Denial of service attackers face 10 years in jail

Denial of service attackers now face up to 10 years in jail with updated computer crime laws coming into force this week as part of the new Police and Justice Act 2006.

The long-overdue updating of the 1990 Computer Misuse Act also increases the sentence for hacking a computer from a maximum of six months to two years' imprisonment.

Section three of the 1990 CMA is replaced by section 34 of the Police and Justice Act 2006, which now more explicitly covers denial of service attacks as "unauthorised acts with intent to impair operation of a computer".

The act says a person is guilty of an offence if at the time of any attack they have the intent to impair the operation of any computer, prevent or hinder access to any program or data held on a computer, or impair the operation of a program or the reliability of data.

You what…?

Bust through tech jargon with silicon.com's security Cheat Sheets:

♦ Computer Misuse Act
♦ Social engineering
♦ Virus names and alerts
♦ Phishing
♦ Spyware

Confusion had arisen over whether denial of service attacks were covered in the original CMA in the case of a teenager originally cleared in 2005 of crashing the email server of his former employer by overwhelming it with an 'email bomb' containing millions of messages.

That ruling was later overturned and David Lennon was found guilty earlier this year of breaking the CMA, and was sentenced to a two-month curfew.

The new law also makes it an offence to supply or make available any software or tools that could be used to commit hacking or denial of service attacks, and those found guilty under this section of the act face up to two years in jail.

As part of the Police and Justice Act 2006 the police IT organisation Pito has been abolished and its functions will be taken over by the new National Policing Improvement Agency.

New powers under the Act will give police the right to access passenger and crew data on any journeys within the UK or arriving in the UK.