Criminal LawInformation Technology LawInformation Crimes and Cyber Security: The Real Dangers of the Virtual World

Crimes Behind the Keyboard

While digital transformation has made our lives easier, it has also opened up a new and unlimited field of activity for the criminal world. Crimes are now committed not only on the streets but also in cyberspace, behind keyboards and screens. Cybercrimes cover all illegal acts targeting or committed through a computer system or network. In this article, we will examine the main cybercrimes specifically regulated in the TPC, their elements and how the law provides protection against these virtual threats.

Criminal Offence of Entering an Information System (TCK 243)

This offence forms the basis of the act known as “hacking” and is the starting point for many other offences in the IT field.

• Definition: “A person who unlawfully enters or remains in the whole or part of an information system.”
• Elements:
  1. Unlawfulness: Entry into the system must be made without the consent of the system owner or a provision of law.
  2. Entering or Continuing to Stay: “Entering” means gaining access to the system. “Staying in” means to remain in the system after having entered it in accordance with the law, even though it is necessary to leave it.
• Penalty: Imprisonment up to one year or judicial fine.
• Qualifying Circumstance: If the data in the system is destroyed or altered as a result of the intrusion, the penalty increases from six months to two years in prison. This offence is usually a preliminary step for the commission of more serious offences (data theft, fraud, etc.).

Offence of Blocking, Disrupting, Destroying or Changing the System (TCK 244)

This article penalises more destructive acts targeting the functioning of information systems and data integrity.

• Preventing or Disrupting the Functioning of a System (TCK 244/1): Acts that prevent or disrupt the functioning of an information system. For example, organising a DDoS (Distributed Denial of Service) attack against a website and making it inaccessible constitutes this offence. The penalty is imprisonment from one to five years.
• Distorting, Destroying, Altering or Making Data Inaccessible (TCK 244/2): These are acts that unlawfully disrupt, destroy, alter, make inaccessible or place new data in an information system (text, picture, sound, programme, etc.). For example, deleting a company’s customer database or changing a student’s grades falls within this scope. The penalty is imprisonment from six months to three years.

Offence of Misuse of Debit or Credit Cards (TCK 245)

This offence is the most common of the financial IT offences and directly targets the assets of individuals.

• Definition: “Obtaining a debit or credit card belonging to another person, by any means whatsoever, and using it or having it used without the consent of the cardholder in order to benefit oneself or another person.”
• Forms of Offence:
  1. Using a physically stolen or found card: Withdrawing money from an ATM or making purchases from a POS device with a stolen card.
  2. Producing or Using Fake Cards (Carding): Producing and using fake cards by copying the card information of others (with skimming devices, etc.).
  3. Shopping online with compromised card details: Spending online with card details obtained through phishing or data leaks.
• Penalty: Depending on the way the offence is committed, imprisonment from three to seven years and a judicial fine are foreseen.

Combating Information Crimes and Investigation Process

Investigation of cybercrimes requires special expertise and technical knowledge.

• Evidence Detection: Digital forensic analysis is performed on materials such as computers, servers and mobile devices where the offence was committed. Digital traces such as IP addresses, log records, metadata and deleted files are followed.
• Determination of IP Address: IP address is one of the most important evidence in reaching the identity of the perpetrator. However, perpetrators may use technologies such as VPN, Proxy to hide their identities, which complicates the investigation.
• International Co-operation: Cybercrimes are often transnational in nature. The perpetrator may be in one country, the victim in another, and the servers in a third country. In this case, judicial co-operation between countries and extradition processes come into play.

Cybercrimes represent the dark side of the digitalised world. Although the Turkish Penal Code has drawn a legal framework with special regulations against these new generation offences, the laws and combat methods need to be constantly updated in the face of the rapid development of technology. In the fight against these crimes, it is of vital importance not only to increase the technical capacity of law enforcement agencies and strengthen international cooperation, but also to raise awareness of individuals about cyber security, use strong passwords, be careful against phishing attacks and protect their personal data.