A/CONF. 187/10 investigation, in any of the jurisdictions involved, is possession, offering or distributing information by means relatively low. Apart from the forms of crime mentioned, of a computer system or network some Internet users gain illegal access to connected 15. As defined in the previous paragraph,computer systems, where they interfere with their functioning or content. Such activity has been termed "computer crime" crime concerns all illegal behaviour directed against The perpetrators of computer crime availed themselves of System and data security by means ofelectronic operations Computer systems and data security can be described by specific technical knowledge, expertise or instruments to three principles: the assurance of confidentiality, integrity carry out illicit activities. Computer systems can be easy or availability of data and processing functions. According targets because sufficient security measures have not been to the 1985 Organisation for Economic Cooperation and incorporated or taken, or because users are unaware of the Development list and the more elaborate 1989 Council of risks involved. In addition, factors that make a system Europe Recommendation, the confidentiality, integrity or user-friendly tend to make it unsecure. In addition, factors availability offences include that make a system user-friendly tend to make it unsecure Security flaws in commercially successful system software (a) Unauthorized access, meaning access without will often be publicly known right to a computer system or network by infringing 13. While interested countries have considered the ecurity measures problems arising from transnational cyber crime, there has (b) Damage to computer data or computer not been much attention paid to it at the global level. The programs, meaning the erasure, corruption, deteriorationor United Nations, for example, has not yet adopted policy suppression of computer data or computer programs specific to the criminalization of cyber crimes, national without right laws may apply to cyber crimes in a variety of ways, if they (c) Computer sabotage, meaning the input apply at all. Reasons for the lack of attention to cyber alteration, erasure or suppression of computer data or crime may include relatively low levels of participation in computer programs, or interference with computer systems international electronic communications, low levels of with the intent to hinder the functioning of a computer or law-enforcement experience and low estimations of the a telecommunication system damage to society expected to occur from electronic (d) Unauthorized interception, meaning the of one State has a direct influence on the international interception, made without authorization and by technical community. Cyber criminals may direct their electronic means, of communications to, from and within a computer activities through a particular State where that behaviour is not criminal and thus be protected by the law of that (e) Computer espionage, meaning the acquisition country. Even if a State has no particular national interest disclosure, transfer or use of a commercial secret without in criminalizing certain behaviour, it may consider doing authorization or legal justification, with intent either to so in order to avoid becoming a data haven and isolating cause economic loss to the person entitled to the secret or itself internationally. The harmonization of substantive to obtain an illegal advantage for themselves or a third criminal law with regard to cyber crimes is essential if person international cooperation is to be achieved between law 16. The first crime. unauthorized access. sometimes enforcement and the judicial authorities of different States. known as hacking, occurs frequently and often in 14. Two subcategories of cyber crime exist conjunction with the second, damage to data or computer (a) Cyber crime in a narrow sense ("computer espionage. A popular modern variant is hacking into a web crime"): any illegal behaviour directed by means of site and putting offensive or damaging information on it systems and the data processed by them. ity of computer Effective investigation ofhacking offences usually requires electronic operations that targets the sec cooperation by the victim and some means of catching the perpetrator in the act. Perpetrators are often brilliant young (b) Cyber crime in a broader sense technophiles, who may have little moral understanding of computer-related crime"): any illegal behaviour their actions or of the potential to do damage. In addition committed by means of, or in relation to, a computer to hacking offences, some countries have criminalized network, including such crimes as illegal activities such as trafficking in passwords or hacking devicesA/CONF.187/10 5 investigation, in any of the jurisdictions involved, is relatively low. Apart from the forms of crime mentioned, some Internet users gain illegal access to connected systems, where they interfere with their functioning or content. Such activity has been termed “computer crime”. The perpetrators of computer crime availed themselves of specific technical knowledge, expertise or instruments to carry out illicit activities. Computer systems can be easy targets because sufficient security measures have not been incorporated or taken, or because users are unaware of the risks involved. In addition, factors that make a system user-friendly tend to make it unsecure. In addition, factors that make a system user-friendly tend to make it unsecure. Security flaws in commercially successful system software will often be publicly known. 13. While interested countries have considered the problems arising from transnational cyber crime, there has not been much attention paid to it at the global level. The United Nations, for example, has not yet adopted policy specific to the criminalization of cyber crimes; national laws may apply to cyber crimes in a variety of ways, if they apply at all. Reasons for the lack of attention to cyber crime may include relatively low levels of participation in international electronic communications, low levels of law-enforcement experience and low estimations of the damage to society expected to occur from electronic crimes. In global computer networks, the criminal policy of one State has a direct influence on the international community. Cyber criminals may direct their electronic activities through a particular State where that behaviour is not criminal and thus be protected by the law of that country. Even if a State has no particular national interest in criminalizing certain behaviour, it may consider doing so in order to avoid becoming a data haven and isolating itself internationally. The harmonization of substantive criminal law with regard to cyber crimes is essential if international cooperation is to be achieved between law enforcement and the judicial authorities of different States. 14. Two subcategories of cyber crime exist: (a) Cyber crime in a narrow sense (“computer crime”): any illegal behaviour directed by means of electronic operations that targets the security of computer systems and the data processed by them; (b) Cyber crime in a broader sense (“computer-related crime”): any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession, offering or distributing information by means of a computer system or network. 15. As defined in the previous paragraph, computer crime concerns all illegal behaviour directed against system and data security by means of electronic operations. Computer systems and data security can be described by three principles: the assurance of confidentiality, integrity or availability of data and processing functions. According to the 1985 Organisation for Economic Cooperation and Development list,4 and the more elaborate 1989 Council of Europe Recommendation,5 the confidentiality, integrity or availability offences include: (a) Unauthorized access, meaning access without right to a computer system or network by infringing security measures; (b) Damage to computer data or computer programs, meaning the erasure, corruption, deterioration or suppression of computer data or computer programs without right; (c) Computer sabotage, meaning the input, alteration, erasure or suppression of computer data or computer programs, or interference with computer systems, with the intent to hinder the functioning of a computer or a telecommunication system; (d) Unauthorized interception, meaning the interception, made without authorization and by technical means, of communications to, from and within a computer system or network; (e) Computer espionage, meaning the acquisition, disclosure, transfer or use of a commercial secret without authorization or legal justification, with intent either to cause economic loss to the person entitled to the secret or to obtain an illegal advantage for themselves or a third person. 16. The first crime, unauthorized access, sometimes known as hacking, occurs frequently and often in conjunction with the second, damage to data or computer espionage. A popular modern variant is hacking into a web site and putting offensive or damaging information on it. Effective investigation of hacking offences usually requires cooperation by the victim and some means of catching the perpetrator in the act. Perpetrators are often brilliant young technophiles, who may have little moral understanding of their actions or of the potential to do damage. In addition to hacking offences, some countries have criminalized activities such as trafficking in passwords or hacking devices