CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Computer Hacks

Illegal access to a system

Illegally accessing a system involves intentionally and fraudulently entering and remaining in an automated data processing or transmission system, for example:

  1. by using a computer directly (for example, after infiltrating the premises of a company);
  2. remotely, by infiltrating a closed network or taking control of a machine located in such a network. Such criminal behaviour includes employees using computers provided by their employer to access confidential data unrelated to their duties or to commit offences (for example, using company resources to direct an attack against third parties).

Article 509-1 of the Criminal Code: “Anyone who fraudulently accesses or remains in all or part of an automated data processing or transmission system shall be punished by imprisonment of two months to two years and a fine of 500 to 25,000 euros or one of these two penalties”.

Editing or deleting data

Editing or deleting data when hacking a system is an aggravating factor. The minimum penalties incurred are therefore even more severe. These include for example:

  1. computer vandalism, i.e. accessing a system to destroy data; or
  2. students who illegally access their school or university server and change their grades or those of their classmates.

Entering or changing data on a system or changing the way it is processed or transmitted without actually unlawfully accessing the system is also a criminal offence. *Article 509-3 of the Criminal Code:

  • For editing or deleting data during illegal access to a system: “When […] [the illegal access to the system] results in the deletion or modification of the data held in the system, or a change in the way this system functions, the imprisonment shall be from four months to two years and the fine from 1,250 to 25,000 euros” (Article 509-1 (2) of the Criminal Code).
  • For editing or deleting data not involving illegal access to a system: “Anyone who, intentionally and in violation of the rights of others, directly or indirectly, enters data into an automated processing or transmission system or has deleted or changed the data held therein or their processing or transmission methods, shall be punished by imprisonment from three months to three years and a fine of 1,250 to 12,500 euros or one of these two penalties.”

Interference with the operation of a system

Interference with the operation of a system is also a criminal offence. These include for example:

  1. blocking a system using a denial of service attack;
  2. changing how the system operates, to the detriment of performance and results, etc. (e.g. by deliberately and knowingly putting a virus onto the system); or
  3. damaging or destroying a system (hardware and/or software).

Article 509-2 of the Criminal Code: “Anyone who intentionally and in violation of the rights of others interferes with or damages the operation of an automated data processing or transmission system shall be punished by imprisonment of three months to three years and a fine of 1,250 to 12, 500 euros or one of these two penalties”.

Attempt

A successful attack is not the only condition for criminal penalties. Merely attempting to commit the above offences, even if the attempt is successful, is punishable. Script-kiddies and other novice hackers are therefore liable for the same penalties as professional hackers. Article 509-6 of the Criminal Code: “Attempts to perpetrate the crimes provided for by articles 509-1 to 509-5 are punished by the same penalties as the crimes themselves”.

Computer criminal groups

Joining forces or agreeing to commit any of the above offences is also punishable, regardless of whether an attack ultimately took place or not. This applies, for example, to those who share resources to perpetrate hacks (computers, network access or even software, scripts or information to carry out a hack) and plan concerted attacks on third parties. Article 509-7 of the Criminal Code: “Anyone participating in an association or in an agreement established for the preparation, realised in one or more material acts, of one or more offences provided for in Articles 509-1 to 509-5, shall be punished by the penalties provided for the offence itself or for the most severely punished offence.”

Find out more

Filing a complaint

Table of Contents