There is a great deal of uncertainty about the legal implications of a recent court ruling that a denial of service (DoS) e-mail attack did not constitute a crime under UK law. So does this ruling mean that people who maliciously attack servers – DoSsers - are now safe from prosecution in the UK? Probably not, say a group of communications experts, but the law urgently needs to be made clearer.
Last week, Wimbledon Magistrates Court found a teenager - who can’t be named for legal reasons - not guilty of breaking the 1990 Computer Misuse Act, even though he crashed his former employer’s e-mail server by sending over five million emails. The Judge ruled that because the employer’s server was established as a public server, it implicitly gave authorisation to anyone to email that site, regardless of how many emails they sent and the impact on the recipient. Many fear that this case has effectively given DoS attackers carte-blanche to wreak havoc.
But according to the Communications Research Network - a unique community of industry leaders and academic experts - this is not a landmark judgement. The Communications Research Network (CRN) is funded by the Cambridge-MIT Institute and has a specialist working group currently researching DoS attacks, their impact on the UK economy and how best to prevent them.
“The ruling that sending emails to a registered email address is not a crime is very different from specifying that a low level attack generating spurious packets which flood a site is ok”, said Jon Crowcroft, Marconi Professor of Information Systems at the University of Cambridge and a principle investigator with the CRN.
“If you stick with the normal process of fetching web pages or sending email then I think that in the UK is legal,” commented Adam Greenhalgh, a CRN-funded researcher at University College London. “However, if you send malformed requests or emails with the explicit intention of hampering the proper function of a public server, then you are moving towards misuse under the Computer Misuse Act.”
“We can’t afford to be complacent,” cautioned David Cleevely, Chairman of the CRN. “While this ruling doesn’t mean that denial of service attacks are legal, there is still considerable uncertainty under the law about whether or not malevolent attacks using low level flooding of packets constitute an offence under the Computer Misuse Act. Attacks by DoSsers are a real infringement of the right of businesses to conduct their affairs and the UK urgently needs to firm up the law if our economy is not to suffer.”
The scale of the DoS problem is difficult to assess. Many attacks are not reported because organisations fear they may undermine client confidence in their security. One of the CRN’s key recommendations is for the establishment of a central database where companies and individuals can log attacks anonymously - allowing the communications industry to assess the scale of the problem and identify patterns of attack.
“Criminal activity on the internet should be a notifiable event, with registration on a central database,” said David Cleevely. “It's important to remember that there are more of us good guys than there are bad guys. The more we share information, the more we stay ahead of the game.”
Source: Cambridge-MIT Institute
Related stories:
Phishers can use social Web sites as bait to net victims
Internet sites such as MySpace and Facebook are popular ways for friends to stay in touch, but they also can be used by cyber sharks posing as "friends," enabling them to steal personal and financial information.
Violent dreams may hint at why dreaming evolved, researchers say
Twenty years ago, scientists discovered a bizarre disorder whose victims act out their dreams while asleep, often hurting themselves or their spouses in the process.
One patient kicked a hole in his bedroom wall, according to a paper published in a medical journal. Another tried to jump out a window. A third fired an unloaded gun, a fourth attempted to set his bed on fire. Still others tried to choke their wives.
Report finds online attacks shift toward profit
IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in 'customized' attacks on the government, financial services, manufacturing and healthcare industries.
Viruses and Worms Targeting Mobile Devices, Satellite Communications Anticipated in 2005
IBM announced the results from its 2004 Global Business Security Index Report and provided an early look at potential security threats in 2005. Based on early indicators, a new and troubling trend this year may be the aggressive spread of viruses and worms to handheld devices, cell phones, wireless networks, and embedded computers, which include car and satellite communication systems.
Internet addressing agency loses its own addresses
(AP) -- This doesn't sound good: The nonprofit agency in charge of the Internet's addresses recently lost track of its own.
New study finds coronary arterial calcium scans help detect overall death risk in the elderly
Measuring calcium deposits in the heart's arteries can help predict overall death risk in American adults, even when they are elderly, according to a new study published in the July issue of
Journal of the American College of Cardiology.
Best treatment for MS may depend on disease subtype
Animal studies by University of Michigan scientists suggest that people who experience the same clinical signs of multiple sclerosis (MS) may have different forms of the disease that require different kinds of treatment.
Destruction of greenhouse gases over tropical Atlantic
Large amounts of ozone – around 50% more than predicted by the world's state-of-the-art climate models – are being destroyed in the lower atmosphere over the tropical Atlantic Ocean. Published today (26th June '08) in the scientific journal,
Nature, this startling discovery was made by a team of scientists from the UK's National Centre for Atmospheric Science and Universities of York and Leeds. It has particular significance because ozone in the lower atmosphere acts as a greenhouse gas and its destruction also leads to the removal of the third most abundant greenhouse gas; methane.