UK law strengthened to tackle cyber criminals

By Steve Malone and Matt Whipp

Posted on 27 Jan 2006 at 11:04

British hackers and others who use computers to commit criminal acts face stiffer penalties. Under a new Police and Justice Bill published by the Home Office today.

Under the new proposals a range of offences related to cybercrime will carry lengthier terms in prison. A new offence of preventing access to computers will carry a sentence of up to 10 years in jail. The new proposals are seen as a reaction to the wave of cases of cyber criminals attempting to extort money from web sites by threatening to launch a DoS attack.

The Bill is a catchall that updates various Acts of Parliament. In the case of the computer crime, the changes are made principally to the Computer Misuse Act 1990.

Many of the changes stem from proposals submitted last April by the All Party Internet Group, led by Derek Wyatt MP, in a 10-minute rule motion.

The new amendments for example, attempt to address new threats such as Denial of Service attacks by creating a new offence of preventing or hindering 'access to any program or data held in any computer'. Anyone convicted of this offence faces a jail term of up to ten years.

Such an amendment could not be more timely. Only last November, a teenager walked free from court, having been charged with sending millions of emails to a former employer. The Judge concluded that this set the precedent that Denial Of Service attacks of this nature did not contravene the CMA, which, now 15 years old, was never concieved to deal with this type of threat. As such the accused did not even have to take the witness stand

The Police and Justice Bill is also aimed at hackers and those who create viruses and other malware but who do not actually release the code onto the Internet themselves but merely post it on web pages for demonstration purposes. Anyone will be guilty of an offence if they knowingly distribute such code and on conviction will be subject to a jail term of two years and or a fine.

An example of the kind of act that would become an offence happened last December. A group posted a vulnerability in Windows .wmf files on the Internet. As a result a flurry of exploits appeared on the Internet based on the revelations that meant that Microsoft and a number of security vendors to scramble to try and plug the hole. Under the new proposed law, anyone found posting such exploits would face jail - providing they could be caught and it proved in court that their actions were intentionally malicious.

Finally, there are increased penalties for hacking into computers. The offence of unauthorised access to computer material will now carry the maximum penalty of a fine and up to two years in prison.

The two year terms are important in that this allows the UK authorities to issue extradition orders. As many Internet crimes are carried out from abroad, such as Nigerian 419 scams and phishing attacks from criminal gangs in Eastern Europe, this is essential to give the Bill any real power when it becomes an Act.