Date 12 November Type News. Its provisions are included in the Data Protection Act The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. Restaurateur Gordon Ramsay family feud. After a series of toxic civil disputes, father-in-law Christopher Hutcheson Snr and his two sons used key logger to capture passwords and hacked into Gordon Ramsay Holdings Ltd systems to access email accounts of employees, financial data and details of intellectual property IP rights.
Hutcheson Snr sentnced to six months imprisonment; Chris Hutcheson Jnr and Adam Hutcheson given four-month prison sentences, suspended for two years. PCSO with a personal grievance accessed restricted material on the GMP police intelligence computer system to try to frame an innocent man for attempted murder. Refused to provide key to two encrypted hard drives. Sentenced to three years imprisonment including 10 months consecutive for Failure to comply with RIPA section 49 notice to provide encryption key.
Guilty pleas to 11 charges. Sentenced to four years' detention in a young offenders institution. Essex man harvested 2, passwords and usernames found in his possession in order to commit online fraud.
Police officer misused Bedfordshire Police systems to locate his victim a cleaner at Luton Police Station and defraud him out of his inheritance.
Met police community support officer PCSO Potter used Met police computer system in a dispute over a dodgy second-hand car he had bought. Founder member of international cyber crime network D33Ds used SQL injection attacks to obtain k usernames and passwords from Yahoo and offered them for sale.
Also attacked a website selling computer game codes that were obtained for resale. Investigation by the National Crime Agency. Unemployed hacker accessed a gold bullion firm website to obtain names, addresses and tracking numbers of customers to enable associates to intercept the gold deliveries. Pleaded guilty to conspiracy to steal, unauthorised access to a computer and blackmail and sentenced to five years and four months in jail.
Police officer trawled police computers to contact sex workers, track down a former lover and make checks on a Gateshead gangster who he had fallen out with following a Christmas day brawl. Bored 17 year-old developed scripts to help harvest Mumsnet usernames and passwords and hacked into his school intranet. SC Magazine. Man aka Tariq Elmughrabi bombarded Sussex Police's contact centre with 3, emails in six hours. Convicted of two offences under Section 51 of the Criminal Law Act the bomb hoaxes.
District Judge Diana Baker had considered 12 month jail but sentenced him to a two year Youth Rehabilitation Order and ordered his laptop to be destroyed. Thames Valley police officer accessed information on police computer system without authorisation.
Nottingham City Council manager used council computer systems to search confidential records and case files. Sentenced to twelve months in prison, suspended for 18 months and hours community service. Merseyside police officer accessed information on police computer system over eight years without authorisation. Cambridgeshire police officer accessed information on a police computer system without authorisation.
Computer Misuse Act s1 Unauthorised access, s3 Unauthorised acts with intent to impair. Former Met Police detective used MPS computer systems for searches between and for private use. Guilty plea to the DDoS attacks and two counts of possessing prohibited images.
Eight month sentence suspended for 18 months, an order restricting his access to the internet and computer activity and an order to complete hours unpaid of work. Sentenced to a 40 week suspended sentence, seven years on the sex offenders register, hours of unpaid work and the forfeiture of all his computer equipment.
Action F raud. Revenge attacks by ex-Director on former network security company Esselar and its client Aviva over five months. Esselar Twitter account defaced. Esselar lost Aviva contract. Aviva recovered from attack within 24 hours. Pleaded guilty to four counts of unauthorised or reckless acts with intent to impair computer operation.
Actions had "damaged confidence and reputations in a way that can be far-reaching and serious". Sentenced to 18 months. Senior Internal Auditor at Morrisons supermarket accessed and uploaded confidential personal data including employees' names, addresses, NI and bank details of nearly , employees to newspaper and data sharing websites.
Found guilty of fraud by abuse of position of trust, securing unauthorised access to computer material and disclosing personal data. Sentenced to eight years. Teenager using the nickname Narko launched a series of crippling global distributed denial-of-service DDoS attacks against internet exchanges and services including Spamhaus.
Guilty plea to two counts of an unauthorised act with intent to impair computer operation. Sentenced to hours of community service. Teaching Assistant hacked into the school email system at Ormiston Victory Academy and used pupil's account to send email "There will be a bomb in school Monday".
Guilty plea to one count of communicating false information and one count of unauthorised computer access. Sentenced to 15 months imprisonment for both offences. Four year investigation by Cambridgeshire Police. Adult student at University of Birmingham installed four keyboard spying devices to steal staff passwords used to obtain access to his examination results and improve grades. Guilty plea to six CMA charges - unauthorised access to computer material, intent to commit further offences and impairing the operation of a computer.
Four-month prison sentence. Disgruntled ex-employee used access credentials to disable of former employer's time-lapse cameras at construction sites around the world. Unauthorised acts with intent to impair operation of a computer.
Jailed for 10 months. Cyber-stalking Peeping Tom installed iCamSource software to spy on three young women in their bedrooms. Guilty plea to three counts of unauthorised access to computer material and found guilty of two counts of voyeurism. Burrell unlawfully accessed the accounts of 3, players of online game Runescape with intent to steal gaming resources and actually modified player accounts.
Fraudsters posted fake job adverts for Harrods on Gumtree. Respondents were sent a link to an online application form that downloaded malware to capture financial and personal data.
Computer Misuse Act , s1 Unauthorised access, s3 Unauthorised acts with intent to impair; s3A Making, supplying or obtaining articles for use in offence under section 1 or 3. NullCrew hacktivist Lewys Martin aka sl1nk launched Denial of Service DOS attacks on the websites of Kent Police site temporarily unavailable to the public and universities of Oxford and Cambridge; both universities estimated that around two man weeks were spent dealing with the attacks.
Guilty plea to five counts of Unauthorised modification, two counts of Unauthorised access and two counts of Making, supplying or obtaining articles. Sentenced to two years imprisonment. Appeal on sentencing. Planning of the attacks was sophisticated and they were intended to cause harm and did so. The offences found to be of the highest level of culpability.
Custodial sentences measured in years rather than months should now be expected. Sentence of two years' imprisonment was "amply justified". Appeal dismissed. Damages estimated in millions of pounds. All four defendants pleaded Guilty. Ryan Cleary aka ViraL , 21, to six charges and was jailed for 32 months.
Ryan Ackroyd aka Kayla , 26, was jailed for 30 months. Jake Davis aka Topiary , 20, was jailed for 24 months. Mustafa Al-Bassam aka tFlow , 18, was sentenced to 20 months suspended for two years, and hours of unpaid community work. Zeus Trojan developed by Beddoes a. Guilty plea to six counts of conspiring to do unauthorised acts, with intent to impair computer programs, four counts of unauthorised access to business computers, three counts of possessing electronic files containing data from 3, credit cards.
Sentenced to 2 years and 9 months imprisonment. Hacking group Anonymous members Christopher Weatherhead a. All four convicted. Weatherhead sentenced to 18 months in prison, Rhodes to seven months in prison and Gibson to six months prison suspended.
Sentencing of Burchall adjourned. Both sentenced to six month in prison, suspended for one year and ordered to do hours of unpaid community service.
Cambridgeshire Police officer attracted to a female witness used force computer system to obtain her phone number. Business manager of Royal Wootton Bassett Academy had recently been made redundant when she accessed the school email system using the login and password of another school employee and read private emails from the Head.
Defendant convicted. Also used Skype to swamp UK anti-terrorism hotline with hoax calls. SpyEye trojan used to steal login credentials for online banking accounts and then uploaded to servers controlled by Cyganok and Zakrevski. After accessing and copying her private emails he contacted celeb magazines offering to reveal information about her.
Defendant associated with Anonymous group used log-on details of a system admin to access 10, database records from abortion provider BPAS British Pregnancy Advisory Service and post anti-abortion messages on its home page. Sentenced to 2 years 8 months imprisonment.
Software development student from York repeatedly hacked into Facebook and extracted internal material in Spring using the account of a Facebook employee who was on holiday. His targets included Facebook Puzzle and Mailman servers and a restricted area of the Facebook Phabricator server. Guilty plea on two counts. Sentenced to 8 months imprisonment. Student used Istealer password-stealing kit to create Trojan that he wrapped in several malware programs. Users tricked into downloading which enabled Defendant to harvest login credentials of over web users via an FTP server.
Charged with adapting an article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3. Sentenced to eight months' imprisonment suspended for 12 months. Kelly sentenced to five years imprisonment, Webber five years, Thomas four years and Ricardo 18 months. Sentenced to two years imprisonment including term for breach of previous suspended sentence for hacking.
Employment dispute. Systems administrator alleged to have hacked in to employer's system to delete data in a revenge attack causing losses estimated in the hundreds of thousands of pounds. Case collapsed after four days of trial.
Prosecution offer no evidence. Defendant acquitted of all charges. Expert evidence for the Defence in both trials. BBC News. First-year university student sought shared internet storage for music, games and warez.
Compromised site was a US Department of Energy research lab. Defendant convicted and sentenced to hours community service. Three counts of unauthorised modification. Attack mounted from teenaged Defendant's PC. Defendant pleaded guilty, convicted and sentenced to two years jail. Appeal against sentence failed. Computer engineer deleted a company's files in a payment dispute. Defendant convicted, month prison sentence. Held that address spoofing affected the reliability of information for the purposes of s.
Applications for writs of habeas corpus denied. Teenage hacker aka Curador demonstrated security weaknesses in e-commerce web-sites and accessed 23, credit card records, some posted on his web-site. Viagra sent to Bill Gates using his credit card. Defendant convicted and sentenced to three years probation and medical treatment for obsessive mental disorder. Owner of Sure Computers sent price-war rival a virus in an e-mail attachment.
Defendant convicted and sentenced to hours community service, hardware confiscated. Small-scale sale of hardware chips designed to access cable TV channels without authorisation or payment. Defendant pleaded guilty and sentenced to four months imprisonment by Doncaster Crown Court. Appeal against sentence. Held - Appropriate sentences for small-scale offences were a substantial fine or a period of community service. Appeal allowed.
Associated Newspapers print technician with superuser status offered Express Newspapers to destroy his employer's computerised print centres for GBP , Defendant pleaded guilty and convicted. Sentenced to 18 months imprisonment. Hacking for purposes of making free overseas telephone calls. Printouts from BT Monolog telephone call logger.
Held - time runs from when Prosecutor has knowledge of the relevant evidence under Computer Misuse Act s 11 2. Appeal allowed in respect of five CMA charges, convictions quashed. WPC used police national computer to access electoral rolls and car registration records in attempts to track down woman who had an affair with her boyfriend. Sentence of three months imprisonment. Computer Misuse Act , ss1, 2, 15, 17 5 Unauthorised access - Authority - Meaning of "control access" in s 17 5 - Extradition - Conspiracy.
Held - unauthorised access applies to the use of a computer to obtain unauthorised access to data. Habeas corpus denied. Disgruntled IT supplier hacked estate agency website and replaced pictures of houses with pornography. Defendants convicted. No evidence offered by Prosecution at abuse of process hearing. Defendant acquitted.
Ex-employee IT specialist charged with accessing remote maintenance port of Local authority's computerised telephone switch. Outgoing calls could not be made and all incoming calls routed to a single extension. Meanwhile, the Computer Misuse Act has stayed pretty much the same, par for a few provisions.
At the time when the Computer Misuse Act was passed, not many people had access to computers. If they did, it was mostly at work, while those who were lucky enough to own such a device for themselves, usually had not more than one. Today, many of us juggle multiple laptops , PCs, and tablets , which we divide between work and personal life.
Some are provided by the workplace, while others have been bought with our own money. As technology has undergone a dramatic change, so has the threat landscape. In , the law had a very simplistic interpretation of what constitutes a malicious act, because the methods through which people could cause harm were extremely narrow. However, since , a new generation of computer users has grown up with the constant presence of PCs and laptops, becoming more digitally literate than anyone before.
Although the influx of tech skills is a good sign, it also means that there are more hackers than ever before, and an infinite number of new ways to commit cyber crime. This has forced legislators to reshape the act to adapt to new cyber threats. Updates added definitions for the cyber attack methods that criminals could deploy, as well as the fact that preparing to launch an attack would be considered a malicious action.
What characteristics and certifications make a successful cyber security leader? Section 37 of the Police and Justice Act of , for example, is among the provisions inserted into the Computer Misuse Act through the years. Section 3A, in particular, states that making, supplying or obtaining any articles for use in a malicious act using a computer is categorised as criminal activity. The legislation was again amended in thanks to the Serious Crime Act, which included specific passages on computer misuse and introduced three alterations to the original law, falling under Section 3ZA.
Specifically, the amendments created a new offence of unauthorised acts causing serious damage, brought the EU Directive on Attacks against Information Systems into law in the UK, and clarified the "savings" provision that protects law enforcement from prosecution if they broke into or modified a computer in the course of a criminal investigation.
In a fact sheet , the government stated that the new offence of unauthorised acts causing serious damage "addresses the most serious cyber attacks, for example, those on essential systems controlling power supply, communications, food or fuel distribution".
Section Creates an offence for a person to intentionally or recklessly make a false statement in response to an information notice. Section Creates an offence where the Information Commissioner has given an information notice or an assessment notice requiring access to information, a document, equipment or other material, it is an offence to destroy or otherwise dispose of, conceal, block or where relevant falsify it, with the intention of preventing the Commissioner from viewing or being provided with or directed to it.
Section Creates an offence of the deliberate or reckless obtaining, disclosing, procuring and retention of personal data without the consent of the data controller. Section Creates a new offence of knowingly or recklessly re-identifying information that has been de-identified without the consent of the controller who de-identified the data.
This responds to concerns about the security of de-identified data held in online files. For example, recommendations in the Review of Data Security, Consent and Opt-Outs by the National Data Guardian for Health and Care called for the Government to introduce stronger sanctions to protect de-identified patient data. Section Creates an offence of the alteration of personal data to prevent disclosure following the exercise of a subject access right.
The relevant subject access rights are set out in subsection 2. Section Creates an offence for an employer to require employees or contractors, or for a person to require another person who provides goods, facilities or services, to provide certain records obtained via subject access requests as a condition of their employment or contract.
It is also an offence for a provider of goods, facilities or services to the public to request such records from another as a condition for providing a service. In England and Wales, proceedings for an offence under this Act may be instituted only a by the Information Commissioner, or b by or with the consent of the Director of Public Prosecutions.
There are no official guidelines for sentencing for offences under CMA. The below are examples of precedent sentences.
The offender, who was aged between 16 and 18 over the course of the offending, admitted offences under sections 1 and 3, and a further offence of concealing criminal property. He had devised a distributed denial of service program which he used on some occasions himself and on other occasions supplied the program for payment for others to use. In total, 1. The defendant received in the order of , total payment for the DDoS program supplied. Psychological and psychiatric reports indicated the offender was autistic.
Having reviewed these, the judge imposed a sentence of detention in a young offender institution for two years, given the scale of the offending. The Court of Appeal upheld the custodial sentence but reduced it to 21 months. Charles Brown, 39, was convicted of one count of possession of articles for use in fraud, contrary to section 6 1 of the Fraud Act and two counts of securing unauthorised access to computer material with intent, contrary to section 2 1 of the CMA.
The CMA counts related to access to bank accounts. The basis of the fraud count was possession on the appellant's computer of the stolen bank and credit card details. The appellant's modus operandi involved changing details online and the subsequent impersonation of the account holders in order to obtain a new card and PIN.
The trial judge sentenced him to a total of three years' imprisonment. The Court of Appeal set aside the sentence, noting that while potential loss is an aggravating feature it is not the determining means by which the fraud should be valued and imposed a total of two years' imprisonment.
Lewys Martin, aged under 21 at the time of the offences, pleaded guilty to offences contrary to section 1, 2, 3 and 3A CMA relating to DOS attacks against the Oxford and Cambridge University websites, the Kent Police website and offences targeting two private individuals including unauthorised use of a person's Paypal account.
His sentence of two years was upheld on appeal, the court noting the prevalence of computer crime, the fact that organisations were compelled to spend substantial sums combating it and the potential impact on individuals meant that sentences for such offences should involve a real element of deterrence. Gareth Crosskey, aged 19, pleaded guilty to offences under ss. He persuaded Facebook staff to provide the password to the account.
He contacted magazines offering to reveal information about her and contacted her stepfather to say he had access to her private emails and invited discussion as to what would prevent him from doing further damage. Southwark Crown Court sentenced him to 6 and 12 months' custody, concurrent, for the sections1 and 3 offences, respectively. On appeal, the court referred to the "seriously aggravating features" of the offence, namely the element of harm to the actress and her step father.
The court rejected the argument that the sentence should have been suspended. However, having regard to the mitigating factors, namely the appellant being a young man of previous good character, the offending taking place over a short period of time and the appellants' expression of remorse, the sentence was reduced to four and eight months, concurrent, in a young offender institution. Glen Mangham, aged 26, pleaded guilty to three offences under sections 1 and 3, having accessed Facebook's computers and modified the functionality of various programs.
Southwark Crown Court sentenced him to eight months' custody, concurrent, on each count and a Serious Crime Prevention Order was imposed.
0コメント