Security

Cybercrime

Published on 07 Apr 2022

In this article, we'll be taking a look at a few things that are bound to open your mind to really interesting concepts in cyberlaw. For instance, coming from a technical background, did you know that a computer isn't just defined as something that you use to work on assignments??!! Is your mind blown? I know right!! Then, we'll be taking a look at what exactly do the Criminal Code Laws cover in terms of Computer Crimes. Finally, we'll analyse a real life case study where all these concepts and criminal codes come into play.

The contents in this article may be outdated

This article was made as a part of Cookies.sh – a project that I made in my university days to educate people about topics in Security.

What is a computer?

Unfortunately, the legislation about this was made a while back, back when computers were still chunky boxes and not super powerful. However, considering the advancements we have made, it's safe to assume that a computer can be classified as:

A regular computer
A laptop
A mobile phone (yes... this is considered a computer)
Any device with the ability to connect to the internet

What do the Criminal Law Codes Cover in terms of Computer Crime?

It is important to note here that a Computer Crime here does not mean smashing someone's laptop for instance. There are 3 main categories which constitues a computer crime. These are:

Unauthorised Access

You can think of this category as your classical hacking method. Someone in a dark room on their laptop trying to gain unauthorised access into a company network, or doing some phishing to gain access into someone's machine. Basically, doing something on your computer to gain access to something that you're not supposed to have without explicit approval, consent or knowledge of that person/entity.

Modification

This category covers the alteration or the removal of data. Some examples of these are:

Adding yourself to a list of people who are entitled to a payment.
Adding malware to someone's computer
Making someone's computer into a botnet. If you are unsure of what a botnet is, you might be inclined to check out my post about DDOS here. But essentially, a bot is when you modify someone's computer without authorization with the intention of using its computing power or bandwith to do malicious things. A botnet is a group of these bots (usually a very large number of bots).

You might be wondering, if modification can be a simple act of adding a file to someone's computer, why isn't cookies illegal? That was a question that was floating in my head to but it turns out, cookies are perfectly legal because you are giving consent for them to be added to your computer.

Impairment

The last category here is impairment and this category covers the attempt to impair someone's system without needing to access/modify a system. An of this woiuld be a person performing a DDOS attack on an e-commerce website with the intention of bring down their system and preventing customers from accessing their website. This is considered impairment because we are not technically accessing or modifying the system but is still considered an offence.

Real Life Scenario

Knowing about these 3 categories, we can now start to look at a real life scenario where a person was convicted of a computer crime with multiple charges that combined one or more of these categories.

R v Boden [2002] QCA 164

This is a case of Vitek Boden, a disgruntled engineer who hacked into the Queensland sewage system, altering electronic data in respect of sewerage pumping stations and causing raw sewerage to be discharged into local waterways.

You can read more about this fascinating case here but I'll delve more into the offences, charges and how it relates to the 3 categories we've just learnt.

Offences

26 counts using restricted computer without consent of controller thereby intending to cause detriment or damage (5 overturned). This is considered an unautorised access because he is accessing the system via their computer without consent.
1 count of using restricted computer without consent of controller intending to cause detriment or damage and causing detriment greater than $5K. Again, this is unauthorised access.
1 count of wilfully and unlawfully causing serious environmental harm. This isn't really a cybercrime, more so an environmental offence.
1 count of stealing a two-way radio
1 count of stealing a PDS Compact 500 computer

Reflection

Reseaching this was honestly an eye-opener as there were many things about cyberlaw that I did not realise. Coming from a technical background, I never considered the implications of a simple hack. However, by listening to the amazing Lyria's podcast, it really opened my mind up to the more legal side of things which I am grateful for.

References

https://www.openlearning.com/unswcyber/courses/security-engineering-22t1/law/podcast/ep7/?cl=1
https://www.queenslandjudgments.com.au/caselaw/qca/2002/164