Original URL: http://www.theregister.co.uk/2005/11/03/email_bomb_case_dismissed/

Teen escapes email bombing charge

Loophole in UK hacker law exposed

By John Leyden

Posted in Media, 3rd November 2005 11:26 GMT

A British teenager who allegedly flooded his former employers' email system with five million emails has escaped trial after a judge ruled that he had no case to answer.

The ruling at Wimbledon Magistrates Court raises fresh doubts about the effectiveness of the Computer Misuse Act [CMA] in dealing with denial of service attacks by hackers.

District Judge Kenneth Grant ruled that the unnamed teenager's alleged actions did not fall foul of the Computer Misuse Act even though the email flood the firm suffered caused its email servers to crash.

The Computer Misuse Act - which dates back to 1990, before the widespread use of the net - outlaws the "unauthorised access" or "unauthorised modification" of computer systems. The unnamed teenager was charged under Section Three of the Act which covers the more serious offence of unauthorised modification of a computer system.

The judge accepted defence arguments that since the firm's email server was set up for the express purpose of receiving emails then sending a flood of unsolicited emails could not be considered an act of unauthorised modification.

In a written ruling, Judge Grant said: "In this case the individual emails caused to be sent each caused a modification which was in each case an 'authorised' modification. Although they were sent in bulk resulting in the overwhelming of the server, the effect on the server is not a modification addressed by section 3 [of the CMA]."

Zdnet reports that the defendant was not called to testify so it remains unclear whether or not he was responsible for the alleged attack. Peter Sommer, expert witness for the defence, said the case highlighted a need to reform the UK's Computer Misuse Act. ®