A UK-based hacker found guilty of breaching the systems of a US government web site was given a community service sentence rather than a fine or imprisonment this month, leading experts to warn that such light penalties could encourage more hacking.

Nineteen-year-old student Joseph James McElroy pleaded guilty to the charge of hacking into the US Department of Energy's nuclear research site, Fermilab. However, despite Fermilab seeking £21,000 in compensation to cover the costs of repairing the breached system, the judge at Southwark Crown Court did not fine McElroy but imposed a sentence of 200 hours of community service.

McElroy claimed he carried out the offence to use Fermilab's network bandwidth to store copyrighted film and music files. As the motive was not to cause harm and no classified data was accessed, the judge said imprisonment would not be inappropriate.

Despite the lack of malicious intent, awarding a relatively light penalty could prove dangerous for other firms. "It is very worrying that appropriate compensation or a custodial sentence has not been issued," said David Williamson, director of sales at managed security specialist Ubizen. "Hacking is still illegal and as a self-confessed serial hacker, McElroy and the hacker community at large will view this outcome as a green light to break the law."

The lack of compensation in this case may also cause firms to worry more about possible financial losses. Williamson argued that Fermilab's actual costs for repairing the damage would have been far higher than the £21,000 sought. "Firms must ensure there are no open doors in the network for the hacker to walk through," he added.