SlideShare a Scribd company logo

Cyber Risk Conference, Ljubljana, November 2015

Download as PPTX, PDF
Dejan Jasnič
Dejan Jasnič

Caught With Hands in E-marmelade

Law
1 of 13
CAUGHT WITH HANDS IN E-MARMELADE mag. Dejan Jasnič, LL.M. 19th November, 2015Cyber risk conference, Ljubljana 1
Iserdo…sounds familiar? (AP)WASHINGTON - International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday. A 23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia, after a lengthy investigation by Slovenian Criminal Police there along with FBI and Spanish authorities. 19th November, 2015Cyber risk conference, Ljubljana 2
In 2013 the UK Cabinet Officehas estimatedthat the cost of cyber crime to the economyis £27bn annually Since the first cyberpolicy was written in the late 1990s, insurers have been unwilling to provide coverage for all losses. Most firms are reluctant to offer policies for property damage resulting from hacking because there’s almost no data available to determine costs. To quantify potential property damage from a cyber-attack, Lloyd’s of London and Cambridge University modelled a scenario that blacked out parts of the north-eastern U.S. for several weeks. The study. found $1 trillion in property damage, higher death rates and crippled infrastructure. S&P Report, June 2014: Target Corp.’s policy covered about $90 million, which left the retailer with $162 million of uninsured legal, business-interruption and network-restoration costs from a 2013 breach. 19th November, 2015Cyber risk conference, Ljubljana 3
Violation of Secrecyof Means of Communication may be committed only during transmission 139. člen … (2) Z denarno kaznijo ali zaporom do enega leta se kaznuje: … 2) kdor se z uporabo tehničnih sredstev neupravičeno seznani s sporočilom, ki se prenaša po telefonu ali s kakšnim drugim elektronskim komunikacijskim sredstvom; … (3) Enako kot v prejšnjem odstavku se kaznuje, kdor s katerim od dejanj, ki so navedena v prvem in drugem odstavku tega člena, omogoči drugemu, da se neposredno seznani z vsebino sporočila ali pošiljke. … (5) Če stori dejanje iz prejšnjih odstavkov tega člena uradna oseba z zlorabo uradnega položaja ali uradnih pravic, poštni ali drug delavec, ki mu je zaupano prevzemanje, prenos ali predaja tujih pisem, tujih brzojavk ali kakšnih drugih pisanj ali pošiljk, se kaznuje z zaporom od treh mesecev do petih let. (6) Pregon za dejanja iz prvega do četrtega odstavka tega člena se začne na predlog. Article 139 … (2) The following shall be punished by a fine or by imprisonment for not more than one year: … 2) whoever, by use of technical instruments, learns of the content of a message transmitted by telephone or any other means of electronic telecommunication; … (3) Whoever, by committing any of the offences under paragraphs 1 and 2 of this Article, allows a third person to be informed of the content of a consignment or message shall be punished in accordance with the preceding paragraph. … (5) lf any of offences under the above paragraphs of this Article have been committed by an official through the abuse of office or official authority, or by a postal worker or other official authorised to accept, transport or deliver letters, telegrams or other pieces of writing or consignments, he shall be sentenced to imprisonment for not less than three months and not more than five years. (6) The prosecution of the offences under paragraphs 1 to 4 of this Article shall be initiated upon a complaint. 19th November, 2015Cyber risk conference, Ljubljana 4
The intention of hacking does not have to be in gaining proceeds Zloraba osebnih podatkov 143. člen … (2) Enako se kaznuje, kdor vdre ali nepooblaščeno vstopi v računalniško vodeno zbirko podatkov z namenom, da bi sebi ali komu drugemu pridobil kakšen osebni podatek. (3) Kdor na svetovnem medmrežju ali drugače javno objavi ali omogoči drugemu objavo osebnih podatkov žrtev kaznivih dejanj, žrtev kršitev pravic ali svoboščin, zaščitenih prič, ki se nahajajo v sodnih spisih sodnih postopkov, kjer po zakonu ali po odločitvi sodišča ni dovoljena prisotnost javnosti ali identifikacija žrtev ali zaščitenih prič ter osebnih zapisov o njih v zvezi s sodnim postopkom, na podlagi katerih se te osebe lahko določi ali so določljive, se kaznuje z zaporom do treh let. (4) Kdor prevzame identiteto druge osebe ali z obdelavo njenih osebnih podatkov izkorišča njene pravice, si na njen račun pridobiva premoženjsko ali nepremoženjsko korist ali prizadene njeno osebno dostojanstvo, se kaznuje z zaporom od treh mesecev do treh let. … (6) Če stori dejanje iz prejšnjih odstavkov tega člena uradna oseba z zlorabo uradnega položaja ali uradnih pravic, se kaznuje z zaporom do petih let. (7) Pregon iz četrtega odstavka tega člena se začne na predlog. Abuse of Personal Data Article 143 … (2) Whoever breaks or enters into a computer or database without authorization in order to acquire personal data for his or a third person's use shall be punished in accordance with the preceding paragraph. (3) Whoever publishes on the World Wide Web or otherwise or enables another person to publish personal data of victims of criminal offences, victims of violation of rights and liberties, protected witnesses, which are contained in judicial records of court proceedings, in which the presence of the public or witness identification or protected witnesses and personal records thereof related to the court proceeding was not allowed according to the law or court decision, on the basis of which these persons may be identified or are identifiable, shall be sentenced to imprisonment for not more than three years. (4) Whoever assumes the identity of another person and under its name exploits their rights, gains property benefits or damages their personal dignity shall be sentenced to imprisonment between three months and three years. … (6) If any offence from the preceding paragraphs of this Article is committed by an official through the abuse of office or official authority, such an official shall be sentenced to imprisonment for not more than five years. (7) The prosecution under paragraph 4 of this Article shall be initiated upon a complaint. 19th November, 2015Cyber risk conference, Ljubljana 5
Hacking just for fun is illegal, as well Napad na informacijski sistem 221. člen (1) Kdor neupravičeno vstopi ali vdre v informacijski sistem ali kdor neupravičeno prestreže podatek ob nejavnem prenosu v informacijski sistem ali iz njega, se kaznuje z zaporom do enega leta. (2) Kdor podatke v informacijskem sistemu neupravičeno uporabi, spremeni, preslika, prenaša, uniči ali v informacijski sistem neupravičeno vnese kakšen podatek, ovira prenos podatkov ali delovanje informacijskega sistema, se kaznuje za zaporom do dveh let. (3) Poskus dejanja iz prejšnjega odstavka je kazniv. (4) Če je z dejanjem iz drugega odstavka tega člena povzročena velika škoda, se storilec kaznuje z zaporom od treh mesecev do petih let. Attack on Information Systems Article 221 (1) Whoever enters without authorization or breaks into an information system, or illegally intercepts data during a non-public transmission into or from the information system, shall be sentenced to imprisonment for not more than one year. (2) Whoever makes an illegal use of data in an information system, or changes, copies, transmits, destroys, or illegally imports data in an information system, or obstructs data transmission or information system operation, shall be sentenced to imprisonment for not more than two years. (3) Any attempt to commit such an offence referred to in the preceding paragraph shall be punishable. (3) If the damages incurred by the committing of the offence under paragraph 2 of this Article are considerable, the perpetrator shall be sentenced to imprisonment for not less than three months and not more than five years. 19th November, 2015Cyber risk conference, Ljubljana 6
Breaking into Business IS is a typical act of corporate espionage Zloraba informacijskega sistema 237. člen (1) Kdor pri gospodarskem poslovanju neupravičeno vstopi ali vdre v informacijski sistem ali ga neupravičeno uporablja tako, da uporabi, spremeni, preslika, prenaša, uniči ali v informacijski sistem vnese kakšen podatek, ovira prenos podatkov ali delovanje informacijskega sistema ali neupravičeno prestreže podatek ob nejavnem prenosu v informacijski sistem, da bi sebi ali komu drugemu pridobil protipravno premoženjsko korist ali drugemu povzročil premoženjsko škodo, se kaznuje z zaporom do treh let. (2) Če je bila z dejanjem iz prejšnjega odstavka pridobljena velika premoženjska korist ali povzročena velika premoženjska škoda in je storilec hotel sebi ali komu drugemu pridobiti tako premoženjsko korist ali drugemu povzročiti tako premoženjsko škodo, se kaznuje z zaporom do petih let. Breaking into Business Information Systems Article 237 (1) Whoever, in the performance of business operations, enters without authorization or breaks into an information system, or makes an illegal use of data by using, altering, copying, transmitting, destroying or entering into an information system any data, or obstructs data transmission or information system operation, or illegally intercepts data during a non-public transmission into the information system, in order either to procure an unlawful property proceeds for himself or a third person or to cause damage to the property of another, shall be sentenced to imprisonment for not more than three years. (2) If the offence under the above paragraph has resulted in a large property benefit or a large loss of property and if the perpetrator intended to cause such loss of property or to gain such property benefit, he shall be sentenced to imprisonment for not more than five years. 19th November, 2015Cyber risk conference, Ljubljana 7
“Asopposedtoarrestingtheguywhobrokeintoyourhome,we've arrestedtheguythatgavehimthecrowbar,themapandthebest housesintheneighbourhood”(cit.fromtheIserdocase) Izdelovanje in pridobivanje orožja in pripomočkov, namenjenih za kaznivo dejanje 306. člen … (3) Enako kot v prejšnjem odstavku se kaznuje, kdor z namenom storitve kaznivega dejanja poseduje, izdeluje, prodaja, daje v uporabo, uvaža, izvaža ali kako drugače zagotavlja pripomočke za vdor ali neupravičen vstop v informacijski sistem. Manufacture and Acquisition of Weapons and Instruments Intended for Committing a Criminal Offence Article 306 … (3) The punishment under the above paragraph shall be imposed on whoever possesses, manufactures, sales, puts to use, imports, exports, or makes available in any other manner, with the intention of committing a criminal offence, instruments intended for the breaking or unauthorized entry into an information system. 19th November, 2015Cyber risk conference, Ljubljana 8
Krollfoundthat75percentofrespondentswerevulnerableto hacking,with68percentreportingthattheyinvestinITsecurity 19th November, 2015Cyber risk conference, Ljubljana 9 Source: Cyber-Ark 48 percent believe poor employee security habits are to blame for data breaches, while 29 percent believe attacker sophistication is to blame for breaches
Companies are most often overconfident 19th November, 2015Cyber risk conference, Ljubljana 10
Exposure to internal hacking may be greater than one would expect 19th November, 2015Cyber risk conference, Ljubljana 11 Which data would you take with you from the company?
These risks should be relatively easy to manage. Is this so in practice? 19th November, 2015Cyber risk conference, Ljubljana 12 What media would you use?
THANK YOU FOR YOUR ATTENTION dejan.jasnic@abctransparency.com +41 805 3278 +386 41 327 864 19th November, 2015Cyber risk conference, Ljubljana 13

Recommended

False claims act lawyer
False claims act lawyerFalse claims act lawyer
False claims act lawyer
warrenbensonlawfirm
 
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
OWASP Delhi
 
Va code ann 19.2 56
Va code ann 19.2 56Va code ann 19.2 56
Va code ann 19.2 56
Chuck Thompson
 
Poa 9 poa and ipc sections
Poa 9 poa and ipc sectionsPoa 9 poa and ipc sections
Poa 9 poa and ipc sections
hrf chennai
 
Indian cyber law
Indian cyber lawIndian cyber law
Indian cyber law
Shreedhar Kalwad
 
Stevenson, M - NBCA Writing Sample
Stevenson, M - NBCA Writing SampleStevenson, M - NBCA Writing Sample
Stevenson, M - NBCA Writing Sample
MavEryck Stevenson
 
Law Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer SecurityLaw Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer Security
- Mark - Fullbright
 
cyber law
cyber law cyber law
cyber law
Rubina Shaikh
 

Recommended

False claims act lawyer
False claims act lawyerFalse claims act lawyer
False claims act lawyer
warrenbensonlawfirm
 
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
Cyber Crime & Law by Neeraj Aarora - Advocate-on-Record, Supreme Court,CISSP,...
OWASP Delhi
 
Va code ann 19.2 56
Va code ann 19.2 56Va code ann 19.2 56
Va code ann 19.2 56
Chuck Thompson
 
Poa 9 poa and ipc sections
Poa 9 poa and ipc sectionsPoa 9 poa and ipc sections
Poa 9 poa and ipc sections
hrf chennai
 
Indian cyber law
Indian cyber lawIndian cyber law
Indian cyber law
Shreedhar Kalwad
 
Stevenson, M - NBCA Writing Sample
Stevenson, M - NBCA Writing SampleStevenson, M - NBCA Writing Sample
Stevenson, M - NBCA Writing Sample
MavEryck Stevenson
 
Law Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer SecurityLaw Enforcement Provisions Related to Computer Security
Law Enforcement Provisions Related to Computer Security
- Mark - Fullbright
 
cyber law
cyber law cyber law
cyber law
Rubina Shaikh
 
Anti-terrorism law
Anti-terrorism lawAnti-terrorism law
Anti-terrorism law
Amado C. Tancioco III
 
POA 6 POA and IPC sections
POA 6 POA and IPC sectionsPOA 6 POA and IPC sections
POA 6 POA and IPC sections
OpenSpace
 
Goondas act ppt
Goondas act pptGoondas act ppt
Goondas act ppt
Giridhar Sai
 
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhi
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhiDemocratic practice, privacy and fo e in nepal by shreedeep rayamajhi
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhi
Shreedeep Rayamajhi
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
Rubina Shaikh
 
KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211
Eric Mountain
 
Understanding California's whistle blower protections for HIPAA Security
Understanding California's whistle blower protections for HIPAA SecurityUnderstanding California's whistle blower protections for HIPAA Security
Understanding California's whistle blower protections for HIPAA Security
David Sweigert
 
Busines Ssearch Ltd
Busines Ssearch LtdBusines Ssearch Ltd
Busines Ssearch Ltd
businessearchltd
 
Cyber laws of US
Cyber laws of USCyber laws of US
Cyber laws of US
Akshay Jaryal
 
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
Om Prakash Poddar
 
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
authors boards
 
Cyber law
Cyber lawCyber law
Cyber law
Farheen Sultana
 
2015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo136962015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo13696
RepentSinner
 
Notification inquiry-commission-397345
Notification inquiry-commission-397345Notification inquiry-commission-397345
Notification inquiry-commission-397345
ZahidManiyar
 
information related crime in asu
information related crime in asuinformation related crime in asu
information related crime in asu
yihunie ayalew
 
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hackLife is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
Anna Manley
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
gsmonga
 
Chapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement toolsChapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement tools
MarkDennielMontiano
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law. Important section of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law.
KOMALMALLIK
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000
PrakharPrasoon
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
Rajshekar786
 
Shilpa
ShilpaShilpa
Shilpa
Shilpa Nayak
 

More Related Content

What's hot

KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211
Eric Mountain
 
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
authors boards
 
2015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo136962015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo13696
RepentSinner
 

What's hot (14)

Anti-terrorism law
Anti-terrorism lawAnti-terrorism law
Anti-terrorism law
 
POA 6 POA and IPC sections
POA 6 POA and IPC sectionsPOA 6 POA and IPC sections
POA 6 POA and IPC sections
 
Goondas act ppt
Goondas act pptGoondas act ppt
Goondas act ppt
 
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhi
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhiDemocratic practice, privacy and fo e in nepal by shreedeep rayamajhi
Democratic practice, privacy and fo e in nepal by shreedeep rayamajhi
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211KGBMD MrMt Confidentiality 8pg 101211
KGBMD MrMt Confidentiality 8pg 101211
 
Understanding California's whistle blower protections for HIPAA Security
Understanding California's whistle blower protections for HIPAA SecurityUnderstanding California's whistle blower protections for HIPAA Security
Understanding California's whistle blower protections for HIPAA Security
 
Busines Ssearch Ltd
Busines Ssearch LtdBusines Ssearch Ltd
Busines Ssearch Ltd
 
Cyber laws of US
Cyber laws of USCyber laws of US
Cyber laws of US
 
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
Second Appeal against CIC New Delhi for Non-Implementation of Section 7(1) of...
 
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
REPUBLIC OF LITHUANIA LAW ON THE APPROVAL AND ENTRY INTO FORCE OF THE CRIMINA...
 
Cyber law
Cyber lawCyber law
Cyber law
 
2015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo136962015 amendments to the manual for courts martial eo13696
2015 amendments to the manual for courts martial eo13696
 
Notification inquiry-commission-397345
Notification inquiry-commission-397345Notification inquiry-commission-397345
Notification inquiry-commission-397345
 

Similar to Cyber Risk Conference, Ljubljana, November 2015

Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
gsmonga
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
Rajshekar786
 
Prashant and team cyber law
Prashant and team cyber lawPrashant and team cyber law
Prashant and team cyber law
Prashant Angadi
 
Cyber Crime Laws in Pakistan regarding electronic and social media
Cyber Crime Laws in Pakistan regarding electronic and social mediaCyber Crime Laws in Pakistan regarding electronic and social media
Cyber Crime Laws in Pakistan regarding electronic and social media
akashsaqi444
 

Similar to Cyber Risk Conference, Ljubljana, November 2015 (20)

information related crime in asu
information related crime in asuinformation related crime in asu
information related crime in asu
 
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hackLife is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
Life is Short... Sue Everyone: Legal Perspectives on the Ashley Madison hack
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
 
Chapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement toolsChapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement tools
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law. Important section of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law.
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
 
Shilpa
ShilpaShilpa
Shilpa
 
Cyber Laws in Pakistan
Cyber Laws in PakistanCyber Laws in Pakistan
Cyber Laws in Pakistan
 
Vipul pdf
Vipul pdfVipul pdf
Vipul pdf
 
Cyber laws uk
Cyber laws ukCyber laws uk
Cyber laws uk
 
Cyber law
Cyber law Cyber law
Cyber law
 
Cyber law01
Cyber law01Cyber law01
Cyber law01
 
Computer Crimes and Data Protection
Computer Crimes and Data ProtectionComputer Crimes and Data Protection
Computer Crimes and Data Protection
 
Prashant and team cyber law
Prashant and team cyber lawPrashant and team cyber law
Prashant and team cyber law
 
Prashant and team cyber law
Prashant and team cyber lawPrashant and team cyber law
Prashant and team cyber law
 
Cyber laws and sections according to IT Act 2000
Cyber laws and sections according to IT Act 2000Cyber laws and sections according to IT Act 2000
Cyber laws and sections according to IT Act 2000
 
Muz cyber law assignment
Muz cyber law assignmentMuz cyber law assignment
Muz cyber law assignment
 
Saudi Arabia's Anti-Cyber Crime Law
Saudi Arabia's Anti-Cyber Crime LawSaudi Arabia's Anti-Cyber Crime Law
Saudi Arabia's Anti-Cyber Crime Law
 
Cyber Crime Laws in Pakistan regarding electronic and social media
Cyber Crime Laws in Pakistan regarding electronic and social mediaCyber Crime Laws in Pakistan regarding electronic and social media
Cyber Crime Laws in Pakistan regarding electronic and social media
 

Recently uploaded

一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
F La
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
ZurliaSoop
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard Program
Colington Consulting
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
F La
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
mefyqyn
 

Recently uploaded (20)

Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law Students
 
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.pptOVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdfposts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
Comprehensive Guide on Drafting Directors' Report and its ROC Compliances und...
Comprehensive Guide on Drafting Directors' Report and its ROC Compliances und...Comprehensive Guide on Drafting Directors' Report and its ROC Compliances und...
Comprehensive Guide on Drafting Directors' Report and its ROC Compliances und...
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in Greece
 
Petitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docxPetitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docx
 
Mischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutesMischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutes
 
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard Program
 
Dematerialisation of securities of private companies
Dematerialisation of securities of private companiesDematerialisation of securities of private companies
Dematerialisation of securities of private companies
 
Jim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docxJim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docx
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
 

Cyber Risk Conference, Ljubljana, November 2015

  • 1. CAUGHT WITH HANDS IN E-MARMELADE mag. Dejan Jasnič, LL.M. 19th November, 2015Cyber risk conference, Ljubljana 1
  • 2. Iserdo…sounds familiar? (AP)WASHINGTON - International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday. A 23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia, after a lengthy investigation by Slovenian Criminal Police there along with FBI and Spanish authorities. 19th November, 2015Cyber risk conference, Ljubljana 2
  • 3. In 2013 the UK Cabinet Officehas estimatedthat the cost of cyber crime to the economyis £27bn annually Since the first cyberpolicy was written in the late 1990s, insurers have been unwilling to provide coverage for all losses. Most firms are reluctant to offer policies for property damage resulting from hacking because there’s almost no data available to determine costs. To quantify potential property damage from a cyber-attack, Lloyd’s of London and Cambridge University modelled a scenario that blacked out parts of the north-eastern U.S. for several weeks. The study. found $1 trillion in property damage, higher death rates and crippled infrastructure. S&P Report, June 2014: Target Corp.’s policy covered about $90 million, which left the retailer with $162 million of uninsured legal, business-interruption and network-restoration costs from a 2013 breach. 19th November, 2015Cyber risk conference, Ljubljana 3
  • 4. Violation of Secrecyof Means of Communication may be committed only during transmission 139. člen … (2) Z denarno kaznijo ali zaporom do enega leta se kaznuje: … 2) kdor se z uporabo tehničnih sredstev neupravičeno seznani s sporočilom, ki se prenaša po telefonu ali s kakšnim drugim elektronskim komunikacijskim sredstvom; … (3) Enako kot v prejšnjem odstavku se kaznuje, kdor s katerim od dejanj, ki so navedena v prvem in drugem odstavku tega člena, omogoči drugemu, da se neposredno seznani z vsebino sporočila ali pošiljke. … (5) Če stori dejanje iz prejšnjih odstavkov tega člena uradna oseba z zlorabo uradnega položaja ali uradnih pravic, poštni ali drug delavec, ki mu je zaupano prevzemanje, prenos ali predaja tujih pisem, tujih brzojavk ali kakšnih drugih pisanj ali pošiljk, se kaznuje z zaporom od treh mesecev do petih let. (6) Pregon za dejanja iz prvega do četrtega odstavka tega člena se začne na predlog. Article 139 … (2) The following shall be punished by a fine or by imprisonment for not more than one year: … 2) whoever, by use of technical instruments, learns of the content of a message transmitted by telephone or any other means of electronic telecommunication; … (3) Whoever, by committing any of the offences under paragraphs 1 and 2 of this Article, allows a third person to be informed of the content of a consignment or message shall be punished in accordance with the preceding paragraph. … (5) lf any of offences under the above paragraphs of this Article have been committed by an official through the abuse of office or official authority, or by a postal worker or other official authorised to accept, transport or deliver letters, telegrams or other pieces of writing or consignments, he shall be sentenced to imprisonment for not less than three months and not more than five years. (6) The prosecution of the offences under paragraphs 1 to 4 of this Article shall be initiated upon a complaint. 19th November, 2015Cyber risk conference, Ljubljana 4
  • 5. The intention of hacking does not have to be in gaining proceeds Zloraba osebnih podatkov 143. člen … (2) Enako se kaznuje, kdor vdre ali nepooblaščeno vstopi v računalniško vodeno zbirko podatkov z namenom, da bi sebi ali komu drugemu pridobil kakšen osebni podatek. (3) Kdor na svetovnem medmrežju ali drugače javno objavi ali omogoči drugemu objavo osebnih podatkov žrtev kaznivih dejanj, žrtev kršitev pravic ali svoboščin, zaščitenih prič, ki se nahajajo v sodnih spisih sodnih postopkov, kjer po zakonu ali po odločitvi sodišča ni dovoljena prisotnost javnosti ali identifikacija žrtev ali zaščitenih prič ter osebnih zapisov o njih v zvezi s sodnim postopkom, na podlagi katerih se te osebe lahko določi ali so določljive, se kaznuje z zaporom do treh let. (4) Kdor prevzame identiteto druge osebe ali z obdelavo njenih osebnih podatkov izkorišča njene pravice, si na njen račun pridobiva premoženjsko ali nepremoženjsko korist ali prizadene njeno osebno dostojanstvo, se kaznuje z zaporom od treh mesecev do treh let. … (6) Če stori dejanje iz prejšnjih odstavkov tega člena uradna oseba z zlorabo uradnega položaja ali uradnih pravic, se kaznuje z zaporom do petih let. (7) Pregon iz četrtega odstavka tega člena se začne na predlog. Abuse of Personal Data Article 143 … (2) Whoever breaks or enters into a computer or database without authorization in order to acquire personal data for his or a third person's use shall be punished in accordance with the preceding paragraph. (3) Whoever publishes on the World Wide Web or otherwise or enables another person to publish personal data of victims of criminal offences, victims of violation of rights and liberties, protected witnesses, which are contained in judicial records of court proceedings, in which the presence of the public or witness identification or protected witnesses and personal records thereof related to the court proceeding was not allowed according to the law or court decision, on the basis of which these persons may be identified or are identifiable, shall be sentenced to imprisonment for not more than three years. (4) Whoever assumes the identity of another person and under its name exploits their rights, gains property benefits or damages their personal dignity shall be sentenced to imprisonment between three months and three years. … (6) If any offence from the preceding paragraphs of this Article is committed by an official through the abuse of office or official authority, such an official shall be sentenced to imprisonment for not more than five years. (7) The prosecution under paragraph 4 of this Article shall be initiated upon a complaint. 19th November, 2015Cyber risk conference, Ljubljana 5
  • 6. Hacking just for fun is illegal, as well Napad na informacijski sistem 221. člen (1) Kdor neupravičeno vstopi ali vdre v informacijski sistem ali kdor neupravičeno prestreže podatek ob nejavnem prenosu v informacijski sistem ali iz njega, se kaznuje z zaporom do enega leta. (2) Kdor podatke v informacijskem sistemu neupravičeno uporabi, spremeni, preslika, prenaša, uniči ali v informacijski sistem neupravičeno vnese kakšen podatek, ovira prenos podatkov ali delovanje informacijskega sistema, se kaznuje za zaporom do dveh let. (3) Poskus dejanja iz prejšnjega odstavka je kazniv. (4) Če je z dejanjem iz drugega odstavka tega člena povzročena velika škoda, se storilec kaznuje z zaporom od treh mesecev do petih let. Attack on Information Systems Article 221 (1) Whoever enters without authorization or breaks into an information system, or illegally intercepts data during a non-public transmission into or from the information system, shall be sentenced to imprisonment for not more than one year. (2) Whoever makes an illegal use of data in an information system, or changes, copies, transmits, destroys, or illegally imports data in an information system, or obstructs data transmission or information system operation, shall be sentenced to imprisonment for not more than two years. (3) Any attempt to commit such an offence referred to in the preceding paragraph shall be punishable. (3) If the damages incurred by the committing of the offence under paragraph 2 of this Article are considerable, the perpetrator shall be sentenced to imprisonment for not less than three months and not more than five years. 19th November, 2015Cyber risk conference, Ljubljana 6
  • 7. Breaking into Business IS is a typical act of corporate espionage Zloraba informacijskega sistema 237. člen (1) Kdor pri gospodarskem poslovanju neupravičeno vstopi ali vdre v informacijski sistem ali ga neupravičeno uporablja tako, da uporabi, spremeni, preslika, prenaša, uniči ali v informacijski sistem vnese kakšen podatek, ovira prenos podatkov ali delovanje informacijskega sistema ali neupravičeno prestreže podatek ob nejavnem prenosu v informacijski sistem, da bi sebi ali komu drugemu pridobil protipravno premoženjsko korist ali drugemu povzročil premoženjsko škodo, se kaznuje z zaporom do treh let. (2) Če je bila z dejanjem iz prejšnjega odstavka pridobljena velika premoženjska korist ali povzročena velika premoženjska škoda in je storilec hotel sebi ali komu drugemu pridobiti tako premoženjsko korist ali drugemu povzročiti tako premoženjsko škodo, se kaznuje z zaporom do petih let. Breaking into Business Information Systems Article 237 (1) Whoever, in the performance of business operations, enters without authorization or breaks into an information system, or makes an illegal use of data by using, altering, copying, transmitting, destroying or entering into an information system any data, or obstructs data transmission or information system operation, or illegally intercepts data during a non-public transmission into the information system, in order either to procure an unlawful property proceeds for himself or a third person or to cause damage to the property of another, shall be sentenced to imprisonment for not more than three years. (2) If the offence under the above paragraph has resulted in a large property benefit or a large loss of property and if the perpetrator intended to cause such loss of property or to gain such property benefit, he shall be sentenced to imprisonment for not more than five years. 19th November, 2015Cyber risk conference, Ljubljana 7
  • 8. “Asopposedtoarrestingtheguywhobrokeintoyourhome,we've arrestedtheguythatgavehimthecrowbar,themapandthebest housesintheneighbourhood”(cit.fromtheIserdocase) Izdelovanje in pridobivanje orožja in pripomočkov, namenjenih za kaznivo dejanje 306. člen … (3) Enako kot v prejšnjem odstavku se kaznuje, kdor z namenom storitve kaznivega dejanja poseduje, izdeluje, prodaja, daje v uporabo, uvaža, izvaža ali kako drugače zagotavlja pripomočke za vdor ali neupravičen vstop v informacijski sistem. Manufacture and Acquisition of Weapons and Instruments Intended for Committing a Criminal Offence Article 306 … (3) The punishment under the above paragraph shall be imposed on whoever possesses, manufactures, sales, puts to use, imports, exports, or makes available in any other manner, with the intention of committing a criminal offence, instruments intended for the breaking or unauthorized entry into an information system. 19th November, 2015Cyber risk conference, Ljubljana 8
  • 9. Krollfoundthat75percentofrespondentswerevulnerableto hacking,with68percentreportingthattheyinvestinITsecurity 19th November, 2015Cyber risk conference, Ljubljana 9 Source: Cyber-Ark 48 percent believe poor employee security habits are to blame for data breaches, while 29 percent believe attacker sophistication is to blame for breaches
  • 10. Companies are most often overconfident 19th November, 2015Cyber risk conference, Ljubljana 10
  • 11. Exposure to internal hacking may be greater than one would expect 19th November, 2015Cyber risk conference, Ljubljana 11 Which data would you take with you from the company?
  • 12. These risks should be relatively easy to manage. Is this so in practice? 19th November, 2015Cyber risk conference, Ljubljana 12 What media would you use?
  • 13. THANK YOU FOR YOUR ATTENTION dejan.jasnic@abctransparency.com +41 805 3278 +386 41 327 864 19th November, 2015Cyber risk conference, Ljubljana 13

Editor's Notes

  1. His arrest comes about five months after Spanish police broke up the massive cyber scam, arresting three of the alleged ringleaders who operated the so-called Mariposa botnet, stealing credit cards and online banking credentials. The botnet -- a network of infected computers -- appeared in December 2008 and infected more than half of the Fortune 1,000 companies and at least 40 major banks.
  2. Sentence for para 2: fine or prison up to 1 yr.
  3. Ni nujno, da je sistem zaščiten (bilo včasih, po starem KZ). Uporaba, manipulacija podatkov, oviranje delovanja sistema – kaznovano strožje. Dejanje po 2. odstavku lahko storjeno tudi z eventualnim naklepom (npr. prepošiljanje z virusom okužene pošte). Pri tem kaznivem dejanju storilec ne zasleduje pridobivanje premoženjske koristi ali premičnin. (vdor na račun preko e-bančništva in prenakazilo denarja pomeni vlomno tatvino – grand larceny) V 2. odstavku vključena določila Konvencije Sveta Evrope o kaznivih dejanjih v kibernetskem prostoru – inkriminacija oviranja prenosa podatkov ali delovanja sistema.
  4. Sentence: up to 1 yr Vsebinsko gre za pripravljalno dejanje, ki pa je opredeljeno kot samostojno kaznivo dejanje. Problemi pri pregonu kaznivih dejanj: - mnogo dejanj neprijavljenih - from the couch - težko izslediti kraj storitve dejanja in identiteto storilca – se lahko prikrije z orodji posebna znanja storilcev Cyber masterminds behind the biggest botnets aren't often taken down largely because it is easy for experienced hackers to hide their identities by disguising the source of their Internet traffic. Usually the computer resources they use are stolen. And the investigations are complex and technical, often spanning dozens of countries with conflicting or even non-existing cyber crime laws.
  5. How exposed is the other third? Organizations need to assume they will be breached and monitor the pathway attackers take. However, it’s what can be done to stop attackers once inside the network that business and IT leaders should be thinking about. Attackers will always find a way past the perimeter. Security strategies must assume this and focus on limiting attacker movement once they infect an endpoint or trick an employee into clicking a malicious link. In particular, business leaders need to understand the damage that can be done with hijacked privileged credentials
  6. Once a cyber attacker steals and exploits privileged credentials, not only is it difficult to dislodge them, it’s incredibly difficult to even detect them. Attackers that exploit privileged accounts can delete logs and history, install malware and backdoors, and easily evade detection by hiding in plain sight as normal business traffic. Industry reports highlight that attackers are on a targeted network an average of 200 days prior to detection