The Student Room Group

C - Misuse ACt for DDOS attact

Just a Question, I am not a law student so need a basic help ( Example )
Any person (hacker) has launched numerous, well planned DDoS attacks on UK Newspaper web sites causing them to be unavailable to the public for up to two days on each occasion. It is estimated the cost for repairing the sites was over £80K just an example. then hacker has suggested to his friends that he should not be liable for any offenses for the DDoS: after all, his University Tutor, taught him how to construct this coding language in the first place, thus they are carrying out the same activity. under Computer Misuse ACt 1990 what kind of punishment and plenty in UK law with reference. or any other law we have in uk
or any similar case study or some thing that help to understand.
Reply 1
Original post by sadialondon
Just a Question, I am not a law student so need a basic help ( Example )
Any person (hacker) has launched numerous, well planned DDoS attacks on UK Newspaper web sites causing them to be unavailable to the public for up to two days on each occasion. It is estimated the cost for repairing the sites was over £80K just an example. then hacker has suggested to his friends that he should not be liable for any offenses for the DDoS: after all, his University Tutor, taught him how to construct this coding language in the first place, thus they are carrying out the same activity. under Computer Misuse ACt 1990 what kind of punishment and plenty in UK law with reference. or any other law we have in uk
or any similar case study or some thing that help to understand.


Police and Justice Act 2006 Section 36:
Unauthorised acts with intent to impair operation of computer, etc

[EDIT] Gah, didn't mean to submit.

That act amends the Computer Misuse Act 1990. So it'd be Computer Misuse Act 1990 Section 3 and that carries a maximum penalty of 10 years.

http://www.legislation.gov.uk/ukpga/1990/18/section/3
3Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.

(1)A person is guilty of an offence if—
(a)he does any unauthorised act in relation to a computer;
(b)at the time when he does the act he knows that it is unauthorised; and
(c)either subsection (2) or subsection (3) below applies.
(2)This subsection applies if the person intends by doing the act—
(a)to impair the operation of any computer;
(b)to prevent or hinder access to any program or data held in any computer;
(c)to impair the operation of any such program or the reliability of any such data; or
(d)to enable any of the things mentioned in paragraphs (a) to (c) above to be done.
(3)This subsection applies if the person is reckless as to whether the act will do any of the things mentioned in paragraphs (a) to (d) of subsection (2) above.
(4)The intention referred to in subsection (2) above, or the recklessness referred to in subsection (3) above, need not relate to—
(a)any particular computer;
(b)any particular program or data; or
(c)a program or data of any particular kind.
(5)In this section—
(a)a reference to doing an act includes a reference to causing an act to be done;
(b)“act” includes a series of acts;
(c)a reference to impairing, preventing or hindering something includes a reference to doing so temporarily.
(6)A person guilty of an offence under this section shall be liable—
(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
(c)on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.F1]
(edited 10 years ago)
Reply 2
Thanks for the quick reply. but in my question hacker will get maximum penalty of 10 years or hacker will face any financial penalty as well.
Reply 3
if the hacker-1 maximum penalty of 10 years

then hacker 2 with different case
just a example

Richard contributed to an online forum on which he posted the code and instructions for launching hacker 1 attacks.His postings received many ‘thanks’ notices in response, indicating they had been useful. Richard examples and illustrated the effectiveness of his code by hacking into the servers of the Pentagon in the USA but cannot see an issue with this latter activity as he was unable to penetrate beyond the Pentagon’s first layer of security and does not believe he caused any physical harm. what kind of penalty Richard can face compare to hacker 1

and if :smile: one more person example

Joanne hacked into the Facebook account of Local MP James and changed the password. She then obtained his Facebook ‘friends’ contacts, including their email addresses, which revealed that James had contacts with leading rightwing organisations. Joanne posted this information on the Hackers Unknown website, much to the embarrassment of James. what kind of penalty joanne can face compare to hacker 1 or richard.

as they all come under Police and Justice Act 2006 Section 36: or Computer Misuse ACt 1990

In the light of each person’s activities please advise each of them of the criminal offences for which they may be liable and the possible sentences they could receive if convicted. as you said hacker 1 maximum penalty of 10 years. who is in serious trouble as they are not aware of the precise legal offences that are involved.

thanks for your time.
Reply 4
Original post by sadialondon
Thanks for the quick reply. but in my question hacker will get maximum penalty of 10 years or hacker will face any financial penalty as well.


Could be both. The plaintiff may also take civil action to sue for damages.
Reply 5
Any answer to this .
Reply 6
Original post by sadialondon
if the hacker-1 maximum penalty of 10 years

then hacker 2 with different case
just a example

Richard contributed to an online forum on which he posted the code and instructions for launching hacker 1 attacks.His postings received many ‘thanks’ notices in response, indicating they had been useful. Richard examples and illustrated the effectiveness of his code by hacking into the servers of the Pentagon in the USA but cannot see an issue with this latter activity as he was unable to penetrate beyond the Pentagon’s first layer of security and does not believe he caused any physical harm. what kind of penalty Richard can face compare to hacker 1

and if :smile: one more person example

Joanne hacked into the Facebook account of Local MP James and changed the password. She then obtained his Facebook ‘friends’ contacts, including their email addresses, which revealed that James had contacts with leading rightwing organisations. Joanne posted this information on the Hackers Unknown website, much to the embarrassment of James. what kind of penalty joanne can face compare to hacker 1 or richard.

as they all come under Police and Justice Act 2006 Section 36: or Computer Misuse ACt 1990

In the light of each person’s activities please advise each of them of the criminal offences for which they may be liable and the possible sentences they could receive if convicted. as you said hacker 1 maximum penalty of 10 years. who is in serious trouble as they are not aware of the precise legal offences that are involved.

thanks for your time.


Richard would probably face extradition proceedings by the US and dicking around with the DoD is probably not the greatest of ideas; just look at how protracted the McKinnon case became. And "harm" is a very difficult thing to define with computer misuse. Incident response work is very expensive because you have to pay people like me to forensically analyse *everything* that may have been touched by the intruder to ensure that there was in fact no successful intrusion and no impact. You then have the cost of remediation and the cost of making changes to mitigate the root cause of the intrusion. This amount can run into several hundreds of thousands, even millions, in a very short time. Who knows what the US would charge him with these days... :dontknow:
In the UK, he could probably be charged with Section 2 and Section 3A of the Computer Misuse Act.

Joanne would probably face a charge of Section 1 at the very least, with then a charge under Section 2 dependant on what she planned to do with that data - e.g. blackmail etc. I'm fairly sure she's also broken some other law somewhere there but I can't think what that might be, right now.

You can read the Act - http://www.legislation.gov.uk/ukpga/1990/18/contents - to find out what the maximum penalties associated with these offences are, and ignorance is not a defence.
(edited 10 years ago)
Reply 7
Thanks a lot for help. let me read in detail & if i have any more question i am sure you are here to help.
Once again thanks for help.

Quick Reply

Latest