Over 150 years ago, the Russian author Fyodor Dostoyevsky wrote how the human mind can convince itself that committing a crime can be somehow justified by the 'good' that such actions can bring to society in general. Such a criminological theory has been studied at length and entire volumes published but how such theories have evolved in our internet age has only recently been appreciated.
The explosion in the international media of the acts and misdeeds of renegade groups such as Anonymous and Lulzsec has made us reconsider this age old question of whether crime can ever be justified.
It made us rethink whether our present computer misuse legislation is really sufficient to curb or deter such online criminal acts especially hacking and whether the punishments prescribed in our laws should make any distinction between acts of hacking groups and acts of cyber-thieves.
Earlier this month, four alleged UK hackers linked to the Anonymous and Lulzsec groups were granted bail after their arrest. They were charged with conspiring to commit offences under the UK Computer Misuse Act and as part of a wider joint investigation by the FBI and the British Police in relation to a series of unauthorised intrusions and other forms of cyber-attacks targeting multinational companies, public organisations as well as government bodies.
Many have questioned once again the leniency which the courts have showed in granting bail to these individuals and whether one should consider increasing the penalties relating to such offences.
The issue of whether present criminal penalties for cybercrimes are adequate as well as the various ways in which different jurisdictions provide for punishment in cybercrime cases has come to the fore recently in the case involving a Russian hacker.
Viktor Pleshchuck was found guilty of the theft of $9 million from RBS's Worldpay service through a highly complicated ATM scam involving 2,100 bank cash machines spread throughout the world in just 12 hours. Yet he managed to get a suspended six-year jail sentence and an order to pay $8.9 million in restitution. Pleshchuck managed to avoid the jail sentence by pledging to sell his property, which only raised $200,000 through auction in St Petersburg.
While one can easily distinguish between acts of cyber-terrorism where the offenders are not making any direct financial gain from other acts of cyber crime whose ultimate motive is financial gain, one cannot but not notice the fact that the ways in which cyber crimes are punished might need to be re-assessed.
The Convention of Cybercrime of the Council of Europe, also known as the Budapest Convention, succeeded in classifying the list of substantive cyber crimes, which list was used as a model for the transposition of such laws into national legislation. However, the level of punishment and jail sentences applicable to each substantive crime was left up to the states members to the Convention.
Under our Criminal Code, offences relating to computer misuse, such as hacking, unauthorised use or modification of computers and computer systems and password theft are punishable upon conviction by a fine not exceeding €23,294 or to imprisonment for a term not exceeding four years, or to both such fine and imprisonment.
Our law also provides higher penalties in situations where offence constitutes an act which is in any way detrimental to any function or activity of government, or hampers, impairs or interrupts in any manner whatsoever the provision of any public service or utility, whether or not such service or utility is provided or operated by any government entity.
In these cases the punishment is increased to a fine not exceeding €116,469 or to imprisonment for a term from three months to 10 years, or to both such fine and imprisonment.
But are these punishments enough when one considers the huge impact that some of these offences have in the political and business worlds, even though the offenders might have not actually personally gained from their deeds?
So far, Malta has not been the centre of such high profile cases relating to cyber terrorism but it is debatable whether, in the situation that such offences would be tried in Malta, the courts would decide to give the highest punishments possible, especially in cases where no direct financial benefit was achieved by the offender.
The ease with which anyone can get hold of the technological tools by which cyber crimes can be committed as well as the changing ways in which cybercriminals launch their attacks are constantly making the lives of law enforcement agencies more difficult.
The proliferation of distributed denial of service attacks, which are very complicated to prosecute, as well as the increase in more traditional forms of cybercrime might lead us to the conclusion that we should distinguish between those forms of cyber offences which are directed towards financial gain and others which are the work of cyber anarchists and thereby differentiating in the punishment given. Tricky question indeed.
Nevertheless, it could be well argued that some of the members of Anonymous or any other online fraternity of hackers consider themselves as the online versions of Rodion Romanovich Raskolnikov (the main protagonist in Crime and Punishment) in the sense that they mostly believe that their actions are justified due to the ultimate benefit that society in general would attain out of their actions irrespective of the fact that their own actions are in clear terms criminal in nature. A recurring theme in the minds of these online anarchists is that the end justifies the means.
But is crime ever permissible in pursuit of an 'alleged' or perceived higher purpose?
Surely not. What is certain is that Raskolnikov might have made an ideal Anonymous member even though his own personal financial gain would also have played an important part in his actions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.