Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2002 >  March 2002 >  Spoofing breaches UK hacking law

Spoofing breaches UK hacking law

OUT-LAW News, 28/03/2002

Two alleged hackers from Kazakhstan being held in Britain on charges of attempting to blackmail media tycoon and Mayor of New York Michael Bloomberg for the sum of $200,000 have been told by the English High Court that falsification of sender details in feeding information into Bloomberg’s systems amounts to a breach of the UK’s Computer Misuse Act.

According to the charges, Oleg Zezov and Igor Yarimaka of Kazakhstan hacked into the computer systems of Bloomberg LP and attempted to extort $200,000 from Michael Bloomberg in exchange for information on how they did it. Michael Bloomberg informed the FBI and, working with the FBI, agreed to meet with the alleged extortionists in London to resolve the matter. The meeting was held on 10th August 2000. Shortly after the meeting, Zezov and Yarimaka were arrested by London police. The US requested their extradition.

Yarimaka and Zezov came before England’s High Court last week, arguing against extradition to the US and claiming that their acts were not offences under the UK legislation. The Computer Misuse Act dates back to 1990, before the birth of the World Wide Web, and due to its wording, its application to some apparently criminal acts has been doubted, notably denial of service attacks and deception for the purpose of gaining access to someone else's resources, some variations of which are known as spoofing.

The Act explains that a hacking offence is committed when “unauthorised modifications” are made to a computer with the “requisite intent and the requisite knowledge.” It goes on to say that this requisite intent exists when the modifications impair the operation of a computer, hinder access to a program or data or impair the operation of a program or “the reliability of any such data.”

Among the arguments which the alleged hackers made to the court this month was that “causing a computer to record the arrival of information that did not come from the source it purported to come from was not conduct affecting the reliability of the data.” However, the court disagreed.

Judges Woolf and Wright interpreted the words “reliability of any data” to mean that, “if a person caused a computer to record that information came from A when it in fact came from B, that manifestly affected the reliability of that information.”

Spoofing is a common trick among those who send spam – it exploits the reputation (and often the systems) of another party to add apparent legitimacy to their messages. This month’s ruling could open the door to new types of prosecution for spoofing incidents under the 1990 Act.

 

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.