info@gunaydinhukuk.org
Babacan Port Royal Residence B Block Flat:26 Kucukcekmece / Istanbul

Follow Us:
 
E-PAYMENT

Criminal LawInformation Technology LawWhat are Information Crimes? Dangers of the Digital World within the Scope of TCK

Comprehensive Guide to Information Crimes: Digital Crimes, Penalties and Ways of Protection Regulated in the Turkish Penal Code

With the penetration of technology into every aspect of our lives, the concept of crime has also undergone a digital transformation. Crimes are now committed not only in the physical world but also in cyberspace. The Turkish Criminal Code (TCC) has not remained indifferent to these new types of offences and has introduced special regulations under the title of “Offences in the Field of Informatics” (Art. 243-246). These offences pose serious threats in a wide range of areas, from the privacy of personal data to financial security, from the continuity of public services to the privacy of private life. It is of great importance that both individuals and organisations are aware of these digital dangers and know their rights. In this article, we will examine in detail the main cybercrimes regulated in the TPC, their elements, penalties and ways of protection from these crimes.

1. The Offence of Hacking into an Information System (Art. 243 TPC) – “Hacking” This offence is the most basic and most well-known form of cybercrime.

  • Definition: Entering or remaining in the whole or part of an information system unlawfully and non-consensually. Merely entering the system is sufficient for the offence to occur; no intent to cause damage or steal data is required.
  • Verbs
    • Penetration: Gaining unauthorised access to the system by methods such as password cracking, exploiting security vulnerabilities.
    • Continue to Stay: Continuing to stay in a system entered as authorised after the authorisation period expires.
  • Penalty: Imprisonment up to one year or judicial fine.
  • Qualified Conditions (Conditions Increasing the Penalty):
    • If the hacked system is a system that can be utilised for a fee (e.g. a paid broadcasting platform), the penalty is reduced by half.
    • If the data in the system is destroyed or changed as a result of this act, imprisonment of six months to two years shall be imposed.

2. Offence of Obstructing, Disrupting, Destroying or Altering the System (Art. 244 TPC) – “Sabotage” This offence is a more serious type of offence that targets the functionality and data integrity of information systems.

  • Definition: Preventing or disrupting the functioning of an information system or disrupting, destroying, changing, making inaccessible, placing data in the system or sending existing data to another location.
  • Verbs
    • Blocking/Corrupting the System: Making a website inaccessible with DDoS (Distributed Denial of Service) attacks, making a computer inoperable by infecting it with a virus.
    • Destroying/Changing Data: Deleting a company’s customer database, changing bank records, infecting the system with ransomware to encrypt data and make it inaccessible.
  • Penalty: Imprisonment from one to five years.
  • Qualifying Circumstances:
    • If the offence is committed on the information system of a bank or credit institution or a public institution, the penalty is increased by half.

3. Offence of Misuse of Debit or Credit Cards (Art. 245 TPC) This offence is one of the most common digital forms of financial fraud.

  • Definition: Obtaining a debit or credit card belonging to another person by any means whatsoever and using it without the consent of the cardholder to benefit oneself or another person.
  • Verbs
    • Using a Physically Stolen Card: Withdrawing money from an ATM or shopping with a stolen card.
    • Obtaining Information (Phishing): Obtaining people’s card information (card number, expiry date, CVV code) through fake websites, emails or messages and shopping online.
    • Card Skimming: Copying card information and producing fake cards with devices placed in ATMs or POS devices.
  • Penalty: Imprisonment from three to six years and judicial fine up to five thousand days.
  • Qualifying Circumstances:
    • If the offence is committed using a card that has been forged or counterfeited, the penalty is four to seven years’ imprisonment.
    • The penalty is increased if the offence is committed through an information system (e.g. phishing) or if the offence is committed by an employee of a bank or credit institution.

4. The Offence of Prohibited Devices or Programmes (Art. 245/A TPC) This offence targets the production and trade of tools that facilitate the commission of other cybercrimes.

  • Definition: Manufacturing, importing, selling, transferring, purchasing or possessing a device, computer programme, password or other security code, knowing that it is made exclusively for the commission of cybercrimes or for the commission of crimes against bank/credit cards.
  • Examples: Malware (malicious software), keylogger (keyboard listening programme), password cracking software, card copying devices.
  • Penalty: Imprisonment from one to three years and a judicial fine up to five thousand days.

Ways of Protection from Information Crimes:

  • For Individuals: Use strong and different passwords, activate two-factor authentication, do not click on links in suspicious e-mails, avoid banking on public Wi-Fi networks, keep your antivirus programme up-to-date.
  • For Organisations: Use firewalls and intrusion detection systems, provide regular cyber security training to employees, establish data backup policies, regularly check system logs, and prepare a cyber incident response plan.

Investigation and Evidence Collection: Investigation of cybercrimes is a more technical process than classical crimes. Digital evidence (log records, IP addresses, deleted files) on the computers or servers where the offence was committed must be collected in a proper manner, by taking “forensic copies” (images) and protecting the integrity of the evidence. Digital evidence collected unlawfully may be deemed invalid in court.

Cybercrimes represent the dark side of our digitalised world. Although the Turkish Penal Code provides an important legal basis for combating these crimes, the most effective protection method is to raise awareness and take proactive measures. It is vital for both individuals and organisations to take cybersecurity seriously, to implement the necessary technical and administrative measures to protect their digital assets, and to prevent the loss of evidence by taking legal action immediately if they are victims of a crime. Due to the technical complexity of the legal processes in this area, seeking the support of an IT law expert is a critical step to properly protect rights.

previous
E-Commerce Law: Distance Sales Contracts and Consumer Rights
next
Electronic Signature and Legal Validity
https://gunaydinhukuk.org/wp-content/uploads/2022/05/ghb-1.png
Babacan Port Royal Rezidans Kartaltepe Mah. 1. Malazgirt Cad. No:6/2 B Blok Daire:26 Küçükçekmece / İstanbul
0212 951 05 15
info@gunaydinhukuk.org

Takip Edin:

SAYFALAR

FAYDALI LINKLER

YASAL UYARI

Bu web sitesinde yer alan içerikler Avukat & Müvekkil ilişkisi oluşturmaya yönelik değildir ve bir davet veya reklam olarak dikkate alınmamalıdır. Web sitesinde bulunan tüm içeriklerin telif hakkı Av. Cemal Vehbi GÜNAYDIN’a aittir. Web sitesindeki içeriklerin izinsiz bir şekilde kopyalanarak veya kısaltılarak başka web sitelerinde yayınlanmasının tespiti halinde hukuki ve cezai işlem uygulanacaktır.

© 2025 Günaydın Hukuk Bürosu – Tüm Hakları Saklıdır.