Book contents
- Frontmatter
- Contents
- Preface
- Acknowledgements
- Table of Legislation
- Table of Cases
- List of abbreviations
- Part I Introduction
- Part II Computer as target
- 2 Computer as target
- 3 Access offences
- 4 Modification or impairment of data
- 5 Misuse of devices
- 6 Interception of data
- Part III Fraud and related offences
- Part IV Content-related offences
- Part V Offences against the person
- Part VI Jurisdiction
- Bibliography
- Index
5 - Misuse of devices
from Part II - Computer as target
Published online by Cambridge University Press: 05 October 2015
- Frontmatter
- Contents
- Preface
- Acknowledgements
- Table of Legislation
- Table of Cases
- List of abbreviations
- Part I Introduction
- Part II Computer as target
- 2 Computer as target
- 3 Access offences
- 4 Modification or impairment of data
- 5 Misuse of devices
- 6 Interception of data
- Part III Fraud and related offences
- Part IV Content-related offences
- Part V Offences against the person
- Part VI Jurisdiction
- Bibliography
- Index
Summary
Introduction
The offences discussed in previous chapters may require a level of technical sophistication to commit. Certainly, gaining unauthorised access to computer systems, or writing malicious code, often requires a level of expertise not possessed by most people. At the other end of the spectrum, all that is required in some cases is access to the relevant password. In either case, the need for a means of access creates an incentive to acquire items which facilitate that process, and may create a black market in passwords and other information that may facilitate computer misuse. For example, various toolkits are readily available in online forums including web-attack toolkits, toolkits for penetration testing and detecting vulnerabilities, and remote access Trojans (RATs) that provide remote access.
While such conduct may be prosecuted under existing offences such as conspiracy to defraud or incitement, there is an arguable need for offences which specifically relate to trafficking in items that facilitate the commission of computer offences. The aim of these inchoate offences is to restrict access to specific items that are used to commit the relevant offences.
Under Art. 6 of the Cybercrime Convention, each party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:
(a)the production, sale, procurement for use, import, distribution or otherwise making available of:
i.a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with … Articles 2 through 5;
ii.a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed,
with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and
(b)the possession of an item referred to in paragraphs (a)(i) or (ii) above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5.
The Convention allows Parties to opt out of these provisions other than in respect of ‘sale, distribution or otherwise making available’. This allows a Party not to criminalise the production or importation of such items, but each Party must criminalise conduct that may potentially release such material into the broader community.
- Type
- Chapter
- Information
- Principles of Cybercrime , pp. 133 - 148Publisher: Cambridge University PressPrint publication year: 2015