Technology-Media-Telecommunications-Internet, Internet Crimes

What is an electronic crime?

Criminal offenses that are committed using computers and data processing systems lie within the meaning of an electronic crime (computer oriented crime) and are punished by specific penalties under Greek legislation.

Depending on how the offence was committed, electronic crime is distinguished in the following categories:

• crimes committed both in an offline environment and on the Internet, such as defamation, forgery, etc.;
• crimes committed exclusively with the use of computers (computer crimes) ; and
• Genuine cyberspace crimes, meaning criminal behavior related solely to Cyberspace (cybercrimes), the commission of which necessitates not only the use of a computer but of the Internet as well.

Therefore, the key element of committing a cybercrime is a connection via Internet to an information system computer. This computer can be either the target of the attack, or the main instrument of the attack, or ultimately a supporting instrument for committing the attack.

What are the main characteristics of cybercrime?

The main characteristics of cybercrime, which make it difficult to be solved, are speed, ease with which it can be committed, anonymity, cross-border character, the need (in most cases) for transnational cooperation and the fact that the number of cybercrimes committed is disproportionately larger than the incidents reported.

What are the most common forms of cybercrime?

The most common forms of criminal activity developed over the Internet are the following: child pornography, hindering the operation of information systems, malicious intrusions into networks (hacking), malicious software (malware), Internet piracy, software piracy, fraud over the Internet.

Which is the legislative framework for cybercrime in Greece?

Law 4411/2016 ratified the Council of Europe Convention on Cybercrime (Budapest Convention) and its Additional Protocol with regards to the criminalization of acts of a racist and xenophobic nature committed through computer systems. Law 4411/2016 also incorporates into Greek legislation Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013, regarding attacks against information systems.

What is considered an information system under Greek criminal law?

Information system (or computer system) is defined as a device or group of interconnected or related devices, one or more of which, pursuant to a program, automatically processes computer data, as well as computer data stored, processed, retrieved or transmitted by that device or group of devices for the purposes of the devices’ operation, use, protection and maintenance.

What is considered computer data under Greek criminal law?

Computer data is defined as a representation of facts, information or concepts in a form suitable for processing in an information system, including a program suitable for causing an information system to perform a function.

What is the punishment for child pornography through a computer system?

Offences related to child pornography, such as producing, offering, distributing, purchasing or possessing child pornographic material through computer systems, are punished by 2 to 5 years imprisonment and € 50,000 to 300,000 pecuniary penalty.

These offences are punished by 5 to 10 years imprisonment and € 100,000 to 500,000 pecuniary penalty if:
they were committed professionally or repetitively ;
in order to produce child pornographic material : a) the offender exploits the needs or the psychological or mental illness of the minor, b) the offender exercises or threatens to exercise violence against the minor, c) the minor is not older than 15 years, or d) the minor’s life was exposed to a serious risk; or
the offender who produced child pornographic material is familiar to the minor, a person residing with the minor or a teacher, clerical, psychologist or doctor who is related to the minor or any other person receiving the minor’s services.

In the last two cases, 10 to 20 years imprisonment and € 300,000 to 500,000 pecuniary penalty may be imposed if the offence resulted in severe bodily injury to the victim. Life imprisonment may be imposed, if the offence resulted in death.

What is the punishment for accessing child pornographic material through information systems?

Accessing child pornographic material through information systems is punished with 1 to 5 years imprisonment.

What is the punishment for attracting children for sexual purposes through information systems?

Whoever intentionally proposes through information systems to a minor not older than 15 years to personally meet him or a third person, with the intention of committing against the minor the crimes of child corruption or pornography, is punished by 2 to 5 years imprisonment and € 50,000 to 200,000 pecuniary penalty, when this proposal is followed by further acts that lead to such meeting.

What is the punishment for hindering the operation of information systems?

Whoever hinders severely or shuts down the operation of information systems without having such right, by inserting, transferring, deleting, destroying, distorting computer data or blocking access to data is punished by 10 days to 3 years imprisonment. These offenses are prosecuted after the victim has filed a complaint.

Are there particular cases of committing the offense of hindering the operation of information systems? What are those?

Hindering or shutting down the operation of information systems by inserting, transferring, deleting, destroying, distorting computer data or blocking access to data without having such right is punished as follows in each case:

• By 1 to 3 years imprisonment, in case the offence was committed by using a tool designed mainly for performing attacks affecting a large number of information systems or performing attacks that cause severe damage and, in particular, disruption of the services of information systems on a large scale or for a long period of time, financial damage of significant value or serious data loss.
• By 1 to 5 years imprisonment, in case the offence caused severe damage and, in particular, disruption of the services of information systems on a large scale or for a long period of time, financial damage of significant value or serious data loss.
• By 1 to 5 years imprisonment, in case the offence was committed against information systems that are part of the infrastructure for the supply of vital goods or services for the public. Vital goods or services are mainly considered national defense, health, transportation and energy.

In the event that the abovementioned offenses were committed within the framework of a structured and sustained action of a group of three or more individuals who seek to commit crimes of hindering the operation of information systems, the offence is punished by 2 to 5 years imprisonment for each individual.
What is the punishment for trading in computer devices or programs or passwords to an information system for the purpose of committing offenses that hinder the operation of information systems?

Whoever produces, sells, is supplied for his own use, imports, possesses, distributes or otherwise facilitates: i) computer devices or programs, designed or adapted primarily for the purpose of obstructing the operation of information systems, ii) passwords, access codes or other similar data that may provide access to all or part of an information system for the purpose of obstructing the operation of information systems, is punished with 10 days to 2 years imprisonment.

What is the punishment for illegal access to an information system?

Whoever gains unauthorized access to an information system or to data transmitted through telecommunications’ systems, violating prohibitions or security measures taken by their legitimate owner/holder, is punished by 10 days to 5 years imprisonment. These offenses are prosecuted after the victim has filed a complaint.

Is copying or using computer programs without having the relevant right a punishable offence?

Yes. Copying or using computer programs by a person who is not entitled to copy or use them, is punished by 10 days to 6 months imprisonment and by € 290 to 5,900 pecuniary penalty. These offenses are prosecuted after the victim has filed a complaint.

How is illegal interception punished?

The person who views or transcribes non-public transmissions of data or electromagnetic emissions from, to or within an information system by technical means on a material carrier or interferes with these means in order to inform himself or others of their content (data interception) is punished by 5 to 10 years imprisonment. The individual who uses the information or the material carrier on which it is transcribed, is punished by the same penalty.

What is the punishment for trading in computer devices or programs or passwords to an information system for the purpose of committing the offenses of privacy breach, illegal access to an information system or illegal interception?

The person who sells, is supplied for his own use, imports, possesses, distributes or otherwise facilitates: i) computer devices or programs, designed or adapted primarily for the purpose of hindering the operation of information systems, ii) passwords, access codes or other similar data that may provide unauthorized access to all or part of an information system and for the purpose of committing the offenses of privacy breach, illegal access to an information system and illegal interception, is punished by 10 days to 2 years imprisonment.

What is the punishment for damaging computer data?

A person who without having the right to do so, deletes, destroys, distorts or conceals computer data of an information system, disables its usage or in any way blocks access to data, is punished by 10 days to 3 years imprisonment. However, it is noted that in trivial cases the Court may declare it unpunished, after taking into account the circumstances under which the offense was committed. These offenses are prosecuted after the victim has filed a complaint.

Are there particular cases of committing the offense of damaging computer data? What are these?

Deleting, destroying, distorting or concealing computer data of an information system, disabling its usage or, in any way, blocking the access to this data without having the right to do so, is punished differently in each of the following cases:
By 1 to 3 years imprisonment, in case the offence was committed by using a tool designed mainly for performing attacks affecting a large number of information systems or performing attacks that cause severe damage and, in particular, that cause disruption of services of information systems on a large scale or for a long period of time, financial damage of significant value or serious data loss.
By 1 to 5 years imprisonment, in case the offence caused severe damage and, in particular, disruption of services of information systems on a large scale or for a long period of time, financial damage of significant value or serious data loss.
By 1 to 5 years imprisonment, in case the offence was committed against information systems that are part of the infrastructure for the supply of vital goods or services for the public. Vital goods or services are mainly considered national defense, health, transportation and energy.

In the event that the abovementioned offenses were committed within the framework of a structured and sustained action of a group of three or more individuals who seek to commit more crimes of damaging computer data, the offence is punished by 2 to 5 years imprisonment for each individual.

What is the punishment for trading in computer devices or programs or passwords to an information system for the purpose of committing offenses that damage computer data?

Whoever produces, sells, is supplied for his own use, imports, possesses, distributes or otherwise facilitates: i) computer devices or programs, designed or adapted primarily for the purpose of damaging computer data, ii) passwords, access codes or other similar data that may provide unauthorized access to all or part of an information system and for the purpose of damaging computer data, is punished by 10 days to 2 years imprisonment.

What is the punishment for fraud through the use of a computer?

A person who damages the property of others, with the intention of gaining for himself or any third person illegal material benefit, by altering the outcome of computer data processing either by the incorrect format of a computer program or by using incorrect or incomplete data or by using data or by interfering into an information system without having such right, is punished by 3 months to 5 years imprisonment. If the damage caused is significant, the offender is punished by 2 to 5 years imprisonment.

Furthermore, 5 to 10 years imprisonment may be imposed in the following cases:
Ιf the offender commits offenses of fraud professionally or repetitively and the overall benefit or the overall damage exceeds € 30,000 and
If the material benefit or the damage caused exceeds € 120,000.

In which cases are administrative sanctions against legal entities imposed?

Sanctions against legal entities are imposed where offenses include hindering the operation of information systems, illegal access to information system, illegal interception, trade of computer devices or programs or passwords that provide unauthorized access to an information system for the purpose of committing offenses, damaging computer data and fraud through computer, are committed for the benefit or on behalf of the legal entity, by any individual acting either on his/her own behalf or as a member of the legal entity and having the power of representation or the authorization for making decisions on the entity’s behalf or exercising control over it (upper management level).

Sanctions are also imposed against legal entities, when these offenses were committed by an employee due to lack of supervision or review by upper management level and the punishable offenses were committed for the benefit or on behalf of the legal entity.

What administrative sanctions may be imposed when the above offenses are committed by upper management level?

The following sanctions against legal entities are imposed, cumulatively or alternatively, by decision of the Hellenic Authority for Communication Security and Privacy:

• instruction to comply within a set deadline, warning that an administrative fine of € 20,000 to 1,000,000 will be imposed in the event of failure to comply;
• withdrawal or suspension of its operating license for a period of 1 month to 2 years, or prohibition from carrying out its business activity for the same period of time,
• exclusion from public benefits, aids, subsidies, assignments of works and services, supplies, advertisements and tenders of the Public Sector or of legal entities governed by public law for the same period of time.

If the offences are repeated, the last two sanctions may be permanent.

What happens if the above offenses were committed by an employee?

In case the abovementioned offenses were committed by an employee, due to the lack of supervision or review by upper management level and the punishable offenses were for the benefit or on behalf of the legal entity, the following sanctions are imposed against the legal entity, cumulatively or alternatively:

• instruction to comply within a set deadline, warning that a fine will be imposed in the event of failure to comply;
• an administrative fine of € 10,000 to 1,000,000;
• withdrawal or suspension of its operating license for a period of 10 days to 6 months, or prohibition from carrying out its business activity for the same period of time,
• exclusion from public benefits, aids, subsidies, assignments of works and services, supplies, advertisements and tenders of the Public Sector or of legal entities governed by public law for the same period of time.