Computer Misuse Act updated
A law criminalising denial of service attacks and the supply of hacking tools has been brought into force in England and Wales after a number of delays. The law was already in force in Scotland.
Denial of service (DoS) attacks involve the simultaneous sending of millions of messages or page requests to an organisation's servers. The sudden, massive deluge of information can render website and email servers inoperable.
The UK's main cybercrime law is the Computer Misuse Act, passed 18 years ago. Its application to denial of service attacks had been the subject of some confusion.
In 2005, charges were brought under that Act against teenager David Lennon who sent his former employer five million emails at once. The massive volume of email disabled the office server. A Magistrates' Court said that Lennon had no case to answer because the employer's system was designed to receive email. But the High Court later said that the original judge had erred in that ruling. Lennon eventually pleaded guilty and, in 2006, he was sentenced to two months' curfew with an electronic tag.