The Russian Parliament is working on a new law that would introduce criminal liability for hackers creating tools and participating in cyber-attacks against Russian infrastructure.
According to RAPSI, a Russian site that provides information on the Russian legal system, the upcoming law introduces amendments to the Russian Criminal Code and Criminal Procedure Code.
More exactly, according to current draft, the the new law would introduce a new article called "Illegal influence upon the crucial information infrastructure of the Russian Federation."
This article regulates punishment for a series of malicious activities, such as the creation, distribution, and usage of cyber tools for attacks against the infrastructure of the Russian Federation.
While the law draft didn't specify exactly what kind of tools, this would generally include malware, botnets, or DDoS stressor services used for attacks against Russian targets.
Suspects who participate in the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems" face a fine up to 1 million rubles (~$15,700) and up to five years in prison. If the cyber attacks have serious consequences, then the prison term can go up to ten years.
Hackers that obtain unauthorized access to protected information have to pay a fine that can go up to 2 million rubles (~$31,500), can face up to five years of forced labor, and six years in prison.
The Russia government has been paying more and more attention to the cyberspace in recent months, fearing of external influence and cyber-attacks from foreign states.
Last week, President Vladimir Putin approved a new general information security doctrine that is to be used to craft new laws and procedures for handling cyber-attacks.
Also last week, the Russian Secret Service (FSB) has issued an alert that foreign intelligence agencies might try to destabilize Russia's banking sector with rumors of a fake crisis, fake news about bank failures, SMS alerts, and cyber-attacks.