Hackers who carry out denial-of-service attacks could
now face up to 10 years in jail plus fines under a new UK
law.
The Police and Justice Act, which became law after receiving
royal assent last week, amends the 1990 Computer Misuse Act by
introducing tougher penalties for unauthorised hacking.
Those found guilty of the offence of unauthorised access to
computer material could face a jail term of up to two years, or a
fine or both, while “unauthorised acts with intent to impair
operation of a computer” could face up to 10 years imprisonment, or
a fine or both.
The act also contains a controversial measure covering the
production and distribution of hacking tools, which has been
amended after experts raised fears that it could be used against
legitimate IT security professionals.
A clause in the legislation states that someone is guilty of an
offence if they make, adapt, supply or offer to supply an article
if they are “intending it to be used to commit” an offence under
sections of the Computer Misuse Act covering unauthorised access or
the creation of viruses or denial of service attacks.
But experts had warned that a sub-clause in early drafts of the
legislation – adding that someone was also guilty of an offence if
they made, adapted, or supplied an article “believing that it is
likely to be so used” – could catch those creating legitimate
security tools if they “believed” the tools might conceivably be
used maliciously by others, even if that was not their intent.
The controversial clause was amended during the legislation’s
passage through parliament and the act now states that a person
commits an offence if they make, adapt or supply an article
“knowing that it is designed or adapted for use in the course of or
in connection with an offence”.
Comment on this article:
computer.weekly@rbi.co.uk