New Technologies in International Law / Tymofeyeva, Crhák et al.

2. Illegal access Illegal access was defined in BC as: the access to the whole or any part of a computer system without right (Article 2 BC). This might me supplemented with the provisions that make a finding that an offence has been committed subject the fact whether it was committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system (Article 2 BC) . This article was widely criticized already at the level of the draft convention submitted in 2000. 678 The generality of the statement ‘without right’ was pointed out in particular. 679 From today’s perspective, this criticism can only be expanded while acknowledging its accuracy. With the development of the internet and cyber security, a number of technological solutions are emerging, exploited by White Hat, Black Hat and Grey Hat hackers alike. Moreover, within organizations, both the Blue Team and the Red Team are using a number of technological solutions that could de facto be considered to meet the standard indicated in this discussed section of the convention. It should also be pointed out that there is a specific grey area of hacktivism, which often balances on the edge of the law. However, the biggest criticism that can be levelled at the solution is the failure to take into account the specific nature of cyber attacks themselves. In a non-exhaustive list, the types of attacks whose main objective is to gain access to data can be identified: phishing, Brute Force Attacks, MitM (Man in the Middle) Attacks, Zero days, XSS (Cross-Site Scripting) or perhaps most importantly the umbrella term that is malware. It may be argued that, after all, it is the generally worded clause that allows all relevant cases to be ‘caught’. To refute such an argument, it suffices to compare two extremely different types of cyber attacks. On the one hand we can put malware, on the other two interesting types of cyber attack: Side-channel attacks and Clickjacking. The term malware, which is an abbreviation of the phrase malicious software, is attributed to computational scientist Yisrael Radai. 680 However, the term has been expanded in later years, right up to the present day. From today’s perspective, programs that were limited to generating the message ‘I’m the creeper, catch me if you can’ 681 might seem simple and crude yet we have reached an era of cyber-attacks supported by the infrastructure of entire countries and managed by both military and international hacking groups. 682 The term therefore encompasses a range of events, however, it can be simplified, for the purposes of this research to: “any code added, changed or removed from a software system in order to intentionally cause harm or subvert the intended function of the system”. 683 678 See opinions of Centre for Democracy and Technology cited in: Baron R, ‘A Critique of the International Cybercrime Treaty’ (2002) 10 CommLaw Conspectus 263, p. 278. 679 Ibid. 680 Radai Y, ‘The Israeli PC Virus‘ (1989) Computers & Security , pp. 111–113. 681 See blogpost: ‘Core War: Creeper & Reaper‘ (Core War, 2020) https://corewar.co.uk/creeper.htm, accessed 20 October 2023. 682 On the history of malicious software see: Saengphaibul V, ‘A Brief History of The Evolution of Malware’ ( Fortiguard Labs Threat Research , 2022) accessed 20 October 2023. 683 Idika N and Mathur A, ‘A survey of malware detection techniques’ ( Purdue University , 2007) , p. 48.

162