How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Saturday, May 5, 2012

The Show Won’t Go On

Among the most amusing competitions of the last year’s Positive Hack Days 2011, there was Safecracker, which offered the participants a course on lock picking and a chance to try their newly acquired skills. The winners got keepsakes and gained universal recognition. As for the tools, we used those from our home collections.

Last year (RUS )the competition had a tremendous success. The prizes went to (RUS) Gleb Shepelov, Vitaliy Glinsky and Kirill Tyurin. Working on the program for Positive Hack Days 2012, we were quite positive about what competition would blow the forum. However, this time everything turned out to be different: the Laws of the Russian Federation made some adjustments to our plans... The details are under the cut.

In short, the competition, this time named Lock Picking, consists in non-destructive lock picking. Anyone is welcome to participate, be it an experienced safecracker or an absolute lamer.


As veteran White hats, before starting any project, we decided to make sure that it wouldn’t violate any laws. We saw it coming… It turned out that the Federal Law 420-FZ of December 7, 2011, excluded Section 3 Article 138 from the Criminal Code of the Russian Federation. This Section used to stipulate that ‘unlawful production, distribution or purchase of specialized technical instruments meant for non-public acquisition of information  are to be punishable by a fine in the amount of two hundred thousand Russian rubles or in the amount of the convict’s salary or any other income for the period of up to eighteen month, or restriction of freedom for the period of up to three years with the divestment of rights to occupy certain job positions or practice certain professions for the period of up to three years.’

The same Law introduces a new Article 138.1 into the Civil Code:

‘Article 138.1. Unlawful trade of specialized technical instruments meant for non-public acquisition of information

Unlawful production, purchase and (or) distribution of specialized technical instruments meant for non-public acquisition of information are to be punished by a fine in the amount of two hundred thousand Russian rubles or in the amount of the convict’s salary or any other income for the period of up to eighteen month, or restriction of freedom for the period of up to four years, or compulsory labor with the divestment of rights to occupy certain job positions or practice certain professions for the period of up to three years or without such divestment, or deprivation of freedom for the period of four years with divestment of rights to occupy certain job positions or practice certain professions for the period of up to three years or without such divestment.’

What does it have to do with the locks and picks? This article was introduced in December, 2011, and no commentary has been made to it yet. Taking into consideration that the statement about ‘specialized technical instruments meant for non-public acquisition of information’ has remained unchanged, our lawyers advised us to apply the commentary to the removed Section 3 Article 183 of the Code 

The commentary suggests interpreting specialized technical instruments as ‘instruments designed, produced, adjusted or preprogrammed for non-public acquisition of information’. According to the same official commentary, ‘the list of types of specialized technical instruments meant for non-public acquisition of information in the course of operational investigations is to be determined by the Government of Russia.’

As one of the types of specialized technical instruments, the list includes tools for non-public entry to and examination of premises, vehicles and other objects (which includes lock picking).

The crime elements are formal. The crime is deemed completed from the moment of commitment of the deed that violates the specified secret, or from the moment of commitment of a deed of production, distribution or purchase of the tools designed for non-public acquisition of information. This crime is committed only with direct intention.

It should be also kept in mind that under unlawful distribution, purchase and production the lawmaker understands execution of such activities without a corresponding permission (license). Finding a company that has a license for lock pick distribution is a challenge that borders on fantasy. Besides, even if we did find a seller, it would be a crime to buy a lock pick from them! We don’t need that.

Such a shame... Still, what if there is a way?

We decided not to give up and went on searching for a solution. We wanted to ask someone from our international speakers (for example, Bruce Shneier ) to take the required tools with them, but it proved impossible as well,  because Article 3 of Clause 2.17 ‘On Importing to the Customs Territory of the Customs Union And Exporting from the Customs Territory of the Customs Union Specialized Technical Instruments Meant for Non-Public Acquisition of Information’stipulates that ‘importing and exporting specialized technical instruments to/from the customs union is prohibited for individuals.’

To cut the store, performing the juridical investigation, we searched for answers to the following questions:

1. Can a lock pick be considered a specialized technical instrument meant for non-public acquisition of information?

The answer is positive.

2. What operations with a lock pick are not considered a crime according to Article 138.1 of the Criminal Code of the Russian Federation? Is there any legal way to use a lock pick without a license so that it would not fall within the scope of article 138.1 the Criminal Code of the Russian Federation?

The only condition under which we avoid criminal liability is that we neither produced nor purchased the pick lock (for example, if we were collectors and the lock picks were added to our collection as gifts or finds) and we don’t express any intention to sell it, but keep the tool as part of a collection and demonstrate it to third parties every now and then. 

In other words, our competition was teetering on the brink of the legal. Moreover, rock-solid cons outweighed faint pros. After a long discussion we finally decided to cancel the competition this time.  So, a glass cube that we were planning to fill with money for the final will stay empty and unneeded.


P. S. Anyway, we have prepared lots of challenging competitions for you to take part in. The details will be provided in the nearest future. Stay tuned!

1 comment:

  1. I simply want to tell you that I am new to weblog and definitely liked this blog site. I have been meaning to write something like this on my website and you have given me an idea. Kartikeya Sharma

    ReplyDelete