Russian flag

The Russian Parliament is working on a new law that would introduce criminal liability for hackers creating tools and participating in cyber-attacks against Russian infrastructure.

The upcoming law was registered yesterday with the Duma's lower chamber, according to Russian news site Lenta. The law's full text and an explanatory note are available on the State Duma's website.

Creators of malware and hacking tools targeted by new law

According to RAPSI, a Russian site that provides information on the Russian legal system, the upcoming law introduces amendments to the Russian Criminal Code and Criminal Procedure Code.

More exactly, according to current draft, the the new law would introduce a new article called "Illegal influence upon the crucial information infrastructure of the Russian Federation."

This article regulates punishment for a series of malicious activities, such as the creation, distribution, and usage of cyber tools for attacks against the infrastructure of the Russian Federation.

While the law draft didn't specify exactly what kind of tools, this would generally include malware, botnets, or DDoS stressor services used for attacks against Russian targets.

Penalties include fines, prison time, and forced labor

Suspects who participate in the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems" face a fine up to 1 million rubles (~$15,700) and up to five years in prison. If the cyber attacks have serious consequences, then the prison term can go up to ten years.

Hackers that obtain unauthorized access to protected information have to pay a fine that can go up to 2 million rubles (~$31,500), can face up to five years of forced labor, and six years in prison.

The Russia government has been paying more and more attention to the cyberspace in recent months, fearing of external influence and cyber-attacks from foreign states.

Last week, President Vladimir Putin approved a new general information security doctrine that is to be used to craft new laws and procedures for handling cyber-attacks.

Also last week, the Russian Secret Service (FSB) has issued an alert that foreign intelligence agencies might try to destabilize Russia's banking sector with rumors of a fake crisis, fake news about bank failures, SMS alerts, and cyber-attacks.

Related Articles:

Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances

Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia

Moscow's New Cable Car System Infected with Ransomware the Day After it Opens

New Cannon Trojan Is the Latest Asset of Sofacy APT Group

State-Sponsored Actors Focus Attacks on Asia