Cybercrime can pose a serious risk to businesses and individuals. Anyone facing that risk - or facing cybercrime allegations themselves - needs advice from those with the necessary specialist skills.
Cybercrime is growing and the threat it poses to individuals and businesses is rising and evolving and the number of legal issues it presents is also on the increase.
This is why you have to seek representation from lawyers with in-depth working knowledge of this developing area of law if you are either affected by it or accused of it.
Criminal activity that uses computers and / or the internet is cybercrime. Cybercrime can involve situations where the computer is the centre of the activity: offences such as hacking, phishing, spamming and virus deployment. It can also be when a computer is the technology used to perpetrate another crime: offences such as fraud, identity theft, hate crimes and cyber stalking can all be carried out using computers.
Due to the developing nature of technology and the potential for it to be used for wrongdoing, companies and individuals need to be aware of the potential risks. It is possible to become involved in cybercrime – or be adversely affected by it - without knowing it until an investigation begins. If you are the subject of an investigation or you are affected by cybercrime you will need advice from specialists with the necessary legal and technical expertise.
At Rahman Ravelli, our expertise covers:
Cybercrime is not defined by borders. It can be carried out by, and targeted at, large numbers of people in a wide range of countries. This can mean that those involved in any aspect of a cybercrime investigation will need assistance from those with experience in dealing with law enforcement agencies and extradition and disclosure matters all around the world. At Rahman Ravelli, we are recognised for both our international legal expertise and our worldwide network of experts.
Most cyber fraud involves fraud by false representation, which is an offence under Section 2 of the Fraud Act 2006. The possession, making or supplying of any items that could be associated with such fraud is an offence under Sections 6 to 7 of the Act. In the case of cyber fraud, the likes of phishing kits and computer malware would be among items that would be covered by the Act.
Cyber fraud can take many forms, from the dishonest transfer of assets via online banking through to the use of phishing emails to convince people to disclose personal data or sensitive information. The use of bogus identities on social networking sites and dating apps and promotion of fake investment opportunities online are increasingly common.
Hacking involves unauthorised access to another’s computer systems or networks. Section 1 of the Computer Misuse Act 1990 makes it an offence to knowingly use a computer to ‘hack’ into another computer to gain unauthorised access to material. This offence covers computer systems and post-1990 developments such as email and social media accounts, which may be accessed via phones. Section 2 makes it illegal to hack a computer with the intention to commit or facilitate the commission of further offences; fraud for example.
Section 3 of the Act makes it an offence to carry out any unauthorised act with intent to impair, or with recklessness as to impairing, the operation of a computer. This covers releasing computer viruses via the internet and creating computer programmes that are designed to prevent corporates or individuals gaining access to resources online (also known as denial of service attacks).
The Serious Crime Act 2015 added a new offence to the 1990 Act, making it illegal to commit a knowingly unauthorised act to a computer that causes, or creates a significant risk of, serious damage of a material kind, where the defendant intends, or is reckless, to cause such damage. Section 3A of the 1990 Act, added to by the Police and Justice Act 2006, makes it an offence to make, supply or obtain articles for use in computer misuse offences, such as malware.
The Terrorism Act 2000 makes it an offence to either use or threaten action designed to seriously interfere with or disrupt a computer system if it is designed to influence the government or intimidate the public in order to promote an ideological, political or religious cause.
The introduction of the Data Protection Act 2018 and the implementation the same year of the EU’s General Data Protection Regulation (GDPR) saw new levels of protection for personal data and imposed obligations on companies that collect such data.
GDPR enables regulators to fine businesses and organisations that do not meet its standards, while the Data Protection Act created a series of criminal offences.
Section 170(1) of the Act makes it an offence to obtain, disclose or retain personal data without the consent of the data controller (the person who the data belongs to). This covers situations such as client data being taken by a member of staff who is leaving their employment or someone misleading another so that they pass over information that they would not otherwise make available. It is also an offence under Section 170 to sell or offer to sell data obtained without the data controller’s consent.
Section 148(2) creates the offence of destroying, disposing, concealing, blocking or falsifying information in response to an information or assessment notice. Altering, defacing, blocking, erasing, destroying or concealing materials to prevent disclosure via data subject access rights is an offence under Section 173(3).
Under Section 1 of the Malicious Communications Act 1988 it is an offence to send another person an electronic communication that conveys an indecent or grossly offensive message (or is itself indecent or grossly offensive), a threat or false information if the sender’s purpose (or one of his purposes) is to cause distress or anxiety to the recipient or another person. The maximum sentence for this offence is two years’ imprisonment.
Under section 127 of the Communications Act 2003, it is an offence to send via a public electronic communications network something that is grossly offensive or indecent, obscene or menacing. A person will also be guilty of an offence if they send via such a network a false message or persistently make use of such a network to cause annoyance, inconvenience or needless anxiety to another. The maximum sentence for this offence is six months’ imprisonment.
Harassment and stalking are offences in their own right. They do not have to be committed online. But such offences involving electronic communications are now increasingly common.
Section 2 of the Protection from Harassment Act 1997 makes it an offence for a person to pursue a course of conduct that amounts to harassment of another if that person knows or ought to know that it amounts to harassment of the other. A course of conduct is defined as something being carried out on at least two occasions.
Harassment can include alarm or distress but the conduct causing the harassment has to be unacceptable and oppressive to be considered criminal. A more serious offence of harassment is covered by Section 4 of the Act. This makes it an offence for a person to pursue a course of conduct which causes another to fear, on at least two occasions, that violence will be used against them, if that person knows or ought to know that this course of conduct would have this effect.
Stalking is covered by Section 2A of the 1997 Act. It covers situations where the offence of harassment is committed and the course of conduct involves acts or omissions associated with stalking. Such acts or omissions include contacting or attempting to contact a person by any means, publishing any material about them and monitoring their use of the internet, email or other forms of electronic communication. Section 4A creates the more serious offence of a person pursuing a course of conduct
that amounts to stalking that either causes another to fear, on at least two occasions, that violence will be used against them or causes them serious alarm or distress which has a substantial adverse effect on their day-to-day activities. The person must know or ought to know that their course of conduct would have this effect.
The maximum sentence for harassment and stalking is six months in prison. The more serious offences, under Section 4 and 4A, carry a maximum sentence of ten years.
When it comes to all types of cybercrime, individuals and companies have to police themselves in order to reduce the risk and prevent problems.
If something is suspected, an internal investigation should be started immediately. There may be some who have suspicions but feel unable to investigate as they lack the necessary skills. This is understandable. But there are legal experts who will do this for companies.
Access to such expertise is important as any investigator needs to be able to identify possible wrongdoing and gather and follow evidence. A well-planned and properly-conducted internal investigation will pinpoint the problem, identify how it happened and help determine the best approach to take.
Unlike many areas of business, cybercrime is evolving at a rapid rate. For many in business, that creates a need for legal and technical expertise. Rahman Ravelli provides that for clients the world over.
Our understanding of technology, our legal prowess and our close working relationships with those in the technical and financial world ensure we can respond swiftly and effectively to offer the best protection whenever a cybercrime issue arises.
Syedur Rahman is known for his in-depth experience of serious fraud, white-collar crime and serious crime cases, as well as his expertise in worldwide asset tracing and recovery, civil recovery, cryptocurrency and high-stakes commercial disputes.
A huge wealth of experience and talent
The Chambers UK Guide