If there is something that I have learnt during my formation on Cybercrime and that had completely revolutionized my way of seeing things is that forums of discussion can be, in fact, a very insightful place. Today’s morning, as part of my Master on Cybercrime, I was confronted with a technical discussion I didn’t even knew that it existed: Windows untouchable files.

The reason why a subject like such matters is quite evident: Everything that has the potential to crash, rapidly, a computer is of interest of forensic analysis. Coming from a Law background and without, in this case, any idea about what my colleagues were talking about, I decided to google it. It could be no different, I ended up in a cyber forum where, for the benefit of this article, somebody was asking for the command for deleting those very same system untouchable files.

Apart from the question, what called my legal attention was the answers. The first two respondents gave the code, and the instructions for it to work properly. The third respondent, with a little of sarcasm, answered the whoever was looking for, in fact, what was a malware code: Try in your computer first.

Subsequently, the third respondent writes a series of in-real, not-digital world comparisons telling the black hacker there that, it was equivalent to “Cutting the brake lines on my friend’s car and watching him crash.’. 2 posts later, he wrote it in clear words: What you are about to do is a criminal act. The warning was, as such, publicly written.

If, in examining how punishable are members of forums, one need to know, exactly, the risk barrier trespassed by each part, already in this state there is something very clear for me. Whoever asked the code, who was also reading the commentaries to his post, knew, because someone warned him about it, that what he was asking was, in fact, for a malware code. Also, whoever answered the post after the above-mentioned legal warning knew, or could have known, that providing the answer to that question meant releasing a malware code, that is, an essential participation in a third-part criminal act.

English common law would call that “inchoate offences”. The only problem is that, specifically for those cases, the offence category is still missing. At present, the main inchoate offences categories are attempting to commit (one would have to had, at least, “started to run” the malware here”; encouraging or assisting (formerly inciting) crime (one would have to had acted, in a ‘criminal collusion’, with the intent to commit a crime); and conspiring to commit (where the same problem with the intent appear).

The problem with the hacker forum there was that, first, that the illegal nature of answering a technical question is something usually hard to grasp. Second, that for most of those cases, the common defence is that, even though one really answered correctly the question, one acted without any further intention than to provide technical instructions, being indifferent to why someone was asking that.

Considering that hacker and other illegal forums now grow as mushrooms and that technical instructions are, sometimes, an essential step for committing a crime, inchoate offences’ doctrine should add, as a third category, cases where technical instructions serve to open the “technical path” for a crime to be committed.

Even if one is not aware of what the legal paragraph on malware says, anyone who was able to provide the answer to that question knew that the command there would literally burn any Windows system. As such, one could rationally presuppose the illegality of that. Specially, for in my case, the post was tagged as “C++” and “malware”.

Everyone who is, then, providing technical instructions in an environment where one was, tacitly or not (in my case, there was the tag and there was the warning post), warned that this would very probably be (deducible from the environment where the question comes from) used to commit a crime should be held liable: Either through the creation of a new inchoate offence that specifies those cases or, when a collusion to crime is to be seen, as a participation in the criminal offence that was committed later on.

In an anonymous road as cyber forums, where people normally identify themselves through nicknames and connect via very anonymous systems, we will never know if the criminal offence ever existed, and much less probable is the chance that one comes to identify the clear “chain of causation” to held forum contributors liable.

But why do we need more criminal law if criminals are either a) “criminal by negligence”, meaning that they do not know, exactly, what the criminal provisions says (even if, legally, this is no argument, for everyone is obliged to know the law) or a) “criminals by indifference”, meaning that the existence or not of a criminal provision is irrelevant to them (something very popular in cyber scenarios, where risk of getting caught tend to be perceived as low).

No, I am not proposing every negligent forum user to be prosecuted. I am saying that the technical assistant in a scenario where the information has a high potential to be used for an illegal reason (criminal forums tend to be more explicit than my cyber forum here, and warnings tend, depending on the segmentation, to be rarer) is to be held responsible.

We need a criminal provision for that. Even because, for some crimes, including some very serious ones as CSAM crimes, technical aid tends to be an essential step, without which illegal forums would not have been possible. As such, the one that, instead of running the command (“digitally creating the malware, the cryptography locker or other”) write and release it for a third part in these conditions, should be also held accountable.

Maybe, who knows, in some crimes, those are in fact essential key players that would interest any forum disruption plan. The lower the tech-savvy quality of its members, the higher the potential for disruption.

A new provision for technical assistant case is, as such, needed.

To think about.