Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
fenric2014-01-19 07:54:21
Law in IT
fenric, 2014-01-19 07:54:21

Are the actions of an attacker who has gained access to scripts illegal, and can they be criminally punishable?

Work was carried out on the server, apparently sys. the admin violated the work of PHP, as a result of which it became possible to view the contents of the files.
Using includeds, the attacker reached the configuration file, saw all the data for connecting to the database there, and used them.
After that, he locally connected to the database, and deleted all tables with their contents ...
Ie . no hacking programs were used, this is tantamount to giving car keys to a passerby, and then being surprised that the car was stolen, it’s not logical.
On the server, it’s generally visible, I don’t know anything about server security, all ports are standard, remote connection is allowed, there is no firewall as such, well, etc.
So the question is, are the actions of the attacker considered unlawful, and can they be criminally punishable?
After all, in fact, the data for connection, sys. the administrator himself gave the attacker.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
Oleg, 2014-01-19
@makol

Definitely YES, the interpretation can be such that the negligent or incompetent actions of an employee led to the availability of valuable or commercial information, for intruders - who, taking advantage of this circumstance, committed (here the definition of hooligan is suitable) actions with this and that that caused damage to that and that to that what caused this and that, and caused damage in the amount of ......... which is confirmed by such and such documents.
In principle, here, with a competent approach, it is possible to incriminate the Criminal Code of the Russian Federation, Art. 272 part 1. (illegal access to the computer. inf.) 167 part 1. (Deliberate destruction or damage to property) and + you can try Art. 213 hooliganism and 214 vandalism, again with a competent approach with the study of all the details. And if you work hard and raise the Code of Administrative Offenses and add lost profits, costs, etc. it can turn out beautifully,
I also note that the actions of an employee can be qualified as negligent, in connection with preventive work. I won't ask which side you represent on this issue. But there are loopholes in the laws for the attacker.

Similar questions
C
cmohammedmedkeveo2018-02-04 06:49:10
How long can you not bother with sales on the site without registering a legal entity? 9Reply
M
mitaichik2021-06-10 18:00:25
What will be the disclosure of the fact of vulnerability on the state resource? 2Reply
S
sshz2011-04-10 11:37:40
Contract for remote workers 7Reply
M
mikhanoid2011-04-22 11:36:08
To the question of ethics in IT: where to apply for site censorship? 6Reply
M
m172011-04-23 23:47:06
Is it legal in Russia to rip a CD to listen to on an mp3 player? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question