Crimes with Information Network Infringement

Cases of intrusion into computers or information network systems (computer systems) without justifiable access privileges or access which exceeds permitted access privileges or causing damage, destruction, or alterations to systems, data, programs and causing disruptions (impairing performance or causing system failures) in communications networks (computer systems).

※ Includes a high level of technical elements and are crimes which entail direct attacks on computers and information network systems which may or may not use information network systems as a medium

Hacking

Actions involving intrusions upon information network systems without justifiable access privileges or access which exceeds permitted access privileges. (Information network regulations – includes hacking in a narrow sense and account theft)

※ Actions which involve bypassing the access control policies of resources such as computers or networks using abnormal methods or accessing after disabling them (definition of cybercrime manual).

Account theft

- Cases of randomly using another person’s account (ID, Password) without justifiable access privileges or access exceeding allowed access privileges

※ Currently, game account theft and general account theft are being counted separately but will be combined under account theft since separate classification is not useful

Simple intrusion

- Intrusion into computers or information networks without justifiable access privileges or access exceeding allowed access privileges

Data leak

- Leaking data after intruding into computers or information networks without justifiable access privileges or access exceeding allowed access privileges

Data damage (deletion, alteration, etc.)

- Damaging (deleting, altering, etc.) the information of others (including homepage modification) after intruding into computers or information networks without justifiable access privileges or access exceeding allowed access privileges

Denial-of-Service Attack (DDoS, etc.)

causing communication disruptions (system failure, performance impairment) by sending massive signals or data to an information network or by making the network handle wrongful commands

Malicious programs

The transfer or circulation or programs which can damage, destroy, alter, forge or disrupt the operation of information systems, data, or programs without justifiable reasons

Other Information Network System Infringement Crimes

  • Not classified as one of the three categories of crime related to information network system infringement mentioned above
  • Or, is a new form of crime which infringes upon information network systems and has not existed before
《 Examples of Other Information Network System Infringement Type Crimes 》

* Disruption of business through computer impairment (Criminal Law Section 314, Article 2)

  • Disrupting business by causing impairment of data processing by entering falsified information or wrongful commands into a computer or data processing device or by using other methods through information network systems (computer network)
  • However, cases of disrupting business by physical destruction of data processing device such as computers or special media records such as electronic data are excluded from being classified as cybercrime (destroying a computer with a hammer, etc.)

* Issuing another person’s certificate verification (Digital Signature Act Section 31, Clause 3)

  • Issuing or making it possible to issue certificate verification of another person under disguised ownership through information network systems (computer network)

Crimes involving the use of Information Network

Cases where information network systems (computer systems) are the main means to commit the acts which correspond to the fundamental elements of the crime.

※ Crimes which use computer systems to commit traditional crimes (crimes committed against internet users)

Internet Fraud

– Obtain valuables by fraudulent acts (acts of receiving) from victims through deception of the users by pretending to provide goods or service through information network systems (computer systems)

※ "Computer system" means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data (EU Convention on Cybercrime, Article 1).

– However, cases where transaction between victims and offenders occur through direct encounters are excluded from cybercrime statistics even if it involves fraudulent activities through the internet.

※ Meet off-line to obtain money or goods after fraudulent activities online  excluded

※ Obtain money through wire transfer online after fraudulent activities off-line  excluded

Direct Transaction Fraud

- Obtain money through fraud caused by the posting of false expressions regarding the exchange of goods through information network system (computer systems)

Shopping Mall Fraud

- Obtaining money through fraud by opening false internet shopping malls through information network system (computer systems)

Gaming fraud

- Obtaining money through fraud related to internet games such as game characters and game items through information network system (computer systems)

Other Internet Fraud

- Obtaining property gains through fraudulent activities through information network systems (computer systems) by means such as impersonating friends through online messengers to obtain money

. Electronic Communication Financial Fraud (Phishing, Pharming, Smishing, Memory Hacking, etc.)

  • Gaining financial profit or allowing a third party to gain financial gains through deception and blackmail of another through information network systems (computer system)
    • A. Actions which causes someone to transfer or wire funds
    • B. B. Actions which involves transferring or wiring funds by finding out personal information
  • However, false actions such as the supply of goods or provision of services are excluded (Section 2, Clause 2).

(2014. 1. 28. Partial amendments, 2014. 7. 29. Enactment)

* Penalty Regulations on Electronic Communications Financial Fraud (Newly Established, Enforced since Jul 29, 2014)

  • With the intention of committing electronic communications financial fraud,
    • ① Acts which cause others to input commands or information into a computer or data processing device (Section 15.2, Article 1, Clause 1 – sentence of 10 years or less & a fine of less than 1 billion won)
    • ② Acts of inputting commands or information into a computer or data processing device using the information obtained from another (Section 15.2, Article 1, Clause 2 – sentence of 10 years or less & a fine of less than 1 billion won)

* NewㆍModified Financial Crimes (Phishing, Pharming, Smishing, Memory Hacking, Etc.)

  • Currently, falls under various offenses such as information network law violations (distribution of malicious programs or intrusion) and criminal law (fraud using computers) but considering the fact that it is being penalized as “fraud using computers” in the field
  • According to new regulations enacted in Jul. 29, 2014, it is determined that special laws (electronic communication financial fraud) will be applied rather than “fraud using computers” under criminal law
  • Tabulated into subsections under the classification of electronic communication financial fraud.

Phishing

  • Combination of “Private Data” and “Fishing”
    • ① Send an e-mail impersonating a financial institution
    • ② Lead one to connect to a fake bank site by clicking on the internet address in the e-mail.
    • ③ Seize financial information through methods such as requesting the victim to input all the numbers on his security card
    • ④ Transfer funds from victims’ account to the account used for the crime

Pharming

  • Seizing financial information by operating victims’ PC which has been infected by malicious codes
    • ① The victim’s PC becomes infected with malicious codes
    • ② Connects to the phishing (fake) site even though the user connects to the normal homepage
    • ③ Seize financial information through methods such as requesting the victim to input all the numbers on his security card
    • ④ Transfer funds from victims’ account to the account used for the crime

Smishing

  • Combination of “SMS” and “Phishing”
    • ① When a person clicks on a link in an SMS message with titles such as “free coupons”
    • ② Malicious codes are installed onto the smartphone
    • ③ Micro payments may occur or privateㆍfinancial information may be stolen without the victim being aware of it.

Memory Hacking

  • Wrongful withdrawal of funds from one’s account just by inputting the first and last two digits on a security card at a normal bank site due to malicious codes residing in the memory of a victim’s PC
    • ① The victim’s PC becomes infected by malicious codes
    • ② Carrying out normal internet banking procedure (inputting the first and last two digits on a security card) and then clicking the transfer button
    • ③ Error repeatedly occurs (transfer information not transmitted)
    • ④ After a certain amount of time has elapsed, the criminal uses the same security card number and transfers the funds to the crime account

5) Other Electronic Communications Financial Fraud

- Newㆍmodified types of electronic communications financial fraud not included in the 4 types of new financial crimes mentioned above

 

Type Existing New / Modified
Phishing (Using a fake account)
Deceiving or blackmailing the victims to transfer or wire funds into a fake account number and withdraws the money from an ATM (Voice Phishing)
(Using a normal account)
Transferring funds from the victim’s account to a normal account owned by the seller without the victim being aware. Then the funds are changed into cash after the transfer.
(Impersonating the police or public institution )
Request personal or financial information impersonating the police or public institution [voice phishing]
(Impersonating the network service provider)
After altering the phone number to the number of the network service provider, request personal or financial information by disguising as an employee calling on issues such as failure to pay communication fees or phone giveaway events
Pharming (Leading to a fake internet banking site)
Steal security card number by leading victims to a fake internet banking site even though they connect to a normal internet banking site
(Leading to a fake internet portal site)
Steal all the numbers on a security card by leading victims to a fake portal site even though they connect to a normal portal site
Memory Hacking (Stealing security card numbers)
Steal funds after gaining the first and last 2 numbers on a security card by using malicious codes to launch a fake popup window during the process of internet banking
(Modifying the account number and transfer amount)
Transfer the money by using malicious codes to modify account information and transfer amounts during the process of internet banking
Smishing Text messages with free coupons or falsified transactions
When text messages that seem to contain free coupons or payment records are opened, malicious codes become installed and steal SMS verification numbers for micro-payments leading to financial loss through micro-payments via the cell phone.
Text messages impersonating acquaintances
When text messages with titles such as “wedding invitation” or ‘”birthday party” are opened, malicious codes are installed stealing personal information and the same fake text message with the same title is sent to all the contacts saved on the cell phone.

※ Dec. 3, 2013 Financial Supervisory Service, Comprehensive Countermeasures for Damage Prevention from NewㆍModified Electronic Communication Financial Fraud

※ However, cases of electronic communication financial fraud where offenders directly deceive or blackmail the victims to steal valuables through voice phishing are excluded from statistics.

PersonalㆍLocation Information Infringement

  • As crimes which infringe, steal, or leak the digitalized personal information of others through information network systems (computer systems)
  • Includes cases of illegally collecting, using, and providing others’ personalㆍlocation information through actions such as not gaining the consent of users or deceiving them through information network systems (computer systems)

      ※ It is considered to be personal infringement (Information Network Law Article 49.2, Clause 1) even in cases where personal information of others has been collected through fraudulent activities but fraud has not been carried through.

Cyber Copyright Infringement

– Infringement of rights towards digitized works or computer programs through information network systems (computer systems)

Spam Mail

– Actions which involve transmitting advertisement information about goods or service prohibited by the law and prohibited technical actions related to such acts through information network systems (computer systems) (Information Network Law Article 74, Section 1, Clause 4 & 6).

※ Transmitting advertisement information against the will of others  excluded from cybercrime (Information Network Law Article 76, Section 1, Clause 7 – impose fine)

- Although it is a case of transferring goods and service prohibited by law, considering that there are penalty regulations for prohibited technical actions related to this, it is included in the category of crimes using information network systems and not as an illegal contents crime.

Other Types of Crime Using Information Network Systems

  • Among crimes which the fundamental elements of the crime are carried out through the use of computer systems or communications networks (computer systems)
  • Cases which cannot be classified under the 5 categories mentioned above (internet fraud, electronic communications financial fraud, personalㆍlocation information infringement, cyber copyright infringement, spam mail)

* Fraud Using Computers (Criminal Law Section 347.2)

– Gaining property gains through fraud by allowing data processing to occur by inputting falsified information or wrongful commands in data processing devices such as computers through information network systems (computer systems)

* Transactions by Means of Electronic Money (Electronic Financial Transaction Act Section 49, Article 1, Clause 7 & 9)

  • In cases where transactions have been made using electronic money under the name of other stores through information network systems (computer systems)
  • In cases where transactions have been made using electronic money under the name of a store created by an individual through information network systems (computer systems)

* Violations Related to Certification of Information Network Systems (Information Network Law Section 74, Article 1, Clause 1)

– In cases where a person without certification displays or sells a product marked as having passed standard tests or marked with a similar certification through information network systems (computer systems)

Crimes involving Illegal Contents

Concept of Illegal Contents Crime

- The distribution, sale, lease, or display of goods, services, or information which is prohibited by law through information network systems (computer systems)

※ In cases where the contents being distributed through information network systems is illegal(Utilized terminology found in Section 44.7 of the Information Network Law)

Cyber Pornography

- Publicly displaying, leasing, selling, or distributing pornographic video, sounds, images, words, or signs through information network systems (computer systems)

1) General pornography

- The display, lease, sale, and distribution of contents which arouses sexual excitement by stimulating the sexual desires of a person and goes against normal moral standards toward sex through information network system (computer systems)

2) Child pornography

- The distribution, sale, lease, display of contents which contain people who are clearly recognizable as children or teens engaging in sexual intercourse, similar sexual acts, acts which cause sexual shame or repulsion, masturbation, or other sexual acts through information network system (computer systems)
(Refer to the definition provided in section 2 of the Laws on the Protection of Children and Teenagers from Sexual Offenses))

Cyber Gambling

- Gambling (or acts of gambling) or opening gambling sites through information network systems (computer systems)

※ There are only prohibition regulations under the information network laws and no penalty regulations, but considering the fact that this can cause a serious social problem, it has been included as a cybercrime after policy considerations.

1) Sports Toto

- gambling (including all gambling acts) by using sports promotion voting or systems which issue similar ballots through information network systems (computer systems)

2) Horse Racing, Bicycle Racing, or Boat Racing

- gambling (including all gambling acts) through racing such as horse racing, bicycle racing, or boat racing through information network systems (computer systems)

3) Other Internet Gambling

- gambling by opening gambling sites for the purpose of gaining profits through other methods other than the ones mentioned above through information network systems (computer systems)

Cyber DefamationㆍInsult, Cyber Stalking

Cyber DefamationㆍInsult

- Cyber defamation : defaming others through information network systems (computer systems) (information network law section 44.7 article 1 clause 2)

- Insult : unnecessarily insulting another through information network systems (computer systems)

Cyber Stalking

- Allowing symbols, words, sounds, images, or video which cause fear or anxiety to repeatedly reach another through information network systems (computer systems) (information network law section 44.7 article 1 clause 1)

Other Illegal Contents Crime

- Crimes which are committed through the distribution, sale, lease, or display of goods or services prohibited by law through information network systems (computer systems)

- Illegal contents crime which do not fall under any of the 4 categories (cyber pornography, cyber defamation•insult, cyber stalking, cyber gambling) mentioned above

《 Examples of Other Illegal Contents Crime 》

Not Indicating and Providing Harmful Media Contents for Teens for Profit Making Purposes, Advertisement and Exhibition of Harmful Media Contents for Teens(Information Network Law Section 73, Article 2, Clause 3)

- In cases where non-indicated harmful media contents for teens are provided for profit making purposes or in cases where they are advertised or exhibited among contents being distributed through information network systems (computer systems)

*Creating False Citizen Registration Numbers and Using it for Financial Gain (Citizen Registration Act Section 37, Clause 1)

  • In cases of where false citizen registration numbers are created for the purpose of property gains for oneself or for another through information network systems (computer systems)

* Delivering or Distributing False Citizen Registration Number Generators (Citizen Registration Act Section 37, Clause 1)

  • Delivering or distributing programs which generate false citizen registration numbers through information network systems (computer systems)
《 ※ Reference Related to the Concept of Illegal Contents Crime 》

* Utilized terminology used in section 44.7 of the Information Network Law for the main classification titles (illegal contents)

  • basic : included crimes as cyber crimes for those with penalty regulations for illegal information distribution under the Information Network Law
  • additional : added crimes such as cyber gambling under the classification of cyber crimes considering the fact that it is becoming a social problem and with consideration for policy

* Information Network Law Section 44.7 (prohibition of distribution of illicit information, etc.) Article

  • Section 44.7 Article 1 Clause 1 Cyber Pornography ⇒ penalty clause section 74 article 1 clause 2
  • Section 44.7 Article 1 Clause 2 Cyber Defamation ⇒ penalty clause section 70 article 1 clause 2
  • Section 44.7 Article 1 Clause 3 Cyber Stalking ⇒ penalty clause section 74 article 1 clause 3
  • Section 44.7 Article 1 Clause 5 Harmful Contents to Teenagers ⇒ no penalty clause in the Information Network Law(penalty clause in the Teenager Protection Act)
  • Section 44.7 Article 1 Clause 6 cyber gambling ⇒ no penalty clause in the information network law (penalty clause in various special laws and criminal laws)

* Child-pornography is included under content-related offenses among the types of cybercrime in the EU Cybercrime Agreement

* “Hate speech, child pornography, etc.” are included in the UNODC report under content-related acts category