Rana Mametova,
Senior Research Fellow (SRF) of the Research Institute of Private Law, Caspian University
Managing Partner of IPCHOICE Legal Company LLP
In modern times, acts called cybercrimes, cyberattacks, and cyberstalking are becoming more relevant in law enforcement. Cybercrime is becoming one of the most popular types of crimes around the world, as well as in Kazakhstan
Rana Mametova,
Senior Research Fellow (SRF) of the Research Institute of Private Law, Caspian University
Managing Partner of IP CHOICE Law Company LLP
In modern times, acts called cybercrimes, cyber attacks, and cyber harassment are becoming relevant in law enforcement.
This fact is associated with the growth and emergence of new types of crimes that have not been regulated in the current legislation. Meanwhile, the damage from BEC attacks (Business E-mail Compromise) [i] accounts for more than 40% of losses from cybercrimes worldwide.
Cyber crime is becoming one of the most popular types of crimes worldwide, as well as in Kazakhstan.
Judging by the statistics of the CLSSA of the GPO (Committee on Legal Statistics and Special Accounts of the General Prosecutor's Office) of the Republic of Kazakhstan, cyber scams have become perhaps the most common type of fraud in the past year. Of the total number of criminal cases initiated under Article 190 of the Criminal Code of the Republic of Kazakhstan "Fraud" (43.5 thousand), offenses committed online accounted for almost half (47.3%). Another 283 criminal cases were opened for fraud with payment cards. [ii]
The growth of cyber-attacks is seen primarily in the complexity of investigations of such offenses and, consequently, the low number of offenders brought to justice.
One of the reasons for the low detection rate of such crimes is the lack of a legislative framework.
In Chapter 7 of the Criminal Code, "Creation, use or distribution of malicious computer programs and software products (Article 210 of the Criminal Code of the Republic of Kazakhstan (hereinafter referred to as the Criminal Code), Unlawful possession of information (Article 208 of the Criminal Code).It is according to these articles that the court has qualified as theft, unlawful destruction, modification of information, disruption of the information system and unlawful seizure of information when sentencing cybercriminals in a criminal case against members of the criminal group "Karbanak/Cobalt."[iii]
Considering the acts committed by this criminal group as an example, one can verify the breadth of the legislative norms involved in their analysis, respectively, and the legal relations violated by them.- from civil (damage to users of bank cards from the theft of funds on them), banking (the bank is the subject of the disposal of funds on behalf of customers who were stolen, the bank is the owner of the cards issued by it and provided to customers, banking secrecy is violated), the software used by banks (the object of copyright) to penetrate to the bank account of the clients, the applicable sanctions of the criminal law.
In Chapter 7 of the Criminal Code, there are only nine offences in the field of informatization and communications, and only one for crimes related to unlawful access to computer information, article 208 of the Criminal Code, is insufficient. We can agree that these information security standards are semi-legal in nature,[iv] incomplete to the end and do not meet the disclosure of modern types of cybercrimes, such as phishing and social engineering (theft of personal data over the phone), cryptography, SIM swapping (theft of personal data access to a bank card by making a duplicate to a SIM card)[v], which can hardly be qualified according to the existing norms of the Criminal Code.
A special feature of the criminal acts of cybercriminals is a kind of "tool" in the form of malicious software, the implementation of which helps to obtain information that constitutes a bank secret, personal data of users and achieve the ultimate intent of criminals- theft of property – money or possession of personal data. The criminal intent of cyber criminals is realized by using software viruses, various software hacking tools, server codes, etc. Pirated, unlicensed software, which are pirated copies of the software, has been confirmed to be hacked, as evidenced by the results of the BSA study [vi].
Whereas software is an object of copyright of the Right-holder.
The creation of a computer program, as a result of the creative activity of the developer, generates civil law relations in the field of copyright, the protection of which allows the application of the norms of civil and criminal legislation.
In civil legislation, based on the activation of cybercrime, certain measures are introduced to protect the property interests of Internet subjects.Thus, the insurance activity was expanded with a new direction - "cyber insurance". This type of insurance has been legally reflected in the special Law "On Personal Data and their Protection".[vii] , which regulates legal relations subject to cyber attacks - relations on the collection, storage and protection of personal data. The purpose of voluntary cyber insurance is to compensate for property damage caused to a subject, owner and (or) operator, or a third party, in accordance with the legislation of the Republic of Kazakhstan on insurance and insurance activities.(see article 23-1 of the Law "On Personal Data and their Protection").
The complex nature of cyber law allows for the regulation of interrelated, despite its isolation, legal relations arising in the field of the use of objects of civil law, such as intellectual property rights, personal data, monetary funds, property rights, the safety of which is guaranteed by the protective norms of current legislation, for example, criminal or administrative.
[i] BEC-attacks (business email compromise) — Fraudulent transactions in which criminals try to deceive one or more employees of targeted organizations into transferring money to bank accounts controlled by the attackers.
[ii] Cyber crime is becoming one of the most common types of fraud in the Republic of Kazakhstan. A source: Finprom.kz (www.finprom.kz/)// https://online.zakon.kz/Document/?doc_id=36045808&pos
[iii] More detailed: https://kursiv.kz/news/finansy/2021-06/arrfr-raskrylo-podrobnosti-dela-o-khischeniyakh-2-mlrd-tenge-iz-bankov
[iv] Igor Loskutov, lawyer:"Amendments on information security were adopted semi-legally"// https://online.zakon.kz/Document/?doc_id=31542838&pos=3
[v] Finprom.kz (www.finprom.kz/) https://online.zakon.kz/Document/?doc_id=36045808&
[vi] BSA- Business Software Alliance
[vii] The Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On Personal Data and their protection" (with amendments and additions as of 01/02/2021)
