2. The concept of cybercrime and related concepts

2.2. Classification of cybercrime forms

I believe that if we want to address the issue of cybercrime, it would be appropriate to at least define the parameters that delineate this crime. At the end of this subchapter, I want to present to the reader some classifications of cyber (or computer) crime as perceived by different procedural rules and various authors or organisations that are engaged in the fight against cyber crime. I also want to demonstrate in these categories the genesis of the view of the issue of cybercrime.

1.   Classification according to the Convention on Cybercrime and according to the Additional Protocol.

The Convention on Cybercrime divides cybercrime into four categories:

1.   Offences against the confidentiality, integrity and availability of computer data and systems,

2.   Computer-related offences,

3.   Content-related offences,

4.   Offences related to infringements of copyright and related rights.

The Additional Protocol then defines other cybercrimes:

1.   Dissemination of racist and xenophobic material through computer systems,

2.   Racist and xenophobic motivated threat,

3.   Racist and xenophobic motivated insult,

4.   Denial, gross minimisation, approval or justification of genocide or crimes against humanity.

2. Classification of the Committee of Experts on Crime in Cyberspace

According to the Statute of the Council of Europe’s Committee of Experts on Crime in Cyberspace from 2000, cybercrime can be divided into:

1.   According to position of the computer when committing a crime:

-       target of the attack;

-       means (tool) of the attack.

2.   According to type of act:

-       traditional infringements (such as counterfeiting, etc.)

-       new infringements (such as phishing, DDoS etc.)

3. Classification according to eEurope+

This document divided computer crimes into:

1.   Crimes that violate privacy

-       Illegal collection, storage, modification, disclosure and dissemination of personal data.

2.   Crimes related to computer content

-       Child pornography, racism, incitement to violence, etc.

3.   Economic

-       Unauthorised access, sabotage, hacking, virus transmission, computer espionage, computer forgery and fraud.

4.   Crimes related to intellectual property[1]

4.Classification of computer crime according to criminology

Porada a Konrád[2] divide cybercrime into five basic groups.

1.   Unauthorised tampering with input data

-       change of input document for computer processing,

-       creation of a document containing false data for subsequent processing of data by computer,

2.   Unauthorised changes to stored data

-       manipulation of data, unauthorised tampering with them and subsequent return to normal,

3.   Unauthorised instructions for computer operations

-       direct instruction to perform the operation or to install the software performing the operations automatically,

4.   Unauthorised intrusion into computers, computer system and its databases

-       informative access to the database, without the use of information,

-       unauthorised use of information for personal use,

-       changes, destruction or replacement of information by others,

-       illegal “interception” and recording of electronic communications traffic,  

5.   Attack of another's computer, software and files and data in databases

-       creation of attack programs,

-       introduction of a virus into the computer software,

-       infection by viruses or other programs.

5.Europol's focus on certain types of cybercrime by severity

Europol respects the Convention on Cybercrime and abides by the breakdown of the offences contained therein. The European Cyber ​​Crime Centre (EC3)[3] has been set up within Europol to support the fight against cybercrime and assist Member States. This team has clearly stated its scope of activity in the fight against cybercrime and has identified the following three areas (focal points – FPs) it deals with:

1.   FP TERMINAL – Payment fraud. A group dedicated to providing support in online fraud.

2.   FP Cyborg – High-Tech Crimes. A group dedicated to and providing support for various cyberattacks affecting critical infrastructure[4] and information systems. In particular, these are attacks such as: malware, ransomware, hacking, phishing, identity theft etc.

3.   FP Twins – Child Sexual Exploitation. A group dedicated to and providing support in the investigation of child sexual abuse.

6.   Classification of cybercrime according to its “relationship” to the digital environment

With the development of cybercrime as such, an opinion has come to the forefront in recent years that propounds the possibility of viewing cybercrime as an act that could be described as “pure” or “genuine” cybercrime. Only those cyberattacks that took place in cyberspace and whose goal and tool was a computer system or data could be subsumed under such conduct. Typically, these are attacks identified as hacking, DoS, DDoS attacks, attacks on critical infrastructure, etc.

Other crime committed in the cyberspace environment is only considered as the transfer of “old” or “ordinary” criminal conduct into the new digital environment.

According to the above division, it would then be possible to understand cybercrime in a:

-       Narrow concept (“pure” cybercrime);

-       Broad concept (“ordinary” criminal conduct in a new environment).

Other possible classifications of cybercrime

There are many other methods of classification, to illustrate another possible division of cybercrime.[5]

At this point, I would like to mention my classification based on my own findings obtained especially in the interpretation of cybercrime at various seminars or conferences.

In a simplified way, it can be stated that cybercrime can be viewed from three perspectives:

1.   According to the frequency (nature) of attacks:

a)    copyright infringement (see Internet (computer) piracy. Within cyberspace, this act involving the infringement of intellectual property prevails. Efforts to combat this phenomenon are particularly evident on the part of private copyright organisations.);

b)    other cyberattacks (see manifestations of cybercrime. Except Internet (computer) piracy.).

2.   According to punishability by criminal law:

a)    conduct resolved by criminal law – some of the mentioned acts subsumable under the objective element of crime;

b)    conduct not addressed (unpunishable) by criminal law – some of the mentioned acts cannot be subsumed under the legal objective elements of the criminal offence, even using an admissible analogy[6].).

3.   According to the degree of tolerance by the majority society:

a)    conduct tolerated by society (copyright infringement conduct is most tolerated);

b)    conduct not accepted by society (e.g. child pornography, etc.).


[1]For more details: JIROVSKÝ, Václav. Kybernetická kriminalita nejen o hackingu, crackingu, virech a trojských koních bez tajemství. Prague: Grada, 2007, p. 92

[2]For more details: STRAUS, Jiří et al. Kriminalistická metodika. Plzeň: Aleš Čeněk, 2006, pp. 272–274

[3]CombatingCybercrime in a Digital Age. [online]. [cit.7.5.2018]. Available from: https://www.europol.europa.eu/ec3

[4] Regarding the definition of the term critical infrastructure, in the Czech Republic (in the case of cyberspace) it is necessary to proceed from the Act on Cybersecurity and on the amendment of related acts (the Act on Cybersecurity). Hereinafter referred to as the Act on Cyber​​security, or AoCS. In Section 2 (b), this act defines the term of critical information infrastructure and the critical infrastructure element or system.

The definition of the term “critical information infrastructure” is based on the legislation governing the area of ​​crisis management. Critical information infrastructure is a part of critical infrastructure, which is defined by Act No. 240/2000 Sb., on Crisis Management and on Amendments to Certain Acts (Crisis Act) as amended (hereinafter referred to as the “Crisis Management Act”). In order to be included in the critical information infrastructure, a certain information system or service and electronic communications network must meet the definition criteria of the critical infrastructure as well as the critical infrastructure element defined by the Crisis Management Act and the cross-sectional and branch-specific criteria set by Government Decree No. 432/2010 Sb., on the Criteria for Determining the Critical Infrastructure Element.

Point VI has been inserted in the branch-specific criteria for determining the critical infrastructure element since the effectiveness of the act and cybersecurity. “Communication and information systems", G: cybersecurity. Branch-specific criteria for the identification of a given information system, service or electronic communications network by a critical information infrastructure are set here.

However, this definition only applies to the area of ​​cybersecurity. In general, it is possible to define critical infrastructure as follows:

1.   Critical infrastructure means an element of critical infrastructure or a system of elements of critical infrastructure disruption, the function of which would have a significant impact on the security of the state, the provision of basic living needs of the population, human health or the state economy.

2.   Element of critical infrastructure means a building, facility, tool or public infrastructure determined according to cross-sectional and branch criteria, which are set by Government Decree No. 432/2010 Sb., on Criteria for Determining the Element of Critical Infrastructure.

3.   The cross-sectional criterion for determining the critical infrastructure element is the aspect of

a) victims with a threshold of more than 250 deaths or more than 2,500 persons with subsequent hospitalisation for more than 24 hours,

(b) an economic impact with the state’s economic loss threshold higher than 0.5% of gross domestic product, or

(c) an impact on the public with a threshold of a large-scale restriction on the provision of essential services or other serious interference in the daily life of more than 125,000 people.

[5] Cf. PROSISE, Chris and Kevin MANDIVA. Incident Response & Computer Forensic, second edition. Emeryville: McGraw-Hill, 2003, p. 22 et seq.

Then e.g. CyberCrime. [online]. [cit.1.2.2015]. Availablefrom:http://www.britannica.com/EBchecked/topic/130595/cybercrime/235699/Types-of-cybercrime; etc.

[6]Analogy means subsuming a case not explicitly stated in the criminal law under a similar statutory provision, specified in the law. In contrast to the wider interpretation, a provision is used by analogy which, according to its meaning, does not apply to the subsumed case. A wider interpretation is made in accordance with the purpose of the criminal law and within its limits, while the analogy goes beyond these imaginary boundaries. By using an analogy, gaps in the laws are filled. It deals with cases that a legislator failed to regulate by a legal norm. Within the Czech  and Portugal context, they cannot be used to the detriment of an offender (in malam partem).