Pony is a post-95s employee, and by chance, he learned that a game accelerator that is on fire on the Internet has a free trial promotion for new users. He noticed that the demand for this accelerator in the game circle was not low, so he started to think carefully about "wool". Through a period of computer language network learning, he "worked hard" to master certain programming "skills", but sent himself into the abyss of crime......
Recently, the Chongming District People's Court of Shanghai (hereinafter referred to as the Chongming District People's Court) concluded the trial of such a case of illegally obtaining computer information system data by teaching oneself to program "wool".
Case review
A technology company in Shanghai operates a game accelerator software, the main function of which is network acceleration and improving the game experience. In order to promote the accelerator software, the company allows new users to try it for free for a certain period of time, but sets up anti-batch registration mechanisms such as SMS verification, account authentication, user IP address and ID (machine code) identification.
After trying the above game accelerator software for free, Pony felt that the experience was good, so he came up with the idea of "picking wool". Through a period of self-taught programming, he wrote and modified batch registration software with functions such as automatic code authentication and disguised IP addresses.
From January 2022 to May 2023, without the authorization of the victim unit, a technology company in Shanghai, Xiaoma wantonly used the software written by itself to register in batches to obtain game accelerator accounts and passwords, and used the free use rights and interests in the account to make profits, selling more than 10,000 pieces of online platform stores operated by Xiaoma, with a sales amount of more than RMB 80,000.
In May 2023, the case occurred due to the discovery of data anomalies by a technology company in Shanghai. Xiaoma was arrested by the public security organs and truthfully confessed the above facts. After the incident, the defendant Xiaoma withdrew all his illegal gains, in addition to his meritorious performance in exposing the crimes of others.
People's court adjudication
After trial, the Chongming District People's Court held that the defendant Xiaoma violated state regulations by invading a computer information system and obtaining data stored, processed, or transmitted in the computer information system, and that the illegal gains amounted to more than 80,000 yuan, and that the circumstances were particularly serious, and that his conduct had violated the provisions of paragraph 2 of article 285 of the Criminal Law of the People's Republic of China, and that he should be investigated for criminal responsibility for the crime of illegally obtaining computer information system data. Xiao Ma was sentenced to three years imprisonment, suspended for three years, and fined 20,000 yuan in accordance with the facts of his crime, the nature of his crime, and the degree of harm to society.
What the judge said
Data security is an inevitable requirement in the Internet era, especially for information technology enterprises, data security can be described as the lifeline of enterprises. The act of illegally obtaining data from computer information systems not only infringes on the relevant interests of enterprises, but also infringes on the order of network security.
1. What is the crime of illegally obtaining data from a computer information system?
The crime of illegally obtaining computer information system data refers to violating state regulations by invading computer information systems other than the fields of state affairs, national defense construction, or cutting-edge science and technology, or employing other technical means to obtain data stored, processed, or transmitted in that computer information system, where the circumstances are serious.
"Violation of national provisions" refers to violations of the "Cybersecurity Law of the People's Republic of China", "Regulations of the People's Republic of China on the Security Protection of Computer Information Systems", "Measures for the Administration of Security Protection of International Networking of Computer Information Networks", and other provisions. The so-called "trespassing" refers to the act of obtaining the authority to delete, add, modify, or obtain data stored, processed, or transmitted by another person's computer information system without authorization or beyond authorization. The so-called "other technical means" refer to technical means other than intrusion, such as illegally obtaining data stored, processed or transmitted by other people's computer information systems through technical means such as setting up phishing websites and hijacking in the middle of the way. The so-called "illegal acquisition of data" refers to the perpetrator's acquisition of data stored, processed, or transmitted in a computer information system through the means and methods described above.
The picture comes from the Internet
In this case, Xiaoma wrote and modified the batch registration software with functions such as automatic code authentication and disguised IP addresses, and its use of the software to break through the victim unit's corresponding anti-batch registration mechanism to obtain the game accelerator account and password is an illegal acquisition of computer information system data.
II. How to sentence the crime of illegally obtaining computer information system data?
According to the provisions of the Supreme People's Court and Supreme People's Procuratorate's "Interpretation on Several Issues Concerning the Application of Law in Handling Criminal Cases Endangering the Security of Computer Information Systems", in any of the following circumstances, illegal acquisition of computer information system data shall be found to be "serious circumstances":
1. Obtain more than 10 sets of identity authentication information for online financial services such as payment and settlement, securities trading, and futures trading;
2. Obtaining more than 500 sets of identity authentication information other than those in item 1;
3. Unlawful gains of 5,000 RMB or more, or economic losses of 10,000 RMB or more;
4. Other serious circumstances.
Where the conduct described above is carried out, and the amount or amount reaches five times or more of the prescribed standards, or there are other circumstances where the circumstances are especially serious, it shall be found to be "especially serious circumstances".
Where computer information system data is illegally obtained, and the circumstances are serious, a sentence of up to three years imprisonment or short-term detention is to be given, and/or a fine. In this case, Xiaoma illegally obtained game accelerator accounts and passwords in batches and used them to sell them for profit, and the illegal gains amounted to more than 80,000 yuan, which met the standard of "particularly serious circumstances", and should be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and a fine in accordance with the law.
3. Adhere to the correct value orientation and enhance awareness of network security
With the rapid development of information technology, technology openness and open source code have been widely favored and sought after by the public, and the risks and governance issues have become increasingly prominent. Even neutral technology and code have certain uncertainties and insecurity factors. In order to protect the legitimate rights and interests of the public, the relevant authorities have been working hard to increase the supervision of emerging technologies, and the people's courts are also strengthening the punishment of criminal acts in such fields.
It is a good thing to learn programming on your own and master more skills, but the Internet is not a place outside the law, and the order of the network cannot be ignored.
At the same time, we would like to remind that enterprises that use the Internet to engage in production and operation should further enhance their awareness of network security, carry out network security inspections on a regular basis, and focus on optimizing and improving equipment operation and system vulnerabilities to improve security capabilities.
Links to legal provisions
Criminal Law of the People's Republic of China
Article 285[edit] ......
Whoever violates state provisions by invading a computer information system other than the provisions of the preceding paragraph or employing other technical means to obtain data stored, processed, or transmitted in that computer information system, or by illegally controlling the computer information system, and the circumstances are serious, is to be sentenced to up to three years imprisonment or short-term detention and/or a fine;
……
Source: Shanghai Chongming District People's Court
Editor: Sharon