Teen accused of 'email bombing' faces retrial
Case tests UK denial of service laws
A teenager accused of crashing the email server of his former employer with millions of junk mail messages, is to face retrial.
David Lennon, 18, allegedly used a bulk mailing package called Avalanche to bombard the email servers of his former employers Domestic and General Group with approximately five million emails in early 2004, shortly after his dismissal by the firm.
He was charged with unauthorised data modification (section three) offences under the UK's Computer Misuse Act 1990 (CMA), but the case against him was rejected when it went to trial last November after a judge ruled that since D&G's email servers were set up to receive email, even the act of bombarding them with numerous junk emails did not constitute an offence.
This decision was reversed at the Court of Appeal on Thursday. Senior judges ruled that District Judge Kenneth Grant erred in deciding Lennon did not have a case to answer, following an appeal by the Crown Prosecution Service.
District Judge Kenneth Grant ruled that although D&G had established email servers to receive email, consent did not extend to email deliberately sent to disrupt their operation rather than for the purposes of genuine communication.
The case, which highlights flaws in the aging CMA, particularly related to laws on denial of service attacks, has been sent back to the Magistrates' Court for retrial. If convicted, Lennon faces a sentence of up to five years imprisonment and a fine.
Backbench MPs with an interest in technology have campaigned for UK hacker law to be updated for some time. After a number of failed private members bills, the cause has been adopted by government. The new Police and Justice Bill includes provisions to specifically outlaw denial of service attacks as well as establishing increased penalties for hacking offences. The bill could become law by autumn. ®
Sponsored: Global DDoS threat landscape report