New Technologies in International Law / Tymofeyeva, Crhák et al.

The first type of attack that can be problematic from the perspective of the definition of illegal access in BC are so-called side channel attacks. Side-channel attacks exploit information from the physical attributes of a cryptographic system rather than its algorithmic flaws. Attackers can decipher the secret key by analyzing variables like timing, power consumption, and electromagnetic emissions. 684 Depending on how this is interpreted in the particular country implementing the Convention, we may understand the wording about gaining access to a computer system differently. As a result, this type of attack will be considered a crime in one country, but not in another. This is due to the fact that, according to the current position of cryptographic sciences, it is difficult to actually speak of a specific gaining of access. The other mechanisms provided for in the BC will also not apply here. A slightly different problem of the aforementioned definition is posed by so-called clickjacking. This involves getting users to click on a target other than the one they perceive by overlaying a malicious interface on a legitimate page. For example, an attacker may superimpose a transparent frame over a legitimate button, causing users to perform an unwanted action. 685 Quite why this attack is also difficult to include in this definition is obvious. This is because it is difficult to identify a moment in time when access to a computer system is gained. Everything de facto happens via the network architecture. Returning to the present day, however, one wonders whether the currently proposed Convention (DC) addresses the problems identified on BC grounds. The short answer is no, admittedly a more elaborate conceptual grid has been intro, which has been introduced on DC grounds, but without much change. The biggest change in the DC text with respect to the version proposed in the BC is the inclusion of editorial units which makes it much easier to read. 3. Illegal interception, data and system interference The other three types of infringement described successively in Articles 3 (illegal interception), 4 (data interference) and 5 (system interference) are de facto extensions of the presumptions established under Article 2 BC. Unfortunately, analogous allegations can be made against them. They will be presented briefly because of the purpose of this research and the repetition of the allegations made against these definitions - as they are very similar to the allegations made against the Article 2 definitions. The definition of illegal interception proves problematic when we often consider situations in which content is accidentally made public. Although they may be hidden to the ordinary internet user, de facto they are publicly available and can be accessed without breaking any security or using social engineering techniques. Examples of such popular solutions are various types of search engines, which can be used to find vulnerabilities in, for example, the Internet of Things. 686 Examples include images 684 See more in: Prabu M, Shanmugalakshmi R, ‘An Overview of Side Channel Attacks and Its Countermeasures using Elliptic Curve Cryptography’ (2010) 2 IJCSE 1492. 685 See more at: Chiarelli A, ‘Clickjacking Attacks and How to Prevent Them’ ( Auth0 Blog , 2020) accessed 20 October 2023. 686 Probably the best example is Shodan, https://www.shodan.io/, access: 22.10.2023, which can be used in variety of ways by both good and malicious actors. For more on Shodan see: Chen YY et al, ‘Exploring

163