CMA Tested in Court Over DOS Attack

Silicon reports a teenager will appear in court this week accused of unleashing an "email bomb" on his former employer, in what will be a test case for the Computer Misuse Act (CMA).

Police accuse the youth, who cannot be named for legal reasons, of sending five million emails to the company he used to work for. This amount of email could cause an email server to crash — and is hence classed as a form of denial-of-service (DoS) attack.

This case will prove to be a test of the effectiveness of the CMA as no-one has yet been successfully convicted under the Act of launching a DoS attack. According to those familiar with the case, the defence will argue that a launching a DoS attack is not illegal under the CMA.

At present, the CMA does not specifically include a denial of service attack as a criminal offence — something some MPs want changed. The Act currently explicitly outlaws "unauthorised access" and "unauthorised modification" of computer material, but DoS attacks sit in a legal grey area.