Print Print

Cyber Crime

July 5, 2009 – 9:01 pm by John Giles

Find out about the cyber crimes that exist in South African law and how they affect you or your business.  Our law recognises the criminal threat that exists to cyberspace and as a result cyber crimes were introduced into our law by Chapter XIII of the Electronic Communications and Transactions Act of 2002 (”ECT Act”).   What are these laws, are they effective?  You want to make sure that neither you, nor your staff, fall foul of the laws as they carry stiff penalties.  It is important for you to know how these laws can assist you in taking action against criminals who commit cyber crimes against you and your business’s electronic assets.

Background

john-giles-for-michalsons-006We live in an age where information is power and electronic assets (such as your software, web sites, databases, intranets, accounting records, customer lists and other data) are an integral part of most businesses - indeed they are potentially as valuable as any physical asset and in some cases, far more so.  Any threat to your electronic assets should therefore be taken very seriously.

The incidence of computer related crime seems to be on the rise.  ITWeb recently reported that Cyber-crime takes off.  IOL Technology reported that Online crime is surging in recession.  Computing SA reported that Internet fraud was on the rise in 2008.  In 2007 News24.com reported that there was Huge growth in cyber crime.  And as recently as yesterday, according to wikipedia there were a series of cyber attacks against major government, news media, and finaincial websites in South Korea and the United States.  It even affected one of our service providers.

What increases the potential pool of criminals is that the rationale behind the commission of these crimes is not solely personal gain, but sometimes:

  • disgruntled employees may seek to destroy vital data,
  • hackers may merely want to prove that a web site or server can be hacked, or
  • a terrorist realises that a cyber-attach could cause mass chaos and terror.

There are two aspects to the protection of your electronic assets, namely information security (both physical and logical) and the control of the conduct of third parties.  In this regard:

  1. Information security represents the measures you can take to protect yourself.  The passwords, firewalls and access control measures that you implement are the electronic equivalent to the gates, barbed wire fences and surveillance equipment you use to protect your physical assets.
  2. One way in which the conduct of third parties can be influenced is by the passing of laws which regulate such conduct.  Whilst such laws will not always prevent the undesirable conduct, it will, ideally, limit it and create negative consequences for those caught breaching it.  To a greater or lesser extent this is what the ECT Act, with its cyber crimes, has sought to achieve.

The Cyber Crimes

The ECT act creates the following offences in Chapter XIII:

  1. The unauthorised access or interception of data is a crime.  In our view hacking, cracking and packet sniffing would fall within this category.
  2. The unauthorised interference with data in a way that causes such data to be modified, destroyed or otherwise rendered ineffective is a crime.  The creation and spreading of viruses, Trojan horses and worms would fall within this category.  However, it is important to realise that, in order to be guilty of an offence in terms of the ECT Act, you must have the intent to commit the crime.  So there is no need for anyone to worry (from a criminal perspective anyway) if a virus that you’ve received sends itself to your whole address book.  While you should have had the most recent pattern or update for your anti-virus software, you’re not a criminal because the virus was not intentionally spread.
  3. The unlawful use of devices that are designed to overcome security measures for the protection of data is now a crime and this would include the creation or use of software used for cracking.
  4. The intentional overloading of web servers with the intention of crashing them (denial of service attack) is a crime.  The Distributed Denial of Service (DDoS) attack that started yesterday is a great example. 
    The rest of this article is only available to a registered user with one of the following subscriptions: Trial, Free, Client, Student, Subscriber. To continue reading this article, please either:
    • Subscribe - unlimited access for R495 per month per subscriber. It's quick and easy, and you can unsubscribe at any time. Find out more about the benefits of subscribing. Why you should pay for the content. Subscribe Now.
    • Register - limited access for FREE, and without obligation. It's quick and easy to get greater access instantly. Select "Free Account" under the Subscription Options. [ Register ]
    Already a subscriber or registered? Login on the right or [ Login ]

    Similar:

    • Share/Save/Bookmark

    Tags: ,

You must be logged in to post a comment.

Copyright 2002 - 2010 Lematics. All Rights Reserved. Entries (RSS), Comments (RSS) and XML Sitemap. Designed by Bob