The access to a computer system, as referred to by Article 42, Title III of Law no. 161/2003 (known as the Romanian cybercrime law), is about entering the whole or any part of a computer system, irrespective of the communication method, directly maneuvering the system, or remotely through different network connections.
In its simplest form, the access to a computer system implies an unauthorized interaction between the culprit and the targeted devices or computer components, usually by switching the computer on, using the keyboard or the mouse, printing a document, browsing folders, opening files, running software, and processing data with the purpose of acquiring information.
There will also be the case of illegal access when the culprit, using his own devices or computers, finds a way to enter (to access) remote information resources (workstations, servers etc.) in the same or a different network.
In order to get access to a computer system, the attacker usually tries various tools and methods, such as: password-based attacks, free-access attacks, exploiting vulnerabilities, IP or TCP hijacking-type attacks.
A very interesting method relies on the human hacking, namely the “social engineering”. Despite it is almost unknown by the regular users, this seems to be one of the most dangerous form of access-gaining attack. Generally, social engineering is tricking somebody into determining to perform certain actions that he would normally not do. Might be the case of an elicited system administrator who calls the victim (PC user), launch a fake scenario and trick him into revealing his password or personal data. Nevertheless, this only happen because of the weak education in Cybersecurity.
In most of the judicial cases recorded in Romania, the culprits acted with the aim at obtaining information (not just simply accessing the systems), which generally meant:
a) Seeing the data displayed on the computer screen;
b) Printing a file
c) Running relevant software (e.g. word-processors, database, email, CRMs etc.)
There are different opinions on the possible indictment regarding the illegal access to a computer system by using a “password-based attack”:
- When the password is guessed, deduced or known in any way by the attacker, the access is clearly not authorized (or illegal), but technically doesn’t seems to be done by infringing the security measures. That perspective, in the Romanian legislation, could lead (or not) to a police custody for the period of prosecuting and trial, and even afterwards in the prison term (3 to 12 years).
- When the password is somehow cracked (by using password-cracker software, brute forced or similar), there will be a clear aggravating circumstance of the crime, and the measures taken by the law enforcement institutions are fully sustained.
Another controversial issue is the connection to wireless Internet.
Incadrare juridica acces la posta electronica