Denial of service becomes criminal offence

DoS could lead to 10 years in prison

Tougher penalties for hackers and internet offenders have now been incorporated into the UK's Computer Misuse Act.

Amendments to the 1990 law now make it an offence to launch a denial of service (DoS) attack in the UK which will be punishable by up to 10 years in prison.

These are attacks in which a web or email server is deliberately flooded with information to the point of collapse.

There has been ongoing concern that the CMA, which was written before the days when the public and companies had general access to the World Wide Web, was outdated. For example DoS attacks were not covered.

Law firm Pinsent Masons online advice and guidance service Out-Law pointed out that when a court cleared teenager David Lennon in November 2005 on charges of sending five million emails to his former employer – because the judge decided that no offence had been committed under the Act – the need for amendment seemed obvious.

It was also difficult to get other offences prosecuted and penalties were not seen as a deterrent.

The changes mean similarly tough penalties now exist for what are termed " unauthorised acts with intent to impair operation of a computer". People found guilty of these offences, such as disseminating viruses and other malware also face up to 10 years imprisonment, a fine or both.

The updated law also makes it an offence punishable by up to two years in prison, a fine or both for someone gaining unauthorised access to computer material.

The updated CMA now becomes part of the Police and Justice Bill 2006 which received Royal Assent last week.