Law cracks down on denial-of-service attacks
Dos attackers now face up to 10 years in prison
Cyber criminals launching denial-of-service (Dos) attacks now face up to 10 years in prison, following the Police and Justice Act’s (PJA) passage into law last week.
The new rules also prohibit the supply of tools that can be used for hacking, with penalties of up to two years.
Changes to the law were needed because malicious attacks that paralyse victims’ systems with a barrage of incoming emails could slip through a loophole in the existing Computer Misuse Act (CMA), passed in 1990.
The CMA outlaws ‘unauthorised data modification’, but in 2005 teenager David Lennon was cleared of crashing his former employer’s systems with an email bomb on the basis that incoming emails were not unauthorised.
The PJA clears up any uncertainty, says security academic and expert witness Peter Sommer.
‘The new laws remove any remaining doubt that Dos attacks are an offence,’ he said.
‘The hacking tools element is more complicated because one person’s hacking tools are another’s data administration software.’
There have been huge technological advances since the CMA was framed in the 1980s, prompting the new provisions. The PJA also brings the UK into line with the European Cybercrime treaty.
While the law is now adequate, computer crime remains hard to pin down, says Struan Robertson, technology lawyer at Pinsent Masons. ‘A lot of cyber crime goes undetected and prosecutors may not have the resources to deal with it,’ he said.
What do you think? Email us at: [email protected]
Related stories