포트스캔(Portscan) 가벌성에 대한 형사법적 연구

The hyper-connected society, along with convenience, also increases the threats to information and communication networks, and thus an active response to these threats is inevitable. In the area of ​​criminal law, not only deleting, modifying, or concealing data by hacking into a security system, but also intruding information and communication networks is defined as criminal activity, and this may reduce threats to networks by suppressing malicious activities. However, if the regulation is too comprehensive, making its interpretation ambiguous, the scope of punishment can be extended, which may result in suppressing white hackers' positive activities to find and improve security vulnerabilities. This paper attempts to clarify the implications of the anti-hacking regulations on information and communication networks through the scrutiny of port scan activity, which is a preliminary stage of malicious hacking and a method of checking for security vulnerabilities. Since packets sent for port scan are received and responded to by the central processing unit, a scan of a system with a policy that does not tolerate port scan activity falls under 'intrusion without access' according to the literal interpretation of our legislation. In addition to the literal interpretation of the statute, the rational interpretation of the history and context of the statute will be used to examine whether Port Scan is really a hacking act and then suggest the direction that our legislation should go.