UK's poor record on prosecuting hackers revealed

Experts have called for more police resources to fight computer crime, after it emerged that only 299 hackershave been charged under the UK's computer crime law over the past four years.

Experts have called for more police resources to fight computer crime, after it emerged that only 299 hackers have been charged under the UK's computer crime law over the past four years.

Computer Weekly has discovered that only 110 cases involving unauthorised access and virus writing reached magistrates'courts across the country last year from November 2007 to October 2008, 59 cases reached court in the year to October 2007, while 49 cases were brought to court in the year to October 2006.

The figures, obtained by CW under the Freedom Of Information Act, pale in comparison with the estimated amount of computer crime taking place.

The DTI Information Security Breaches Survey showed that 96% of large companies suffered a security incident last year, and 13% of all companies detected unauthorised access on their networks.

There were 144,500 cases of computer misuse in the UK in 2006, according to a survey by online identity firm Garlik. The study found a further six million virus incidents took place during the same period.

Cybercrime must be taken seriously

The Conservatives' Shadow Security Minister Pauline Neville-Jones, said: "All the evidence suggests that the government doesnot consider cybercrime to be a serious offence. Despite the police saying that it is one of the fastest growing crimes in the country, it doesnot have a strategy to deal with this threat.

"The number of cases brought to court seems low compared with the scale of online criminal activities, which is increasing."

Simon Janes, founder of digital forensics provider the Computer Forensic Alliance and former head of Scotland Yard's Computer Crime Unit, said cybercriminals are getting away with it.

"The danger is the UK may be seen as a soft target. I am disappointed by these numbers and am concerned that police are not putting enough resources into computer crime.

"I speak to customers who have experienced incidents and have been told by the police they cannot help them," he said. "The public need to be able to go and see a police officer about this type of crime."

Criminal charges

Section 3 of the Computer Misuse Act (CMA) was used to bring charges against 117 attackers. Seventy-nine charges relate to unauthorised access while 102 involved unauthorised access with intent.

Digital forensic expert witness Peter Sommer said many crimes using computers are not dealt with through the CMA. Instead suspects are brought to justice using money laundering and fraud legislation, which may explain the low caseload, he said.

"Another explanation is there are not enough crime cops to carry out the investigation. The country has a small number of highly skilled people, but that is not enough," he added.

A Crown Prosecution Service spokeswoman would not comment on the trends of CMA use, but said the service hired specialist prosecutors in 2002.

"Our prosecutors are trained to choose the most appropriate charge when dealing with these types of offences and our expertise in this field has evolved to the extent that we are working in partnership with the International Association of Prosecutors to establish a Global Prosecutor E-Crime Network," she said.

Scrapping high-tech crime unit was a "mistake"

Since 2006, responsibility for computer-related crime has been shared by local police forces and the Serious Organised Crime Agencyafter the National Hi-Tech Crime Unit was absorbed by it.

Now responsibility has been handed to the dedicated Police Central e-crime unit within the Metropolitan Police.

"The government got rid of the dedicated National Hi-Tech Crime Unit in 2006," said Conservatives' Shadow Security Minister Pauline Neville-Jones.

"After pressure from the Conservative Party and industry, it realised this was a mistake. Three years later a dedicated police e-crime unit has been re-established, but it will have to make up for lost time."


Volume of offences under the Computer Misuse Act 1990         
 Magistrates' Court (MC)  
 Act and Section  Nov 2004-Oct 2005 Nov 2005-Oct 2006 Nov 2006-Oct 2007 Nov 2007-Oct 2008*
 Computer Misuse Act 1990 { 1(1) }  7 10 16 46
 Computer Misuse Act 1990 { 2(1)(a) }  10 14 10 7
 Computer Misuse Act 1990 { 2(1)(b) }  21 7 7 26
 Computer Misuse Act 1990 { 3(1) }  43 18 26 30

* (data may be subject to amendment)

Read more on IT legislation and regulation