CyberSecu TW2

2023-12-15 15:40
文章标签 cybersecu tw2

本文主要是介绍CyberSecu TW2,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

Topic 6 Criminal Law and Basic Principles


• Introduction to criminal law


criminal law v. civil law

Criminal law:
the accused will be punished with loss of liberty, or even with death, if found guilty 如果被判有罪,被告将被判失去自由,甚至被判处死刑
Civil Law:
no loss of liberty or life

2 Types of Criminal Laws

• Substantive Offences
• PRC Criminal Law (PRC CL) 中华人民共和国刑法
• Laws that create and define socially acceptable conduct 创造和定义社会可接受的行为的法律
• Create and define crimes and punishment 创建和定义犯罪和惩罚
Example: Article 120 PRC CL: "Those organizing or leading a terrorist organization shall be sentenced to ten or more years imprisonment or life imprisonment, and their property confiscated…”
举例:第一百二十条中国人民解放军:“组织、领导恐怖组织的,处十年以上有期徒刑或无期徒刑,并没收其财产……”
• Procedural Rules
• PRC Criminal Procedure Law (PRC CPL) 中华人民共和国刑事诉讼法
• Laws that govern the investigation, arrest, and trial of the accused 管理对被告的调查、逮捕和审判的法律
• Protect the constitutional rights of the accused 保护被告的宪法权利
Example:
• Article 71 PRC CPL: When making an arrest, a public security organ must produce an arrest warrant.
• Within 24 hours after an arrest, the family of the arrested person or the unit to which he belongs shall be notified of the reasons for arrest and the place of custody….
第七十一条公安机关在进行逮捕时,必须出示逮捕令。
在被逮捕后24小时内,应通知被逮捕人的家人或其所属单位被逮捕的原因和拘留地点。

• General principles of criminal law


• Nulla poena sine lege
No punishment without the law 没有法律就没有惩罚
• Nullum crimen, nulla poena sine praevia lege poenali
An act cannot be made a crime retroactively 追溯地 (an act must be a crime at the time it is committed) 一种行为不能追溯犯罪(一种行为在发生时必须是犯罪)

No punishment without the law

Article 3 PRC CL :
• For acts that are explicitly defined as criminal acts in law, the offenders shall be convicted and punished in accordance with law; otherwise, they shall not be convicted or punished.
第三条中华人民共和国刑法:法律上明确的犯罪行为,依法定罪处罚,否则,不予定罪、处罚。
A. 303 PRC Criminal Law states,
"whoever, for the purpose of reaping profits, assembles a crowd to engage in gambling, or makes an occupation of gambling will be sentenced to a fixed term imprisonment of not more than three years, criminal detention or public surveillance, in addition to a fine.
“以牟利为目的,聚集人群赌博或者从事赌博的,处三年以下有期徒刑、拘役、监视,并处罚款。”
"Whoever runs a gambling house will be sentenced to a fixed-term imprisonment of not more than three years, criminal detention or public surveillance, in addition to a fine; and in severe circumstances, a fixed-term imprisonment of not less than three years but not more than ten years, in addition to a fine."
""经营赌场的,处三年以下有期徒刑、拘役、拘役或者管制,并处罚款;情节严重的,处三年以上十年以下有期徒刑,并处罚款。”

INNOCENT UNTIL PROVEN GUILTY

• Person charged with offence, but innocent till found guilty
• Guilt has to be proved beyond reasonable doubt
• If there is reasonable doubt(必须Beyond), the person charged of the offence must be acquitted 宣判无罪
Article 12 PRC CL:
• No person shall be found guilty without being judged as such by a People's Court according to law.
未经人民法院依法判决,任何人不得被判有罪。
Article 46 PRC CPL:
• In the decision of all cases, stress shall be laid on evidence, investigation and study ……. the defendant may be found guilty and sentenced to a criminal punishment if evidence is sufficient and reliable….
第四十六条刑法:在判决所有案件时,应强调证据,调查研究.......,证据充分可靠的,可以被判有罪并判处刑事处罚。

BURDEN OF PROOF 举证责任

• Prosecution’s task: to prove guilt beyond reasonable doubt
控方的任务是:排除合理怀疑,证明自己有罪
• Defendant: rarely has to establish their innocence
被告:很少需要证明自己的清白

RIGHT TO REMAIN SILENT

• Generally, in many countries, the accused has a right to remain silent about the details of the crime with which charged
一般来说,在许多国家,被告有权对被指控的罪行的细节保持沉默
• China: Accused has no right to remain silent, but cannot be convicted on confession alone
中国:被告无权保持沉默,但不能仅凭认罪就被定罪

DOUBLE JEOPARDY 双重审理

If a person is charged, tried and acquitted: CANNOT be charged for the same offence
如果一个人被指控、审判和宣告无罪:不能因同一罪行而被起诉

LIMITATIONS

• If offence is ‘minor’ there is no prosecution (China)
如果犯罪行为为“轻微”,则不进行起诉(中国)
Article 15 PRC CL:
• In any of the following circumstances, no criminal responsibility shall be investigated; if investigation has already been undertaken, the case shall be dismissed, or prosecution shall not be initiated, or the handling shall be terminated, or innocence shall be declared:
• (1) if an act is obviously minor, causing no serious harm, and is therefore not deemed a crime;
• (2) if the limitation period for criminal prosecution has expired;
有下列情形之一的,不追究刑事责任;已经进行调查的,撤销诉讼或者不予起诉,或者终止处理,或者宣告无罪:
(一)行为明显轻微,未造成严重损害,不构成犯罪的;
(二)刑事起诉时效期满的;

• Elements of crime


Most criminal conduct requires both Actus Reus + Mens Rea


Actus Reus (guilty act) 犯罪行为

an act or positive action is required by the accused
被告要求被告采取一种行为或积极的行动

Mens Rea (guilty mind)犯罪意图

Some offences require a specific intention to cause the result or a result close to one that occurs
• For example, murder requires the accused intended to kill or inflict really serious harm
有些犯罪需要一个特定的意图来导致结果或接近所发生的结果,
例如,谋杀要求被告意图杀人或造成真正严重的伤害
Knowledge
• Cannot always be proven but may be inferred from both the act and surrounding circumstances.
• Circumstantial evidence may be allowed if it sheds light on the defendant’s state of mind.
• Post-crime conduct, such as flight, may be recognized if it demonstrates consciousness of guilt.
•不能总是被证明,但可以从行为和周围的环境中推断出来。
•间接证据可以揭示被告的精神状态。
•犯罪后的行为,如逃跑,如果它表现出有罪的意识,就可以被承认。
Intention
Direct 直接的
• Consequence is desired, accused decides to bring it about or tries his best to
Oblique 间接的
• Accused sees the consequence as certain or virtually certain
Negligence
Falling below the standard of the ordinary reasonable man, doing something he would do or doing something he would not do
低于一般人的理性标准
Strict Liability 严格责任
An offence which law states requires no mens rea
法律规定不需要犯罪意图的犯罪行为
• Some offences are classed as strict liability because it would be near impossible to prove mens rea in some offences and without it, people would easily escape conviction
有些犯罪被归为严格责任,因为在某些犯罪中几乎不可能证明犯罪意图,如果没有它,人们就很容易逃脱定罪
For other offences, the consequences of particular acts or omissions are considered to be so serious that criminal sanctions must be imposed as a matter of social policy. For example, selling food unfit for human consumption
对于其他罪行,人们认为特定行为或不作为的后果非常严重,必须作为一个社会政策问题实施刑事制裁。例如,出售不适合人类消费的食物(这种人纯纯nt吧?)

Inchoate Offences犯罪未遂

• Incitement 煽动
With incitement the defendant must have tried to persuade another to commit a crime 被告必须通过煽动手段试图说服他人犯罪
• Conspiracy 阴谋
• With conspiracy at least two defendants must have agreed to commit a crime 至少有两名被告必须同意犯罪
• Attempt 企图
• With attempt the defendant must have tried to commit the offence and have got relatively close to achieving this objective 被告企图时,必须试图犯罪,并且相对接近实现这一目标
Also punishable 也是可惩罚的
Article 156 PRC CL
• Article 156 PRC CL • Whoever conspires with criminals of smuggling and provides them with loans, funds, account numbers, invoices or certificates or with such conveniences as transportation, storage and mailing shall be deemed an accomplice in the crime of smuggling and punished as such.
第一百五十六条与走私犯罪分子合谋,提供贷款、资金、账号、发票、证件或者运输、储存、邮寄等便利的,视为走私共犯并处罚。
Section 2 PRC CL Article 23 :
A criminal attempt refers to a case where an offender has already started to commit a crime but is prevented from completing it for reasons independent of his will.
犯罪企图,是指罪犯已经开始犯罪,但因脱离自己意愿的原因不能完成犯罪的案件。

Motive

• The only real questions at trial are
• (1) did the defendant commit the illegal act and
• (2) did she have the necessary mental state. • The defendant’s mental state is relevant only to determine if she acted with mens rea—did she act purposefully, knowingly, recklessly, et cetera.
审判中唯一真正的问题是:
(1)被告是否犯下了违法行为,
(2)她是否有必要的精神状态。•被告的精神状态只与确定她的行为是否有犯罪意图有关——她是否有目的地、故意、鲁莽等等。
Evidence of a defendant’s motive may be introduced at trial to convince a judge that she is guilty, but motive is not perceived as a legal component of guilt.
被告的动机可以引入证据的审判,以使法官相信她有罪,但动机不被视为有罪的法律组成部分。

Topic 7 Introduction to Cybercrime

• Introduction to Cybercrime

Characteristics

• They are easy to learn how to commit
• They require few resources relative to the potential damage caused
• They can be committed in a jurisdiction without being physically present in it
• They are often not clearly illegal
他们很容易学会如何犯罪,
他们所需要的资源相对于造成的潜在损害,
他们可以在一个司法管辖区承诺,而不在其中,
他们通常不是明显的非法
While cyber crime may be global, investigation and prosecution is territorial along territories and by jurisdictions
虽然网络犯罪可能是全球性的,但调查和起诉是关于领土和司法管辖区的

Classification

• Crime and computers can be linked in three ways
Computers:
o Can be the target of an offense
o Can be the tool to commit a crime
o Can be incidental to a crime o
电脑
可以是犯罪的目标,
也可以是犯罪的工具,
也可以是犯罪的附带工具
Computers can be the target of an offense:
when confidentiality, integrity, and availability (CIA) of data, applications, networks is compromised
当数据、应用程序、网络的机密性、完整性和可用性受到损害时
Computers as tools
includes fraud, child pornography, conspiracy 包括欺诈,儿童色情,阴谋
• In this scenario, the ICT is part of the modus operandi to commit traditional crimes, such as fraud or theft
在这种情况下,信息和通信技术是实施传统犯罪的操作方式的一部分,如欺诈或盗窃
Computers being incidental to a crime
have significant importance to law enforcement, especially for evidentiary purposes
• Blackmailer uses computer to write blackmail letters
• Drug dealer stores records on computer
• Computer used to research murder methods
对执法部门非常重要,特别是为了证据的目的,
勒索者使用电脑写勒索信,
毒贩在电脑上存储记录,
电脑用于研究谋杀方法

• The goals and objectives of cybercrime law

Prevention, investigation and law enforcement against cybercrimes
预防、调查和执法来打击网络犯罪

• Cybercrime law on national and international level

Jurisdiction 管辖权

Courts have the ability to only ‘hear’ cases that or disputes that are within their jurisdiction
法院有能力只“审理”在其管辖范围内的案件或纠纷
Particularly challenging for cybercrime as geographical boundaries to not limit computer networks
对于网络犯罪作为地理边界而不限制计算机网络来说尤其具有挑战性
• In most cases, the perpetrators reside in a jurisdiction other than that of their victims
在大多数情况下,犯罪者居住在其受害者的司法管辖区以外的其他司法管辖区。
• In order to investigate such a case, evidence must be obtained from multiple jurisdictions
为了调查这类案件,必须从多个司法管辖区获得证据

Convention on Cybercrime 网络犯罪公约

The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security
《公约》是关于通过互联网和其他计算机网络犯下的罪行的第一个国际条约,特别是涉及侵犯版权、与计算机有关的欺诈、儿童色情和违反网络安全的问题

The CoC criminalizes Production of ‘crimeware’ and Possession of ‘crimeware’ to commit crimes

《准则》将生产“犯罪软件”和拥有“犯罪软件”犯罪定为刑事犯罪

Topic 8 Cybercrime – Substantive Criminal law

Illegal Access

Intentional access without right to the whole or part of any computer system (the treaty does not contain the concept of a ‘protected’ computer)
有意访问任何计算机系统的全部或部分(该条约不包含“受保护”计算机的概念)
Includes all means of entering another computer system, including Internet attacks, as well as illegal access to wireless networks
包括进入另一个计算机系统的所有手段,包括互联网攻击,以及非法访问无线网络

Access by outsiders and insiders – raises questions

No mens rea requirement in China 在中国没有对犯罪意图的要求
• In US, ‘intent’ (changed from ‘knowing’) to obtain data 在美国,“意图”(从“知道”改为)获取数据

Illegal Interception 非法拦截

• Offenders can intercept communications between users
such as e-mails;
违法者可以拦截用户之间的通信
• Intercept data transfers to record the information exchanged
拦截数据传输,以记录所交换的信息
when users upload data onto web servers or access web-based external storage media; 当用户将数据上传到web服务器或访问基于web的外部存储媒体时;
• Offenders can target any communication infrastructure
e.g., fixed lines or wireless
违规者可以针对任何通信基础设施
In general the provision only applies to the interception of transmissions – access to stored information is not considered as an interception of a transmission.
一般来说,该规定只适用于拦截传输--对存储信息的访问不被视为对传输的拦截。

DATA INTERFERENCE 数据干扰

• Intentional damage, deletion, deterioration, alteration, or suppression of computer data without right (parties can reserve the right to require that it causes serious harm)
故意损害、删除、恶化、更改或隐瞒计算机数据(当事人可保留要求其造成严重损害的权利)
• Manipulation or destruction of information 操纵或销毁信息
Offenders can violate the integrity of data and interfere with them by: 违法者可以通过以下方式违反数据的完整性并干扰他们:
o deleting data;
o suppressing data; 抑制
o altering data; 更改
o restricting access 限制

Computer viruses

• Delete data, modify data
• Can take remote control of the computer of the victim or
可以远程控制受害者的计算机或加密文件
• Encrypt files so that victims are denied access to their own files, until they pay money to receive the key
使受害者被拒绝访问他们自己的文件,直到他们花钱接收密钥。

SYSTEM INTERFERENCE

• Intentional and serious hindering of the function of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering, or suppressing computer data
通过输入、传输、破坏、删除、恶化、更改或抑制计算机数据,故意和严重阻碍计算机系统的功能
• Offenders succeed in preventing computer systems from operating smoothly:
违规者成功地阻止了计算机系统的顺利运行:
Computer worms; or
Denial-of-Service (DoS) attacks. 拒绝服务

MISUSE OF DEVICES 设备误用

• Intentional, without right, production, sale, import and distribution of devices to commit any of the computer crimes
故意,无意中,生产、销售、进口和分销这些设备,以实施任何计算机犯罪,
• Possession of such devices, with intent to commit computer crimes
拥有此类设备,并意图实施计算机犯罪
• Serious issue: availability of software and hardware tools designed to commit crimes 严重的问题:旨在实施犯罪的软件和硬件工具的可用性
Crimeware, malware, scareware… 犯罪软件,恶意软件,恐吓软件。。

• Sophisticated offences can be committed using specialist software tools
使用专业的软件工具可以实施复杂的犯罪
Software tools exist to: 软件工具可以
Carry out DoS attacks;
Design computer viruses;
Decrypt encrypted communication;
Illegally access computer systems.
执行DoS攻击;
设计计算机病毒;
解密加密通信;
以及非法访问计算机系统。
The CoC criminalizes: CoC将以下情况定为犯罪:
Production of ‘crimeware’
Possession of ‘crimeware’ to commit crimes
生产“犯罪软件”或
拥有“犯罪软件”来进行犯罪

Topic 9 Cybercrime – Procedural Criminal law

Topic 10 Cybercrime and International Cooperation

Key Challenges in fighting cybercrime

  • Technical Challenges 技术挑战

  • Legal Challenges 法律挑战

  • Operational Challenges 操作挑战

Technical challenge

  1. Cybercriminals are not hampered by territorial borders 网络罪犯不受地域边界的限制

  1. Difficulty in identifying and locating cybercriminal and the computer involved 难以识别和定位网络罪犯和涉及的计算机

  1. Difficulty of locating evidence of crime stored at remote location 难以找到存放在偏远地点的犯罪证据

  1. Cybercriminals can hide their identities through anonymous software 网络罪犯可以通过匿名软件隐藏自己的身份

Legal Challenges

  1. Absence of cyber criminal law 网络刑法缺失

  1. Jurisdictional issue – inconsistent substantive criminal laws in different parts of the world 管辖权问题——世界不同地区实体刑法的不一致

  1. Law lags behind technology and social change 法律落后于技术和社会变革

  1. Lack of a universal legal framework at international level 在国际一级缺乏普遍的法律框架

Operational challenges

  1. Lack of understanding of the technology 缺乏对技术的理解

  1. Lack of expertise or skilled cyber investigators 缺乏专业知识或熟练的网络调查人员

  1. Lack of regular and frequent training in investigation and prosecution of computer crime cases 在调查及检控电脑罪案方面缺乏定期及经常的训练

  1. Lack of availability of computer forensic capabilities 缺乏可用的计算机取证能力

Tutorial 2 Coursework

Between January 2016 and March 2017, Joan Collins, an employee of American Express working in the credit section of the company’s office in Florida, gained access to customer accounts and extracted confidential information which she passed on to others, including a Mr Robert Mitchum who was resident in London. The information she gave to him and to others was then used to encode other blank credit cards which could then be used fraudulently to buy goods and to obtain money from ATMs. 2016年1月至2017年3月,美国运通在佛罗里达州办公室的员工琼·科林斯获得了客户账户,提取了机密信息,并将这些信息传递给其他人,包括居住在伦敦的罗伯特·米彻姆先生。她给他和其他人的信息被用来编码其他空白信用卡,这些信用卡可以用来购买商品和从自动取款机获取钱。

Miss Collins was arrested, and as a result of the subsequent investigation Mr Mitchum was arrested and held in London on suspicion of conspiracy to: (1) secure unauthorised access to the American Express computer system with intent to commit theft; (2) secure unauthorised access to the American Express computer system with intent to commit forgery; and (3) cause unauthorised modification to the contents of the American Express computer system. 柯林斯小姐被捕,在随后的调查中,米彻姆被逮捕并拘留,原因是涉嫌阴谋: (1)确保未经授权进入美国运通电脑系统并意图盗窃;(2)确保未经授权进入美国运通电脑系统并意图伪造;(3)对美国运通电脑系统内容进行未经授权的修改。

The UK Computer Misuse Act stipulates that a person is guilty of an offence if:

a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

b) the access he intends to secure is unauthorised; and

c) he knows at the time when he causes the computer to perform the function that that is the case.

英国《计算机滥用法案》规定,一个人在以下情况下犯罪:

a)他使计算机执行任何功能,以确保访问任何计算机中的任何程序或数据;

b)他打算确保的访问是未经授权的;

c)他在他让计算机执行功能时知道这是情况。

Discuss whether Joan Collins has committed the offence of hacking (computer misuse). 讨论琼·柯林斯是否犯了黑客罪(滥用电脑)。

Reference answer:

Students should first consider the criminal provision of hacking, especially what constitutes unauthorised access and whether a person with initial authorisation, such as an employee, can be guilty of unauthorised access. 学生应该首先考虑黑客行为的刑事条款,特别是什么是未经授权的访问,以及拥有最初授权的人,如雇员,是否会犯有未经授权的访问罪。

In Ms Collins’s case, while she had access to all customer accounts that were assigned to her, she went beyond that and accessed other accounts as well. 在柯林斯女士的案例中,虽然她可以访问到分配给她的所有客户账户,但她除此之外,还访问了其他账户。

The case centres on the concept of authority to access data, which is based on specific data or specific purpose. Since Ms Collins didn’t have specific permission to access all the accounts she did, her access was unauthorised and therefore qualifying as hacking. 案例集中授权访问数据的概念,该概念基于特定数据或特定目的。由于柯林斯女士没有获得访问她所有账户的具体许可,她的访问是未经授权的,因此属于黑客资格。

An excellent answer will consider the difficulties and dangers connected with prosecuting insider hacking 一个极好的答案将考虑与起诉内部黑客行为有关的困难和危险

这篇关于CyberSecu TW2的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/496973

相关文章

全网爆品!!【当当狸智能天文望远镜TW2】首发,超清智能大屏

从人类的祖先第一次抬头仰望星空,到人们学会利用星星判断方向;从小孔成像观察日食,到磨制镜片遍览群星。最终,成千上万的人在科学设备的帮助下实现了远景探测观察的梦想。 https://www.xiaomiyoupin.com/detail?gid=167679&spmref=YouPinPC.$SearchFilter$1.search_list.1.32375569&last_scmv2=3001

众筹首发 | 当当狸智能天文望远镜TW2,大屏实时观景 长焦定格远方!

满天的繁星和远方景色,让人无比向往,你是否也曾渴望探索星空的奥秘,沉醉在无垠的美景之中? 然而,当我们用望远镜远眺星空时,固定姿势的观测经常让人感到疲惫,而普通相机亦是难以触及更远的距离,转瞬即逝的美景也经常难以保存... https://m.xiaomiyoupin.com/detail?gid=167679&spmref=YouPin_I.share.share_pop_copy.4.