Legal Security

What are cybercrimes and why are they a threat 

Cybercrimes pose a significant challenge to criminal law and cyber security, as they involve the illicit use of technology to harm individuals, businesses, or institutions, often for financial gain. With the rise of the internet, new security threats have emerged, necessitating specific legal frameworks. In Italy, cybercrimes were formally recognized in the Penal Code with Law No. 547 of December 23, 1993. This legislation was introduced to address legal gaps, as traditional crimes like theft and fraud could not be directly applied to digital offenses, and new forms of cyber-related crimes required dedicated regulations.

Reati informatici nel Codice penale

13 February 2025

Table of contents

  • What are the main cyber crimes 
  • Interception, impediment or unlawful interruption of computer or telematic communications (art. 617-quater c.p.) 
  • Law 28 June 2024 n. 901 
  • How to defend yourself from cyber crimes

Cybercrime represents one of the most complex challenges for criminal law and cyber security. 

These crimes are based on the illicit use of information technology to harm people, companies or institutions, often with the aim of obtaining an unfair profit at the expense of others

With the spread of the Internet and computer or telematic systems, new ways of violating security have emerged, making more specific legislation necessary. In Italy, computer crimes were introduced into the Criminal Code with Law 23 December 1993, no. 547 (“Amendments and additions to the provisions of the Criminal Code and the Code of Criminal Procedure on the subject of computer crime”). 

The regulatory intervention was necessary to fill a gap in legal protection against new technological forms of aggression. 

In fact, on the one hand, the “classic” crimes provided for by the Criminal Code – such as theft, damage and fraud – were not susceptible to analogical applications, by virtue of the principles of legality and specificity in criminal matters; on the other hand, some illicit activities were completely new compared to the conduct described therein. 

A fundamental step in this matter was the approval by the Council of Europe of the “Budapest Conventionin 2001, the first international treaty on cybercrime, which was ratified by the Italian Parliament with the law of 18 March 2008 n. 48; the latter therefore introduced some changes to the penal code. 

The Convention aimed to harmonize the regulatory frameworks of the various States on cybercrime, also strengthening the international cooperation necessary from a procedural and judicial point of view to combat these crimes having a transnational character. 

Subsequently, the first Additional Protocol, which came into force in 2006, had the aim of integrating the provisions on the criminalization of racist and xenophobic behaviors spread through the use of computer systems. 

The Second Additional Protocol was adopted in 2021 – and ratified by Italy in 2023 – and introduced measures to protect human rights and fundamental freedoms, cross-border access to electronic evidence by promoting mutual legal assistance, allowed competent authorities to directly request information and data from service providers under certain conditions, and finally introduced procedures for emergency mutual legal assistance in the event of serious or imminent cyber attacks. 

These crimes can be perpetrated by cyber criminals with various objectives: 

  • Theft of data, information or programs
  • Unauthorized access to a system;
  • Alteration of the functioning of a system;
  • Online fraud. 

Understanding what cybercrimes are and how to prevent them is essential to protecting yourself in the digital environment. 

What are the main cyber crimes 

It should be noted that there is no specific legislative definition of “computer crimes” but, from a systematic reading of the relevant provisions, it can be stated that the lowest common denominator is the commission by means of or with the aid of a computer system or program and/or having the same computer system or program as its object. 

In Italian jurisprudence, the following definition can be found in a recent ruling of the Court of Cassation, Criminal Section V

what is relevant, in defining the notion of computer system, is the ability of the machine (hardware) to organize and process data, based on a program (software), for the pursuit of heterogeneous purposes. In the definition that concerns us here, therefore, the function of recording and storing data, including electronic data, is accompanied by the activity of processing and organizing the data itself” (ruling 16 April – 12 September 2018, no. 40470). 

Criminal law has identified different categories of computer crime, regulating illicit behaviors that can compromise the security of people and organizations. 

Here are some of the most common types. Let’s start with computer crimes regulated in the Title relating to crimes against the person. In particular against the inviolability of the home. 

The protected asset is the digital home “an ideal expansion of the area of ​​​​respect pertaining to the interested party, guaranteed by art. 14 of the Constitution” (see Explanatory Report of the Minister of Justice Giovanni Conso to the d.d.l. AS 2773 – XI Legislature). 

In particular, articles 615-ter and 615-quarter are relevant. 

Unauthorized access to a computer or telematic system (art. 615-ter c.p.) 

Unauthorized access to a computer or telematic system (art. 615-ter c.p.) represses the conduct of “anyone who unlawfully enters a computer or telematic system protected by security measures or remains there against the express or tacit will of the person who has the right to exclude him” (co. 1); the crime is punishable upon complaint of the injured party. 

The law also provides for more severe penalties and ex officio prosecution in the following cases: 

  • If the act is committed by a public official or by a person in charge of a public service, with abuse of power or with violation of duties inherent to the function or service, or by someone who exercises even abusively the profession of private investigator, or with abuse of the quality of system operator; 
  • If the guilty party to commit the act uses threats or violence against things or people, or if he is clearly armed; 
  • If the act results in the destruction or damage of the system or the interruption of its functioning, or the destruction, damage, theft, or inaccessibility to the owner of the data, information or programs contained therein
  • If the computer systems are of public interest. 

The law represses two behaviors: 

  • Either unauthorized access into a protected computer or telematic system,
  • Maintenance in it against the will of the rightful owner.

It is interesting to note that – according to the majority of case law – the criminal offence is integrated even if the acting subject was in possession of the access keys to the protected computer system (i.e. the password) if the use of the latter “led to a result certainly in conflict with the will of the injured party and exceeding the possible scope of authorisation” (Cass. pen., Sez. V, Sentence, 02/10/2018, n. 2905). 

 Furthermore, the Cassation, in a recent ruling (ruling n. 40295 of 2024) represents an important development in Italian case law on computer crimes, has stated that Article 615-ter is applicable 

Unauthorized possession and dissemination of access codes to computer or telematic systems (art. 615-quater c.p.) 

Article 615-quater of the Criminal Code punishes “anyone who, in order to obtain an advantage for himself or others or to cause damage to others, illegally procures, holds, produces, reproduces, disseminates, imports, communicates, delivers, makes available in any other way to others or installs devices, instruments, parts of devices or instruments, codes, key words or other means suitable for accessing a computer or telematic system, protected by security measures, or in any case provides indications or instructions suitable for the aforementioned purpose”. 

In summary, the criminal conduct is the acquisition, possession and dissemination of codes to access computer systems, usually functionally preliminary to the commission of the crime referred to in Article 615-ter; the subjective element required is specific intent, i.e. the aim of obtaining a profit, damaging or allowing the damage or in any case the non-functioning (even temporary) of a computer system. 

Cybercrime in Italy

Interception, impediment or unlawful interruption of computer or telematic communications (art. 617-quater c.p.) 

Article 617-quater of the Criminal Code punishes “anyone who fraudulently intercepts communications relating to a computer or telematic system or between multiple systems, or prevents or interrupts them”. 

The legal asset protected by the law is the inviolability of remote communications between multiple subjects, guaranteed by Article 15 of the Constitution, which protects the freedom and secrecy of correspondence and any other form of communication. 

The case concerns three types of conduct: 

  • The fraudulent interception;
  • The impediment;
  • The interruption of computer or telematic communications. 

Computer fraud (art. 640-ter of the c.p.) 

Article 640-ter of the Criminal Code punishes anyone who, by altering in any way the functioning of a computer or telematic system or by intervening without right in any way on data, information or programs contained in such a system, procures for himself or others an unjust profit with damage to others. 

The crime in question has the same structure and the same constitutive elements as fraud (Article 640 of the Criminal Code), “from which it differs only because the fraudulent activity of the agent does not involve the person, who lacks the misleading, but rather the computer system pertaining to the latter through its manipulation, therefore, like fraud, it occurs at the time and place in which the agent obtains the unjust profit with related financial damage to others” (Cass. pen., Sez. II, Sentence, 05/02/2020, n. 10354). 

Example
Among the behaviors that can be traced back to this criminal category, there is phishing, which consists of sending fraudulent emails or telephone messages, apparently coming from financial institutions or websites that require registration, which invite the recipient to enter their confidential information, to download content that is actually malware or otherwise expose themselves to cybercrime. 

Cybercrimes also include the spread of viruses, Trojans and other malicious software to obtain information or programs contained in someone else’s system. This can happen with infected attachments, compromised websites or social engineering techniques. 

Damage to information, data and programs (art. 635-bis c.p.) 

Article 635-bis of the Criminal Code punishes “anyone who destroys, deteriorates, deletes, alters or suppresses information, data or computer programs of others”, unless the act constitutes a more serious crime. 

Then there is Article 635-ter of the Criminal Code, which penalizes the damage of information, data and computer programs used by the State or by another public body or in any case of public utility; 

Article 635-quater of the Criminal Code punishes the damage of computer or telematic systems, while Article 635-quinquies of the Criminal Code provides for a greater penalty in the event that the latter are of public utility. 

The protected legal asset is the assets, in relation to data or computer programs of others. 

Law 28 June 2024 n. 901 

Law 28 June 2024 n. 901 “Provisions on strengthening national cyber security and computer crimes” has introduced significant changes to the criminal code, and in particular: 

  • It has increased the penalties for numerous computer crimes, such as art. 615-ter c.p., and introduced new aggravating circumstances, for example for art. 617-quarter; 
  • It has expanded the specific intent required for the crime provided for in art. 615-quater c.p., which now provides for the more generic concept of “advantage”, and no longer “profit”. 
  • It has introduced art. 623-quater c.p., which provides for a new special mitigating circumstance for the computer crimes referred to therein in which the damage or danger is particularly slight; furthermore, it allows for a reduction of the penalties imposed by up to two thirds in the event that the perpetrator of the crime makes concrete efforts to avoid further consequences, offering his cooperation with the justice system in the collection of evidence or in the recovery of illicit proceeds. Likewise, art. 639-ter provides a rewarding circumstance to encourage post delictum collaboration; 
  • Introduced the new crime of computer extortion – art. 619, co. 3 c.p. – which punishes anyone who, through unauthorized access, interceptions, damage to data or computer systems, or by threatening to carry out such conduct, forces someone to do or omit something, procuring for himself or others an unjust profit with damage to others (a crime attributable to “ransomware”). 
  • Introduced a new aggravating circumstance in the crime of fraud under art. 640, “if the act is committed remotely through computer or telematic tools capable of hindering one’s own or others’ identification” (new paragraph 2-ter), therefore applicable in cases of fraud perpetrated via the web. 

How to defend yourself from cyber crimes 

To reduce the risk of being a victim of cybercrime, it is essential to adopt effective preventive measures: 

  • Protecting devices and networks;
  • Using strong passwords and Two-Factor Authentication
  • User education and awareness;
  • Regular data backups.

Questions and answers

  1. What are computer crimes?
    They are crimes committed through the illicit use of digital systems, with the aim of damaging people, companies or institutions. 
  2. What are the main computer crimes in Italy?
    Among the most common are unauthorized access to systems, computer fraud, the spread of malware and credit card cloning. 
  3. How is computer fraud classified as a crime?
    It occurs when a person uses computer tools to deceive others and obtain an unfair profit to the detriment of others. 
  4. What regulations govern computer crimes in Italy?
    The main ones are Law 547/1993, the Budapest Convention and the GDPR for the protection of personal data. 
  5. How to protect yourself from computer crimes?
    Using security software, strong passwords, two-factor authentication and paying attention to suspicious emails. 
  6. What to do in the event of a computer attack?
    You must report the incident to the competent authorities and, if necessary, consult a cyber security expert. 
  7. Is credit card cloning a cybercrime?
    Yes, it is a cybercrime and can be prosecuted. 
9
To top