The specific features of perpetration of the criminal offence of fraud using information-communication technologies

Abstract

Historically speaking, along with the development of ICT, the ways of their misuse developed as well. Whoever may have bad intentions will keep finding new methods to abuse these technologies. These methods are based on vulnerabilities of ICT systems, whether they are technical or related to human factor. This paper describes the phenomena of the so-called social engineering and phishing, as modes of performing the criminal offences of fraud and computer fraud, which are used for illegal collection and abuse of the data of ICT system users, in order to mislead them towards acting in a way that causes harm to their own or someone else's possession, with the intention of illegal gain for the perpetrator. Contemporary phishing attacks are very sophisticated, adapted to the potential victims and adjusted to their affinities. The collecting of information regarding a potential victim is most often done via social networks. Therefore, this paper describes the process of planning acts of fraud and explains two most common techniques for data collecting - via social networks and via the victim's illegal router hijacking. A special emphasis is put on the criminal law treatment of these phenomena in the legislation of the Republic of Serbia, as well as on solving the dilemmas about technical terms in fraudulent acts in Serbian and English languages. The authors present different forms of social engineering and phishing in ICT systems, i.e. cyberspace, and discuss if and in which cases their acts have legal characteristics of the aforementioned criminal offences. The authors also present and analyze Serbian criminal legislation,with the emphasis on the crime of fraud and similar crimes, which are, in their essence, special forms of fraud. The stress is put on the crime of computer fraud and its characteristic features in comparison with the crime of fraud. The authors consider the changes in legislation that would lead to reformulating the crime of computer fraud so as to encompass various acts carried out with the use of the information-communication technologies.

Posmatrano iz istorijske perspektive, paralelno sa razvojem informaciono-komunikacionih tehnologija (IKT) razvijaju se i načini njihove zloupotrebe. Zlonamerni akteri kontinuirano pronalaze nove metode za zloupotrebu ovih tehnologija koje su zasnovane na ranjivostima IKT sistema, bilo da je reč o tehničkim ili ranjivostima vezanim za ljudski faktor. U radu su opisani fenomeni tzv. socijalnog inženjeringa i fišinga, kao načina izvršenja krivičnih dela prevare i računarske prevare, kojima se nezakonito prikupljaju i koriste podaci korisnika IKT sistema kako bi se oni doveli u zabludu ili održali u njoj i usled toga postupili na štetu sopstvene ili tuđe imovine, uz nameru sticanja protivpravne imovinske koristi od strane učinioca. Savremeni fišing napadi su veoma sofisticirani, prilagođeni potencijalnoj žrtvi i usklađeni sa njenim afinitetima. Prikupljanje informacija o potencijalnoj žrtvi najčešće se sprovodi putem društvenih mreža. Stoga je u radu opisan proces planiranja prevarnih radnji i objašnjene su dve najzastupljenije tehnike prikupljanja podataka - putem društvenih mreža i putem nelegalnog preuzimanja kontrole nad ruterom žrtve. Poseban akcenat je stavljen na krivičnopravni tretman ovih fenomena u zakonodavstvu Republike Srbije kao i na pojmovno razjašnjenje terminoloških nedoumica u vezi sa prevarnim radnjama u srpskom i anglosaksonskom jeziku. Autori predstavljaju heterogene oblike ispoljavanja socijalnog inženjeringa i fišinga u IKT sistemima, tj. sajber prostoru, i razmatraju da li se i u kojim slučajevima njihovim vršenjem ispunjavaju zakonska obeležja pomenutih krivičnih dela.