Cyber-attacks detection and prevention

Sniffing is a method of illegal interception of data passing through a computer network during communication between a provided service and a computer system via a sniffer. ^[1]

Technically, sniffing means capturing and reading TCP packets. From a security point of view, sniffing can also be described as network monitoring or network operation monitoring, and it is one of the standard tools for network diagnostics, or diagnostics of anomalies in network operation. Network monitoring is then able to display, for example, non-standard communication of a computer system infected with malware, etc. The network administrators' own activity in the case of network monitoring is not illegal (unless they commit further actions that could establish possible legal liability – such as installing a keylogger or other malware on a computer system without the user's knowledge), as it allows maintaining and managing a computer network.

A number of tools are used to monitor network traffic (e.g. Wireshark [2] , NetWorx, PRTG Network monitor, etc.).

For sniffing to fall under one of the categories of cybercrime, it is necessary for a person performing this activity to act illegally, typically without the consent or knowledge of a user. Using data captured by sniffing, an attacker is able to extract and compose sensitive information about a user, such as login data (username and password), e-mail or VOIP communication, information about used services, etc. Malware in the form of Trojans, keyloggers or spyware can also be used for sniffing.

Password Sniffer Spy. Names and passwords are blurred. ^[3]

Possibilities of criminal sanctions in the Czech Republic

Such activity could practically be described as illegal interception and recording of telecommunications traffic. The conduct described above will certainly interfere with fundamental human rights and freedoms, in particular Article 13 of the Charter, and it is completely indifferent whether illegal sniffing is carried out by an external attacker or by a network administrator. According to the norms of criminal law, it would be possible to subsume such conduct under Section 182(1) (Violation of the secrecy of transported messages) of the Criminal Code, and in case of misuse of information obtained in this way, it could be a criminal offence under Section 182 (2) of the Criminal Code. If the said illegal activity is performed by an employee of the operator of postal services, telecommunication services or computer system or anyone else performing communication activities, it could satisfy the objective elements according to Section 185 (5) of the Criminal Code.

Possibilities of criminal sanctions in Poland

In Poland sniffing is an offence punishable according to:

Breach of secrecy of communication (sniffing) - Article 267 § 3 of the Penal Code.

Possibilities of criminal sanctions in Portugal

Such act are placed within the scope of Illegal interception (Art. 7 of Cybercrime Law), but also the access to and the sharing of any contents might be considered a Breach of correspondence or telecommunications (Art. 194 of the Criminal Code).