Content

Hackers to face decade in jail

Hackers in the U.K. could face ten years in jail under stiff new laws passed in parliament.

The new laws, proposed by Home Secretary Charles Clarke, would also see foreign hackers being extradited to the U.K. to stand trial.

Several types of activity will become illegal under the new laws. Hackers could get up to two years for making or supplying tools to attack systems. The law will also be clarified over what constitutes a denial-of-service attack (DoS). It is hoped that this will close a loophole that has made the prosecution of people who have used this method of attack on computer systems difficult.

"One of the growing new threats that can only be tackled through extensive international cooperation is the continued threat posed by computing hacking and denial-of-service attacks," the home secretary told the House of Commons.

Most experts welcomed the new laws as a "step in the right direction."

Alan Bentley, managing director of patch management firm PatchLink, warned that a ten-year sentence would only be suitable for hardened criminals.

"This term would be appropriate for an organized internet crime racket that has deliberately targeted businesses or government organizations. It would not be appropriate to enforce this sentence on misguided teenagers," he said.

Others voiced reservations that the bill would pose further problems.

"While I appreciate that this bill will grant the police more powers to confiscate computers and so forth, serious criminality on the internet will remain unpunished while international law is neither congruent nor consistently enforced," said Tom Newton, product development manager at internet security provider SmoothWall. "Those worried about their own security would do well to protect themselves through technology as well as legislation."

Newton said that some of the people criminalized by the law ought not to be. He said that section 35 of the bill, which adds the offense of making or supplying hacking tools, covered too broad a range of tools.

"I understand that laws like this are necessarily broad to prevent future loopholes, but this bill would seem to cover things as innocent as the Linux operating system and many legitimate security diagnostic tools, which in the wrong hands could be used for criminal purposes," said Newton.

He said he would sooner see a much narrower scope in this section, perhaps with the addition of a requirement of intent.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.