Court shock: denial of service attacks not illegal

A judge has ruled that denial of service attacks are not illegal under the UK's outdated Computer Misuse Act.

A judge has ruled that denial of service attacks are not illegal under the UK's outdated Computer Misuse Act.

A teenager charged with launching a denial of service (DoS) attack against his former employer escaped punishment when the judge threw out the charge after his defence successfully argued that DoS attacks were not covered by the parts of the act he was charged under. 

District judge Kenneth Grant, sitting at Wimbledon magistrates court, said that the youth, who can’t be named for legal reasons, had not broken the law under which he was charged.

The youth had been accused of sending five million e-mails to his ex-boss as part of a DoS attack that crashed the company’s e-mail server.

He was charged under section 3 of the 1990 act, which covers unauthorised data modification and system tampering.

His defence argued that sending a flood of unsolicited e-mails did not cause unauthorised data modification or tamper with systems, as an e-mail server was there for the purpose of receiving e-mails.

The judge agreed with this argument and said DoS attacks were not illegal under section 3 of the act.

The IT and telecoms industry has reacted angrily, with Cable & Wireless saying the case demonstrated why the Computer Misuse Act had to be overhauled.

C&W said the act was 15 years old and out of touch with computer crime today, having been enacted before the arrival of DoS attacks and the broadband networks they travel over.

The company called for MPs to look urgently at overhauling the act to help businesses counter the damage caused by computer crime.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.