What Constitutes Cybercrimes?
Cybercrimes have emerged
within the legal landscape in tandem with the advancements in the modern
electronic world. The proliferation of artificial intelligence and the
ubiquitous presence of technological devices, such as mobile phones, computers,
and smartwatches, in our daily lives have paved the way for these tools to be
exploited for criminal activities.
Individuals, who leverage
the proliferation of information devices in various domains to enhance their
lives, have increasingly adopted these technological tools as instruments for
criminal activities, particularly in the realm of electronic commerce, encompassing
activities such as online shopping and sales.
At this
juncture, cybercrimes can be defined as a broad spectrum of offences
perpetrated within the electronic environment, utilising technological devices
such as computers, telephones, and POS devices. Hence posing potential cyber
security breaches. Essentially, cybercrimes encompass the unauthorised access to
information systems through electronic connections facilitated by technological
tools, either physically or via the internet.
Regarding the information
system, the Turkish Criminal Procedure, in accordance with the ruling of the
Criminal General Assembly of the Court of Cassation dated 25.11.2014, bearing
the Basis number 2013/448 and numbered 2014/524, defines it as follows: “…The
information system, as expounded in the rationale of Article 243 of the Turkish
Penal Code (TPC), refers to magnetic systems that enable the collection and
storage of data, subsequently subjecting them to automatic processes.”
Cybercrime is defined in German case law as, “Intentional attacks
against individuals or groups with the aim of causing harm to their dignity or
inflicting direct or indirect physical or mental harm on the victim. These
attacks are carried out using contemporary communication channels, such as the
Internet (e.g., chat rooms, emails, bulletin boards, and groups), and mobile
phones (SMS/MMS) [1].”
This type of crime can give rise to both national and international security and economic legal disputes. Cybersecurity vulnerabilities in information systems can be exposed through various offences such as infringement of privacy, violation of copyrights, fraud, exploitation, and intelligence-related crimes, among others.
History of Cybercrimes
While the use of
informatics has been ingrained in human activities for an extensive period, it
was not until the 1960s that technology began to be employed as a criminal
instrument, subsequently recognised as a criminal offence and subject to
penalties. The pursuit of military and economic superiority, both on a national
and international scale, contributed to the evolution of the information
system, thereby giving rise to these cybercrimes.
Firstly, the compilation
of personal data and the establishment of databanks raised privacy concerns.
During the 1970s, cybercrimes began to be perpetrated as states recognised the
potential to infiltrate the data of their own citizens and subsequently breach
the information systems of other states.
The legal recognition of cybercrimes emerged in 1977 in the United States of America, the birthplace of computer, when the topic was deliberated in the United States Congress, leading to the creation of the first draft law.
Cybercrimes in the
International Legal System
In the context of the
international legal system, cybercrimes are generally categorised into two main
types. These are recognised as "crimes targeting computer networks and
devices" and "crimes committed by using computer networks and devices."
Crimes targeting computer
networks and devices include:
·
Computer viruses
·
Denial-of-service attacks (DoS)
·
Malicious software
Crimes committed by using
computer networks and devices include:
·
Cyber monitoring
·
Fraud and identity theft
·
Information theft
· Theft of personal network information (for example, username, login password, credit card information and so forth)
Cybercrimes in the Turkish
Criminal Law System
The advancement of
information technologies has permeated every aspect of our lives, giving rise
to a multitude of new criminal activities. Consequently, many nations have
found it necessary to enact legal provisions in the realm of informatics,
updating and amending their legislations accordingly. In Turkey, this category
of offences was first introduced in 1991 through Law No. 3756. within the TPC No.
5237, the provisions pertaining to cybercrimes are examined under the title
"Crimes Committed in the Field of Informatics."
In the tenth chapter of the TPC, titled "Offences in the Field of Informatics," specific provisions have been established to address various acts, such as unauthorised access to information systems, system obstruction, disruption, data destruction or alteration, as well as the misuse of bank and credit cards.
Accordingly, the
cybercrimes examined in the TPC compass:
• Unauthorised access to
the information system (Article 243 of the TPC)
• The offence of
obstructing, disrupting, rendering inaccessible, destroying, or altering the
system (Article 244 of the TPC)
• The offence of misusing
a debit or credit card (Article 245 of the TPC)
• The offence of using a prohibited device or programme (Article 245/a of the TPC)
The Offence of
Obstruction, Disruption of the System, Data Destruction or Alteration
Article 244 of the TPC states
the following:
“(1) Any person who
obstructs or disrupts the proper functioning of an information system shall be
subject to imprisonment for a term of one to five years.
(2) Any person who
corrupts, destroys, alters, or renders inaccessible the data within an
information system, introduces data into the system, or transmits existing data
to another location shall be subject to imprisonment for a term of six months
to three years.
(3) If this act is
committed against the information system of a bank, credit institution, public
institution, or organisation, the imposed penalty shall be increased by half.
(4) If the acts defined
in the previous paragraphs are committed for the purpose of gaining an unfair
advantage, either for oneself or someone else, in addition to any other
applicable offence, the person shall be subject to imprisonment for a term
ranging from six months to two years and a judicial fine of up to five thousand
days.”
As a side note, in
Turkish law, "gün" (day) is a unit of measurement used for certain
fines. The phrase "beş bin güne kadar adli para cezası" translates to
"a judicial fine of up to five thousand days" in English. In this
context, the fine is calculated based on a certain daily rate multiplied by the
number of days, up to a maximum of five thousand days. This method of
calculating fines in terms of "gün" (days) is unique to Turkish law
and is different from the more common practice of specifying a monetary amount
as a fine. The daily rate is determined based on the financial situation of the
offender, and the number of days is decided by the court based on the severity
of the offence.
With the enactment of
this article, the intentional damage to information systems has been criminalised.
The partial or complete destruction, alteration, or modification of data and
programmes within information systems has constituted the offence of damaging
property against information systems [2].
Offence of Misuse of
Debit or Credit Cards
Article 245 of the TPC states
the following:
"(1) Amended:
29.06.2005-5377-27.Art) Any person who acquires or possesses a debit or credit
card belonging to another person, through any means whatsoever, and utilises it
for personal gain or on behalf of another, without the consent of the
cardholder or the person authorised to use the card, shall be subject to
imprisonment for a term ranging from six months to three years, along with a
judicial fine of up to five thousand days."
(2) Any person who
manufactures, sells, transfers, purchases, or receives forged or counterfeit
debit or credit cards and associates them with bank accounts belonging to
others shall be subject to imprisonment for a term ranging from three to seven
years, along with a judicial fine of up to ten thousand days.
(3) Any person who gains
personal benefit or benefits someone else by using a forged or counterfeited
debit or credit card shall be subject to imprisonment for a term ranging from
four to eight years, in addition to a judicial fine of up to five thousand
days, unless the act constitutes another offence warranting a more severe
penalty.
(4) If the offence
referred to in the first clause is committed to the detriment of:
a) One of the spouses for
whom a separation order has not been issued.
b) One of the next of
kin, one of the relatives in-law, or one of the adoptive or adopted children.
c) One of the siblings
living together in the same dwelling.
No penalty shall be
imposed on the related relative.
(5) (Additional Clause:
06.12.2006-5560/11. Art) The provisions of this law concerning effective
repentance for offences against assets shall be applicable to acts falling
within the scope of the first clause.”
In the preamble of this article, the unlawful acts resulting from the misuse of debit and credit cards are penalised. However, this type of crime aims to cause financial loss to the bank or credit card holders, resulting in gains for the perpetrators of the offence.
Use of Prohibited Devices
and Programmes in Cybercrimes
Article 245/A of the TPC states
the following:
"(Amendment:
24/3/2016-6698/30 Art.)
(1) If a device, computer
programme, password, or other security code is specifically designed or created
for the commission of the offences listed in this Section and other offences
that can be facilitated through information systems, the individual who
manufactures, imports, ships, transports, stores, accepts, sells, offers for
sale, purchases, distributes to others, or possesses such items shall be
subject to imprisonment for a term ranging from one year to three years, along
with a judicial fine of up to five thousand days."
In the rationale of this article, it is clarified that the offence occurs when a device, computer programme, password, or other security code is specifically designed or created for committing cybercrimes or other offences facilitated through information systems, and the offence is committed by engaging in at least one of the acts outlined in the aforementioned article.
Offence of Unauthorised Access to an Information
System
Article 243 of the TPC states the following:
“(1) Any person who unlawfully enters or remains
in the whole or part of an information system shall be subject to imprisonment
for a term of up to one year or a judicial fine.
(2) If the acts defined in the preceding clause
are committed in relation to systems that can be utilised for a fee, the
penalty to be imposed shall be reduced by up to half.
(3) If the data contained in the system are destroyed
or altered as a result of this act, the person shall be subject to imprisonment
for a term ranging from six months to two years.
(4) Any person who unlawfully monitors the data
transfers within an information system or between information systems by
technical means without entering the system shall be subject to imprisonment
for a term ranging from one year to three years.”
This provision addresses the commission of a crime through unauthorised access to the whole or part of an information system and remaining there without lawful authorisation. The provision does not specifically require the processing of any data or other actions apart from the unlawful entry into the system. Therefore, the focus is on the act of entering the system, which results in a violation of the security of the information system.
Evaluation of the Offence
of Unauthorised Access to an Information System under Article 243 of the TPC
The "Offence of
Unauthorised Access to an Information System," examined within the
framework of Article 243 of the TPC, occurs when an individual unlawfully
enters into an information system and continues to remain there. Third clause of
this article addresses the "destruction or modification of informatics
data", indicating the establishment of the aggravated form of the offence.
The act of gaining an
access to an information system refers to entering and remotely connecting to
the data in the information system by direct or indirect means.
Commission of the Offence
of Gaining Unauthorised Access to the Information System
Unauthorised access to
information systems encompasses various actions. In today's rapidly advancing
digital world, new security vulnerabilities emerge regularly.
Some well-known actions
for gaining unauthorised access to systems include computer hacking, phishing
attacks, computer viruses and worms, ransomware, keylogging programmes,
distributed denial-of-service (DDoS) attacks, social engineering attacks,
inadvertent receipt of malicious emails, unlawful content provision, trojan
horses, logic bombs, network worms, hidden backdoors, eavesdropping,
information viruses, identity theft, and numerous others achieved via forcing or
exploiting weaknesses in the information system.
For legal analysis, the
interpretation of the term ‘access’ plays a pivotal role. While there have been
differing views within the Court of Cassation, the term ‘access’ has been favoured,
particularly based on regulations stemming from Law No. 5651 on the Regulation
of Internet Publications and Combating Crimes Committed through These
Publications. In this context, ‘access’ signifies "gaining the opportunity
to use the internet by connecting to the internet environment by any
means."
In the verdict of the 8th
Criminal Chamber of the Court of Cassation dated 07.05.2014 and bearing the
Basis number 2013/10402 and the Decision number 2014/11836, the term ‘access’
was used instead of ‘entry’ which clarified the offence. Moreover, it was adjudicated
that this offence involves gaining unauthorised access to someone else's
system, closely or remotely monitoring the data within, and providing access in
a manner that is deemed unfair.
"... Accessing an
information system means gaining entry to some or all of the data contained in
the system, either physically or remotely through another device. To
achieve unauthorised access, lax security measures or vulnerabilities in
existing security protocols may be exploited. Access can be obtained over the
network by utilising viruses (in the form of attachments such as funny
pictures, celebratory cards, or audio and video files), trojan horses, macro
viruses, worms, or by exploiting system vulnerabilities in any way.
Unauthorised access to computer data and systems is also referred to as ‘computer
intrusion’, ‘code breaking’ or ‘computer hacking.’ This offence can be
committed by gaining access to someone else's computer and viewing the data
within or by logging into the information system through a network. The
method of communication (wired or wireless) or the distance (close or far) does
not affect the characterisation of the offence. However, in cases where an
email or file is sent to an information system, this situation may not be
considered as access since there is no entry into the information system; only
data is sent. Furthermore, accessing the operating system (Windows, Linux,
etc.) of the victim's personal computer by another internet user without the
victim's consent will also constitute an offence..."
IP addresses play a
significant role in establishing the ownership of access to a specific system.
Through IP addresses, it becomes possible to determine which systems computers
are connected to, when, where, and on whose behalf an unauthorised access
occurred. IP addresses help in detecting the crime through serving as
distinguishing features for computer programmes, much like identity numbers,
which is beneficial for the victim. In accordance with the decision of the 8th
Criminal Chamber of the Court of Cassation dated 16.04.2014 and bearing the
Basis number 2013/4668 and the Decision number 2014/9860:
“In cases where IP
addresses alone are insufficient, GSM companies can assign a single IP address
to multiple individuals by using port forwarding. Each computer programme uses
a separate port for communication. Consequently, for programme communication
within the computer, an IP address and a port number are required and presented
as an IP address and a port number. When accessed, the port information, which
is not legally mandated to be retained, can aid in determining the specific
individual who used an IP address assigned to multiple people at the time of
the offence.”
The Legal Principle
Protected by the Offence of Unauthorised Access to the Information System
The ‘legal principle
protected’ in question pertains to the rights or interests of the victim whose
data and information have been breached due to the unauthorised access.
Consequently, when individuals' information systems are unlawfully accessed, it
not only undermines the trust in the justice system but also constitutes an
intrusion of individuals' privacy.
In this context, it is
evident that the protected legal principle holds a multifaceted nature. Varied
perspectives exist regarding the legal subject of the offence, with some
asserting that it pertains to a material value. Conversely, alternate
viewpoints define the protected legal principle as ‘multifaceted', encompassing
the maintenance of public order, privacy of personal life and communication,
interests of system proprietors and users, prevention of additional criminal
activities, and fortification of information system security. [3]
Beyond the unauthorised
access to the information system resulting in the infringement of the right to
privacy of multiple individuals, there exists the potential for consequential
harm to an individual's assets as the offence continues.
Elements of the Offence
of Unauthorised Access to an Information System
A. Material Elements
A.1.
Perpetrator
The perpetrator of an
offence is referred to as the person who committed the act. In relation to this
offence, the legal provision employs the phrase "...anyone who enters
or remains..." As such, it is established that the term
"anyone" pertains to the individual who gains access to the victim's
information system, thereby being the perpetrator of this offence.
According to Article 20
of the Turkish Penal Code, the designation of perpetrator only applies to
natural persons, and consequently, criminal penalties can exclusively be
imposed upon natural persons. However, if the offender in question is a legal
entity, specific security measures relevant to legal entities shall be
implemented.
A.
2. Victim
The victim in this offence
refers to the individual who has a detriment to or endangerment of their legal
interests because of the unauthorised and unconsented access to their information
system.
Should the perpetrator's
actions result in harm to multiple individuals, all such affected persons shall
collectively be called victims.
A.
3. Action
Within the framework of
this offence, characterised as an "offence based on alternative
actions" or an "offence with alternative elements", it is
acknowledged that the commission of the offence occurs once the perpetrator
undertakes any of the actions outlined within the legal statute. The offences
that can be committed with one of the actions shown as alternatives of each
other in the legal definition are called “offences based on alternative
actions" or “offences with alternative elements". The offence is perpetrated
upon the commission of any one of these alternatives, thereby removing the
necessity for the completion of all available optional actions.
The continuation of
presence after the entry into the information system may manifest as the
perpetrator remains within the system for a while (during which activities such
as data manipulation, data monitoring, data flow surveillance, system
disruption operations, or inaction might happen). [4]
The duration of the
perpetrator's tenure within the information system, and the existence of actions
causing harm to the victim during this period, are not pivotal considerations.
This stance is affirmed in the verdict of the 11th
Criminal Chamber of the Court of Cassation, dated 26.03.2009, and bearing the
Basis number 2008/18190 and the Decision number 2009/3058:
"... In the face of
the allegation and acceptance that the defendant unauthorisedly accessed the
account of Z. T. T. İmalat Pazarlama Sanayi ve Ticaret Limited Şirketi, where
the participant served as an official, at the Denizli branch of Türkiye E.
Bankası, yet refrained from transferring funds to an alternate account through
manipulation of the said account after its unauthorised access, a verdict
through written means (in accordance with Articles 244/4, 35/2 of the Turkish Penal
Code No. 5237) without due consideration of the defendant's conduct
constituting the offence stipulated within Article 243/1 of the Turkish Penal
Code No. 5237, stands contrary to the law, requiring a reversal. It is evident
that the offence pertains to offences based on alternative actions or offences
with alternative elements..."
B. Special Manifestations
of the Offence
B.1.
Attempt
In accordance with the
provisions on attempt outlined in Article 35 of the TPC, the following
explanation is provided: "An individual is held accountable for an
attempt if they commence the direct perpetration of a crime they intend to
commit through overt actions and are unable to bring it to fruition due to
uncontrollable circumstances."
Hence, it is adequate for
the perpetrator to engage knowingly and wilfully, partially or entirely, in any
of the offences based on alternative actions or offences with alternative
elements associated with the offence of unauthorised entry, access, or
continued presence within the information system, for the offence to be both
established and substantiated.
Given that this category of offence falls under "crime of mere action and a crime without a consequential result", the very act of carrying out the actions directly constitutes the offence. Should the initiation of the offence be obstructed by external factors beyond the perpetrator's control, the possibility of an attempt is conceivable. However, it is crucial to acknowledge that voluntary renunciation cannot be invoked in this type of offence, as it centres around the execution of actions, without any sought-after outcome. [5]
B.2. Complicity
Conversely, complicity
refers to a scenario in which the offence is perpetrated by multiple
individuals rather than one person. In instances of this nature, the
overarching regulations pertaining to complicity shall be invoked, thereby
resulting in each of the offenders being prosecuted as ‘co-perpetrators.’
B.3.
Cumulation of Offences or Concurrent Offences
The focal point of
consideration herein pertains to how this scenario will impact the imposition
of criminal penalties in instances where the perpetrator commits multiple offences.
This issue will be analysed in accordance with the aforementioned legal
provisions (Articles 42-44 of the TPC), and an evaluation shall be made based
on the specific circumstances of the case.
A notable circumstance
under this category emerges when the offence of unauthorised access to an
information system is committed in a chain. An illustration of this involves
the perpetrator accessing the victim's information system and subsequently
re-entering the same system at distinct intervals, thereby exemplifying the commission
of the offence in a chain.
The verdict rendered by
the 8th Criminal Chamber of the Court of Cassation, bearing the
Basis number 2014/3984 and the Decision number 2014/13848, stands as a
precedent ruling:
"...considering the
defendant's acknowledgment of accessing to the computer programme owned by the
company subsequent to departing from the participating company, and the
dossier's documentation revealing his multiple entries into the said programme
at separate instances, the defendant's punishment under Articles 243 and 43 of
the TPC for the crime of unauthorised access to the information system due to
his conduct...".
Considering the verdict
of the 12th Criminal Chamber of the Court of Cassation dated
15.09.2014 and bearing the Basis number 2014/649 and the Decision number 2914/17770,
regarding the matter of cumulation of offences or concurrent offences, it is
deemed judicious to impose a criminal penalty for the offence of unauthorised
access to the information system alongside the act of subsequently procuring
personal data:
"...There exists no inconsistency in the verdict to convict the defendant, who acquired the electronic email address employed by the involved party for accessing their Facebook account without consent, for the offence of unlawfully disclosing or procuring data. However, it was not taken into consideration that the defendant, after unlawfully entering the exclusive section of the participant's information system, persisted in remaining within the system unlawfully, thereby obstructing the participant's access to the aforementioned section. Consequently, the defendant should also be found guilty of the offence of blocking, disrupting the system, damaging, or altering data, as outlined in Article 244/2 of the TPC....".
C. Enforcement and Competent
Authority
The penalty for the
offence of unauthorised access to an information system is imprisonment for up
to one year or a judicial fine for anyone who unlawfully enters or remains in
the whole or part of an information system. These criminal penalties are
included in the law for the simple form of cybercrimes. The simple form occurs
in the case of entering the information system and exiting without making any
changes in the system.
However, as it is
understood from the continuation of the provision, if the acts defined in the
first paragraph are committed about the systems that can be used for a fee, the
penalty to be imposed will be reduced by up to half. Otherwise, in case of
destruction or change in the data contained in the system due to the act of the
perpetrator, imprisonment from six months to two years shall be sentenced.
A person who unlawfully
monitors the data transfers within an information system or between information
systems by technical means without entering the system shall be sentenced to
imprisonment from one year to three years.
According to Article 11
of the "Law No. 5235 on Establishment, Duties and Authorities of the
Courts of First Instance and Regional Courts of Appeal", the criminal
courts of first instance are responsible for the cases related to the offence
of unauthorised access to the information system in question.
In terms of location, the
competent court shall be the court "where the offence is committed"
according to the provisions of Article 12 and the following articles of the
Code of Criminal Procedure No. 5271 regulating this matter.
D. Investigation Methods
The offence of unauthorised access to an information
system falls within the category of offences that necessitate ex officio
investigation and prosecution. Consequently, it becomes evident that this type
of offence does not hinge upon a formal complaint. The primary rationale behind
the legislator's decision to exempt this offence from complaint lies in the
objective of upholding societal trust in the justice system and preserving the
sanctity of privacy.
The retraction of the
victim's complaint concerning this act carries no substantive significance,
given that the offence belongs to the category of offences mandating ex officio
investigation, thereby ensuring that legal proceedings will persist. In this
context, the Prosecutor's Office will initiate the requisite research and
investigation pertaining to access to the information system ex officio.
In this instance, the
foremost point of determination by the prosecutor will revolve around
ascertaining whether the attempt to access the system was carried out remotely
or physically.
While various informatics
techniques are employed for the elucidation of this specific offence, the
prosecution authority will scrutinise methods including IP address
identification, examination of log records, analysis of internet layers within
the TCP/IP model, CGNAT records, and similar approaches. [6]
IP addresses and log
records stand among the most frequently employed evidentiary methods within
Turkey's legal proceedings, especially when access to the information system
occurs via the internet. Through an investigation based on the particular
incident, it is feasible to discern the IP addresses linked to the offence,
thus facilitating the identification of the perpetrator.
In instances involving IP
points that permit multiple access, such as workplaces, the resolution of offences
becomes a matter of debate. Should it prove unfeasible to singularly identify
the perpetrator based on an IP address accessible to multiple individuals, the
principle of “the accused benefits from the doubt" (a legal principle that
underscores the presumption of innocence and dictates that, in cases of
uncertainty or doubt, the benefit should be given to the accused) shall be
acknowledged. [7]
Otherwise, as a
consequence of investigating the perpetrator(s) through the internet service
provider, it is feasible to unveil their addresses, address creation dates, and
the entities responsible for their creation. Beyond these considerations, the
investigation can encompass accessing IP numbers and associated information by
means of relevant Telecom Directorates, aiding in the determination of
activities and transactions undertaken.
As a matter of fact,
according to the verdict of the 8th Criminal Chamber of the Court of
Cassation dated 07/05/2013 and bearing the Basis number 2014/19342 and the
Decision number 2015/2322:
"In the specific instance; within the case lodged with the allegation that the defendant altered the Facebook address associated with the email address '.......................@hotmail.com,' employed by the involved party, without his knowledge and consent, rendered it inaccessible. The investigative and prosecutorial efforts were insufficient. A conviction was rendered without the requisite collection of evidence concerning the incident. Given the defendant's denial of the accusation, the dossier lacks information regarding the defendant's assertion that others might have accessed to his connection, the potential use of the internet line by individuals other than the defendant, and the verification of the ownership of the email address attributed to him. In light of the participant's assertion that he was unable to access his email address since 27.05.2011, it remains unestablished whether the said address was operational and whether the participant accessed his own address between the aforementioned date and the complaint's filing. The verdict was issued without soliciting the pertinent internet service provider for details on the defendant's logins after 22.05.2011, alterations to the password of the address, and if a password change occurred, the specific date and IP number utilised for the modification."
CONCLUSION
In this day and age, the
rapid advancement of technology coupled with individuals' burgeoning
inclination to document and retain their data is increasing day by day.
Concurrently, as technology becomes more pervasive, the frequency of data
entries into information systems has correspondingly risen.
In tandem with the
utilisation of these information systems, a concomitant surge in offences
associated with information systems has surfaced. Consequently, legal disputes,
whether direct or indirect, pertaining to the offence of unauthorised access to
information systems, as stipulated by the Turkish Criminal Law System, have
become a salient feature both within the realm of jurisprudence and in everyday
life.
While acknowledging the
nascent jurisprudential landscape and certain loopholes in the penal framework
when compared to other jurisdictions within the purview of Information
Technology Law, Turkey's Legal System has been progressively incorporating
comprehensive penal provisions aimed at safeguarding victims. These provisions
align with international regulations and evolving practices, enhancing the
Turkish Legal System's capacity to effectively address these matters.
Att. Esranur Kaya
Translated By: Sude Çapoğlu
References:
1. HALDER,
D., & JAISHANKAR, K., 2011, Cybercrime and the Victimization of Women:
Laws, Rights, and Regulations, Hershey, PA, USA: IGI Global. ISBN
978-1-60960-830-9.
2. YILMAZ
Sacit, Sayılı TCK’nın 244. Maddesinde Düzenlenen Bilişim Alanındaki Suçlar,
Access Address: http://tbbdergisi.barobirlik.org.tr/m2011-92-669
3. ERDOĞAN,
Yavuz, Türk Ceza Kanunu'nda Bilişim Suçları, 2012/02 Baskı, XVIII+436 sayfa ISBN
978-605-4354-27-6.
4. ÖZGENÇ
İzzet, 2014, Türk Ceza Hukuku Genel
Hükümler, Seçkin Yayıncılık.
5. KARAKEHYA,
Hakan, Türk Ceza Kanunu’nda Bilişim Sistemine Girme Suçu, TBB Dergisi, 2009,
Sayı 81, s.19.
6. AKÖZ
Burak Cesur, Türk Ceza Kanunu Kapsamında Bilişim Suç ve Cezaları ile Örnek
Yargısal Kararların Analizi ve Mevzuat Önerileri, Bilişim Uzmanlığı Tezi, 2018,
Ankara, ISBN 978-605-345-141-9. Access address: https://www.btk.gov.tr/uploads/thesis/burak-cesur-akoz-b-uzm-tezi-5d10d910e20e8.pdf
7. İLÇİM
Tuncay, Ceza Muhakemesinde IP Adresi, Log Kayıtları, Ekran Çıktısı ve CGNAT
(HIS) Verilerinin İspat Değeri. Access address: https://tuncayilcim.av.tr/v5/ceza-muhakemesinde-ip-adresi-log-kayitlari-ekran-ciktisi-ve-cgnat-verilerinin-ispat-degeri/
