimed at preventing relevant cyber threats. Cybercrime is a set of criminal offenses committed in cyberspace by computer systems or by using computer networks and other means of access to cyberspace, within computer systems or networks, as well as against computer systems, computer networks and computer data, has been widely developed. The paper considers such terms as «computer crime», «information crime», «crime in the field of computer information», «crimes in the field of information technology». Scientific works of domestic and foreign researchers on the issues of countering cybercrime are analyzed. The connection of the concept of «cybersecurity» with the terms «cybercrime», «computer crime» and «cybercrime» the concepts of «cybercrime» was given. The difference in the interpretation of the concepts «cybersecurity» and «information security» was considered. The definitions of «cybercrime», «computer crime» and «cyber offense» were given for comparison. Their main features were considered. The concept of «computer victimhood» and its components were considered. With the introduction of the institute of criminal offenses in the national criminal law, the terms «cybercrime» and «computer crime» should lose their relevance, as evidenced by the change of title of Chapter XVI of the Criminal Code of Ukraine to «Criminal offenses in the use of electronic computing machines (computers), systems and computer networks and telecommunications networks». Therefore, instead, we can recommend the use of the term «cyber offense», which we propose to understand as «socially dangerous criminal act in cyberspace and/or using it, liability for which is provided by the law of Ukraine on criminal liability and/or which is recognized as a criminal offense by international treaties of Ukraine, and cybercrime is a set of cyber offences». It is clear that this will require the introduction of appropriate terminological changes in the Law of Ukraine «On the Basic Principles of Cyber Security of Ukraine» and other regulations.

Abstract. The prevalence of computer crimes causes different kinds of damage in the society. Some of these crimes result in considerable financial and economic damage to the society. Among these crimes, computer fraud is considered a completely outstanding crime. The purpose of this research is to show the fact that although committing the crime of computer fraud in the setting of computer systems and generally in cyberspace may have various similarities with its traditional form, committing this crime occurs in a different space and context in which traditional fraud is committed. In addition, the special features of this transnational network due to its unlimitedness have created a situation that has made countries limited in enforcing penal laws on the one hand, and in spite of the existence of these limitations in enforcing penal laws, the criminals of this field commit unauthorized acts in relation to the data and information in cyberspace on the other hand that investigating these crimes requires specialized penal legal procedure, because legal procedure in the cyberspace crimes is different from material space. Many of the principles, which are already conducted in the judgments according to the existing traditions, cannot be applicable in cyberspace and definitely require new knowledge.

The monograph analyzes the status of reform of criminal procedure legislation of Ukraine and other Eastern European countries to implement the procedural provisions of the International Convention on Cybercrime in order to determine the procedural powers of pre-trial investigation authorities to collect electronic evidence. The relevance of the research topic is substantiated by statistical data on the rapid growth of the number of criminal offenses, the method of committing which is inextricably linked with the use of computers and computer data processing. The monograph consists a systematic analysis of the procedural powers of pre-trial investigation bodies which are provided for in the Convention on Cybercrime and aimed at increasing the effectiveness of pre-trial investigation bodies in documenting criminal activity, taking into account the specific form of factual data that need to be collected as evidence in these investigations. It is stated that the need to supplement the procedural powers of pre-trial investigation bodies in the investigation of computer crimes is determined by such factors as: technological ability to change, distort, modify and destroy electronic data quickly after using them in computer crimes; technological possibility of placing such electronic data outside the territorial jurisdictions of individual states and outside the location of continents, etc. It has been established that in order to ensure the effectiveness of pre-trial investigations into computer crimes, the powers of the prosecution need to be supplemented by the following procedural possibilities, provided for in the Cybercrime Convention: the possibility for the competent authority to issue an order for the urgent retention of certain computer data, including data on the movement of information stored by the computer system, in particular when there are grounds to believe that such computer data is particularly vulnerable to loss or modification; the obligation of the person who controls the relevant computer data to kept and maintain the integrity of such computer data for a certain period of time which is necessary to obtain permission from the competent authority to disclose such data; the obligation of the person who must keep such computer data on the order of the competent authority, to maintain the confidentiality of the fact of such procedures for a certain period; ensuring the possibility of urgent storage of data on the movement of information, regardless of the number of service providers involved in the transmission of such information; ensuring the possibility of urgent disclosure of information on the movement of information, to the competent authority. Such amount of information is sufficient to identify service providers and the route of the information`s transmission; search and seizure of computer data, etc. A systematic analysis of the criminal procedure legislation of Eastern European countries has shown that Ukraine’s neighbors have also not fully signed and ratified the procedural provisions of the Convention on Cybercrime. Only Hungary, Romania and the Republic of Bulgaria have secured the most effective powers of the analyzed states. In particular, the criminal procedure law of these states provides for such powers of the prosecution as: issuing a warrant for the urgent preservation of certain e-data; the person’s responsibility to maintain the integrity of stored e-data; seizure of data, computer system, part or medium; copying and saving a copy of such e-data; preserving the integrity of stored e-data; extracting e-data from a computer system, etc.

In order to address the specific nature of criminal activities committed using computer networks and systems, the efforts of states to adapt or complement the existing criminal law with purposeful provisions is understandable. To create an appropriate legal framework for supressing cybercrime, except the rules of substantive criminal law predict certain behavior as criminal offenses against the confidentiality, integrity and availability of computer data, computer systems and networks, it is essential that the provisions of the criminal procedure law contain adequate powers of competent authorities for detecting sources of illegal activities, or the collection of data on the committed criminal offense and offender, which can be used as evidence in criminal proceedings, taking into account the specificities of cyber crime and the environment within which the illegal activity is undertaken. Accordingly, the provisions of the criminal procedural law should be designed to be able to overcome certain challenges in discovering and proving high technology crime, and the provisions governing search of computer for discovery of electronic evidence is of special importance.

A computer virus is a computer program or instruction set that can interfere with the normal operation of the computer and cause the computer hardware and software to malfunction and destroy the computer data. With the computer in various fields of social life widely used, computer virus attack and prevention technology is also constantly expanding, to prevent computer viruses are also more and more attention. This paper starts from the basic theory of script virus and the key technology of scripting virus, and realizes a simple script virus, and deeply analyzes the mechanism and principle of script virus. This paper summarizes the development history and development trend of computer virus, briefly introduces the basic knowledge of VBScript, Windows Script Host (WSH) and registry required to realize script virus. This paper focuses on the working principle of the script virus and the main techniques used in each module. Taking the source code of the script virus as an example, it analyzes the function of design idea, infection module, damage module and tag module, and implements the script virus Recursive algorithm for searching disk mechanisms and infection mechanisms.

One primary goal of a computer system and data network security program is to prevent unauthorized access to computer systems and facilities. Another goal, should unauthorized access occur, is to prevent the misuse of, or damage to, computer and network assets. This chapter brings together fundamental security concepts to provide data center managers and data network managers with an overview of the data security function. Computer systems and data networks must be secured against three types of violations: unauthorized access, misuse, and damage. When customers are granted direct access to the organization’s computer systems via the company’s or a third party’s data network, the usual credit checks and business viability verifications need to be performed. The trend is toward much broader access to an organization’s computer systems. Examples are students and staff having direct access to college computer systems, customers and suppliers connecting into companies’ systems, and private citizens accessing government data.

Recently, as computers develop, various kinds of tasks have become to be done by computers. In this situation,the amount of data stored in a computer has been increasing, and it has therefore caused a new problem that necessary data are often missing or lost in a computer. In a sense, this means that the conventional desktop information retrieval technology has reached to the limits and a new desktop information retrieval is required. In this study, we propose a desktop search system that uses correlation between a user's action log, including his/her schedule and Web browsing log, and data in a computer. By using our system, we can find data in a computer based on the memory for our activities.

Due to the development and ubiquity of information technology in everyday life, the number of criminal activities committed using computer systems and networks has also increased. Traces of the crimes committed in connection with the misuse of information technologies are in the form of electronic records - computer data that occur as a result of the actions of the perpetrator or as automatically created and stored in a computer system / network. However, these computer data are subject to change , so it is necessary to adequately ensure their protection. To create an appropriate legal framework to counter these challenges , the rules of criminal procedure law have to determine the appropriate powers of the competent authorities for the purpose of collecting and providing computer data on the committed criminal offense and the offender can be used as electronic evidence in criminal proceedings.

La evolución de la tecnología de la información y la comunicación (TIC) ha propiciado el nacimiento de un contexto criminógeno y, con ello, la incorporación de nuevos tipos penales. Este trabajo se propone analizar los tipos penales regulados en el Código penal argentino que se cometen mediante el uso de TIC. Estos tipos penales son producción, distribución y tenencia de pornografía infantil; ciberacoso sexual de menores; violación de correspondencia digital; acceso ilegítimo a datos o a sistema informático; publicación ilegal o abusiva de comunicación electrónica; revelación de secretos oficiales; acceso ilegítimo, difusión o alteración de datos personales; estafa o fraude informático; daño en datos y sistemas informáticos; interrupción o entorpecimiento de comunicaciones electrónicas; y alteración de medios probatorios

Computer viruses are special programs designed to harm computers and large computer systems by changing the way they work. After defining the term computer virus, author in the paper will analyze the elements of the criminal offense of Creating and Introducing of Computer Viruses from Article 300 of the Criminal Code of the Republic of Serbia (Official Gazette of the Republic of Serbia, No. 85/2005...35/2019). In connection with this criminal offense, the issues of determining the place and time of execution, as well as the detection of perpetrators in cases when it was committed using publicly available computers and computer systems, are particularly interesting. Having in that mind the damage can occur with the use of computer viruses, the paper will present some practical cases, along with practical tips for protection against computer viruses. In a world full of digital threats, criminal law must create new incriminations and improve existing ones, in order to preserve the security of computer systems and data. This process is continuous and leads to a kind of “digitalization” of the criminal law.

Insurance fraud is one of the problems that insurers have been struggling with for years but have not been able to fully overcome. Some frauds are difficult to recognize, and some are difficult to prove. The largest number of cases of abuse of insurance rights are represented by the so-called soft frauds, which in most cases take the form of so- called petty crime. However, their massiveness causes great financial losses to insurers. Serious frauds, when an insured case is deliberately provoked with the intention of obtaining compensation from the insurance company illegally, are increasingly being organized by professional fraudsters. Over time, the civil law protection mechanisms against insurance fraud have been supplemented by criminal law. This has also been done in Serbian law by incriminating the criminal offense of insurance fraud under Article 223a of the Criminal Code. In this paper, we have considered whether Serbian law adequately sanctions insurance fraud committed by insurance beneficiaries, alone or with the help and support of other persons, and which is subject to criminal prosecution. The research has shown that the wording of Art. 223a of the CC is not appropriate and does not satisfy the needs of insurance practice. Although the change in the wording of the criminal offence of insurance fraud in Art. 223a was welcomed in theory, in practice this provision is not applied. It can be concluded that the expected effect was not achieved and that the legal definition of the criminal offence of insurance fraud in Art. 223a of the Criminal Code did not fulfill the purpose for which this offence was introduced. The provision of Art. 223 CC could survive and “come to life” if certain changes were made to the legal definition of this criminal offense, taking into account the solutions from German, Croatian and Slovenian law that we have listed in this paper. Тhe author finally proposes amendments to the legal definition of the criminal offense of insurance fraud under Art. 223a of the Criminal Code.

I define design process is not goods-product process but knowledge-product process. Namely architectural value is added by the accumulation of knowledges, rather than by the accumulation of mere man-power/day. What is a knowledge? First of all, the knowledge must be written in a sentence or sentences. The things in mind is not a knowledge. Those sentences must be understood by a computer system running on a certain computer language, here on Prolog. Understanding by computer means that the computer system can compute and answer by 'yes' or 'no' (or corresponding form to it), if the sentence is input by a certain form, here by logical formula. If the answer is 'no', we have to compliment the first input sentence by adding suitable sentences. Then if the computer succeeds to compute the sentence by answering 'yes', the initial input sentence become a "knowledge". If the computer system stores all of inputs in its data base for the convenience of later referring by someone, namely a user or other computer system, I say the knowledge is externalized. I discussed and descriminated three levels of knowledge, namely 'information level', 'semi-knowledge level', and 'knowledge level' (Chap. 2). 1) Information level '. This means a sentence is not articulated yet and remains as a vague whole. 2) Semi-knowledge level.' This means a sentence (or its logical formula) is articulated but has not been satisfied by a set of elements yet. 3) Knowledge level; This means a sentence (or its logical formula) is to have been satisfied by a set of elements. So it is said in designing the knowledge comes first as a semi-knowledge and becomes a knowledge or remains a semi-knowledge. This is materialised as the condition that the translated logical formula of a natural language sentence includes only variables and no individual constants. In computing the logical formula, an element or pairs of elements are given by a user (designer) or from data base to a variable as instances (or values) which satisfy it. In other words, computing is to make a semi-knowledge a knowledge by giving or generating instances. But note that computing on Prolog, it is allowable for variables to remain variables if they are included in facts on the data base. So the answer 'yes' by Prolog computer system is not necessarily to show all variables are satisfied by some instances. The explication of computing as a recursive function by Kleene is that it has two phases, one is to generate an element as existent and the other is to introduce a symbol to refer to the element, and that these two phases must have the same order. It, as a matter of course, corresponds to computing by Prolog as later shown in Fig. 5 (Chap. 3, 4). Design thinking has a certain correspondence to computing if the design theme is given in a simple or complex logical formula and is sastisfied by being given elements to all parts of logical formula which the designer in-tends to materialize. Therefore the design process can be followed by computing process through the interaction between the designer and the computer. There comes the design results as the accumulation of input data by the designer in the computer's data base. The computing process of a logical formula (5-4) which is shown diagrammatically is Fig. 5, where the bare number is the order of computing and the number with * shows the point where an element is logically introduced in computing. The arrow shows the success of correspondence in a sense, namely matching in Prolog. Fig. 5 is the computing process pattern of a particular sentence and if input sentence is changed, the programme may be changed, but 1 have developed more complex program which can compute most of logical formula, Let us correspond Fig. 5 to the design process. If we draw Fig. 6, this is completely circular and nothing