[ISN] Teen hacker escapes punishment
InfoSec News
isn at c4i.org
Fri Nov 4 12:10:55 EST 2005
http://www.vnunet.com/vnunet/news/2145513/teen-hacker-escapes-punishment
Ken Young
vnunet.com
03 Nov 2005
A judge has ruled that there was no case to answer after presiding
over the trial of a teenager who allegedly flooded his former
employer's email system with five million messages.
The ruling has called into question the effectiveness of the Computer
Misuse Act (CMA) in prosecuting such cases.
The judge at Wimbledon Magistrates' Court ruled that the alleged
actions did not fall foul of the CMA, even though the company involved
claimed that the boy's actions had caused its email servers to crash.
The unnamed teenager was charged under Section 3 of the CMA, which
covers the more serious offence of unauthorised modification of a
computer system.
The defence argued that, since the firm's email server was set up for
the express purpose of receiving emails, sending a flood of
unsolicited emails could not be considered an act of unauthorised
modification.
Judge Grant told the court that "the computer world has considerably
changed since the 1990 Act", and that there is little legal precedent
to refer back to. He then went on to rule that denial of service
attacks are not illegal under the CMA.
In a written ruling, Judge Grant said: "In this case the individual
emails each caused a modification which was in each case an
'authorised' modification.
"Although they were sent in bulk resulting in the overwhelming of the
server, the effect on the server is not a modification addressed by
section 3 [of the CMA]."
The CMA, introduced in 1990, explicitly outlaws the 'unauthorised
access' and 'unauthorised modification' of computer material. Section
3 concerns unauthorised data modification and tampering with systems.
The defendant was not called into the witness box during the trial, so
was unable to confirm whether or not the attack had taken place.
More information about the ISN
mailing list