What key laws exist in terms of the criminality of hacking/DDOS attacks?


Malta Small Flag Malta

The Criminal Code, Chapter 9 of the Laws of Malta (the ‘Code’) is the primary law dealing with ‘computer misuse’ and provides that unlawful access to or use of information and misuse of hardware and the hindering and impairing the functioning or operation of a computer system, software or the integrity or reliability of any data are criminal offences.

The Malta Government launched a Cyber Security Strategy (the ‘Strategy’) in 2016. The Government is committed to review the existing legislation and create legal and regulatory frameworks to cater for the Strategy’s goals such as securing cyber-space and combatting cybercrime.

Norway Small Flag Norway

Attacking a website via a denial of service attack, a distributed denial of service attack, or otherwise engaging in conduct that could damage, disrupt, impair or interfere with a website, computer system, server or database, is a criminal offence under the Norwegian General Civil Penal Code of 20 May 2005 no. 28 Sections 351 or 352. Depending on the severity of the attack, the offence may carry a penalty of fines and/or up to six years in prison.

The aforementioned Act Sections 201 and 204 governs the act of hacking. In accordance with Section 201, the unlawful manufacture, acquirement, possession or distribution of passwords, other information or malicious software carries a penalty of fines and/or up to 1 year in prison.

Gaining unauthorised access to a website, password, computer system, server, and database or otherwise is punishable with up to two years in prison, cf. the Act Section 204.

Turkey Small Flag Turkey

Turkish Penal Code w. no 5237 has a section specific for cyber crimes. Pursuant to the Code;

  • Hacking into a system is subject to imprisonment of up to 1 year or up to TRY 36.500 (€ 9.150) judicial fine.
  • Interfering or preventing proper running of the system is subject to imprisonment of 1 to 5 years.
  • Altering, destroying, transferring, preventing access to data on a system is subject to imprisonment of 6 months to 3 years.

Updated: July 20, 2017