Cyber attacks fall into two categories: (a) content alteration attacks and (b) denial of service attacks (DDoS attacks).
Watch a video describing the most common cybercrimes:
– Content alteration attacks. In this scenario, the content of the homepage of the website is altered and replaced (defaced) with another whose content may be, for example, humorous or propagandistic. When the owner of the website realises that such an attack has occurred, they will restore the affected pages from backup files. The critical issue in this case is the time required for restoration. If the damage caused is extensive, the website may need to remain offline for a long period. The blow that the company will suffer, when its website—which admittedly constitutes its image to external partners and prospective clients—falls victim to such an attack, is enormous.
– Denial of service attacks (DDoS attacks). This is the general name for attacks against a computer or a service provided, the purpose of which is to render the computer or service unable to accept further connections and thus unable to serve other potential clients.
- See also article Online Fraud
- See also article Hacking
- See also Methods of Internet Attacks
- See also article Malicious Software
- See also article Online Piracy
- See also article Software Piracy
- See also article Trafficking of Pharmaceuticals
- See also article 10 Security Practices
FREQUENTLY ASKED QUESTIONS ON CYBER ATTACKS – LAWYER
1. What sentence do I face for a DDoS or deface attack?
Cyber attacks, whether in the form of website content alteration (deface) or denial of service (DDoS), as a rule constitute the offences of obstructing the operation of an information system, unauthorised access and damage to data under the Penal Code (PK). The prescribed penalties include imprisonment, which is increased where serious damage is caused or where the attack is directed against critical infrastructure. With proper defence, suspension under Article 99 of the Penal Code (PK), conversion into a monetary penalty under Article 80 of the Penal Code, the imposition of community service and recognition of mitigating circumstances under Article 84 of the Penal Code—particularly a prior law-abiding life and subsequent good conduct—are all examined.
2. Is there any chance of avoiding conviction?
In cyber attack cases there is significant scope for defence, since the identification of the perpetrator is based mainly on IP addresses, logs and digital footprints—elements that can be challenged with technical arguments. Attacks are often carried out through botnets, VPNs or compromised third-party machines, which gives rise to reasonable doubt as to the identity of the perpetrator. Furthermore, the lawfulness of the seizure of electronic media, compliance with the chain of custody for digital evidence, and the unlawful obtaining of evidence are scrutinised. Wherever doubt exists, the principle of in dubio pro reo applies.
3. What do I do if I am summoned by the Cybercrime Division?
From the very moment of being summoned for examination, whether as a suspect or in the context of preliminary investigation, the presence of a lawyer is required. The person being examined has the right to remain silent and the right not to incriminate themselves. Statements, admissions or the surrender of passwords without legal guidance can weigh decisively on the case file. In the event of seizure of computers, mobile phones or storage media, a copy of the seizure report should be requested and compliance with the formalities should be checked. Premature defence statements or “explanations” without preparation of a technical line of defence usually weaken the position of the defendant.
4. How long does the entire process take until judgment?
The time depends on the complexity of the case and the stage at which it stands. The preliminary examination and the main investigation, owing to the need for expert examination of digital evidence, usually last from six months to two years. The hearing at first instance is generally scheduled after completion of the case file, while any appeal adds further time. The statute of limitations also plays an important role and is examined carefully, as many cybercrime cases come to light with delay.
5. What documents and evidence does the lawyer need?
All documents relating to the case are gathered: the summons for examination or the bill of indictment summons, the seizure report for the electronic media, any expert reports, a copy of the case file and of the criminal complaint. Equally important are technical materials demonstrating the use of the computer or connection by third parties, evidence of professional activity, as well as documents substantiating the prior law-abiding life of the defendant for the purposes of invoking mitigating circumstances. Where attacks are attributed to a group, the individual participation of each defendant and their degree of involvement are assessed.
6. What is the role of the lawyer in such cases?
Ziamparas D. & Associates Law Firm specialises in cybercrime and undertakes the defence of persons accused of cyber attacks from the preliminary investigation stage all the way to Areios Pagos. The lawyer studies the case file in cooperation with technical consultants, challenges the identification of the perpetrator, identifies procedural irregularities and unlawfully obtained evidence, submits memoranda and standalone pleas, represents the defendant at the hearing and exercises legal remedies. The objective is acquittal or, where this is not feasible, the maximum possible reduction of the sentence through suspension or conversion.