Cyber-attacks detection and prevention

Identity theft is an attack in which a virtual identity is stolen [1] , or it is a takeover of control (permanent or temporary) of this identity. The motive for an attacker's actions may be financial gain, but also other benefits, such as access to information about other people, access to company data, etc., which are associated with the fact that an attacker acts on behalf of another person.

The actions of an attacker usually consist of several illegal actions at once. The first crime in identity theft is hacking into access data or installing malware on a victim's computer system in order to gain access to a virtual identity.

After gaining access to an identity of an attacked person, the information obtained may be misused to attack this person and the identity may be misused to attack another person. An attack on another victim through a stolen identity is much easier for an attacker because this second victim by default has no information about changing the identity of the person (the first victim), with whom, for example, regularly communicates and exchanges sensitive data.

If I return to the issue of botnets in this context, one of the typical tasks of malware that is installed when a computer system is connected to a botnet network is the automatic extraction of data about users of the infected computer system – i.e. identity theft. Botmaster can then use the obtained data at any time by impersonating a certain person or selling this data to third parties. [2]

Typically, stolen identities are used to:

-       carrying out phishing or malware attacks within the list of users with whom a person with a stolen identity communicates,

-       sending spam,

-       obtaining information that is not publicly available (for example, information on the structure of a company, security settings for other services, etc.),

-       gaining access to other services. Many online services allow you to change your password just by entering your e-mail address. Due to the fact that an attacker controls an e-mail box of an attacked person, the access data can be changed in a number of other services that are associated with this e-mail box.

Possibilities of criminal sanctions in the Czech Republic

If a security measure is overcome and unauthorised access to a victim's identity is obtained, the features of the crime according to Section 230 (1) (Unauthorised Access to Computer Systems and Information Media) of the Criminal Code will be fulfilled. When using malware for the same purpose, an attacker commits an act under Section 230 (2) of the Criminal Code. If the aim of identity theft is to obtain an unjustified benefit for oneself or another, it is also possible to apply the provisions of Section 230 (3) of the Criminal Code.  In the event that an attacker steals an identity with the aim of deceiving another, i.e. misleading somebody in order to enrich himself/herself, such conduct could also be assessed in accordance with Section 209 (Fraud) of the Criminal Code.

Possibilities of criminal sanctions in Poland

Pursuant to Art.190a § 2 of the Penal Code anyone who, impersonating another person, uses his image or other personal data in order to inflict material or personal damage on him faces a penalty of up to three years imprisonment.

Possibilities of criminal sanctions in Portugal

Pretending to be someone else is no longer criminalised. However, the creation of inauthentic data for legally relevant purposes would be considered as aComputer-related forgery (Art. 3 of the Cybercrime Law). Besides, being the purpose of such impersonation a fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person, on the expenses of the victim, it would also be considered as aComputer-related fraud (Art. 221(1) of the Criminal Code).