MPs bid to tackle online extortion

By Matt Whipp

Posted on 10 Mar 2005 at 16:14

The All Party Internet Group (APIG) is to put forward a bill to update the venerable 1990 Computer Misuse Act.

The amendments, if accepted, would explicitly make a crime of distributed denial of service attacks and raise the punitive measures for hacking from six months to two years.

The amendments are mainly directed at tackling the rising incidence of blackmail and extortion against online services, such as bookmakers, where organised gangs demand sums of money or threaten to take the service offline with such an attack.

Raising sentences for such crimes to two years means that suspects are extraditable under the requirements of the European Convention on Cybercrime. As many of these attacks are suspected of originating from Eastern Europe, it is vital that it is possible to apprehend those behind the attacks.

Currently there is little incentive for victims of this kind of racket to come forward. Doing so only points them out as a target for future attacks and if the legislation isn't in place to successfully bring a prosecution, it is a largely academic exercise, but with a potentially very real business impact.

Mark Sunner, Chief Technology Officer at MessageLabs, who gave evidence to the APIG committee at the original inquiry back in April 2004, said: 'Criminals operating online have realised the potential commercial value of Internet-related crimes and so are always looking for new ways to exploit malware to line their pockets. Harnessing the processing power of the large, distributed networks of compromised PCs, DoS attacks have fast become a lucrative weapon in the hackers' armoury. They now have the ability to blackmail and extort victims for substantial sums. As the current provision in the CMA surrounding DoS attacks is ambiguous, companies are left wide open to attack.

'It is vital that a tighter legal framework is implemented to make it more difficult for computer criminals to operate, but easier for law enforcement agencies to prosecute successfully.'

The amendments reflect a great deal of work undertaken last year by APIG consulting the authorities, the security industry, business and the government on how the Act could and should be updated.

Richard Allan MP, Liberal Democrat spokesman for IT, and Vice Chairman of APIG said: 'As we become increasingly dependent on the Internet for essential commercial and public service functions, we need to be able to respond to attacks on websites and the Net infrastructure. This Bill will strengthen the arm of law enforcement agencies to deal with those who maliciously attack networks through denial of service attacks. This reform is necessary if we are to treat these attacks with the seriousness which they deserve.'

The full text of the amended bill is at the APIG website.