X

British teen in court over 'e-mail bomb' charges

In a test of the U.K.'s Computer Misuse Act, youth will be tried for attempting a denial-of-service attack on his former employer.

Tom Espiner Special to CNET News
See full bio
Tom Espiner
2 min read
A teenager accused of unleashing an "e-mail bomb" on his former employer will appear in court on Tuesday in what will be a test case for the U.K.'s Computer Misuse Act.

British police accuse the youth of sending 5 million e-mails to the company he used to work for. This amount of e-mail could cause an e-mail server to crash and is hence a form of denial-of-service (DoS) attack.

The case will prove to be a test of the effectiveness of the CMA, as nobody has yet been convicted under the act of launching a DoS attack. According to those familiar with the case, the teenager's defense will argue that launching a DoS attack is not illegal under the CMA.

The CMA does not specifically include a denial-of-service attack as a criminal offense, something some members of the U.K. parliament want changed. The act explicitly outlaws "unauthorized access" and "unauthorized modification" of computer material, but DoS attacks sit in a legal gray area.

The youth is being tried at Wimbledon Magistrates Court in London under section 3 of the CMA, which concerns unauthorized data modification and tampering with systems.

The defense is expected to argue that the young man can't be convicted under the CMA because a flood of e-mail would not modify any data on the server, according to Peter Sommer, a technical expert who is expected to be called by the defense.

"When you send an e-mail to an e-mail server, you are not modifying that server, because the purpose of the e-mail server is to sit around waiting to receive e-mails aimed at that domain," Sommer, a senior research fellow in the London School of Economics' Information Systems department, told ZDNet UK.

If the e-mails themselves contained no malicious software that could modify the system, then sending them would not contravene CMA, according to Sommer.

The CMA has come under attack in recent weeks, following the conviction of a man for gaining unauthorized access to a fund-raising Web site.

Speaking on the outcome of the case, Sommer said, "this legislation is 15 years old, and due to the nature of technology, (it) is more likely to become rapidly obsolete. It will be interesting to see what will happen."

Tom Espiner of ZDNet UK reported from London.