Computer Crime Research Center


Denial of Service prosecution in the UK

Date: January 19, 2005
Source: Out-Law.Com

A man appeared in a Scottish court yesterday facing charges under the Computer Misuse Act for launching Denial of Service attacks. It is only the second time that such attacks have been prosecuted in the UK; and the last accused was acquitted.

The man before Elgin Sheriff Court today, who has not been named, is said to have carried out the attacks as part of an extortion plot that targeted companies in Scotland and the US.

Denial of Service (DoS) attacks occur when web servers are flooded with false and untraceable requests of information, overwhelming the system. Although such attacks do not normally compromise information security, they cost time and money.

The National Hi-Tech Crime Unit (Scotland) and the US Secret Service worked together on what was dubbed Operation Casper. On Friday, houses in the Elgin area of Scotland were searched, computer systems were seized and the 27-year-old man arrested.

There are doubts that the Computer Misuse Act, passed in 1990, actually criminalises DoS attacks. The Act created three offences: unauthorised access to computer material; unauthorised modification of such material and unauthorised access with intent to commit or facilitate commission of further offences.

Some argue that the Act fails because there is no access to or modification of material in a DoS attack. Others, including the NHTCU, disagree. They say that DoS attacks do access and modify data stored in a computer’s random access memory (RAM).

The first attempt to use the Act for a DoS attack came in a case against teenager Aaron Caffrey. But in that case, Caffrey's defence did not argue the merits of the Act; instead, it convinced a jury that Caffrey did not launch the attacks and that they were in fact launched by hackers exploiting a Trojan in the accused's computer. Caffrey was acquitted.

Acknowledging Caffrey's case, the UK’s All Party Internet Group (APIG) last year called for the Computer Misuse Act to be amended. It called on the Home Office to add an explicit ‘denial-of-service’ offence to the Act's offence of impairing access to data.

The prosecution that will follow Friday’s arrest offers the CMA the chance to prove itself as an up-to-date cybercrime law. Observers are awaiting the outcome with interest.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-01-08 19:33:37 - Hello, Very good site with nice info's... None
2007-01-08 19:33:06 - Hello, Very good site with nice info's... None
2006-10-22 06:04:37 - Hello, Very good site with nice info's... Eey
2006-10-19 08:43:27 - Wow, design is much better from my last... LLiAA
Total 4 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo