Judge says law allows DoS attacks

Lawyers say urgent amendments to the law may be needed, after a denial-of-service (DoS) attacker escaped conviction in November. It was ruled that the activity fell outside the scope of the Computer Misuse Act (CMA), potentially opening the floodgates for such attacks.

The case involved a teenager accused of crashing his ex-employer's email server by bombarding it with millions of messages. But he was cleared after the judge ruled that DoS attacks are not illegal under the CMA. The decision puts firms at greater risk, experts warned, though attacks that use hijacked systems or involve extortion will still break the law.

Commenting on what he labelled an "extremely unhelpful" ruling, lawyer George Gardiner said, "Hackers can [now] do what they want until this judgement is [reversed] or the act modified." He added that though DoS attacks are not explicitly covered by the CMA, judges do have leeway to interpret the law.
John Barker, associate solicitor at law firm Last Cawthra Feather, said the ruling was a big blow to the CMA. "The legislation is outdated and needs to be reviewed to take account of new threats," he argued.

However, UK law was more successful in tackling phishing - a newer form of threat that is often more costly. Email fraudster David Levi, who conned £200,000 from eBay users by harvesting their account details, was jailed for three years by Preston Crown Court. It was the first UK phishing conviction.