Answer the question
In order to leave comments, you need to log in
Are the actions of an attacker who has gained access to scripts illegal, and can they be criminally punishable?
Work was carried out on the server, apparently sys. the admin violated the work of PHP, as a result of which it became possible to view the contents of the files.
Using includeds, the attacker reached the configuration file, saw all the data for connecting to the database there, and used them.
After that, he locally connected to the database, and deleted all tables with their contents ...
Ie . no hacking programs were used, this is tantamount to giving car keys to a passerby, and then being surprised that the car was stolen, it’s not logical.
On the server, it’s generally visible, I don’t know anything about server security, all ports are standard, remote connection is allowed, there is no firewall as such, well, etc.
So the question is, are the actions of the attacker considered unlawful, and can they be criminally punishable?
After all, in fact, the data for connection, sys. the administrator himself gave the attacker.
Answer the question
In order to leave comments, you need to log in
Definitely YES, the interpretation can be such that the negligent or incompetent actions of an employee led to the availability of valuable or commercial information, for intruders - who, taking advantage of this circumstance, committed (here the definition of hooligan is suitable) actions with this and that that caused damage to that and that to that what caused this and that, and caused damage in the amount of ......... which is confirmed by such and such documents.
In principle, here, with a competent approach, it is possible to incriminate the Criminal Code of the Russian Federation, Art. 272 part 1. (illegal access to the computer. inf.) 167 part 1. (Deliberate destruction or damage to property) and + you can try Art. 213 hooliganism and 214 vandalism, again with a competent approach with the study of all the details. And if you work hard and raise the Code of Administrative Offenses and add lost profits, costs, etc. it can turn out beautifully,
I also note that the actions of an employee can be qualified as negligent, in connection with preventive work. I won't ask which side you represent on this issue. But there are loopholes in the laws for the attacker.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question