[ISN] Teenage 'e-mail bomber' heads back to court

From: InfoSec News (isn@private)
Date: Fri May 12 2006 - 01:12:08 PDT


http://news.zdnet.com/2100-1009_22-6071227.html

By David Meyer
ZDNet (UK) 
May 11, 2006

A teenager faces a retrial over charges that he breached British
antihacking laws when he sent millions of messages to a former
employer.

David Lennon, who is now 18 and can therefore be named for the first
time, is alleged to have used an e-mail-bombing program called
Avalanche to send approximately 5 million messages to his former
employer, Domestic & General Group, in early 2004. The flood crashed
the company's e-mail server.

The case against him, brought under the Computer Misuse Act, was
dismissed in November by District Judge Kenneth Grant at Wimbledon
Magistrates Court in London. At the time, Grant said that Section 3 of
the act, which concerns unauthorized modification of data, had not
been breached, as e-mails sent to a server configured to receive
e-mails could not be classified as unauthorized.

But on Thursday, judges at the Royal Courts of Justice in London sent
the case back to the Magistrates Court, saying Grant "was not right to
state there was no case to answer."

Justice Jack said the judge should consider what answer Lennon might
have expected if he had asked Domestic & General about the messages
before starting the mail bombing.

The U.K.'s Crown Prosecution Service, which had appealed against the
original judgment, said it was pleased by Thursday's ruling. "We have
sought to clarify a point of law, to update the interpretation of that
law to cope with contemporary high-tech crime. As technology develops
at an ever-increasing pace the law may sometimes need to be
interpreted in new ways," it said in a statement.

"The police and CPS are determined to ensure that those who use the
Internet for crime are not beyond the reach of the law, and to make
the Internet a safe place for both businesses and domestic users," it
said.

The case highlighted flaws in the 16-year-old Computer Misuse Act,
passed in the days before Internet crime became a significant problem.  
Critics have complained that it does not specifically outlaw
denial-of-service attacks, for example.

Security expert Peter Sommer, who has called for the law to be
updated, was a defense witness in Lennon's trial last year. He said on
Thursday that "the defense (had been) asking the court to take a
fairly narrow and literal view of the CMA."

"My own view is that they could have made a decision either way. The
fact that the Court of Appeal has reversed it is not a colossal
surprise," he told ZDNet UK.

David Meyer of ZDNet UK reported from London.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri May 12 2006 - 01:47:01 PDT