UK hacker crackdown

It was interesting to see that government is proposing to toughen up computer crime laws, given that the 15 year old Computer Misuse Act is starting to look a little long in the tooth when it comes to the area of Denial of Service attacks.

This was graphically exposed last November when a teenager was cleared on charges of inundating a former employer with 5 million emails, because the judge ruled no offence had been committed under the current act.

The new proposals outlined in the Police and Justice Bill would mean that all means of interference with a computer system would be criminalized, with DoS attacks covered under a new section covering "Unauthorised acts with intent to impair operation of a computer, etc."

According to website Out-Law, the wording of the law will also be wide enough to cover paying someone to launch an attack or offering access to a botnet. The maximum jail sentence for hacking into a computer system would also be upped from 5 years to 10 years.

The new proposals are, however, not without their controversy. As The Register pointedly highlights, Clause 35 of the bill, which bans the development, ownership and distribution of so-called "hacker tools", is not sufficiently well defined to distinguish between tools that have a lawful and unlawful purpose. For example, no distinction is drawn between a password recovery tool and a password cracker.

And whilst toughening of sentences as a deterrent is a good thing, the international nature of cybercrime means that bringing a prosecution remains the exception rather than the norm. Cross border investigations don’t come cheap so a key question will be whether the government finds extra funding to ensure these proposals aren’t all bark and no bite.