The Metropolitan Police have taken the unusual step of using Twitter to send a message to anyone considering supporting internet attacks against companies and governments.
A message posted on the Met Police’s official Twitter account cautioned would-be hacktivists that engaging in denial-of-service (DDoS) attacks, defacing websites or breaking into corporate databases is illegal.
In the past, hacktivists have compared their activities to legitimate civil disobedience – but such a view is not a defence if suspected hackers are brought to court.
Furthermore, the UK police warned, targeting bodies outside Great Britain does not mean that hackers cannot be prosecuted under British law.
In my opinion, it’s a timely warning by the Met Police, as it comes after a series of arrests of individuals suspected of being involved in Anonymous and LulzSec hacktivist activity, most recently the charging of an 18-year-old man from Shetland alleged to be LulzSec’s spokesman “Topiary”.
Presumably the UK police are keen that “Topiary”-supporting hacktivists don’t use the internet in a revenge attack.
The full warning posted by the Met Police reads as follows:
The investigation into the criminal activity of so-called "hacktivist" groups #Anonymous and #LulzSec continues. We want to remind people of the law in this area:
The Law Against Computer Misuse
Anyone considering accessing a computer without authority should understand that such acts are unlawful and can carry a term of imprisonment.
Under UK legislation, it is an offence if a person acts from within the UK upon a computer anywhere else in the world. It is also an offence if someone anywhere else in the world to criminally affect a computer within the UK.
The Computer Misuse Act 1990 states that anyone who gains unauthorised access to (or modifies) computer material may be liable to up to 2 years in prison (Section 1). It also says that anyone who gains unauthorised access to a computer and does an act
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in a computer, or
(c) to impair the operation of any such program or the reliability of any such data;
...may be imprisoned for up to 10 years upon conviction (Section 3).
These offences cover the acts of unauthorised access to personal accounts, Distributed Denial of Service (DDOS) Attacks and intrusive hacks where data is taken or systems changed.
Other jurisdictions have similar law.
Remember folks – if you assist in a denial-of-service attack you could be looking at a lengthy jail sentence.