The National High-Tech Crime Unit is urging the Government to change the law to give police clearer powers to prosecute hackers who try to halt computer systems by bombarding them with tens of thousands of messages.
Although the police have already made representations to the Home Office, government sources claim that a revision of the Computer Misuse Act is low on the list of priorities and may not occur within the current or even the next parliament.
Police are concerned that the Computer Misuse Act offers no straightforward way for police to act against perpetrators of denial of service (DoS) attacks.
The police concerns were raised as US government security body, the Computer Emergency Response Team (Cert) co-ordination centre warned that DoS attacks could put large sections of the Internet out of action.
The attacks represent an increasing threat to organisations that rely on the Internet for e-commerce or use the Web to communicate with their customers.
Research from the University of California last year suggests that hackers are mounting at least 4,000 attacks a week.
But lawyers have advised the UK's National High-Tech Crime Unit that Britain's current computer-crime laws are not sufficiently clear-cut to enable police to bring prosecutions against the perpetrators of DoS attacks.
The gap in the law means that police have to conduct detailed examinations of computer systems to gather evidence of offences that can be prosecuted under the Computer Misuse Act, which was passed by Parliament before the Web was used for e-commerce.
"Our advice is that it is not clear-cut in every case that a denial of service attack is going to constitute a criminal offence. It depends on what people are doing to individual machines or routers to deny service," said Tony Hutchings, intelligence team leader at the High-Tech Crime Unit.
Police fear that apparent shortcomings in the law are deterring organisations from reporting DoS attacks, making it difficult to take action or collect evidence of the scale of the threat.
The IT parliamentary lobby group, Eurim, which represents IT user organisations, has raised similar concerns.
"The Computer Misuse Act is nearly 12 years old and has not been reviewed. The legal basis for existing law is the law of trespass. In the modern world, with companies inviting people to view their Web sites, that whole concept does not stand up," said Chris Sundt, IT security consultant.
The High-Tech Crime Unit is calling on businesses to help it to gather evidence on the scale of DoS attacks in the UK and their impact on business profits and costs. It plans to use the information to build up a case for reviewing the Computer Misuse Act and other IT legislation.
Have your say on Denial of Service Attacks
The High-Tech Crime Unit is is trying to gather evidence of the problems caused by denial of service attacks. The unit, which has promised to treat all information confidentially, wants to know about the impact of attacks, and the costs of defending against them. Comments to [email protected]