Teenage 'e-mail bomber' heads back to court

U.K. high court overturns dismissal of hacking case against teen who allegedly bombarded ex-employer's systems with 5 million e-mails.

David Meyer Special to CNET News.com
2 min read
A teenager faces a retrial over charges that he breached British antihacking laws when he sent millions of messages to a former employer.

David Lennon, who is now 18 and can therefore be named for the first time, is alleged to have used an e-mail-bombing program called Avalanche to send approximately 5 million messages to his former employer, Domestic & General Group, in early 2004. The flood crashed the company's e-mail server.

The case against him, brought under the Computer Misuse Act, was dismissed in November by District Judge Kenneth Grant at Wimbledon Magistrates Court in London. At the time, Grant said that Section 3 of the act, which concerns unauthorized modification of data, had not been breached, as e-mails sent to a server configured to receive e-mails could not be classified as unauthorized.

But on Thursday, judges at the Royal Courts of Justice in London sent the case back to the Magistrates Court, saying Grant "was not right to state there was no case to answer."

Justice Jack said the judge should consider what answer Lennon might have expected if he had asked Domestic & General about the messages before starting the mail bombing.

The U.K.'s Crown Prosecution Service, which had appealed against the original judgment, said it was pleased by Thursday's ruling. "We have sought to clarify a point of law, to update the interpretation of that law to cope with contemporary high-tech crime. As technology develops at an ever-increasing pace the law may sometimes need to be interpreted in new ways," it said in a statement.

"The police and CPS are determined to ensure that those who use the Internet for crime are not beyond the reach of the law, and to make the Internet a safe place for both businesses and domestic users," it said.

The case highlighted flaws in the 16-year-old Computer Misuse Act, passed in the days before Internet crime became a significant problem. Critics have complained that it does not specifically outlaw denial-of-service attacks, for example.

Security expert Peter Sommer, who has called for the law to be updated, was a defense witness in Lennon's trial last year. He said on Thursday that "the defense (had been) asking the court to take a fairly narrow and literal view of the CMA."

"My own view is that they could have made a decision either way. The fact that the Court of Appeal has reversed it is not a colossal surprise," he told ZDNet UK.

David Meyer of ZDNet UK reported from London.