사이버범죄 책임범위-분석 V1.0 ( 형사처벌 관련 책임범위 중심 ) 2017.7.16 Jason, Min

□ 이슈 http://www.yonhapnews.co.kr/bulletin/2017/07/04/0200000000AKR20170704053800009.HTML

□ 원문 기사 (AP news) https://apnews.com/8b02768224de485eb4e7b33ae55b02f2 우크라이나 국립 Cyberpolice 부서의 책임자 인 Serhiy Demydiuk는 Associated Press와의 인터뷰 KIEV, Ukraine (AP) — The small Ukrainian tax software company that is accused of being the patient zero of a damaging global cyberepidemic is under investigation and will face charges, the head of Ukraine’s CyberPolice suggested Monday. Col. Serhiy Demydiuk, the head of Ukraine’s national Cyberpolice unit, said in an interview with The Associated Press that Kiev-based M.E. Doc’s employees had blown off repeated warnings about the security of their information technology infrastructure. “They knew about it,” he told the AP at his office. “They were told many times by various anti-virus firms. ... For this neglect, the people in this case will face criminal responsibility.” Demydiuk and other officials say last week’s unusually disruptive cyberattack was mainly spread through a malicious update to M.E. Doc’s eponymous tax software program, which is widely used by accountants and businesses across Ukraine. The malicious update, likely planted on M.E. Doc’s update server by a hacker, was then disseminated across the country before exploding into an epidemic of data-scrambling software that Ukrainian and several other multinational firms are still recovering from. M.E. Doc has given various explanations for its role in the outbreak. It initially acknowledged having been hacked, but then deleted the statement . It then called allegations it had seeded the outbreak “clearly erroneous” but later said it was cooperating with authorities. The company has not returned messages from AP seeking comment. Meanwhile, several companies hit by last week’s cyberattack say they are edging toward normalcy. Law firm DLA Piper said late Sunday that it has restored its email service and was working to bring its other networks back online. Danish shipper A.P. Moller-Maersk said Monday it was that “getting closer to full speed” and that all but one cargo terminal was back in action. Russian companies were reportedly affected as well; Russian state-owned oil giant Rosneft said Monday it had taken the company six days to fully repair its computer systems after they were badly hit in the cyberattack. Ukrainian authorities have blamed Russia for masterminding the outbreak, although several independent experts say it’s too early, based on what’s publicly known, to come to any firm conclusions. Ukraine has repeatedly come under fire from high-powered cyberattacks tied to Moscow. The extent of the damage and disruption in Ukraine was still unclear Monday. Authorities have yet to release an accounting of the number of victims or guess at the cost inflicted by the malware. Demydiuk said his service was still collating figures and declined to even provide estimates. It’s clear, though, that the economic disruption has not been negligible. Some bank employees have not been to work in days. At Kiev’s Boryspil Airport, senior airport official Yevhenii Dykhne told the AP that about a third of computers, mainly those devoted to back-office work such as procurement, were still offline. Hanna Rybalka, who works at the state-owned Oschadbank’s headquarters in Kiev, said that business had taken nearly a week to recover. “Today is the first day of full-time work,” she said in a Facebook message Monday. ___ Howard Amos in Moscow contributed to this report.

□ 케이스 분석 – 주요관심사는 형사처벌 유무 Case : M.E. Doc (Tax software program) v. 피해 회사 Facts : 회계 소프트웨어 회사 프로그램 업데이트 시 악성코드 감염 우크라이나 당국은 배후를 러시아로 지목하고 있음 Issue : 민사 – 과실책임(Negligence Liability) 범위 조사 ⇒ 사전에 백신업체 등에서 해당 취약부분에 대한 경고가 있었음 주의의무(Precaution) 미수행 형사처벌 대상 여부 ⇒ 형사처벌 대상 관련 의견 (Demydiuk, the head of Ukraine’s national Cyberpolice unit) Holding(결론) : 다수의견정리 (예상) 민사책임 있음, 형사책임은 없음 Reasoning(결론에 대한 근거) - A.Rule(법) 형사책임 : 형벌이라는 법률효과를 과하기 위한 책임으로 범죄를 범한 행위자에 대해 국가적 제재를 통한 처벌을 목적으로 함, * 법원칙의 기원, 정책적 고려사항, 반대의견주장에 대한 배척설명 (법원칙등 인용은 따옴표 처리 Black Letter Rule) - B.Application(적용) 본 건은 사회에 대하여 직접적인 유해한 행위를 한 자에 대한 방위적 목적으로 처분을 하는 것과 관계없음 즉 M.E. Doc 은 피해자이며, 본 건은 국가간 사이버 공격건으로 탈린메뉴얼에 따른 분석이 필요함 * 특정 사실관계와 법의 적용 연결, 판례분석 등 Concurring or Dissenting Option(s) - Concurring Option(동의의견) - Dissenting Options(반대의견) https://m.blog.naver.com/PostView.nhn?blogId=ledzeppeline&logNo=220950417994&proxyReferer=https%3A%2F%2Fwww.google.co.kr%2F

□ 탈린메뉴얼 – 사이버전 분석

사이버 작전에 적용할 수 있는 국제법에 관한 탈린 매뉴얼 2.0’ 2017.02 □ 탈린메뉴얼 – 사이버전 분석 사이버 작전에 적용할 수 있는 국제법에 관한 탈린 매뉴얼 2.0’ 2017.02 https://ccdcoe.org/tallinn-manual.html http://www.cambridge.org/us/academic/subjects/law/humanitarian-law/tallinn-manual-20-international-law-applicable-cyber-operations-2nd-edition?format=PB#P6ZfJFkBfruAVGEP.97

“만약 당신이 미래를 꿈꾸지 않거나 지금 기술개선을 위해 노력하지 않는다면 그건 곧 낙오되고 있는 것이나 마찬가지 입니다.” 그윈 쇼트웰(Gwynne Shtwell, SpaceX CEO, COO)

(facebook.com/sangshik, mikado22001@yahoo.co.kr) 감사합니다 (facebook.com/sangshik, mikado22001@yahoo.co.kr)