Hackers who carry out denial-of-service attacks could now face up to 10 years in jail plus fines under a new UK law.
The Police and Justice Act, which became law after receiving royal assent last week, amends the 1990 Computer Misuse Act by introducing tougher penalties for unauthorised hacking.
Those found guilty of the offence of unauthorised access to computer material could face a jail term of up to two years, or a fine or both, while “unauthorised acts with intent to impair operation of a computer” could face up to 10 years imprisonment, or a fine or both.
The act also contains a controversial measure covering the production and distribution of hacking tools, which has been amended after experts raised fears that it could be used against legitimate IT security professionals.
A clause in the legislation states that someone is guilty of an offence if they make, adapt, supply or offer to supply an article if they are “intending it to be used to commit” an offence under sections of the Computer Misuse Act covering unauthorised access or the creation of viruses or denial of service attacks.
But experts had warned that a sub-clause in early drafts of the legislation – adding that someone was also guilty of an offence if they made, adapted, or supplied an article “believing that it is likely to be so used” – could catch those creating legitimate security tools if they “believed” the tools might conceivably be used maliciously by others, even if that was not their intent.
The controversial clause was amended during the legislation’s passage through parliament and the act now states that a person commits an offence if they make, adapt or supply an article “knowing that it is designed or adapted for use in the course of or in connection with an offence”.
Comment on this article: firstname.lastname@example.org