ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Tsunami 'hacker' conviction worries experts

Colin Barker and Rupert Goodwins ZDNet.co.uk

Published: 07 Oct 2005 15:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The conviction of a computer consultant who gained unauthorised access to the Disaster Emergency Committee's fundraising Web site has left security experts leafing through the magistrate's decision to try and understand the full implication of the verdict.

On Thursday, Daniel Cuthbert, a computer security consultant from Whitechapel in London, was found guilty of breaching Section One of the Act on the afternoon of New Year's Eve, 2004. He admitted attempted to access the Web site, which was collecting donations for victims of last year's tsunami.

During the trial, Cuthbert's defence argued that any unauthorised access was entirely innocent. In evidence it was shown that he had attempted to access the tsunami donations site on two occasions and the site's security systems had denied him access.

The defence also pointed out that Cuthbert had not attempted to defraud the site. Security expert Peter Sommer is concerned by the conviction.

"Nobody thought he was doing anything significant or malicious, and there was a strong argument that the police should have given him a slap on the wrists and not prosecuted,” said Sommer, senior research fellow at the London School of Economics’ Information Systems Integrity Group.

Under Section 1 of the Computer Misuse Act, 1990, any unauthorised access to a computer site can be considered a crime, if the person accessing the system knows that he is not authorised to access the site.

As the Act says, "a person is guilty of an offence if: he causes a computer to perform any function with intent to secure access to any program or data held in any computer and the access he intends to secure is unauthorised and he knows at the time when he causes the computer to perform the function that that is the case."

In making his decision, district judge Mr Q. Purdy said that the court would have to take into account Cuthbert’s previous conduct when deciding whether he was guilty.

"This is not an infallible guide," Judge Purdy said. "If it was, there would be no first time offenders." But he indicated that as Cuthbert had no previous convictions and an "unblemished" record he would be inclined to find him not guilty.

This is thought to be the first time that a judge had indicated that — despite the letter of the act — knowingly accessing a system when unauthorised to do so is not necessarily a crime.

Instead, Judge Purdy found Cuthbert guilty, because he had initially lied to the police about what he had done; Cuthbert originally told the police one story and later changed it.

Judge Purdy said that Cuthbert was "deliberately trying to throw the police off the trail", by saying one thing and then another.

The fact that Cuthbert had changed his story on how and why he had originally accessed the site was the crucial factor in reaching a conviction, the judge said.

Sommer backed up this point.

"The major problem was that he gave them an overly complex explanation which turned out not to be true, and involved them in a lot more work. That's probably why the judge didn't give him a conditional discharge, which was open to him," Sommer told ZDNet UK.

Sommer is now digesting the implications of the judge’s ruling.

"There are a number of long term issues," said Sommer. "We've now got a very strict interpretation on how Section 1 works and how it might be interpreted in terms of an attempt. Some of the tests you might instinctively want to run to see if a site is valid may fall foul of a strict interpretation."

Sommer added that there are also public policy implications. "Once someone's charged, there's almost no defence. Is it in the public interests to prosecute people who haven't done anything very serious if you know they'll lose their profession as a result?"

"I've run into a lot of people in the penetration test community over the past few months, and they're all sympathetic to Dan. Their view was that he merited a ticking off, not losing his job. The police need the help of penetration testers and this won't help," Sommer said.

You can have your say about Cuthbert's conviction by voting in this poll.

 

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
65 out of 132 people found this useful


Talkback

Post a comment


Full Talkback thread

14 comments

  1. How is it that a free thinking society cannot voic... Shaun Walter
  2. It sounds like the lawyer that represented him got... Stack Smasher
  3. An uneducated verdict. It will spell doom if... Anonymous
  4. "Instead, Judge Purdy found Cuthbert guilty, becau... AyeRoxor
  5. Pretty scary to think that only a government-autho... Rich Willis
  6. If you warn a thief he's being looked at the thief... Anonymous
  7. A lot of fuss is being made about him initial... David B. Wildgoose
  8. The situation has arisen due to the wordings of th... Praveen Dalal
  9. Just goes to show that like the majority of the la... Sb
  10. The police need computer forensics experts, securi... Craig S Wright
  11. I would love to work for computer forensics.... Neale Martin
  12. His biggest mistakes where, to be British, to live... Anon
  13. What is it that people here don't get? When I was... Fujikid
  14. It is interesting to me that unless you are a... Anonymous

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Biostatistician Leading provider Drug Discovery.

Perform and/or supervise programming of tables, listings, figures, derived datasets and statistical analyses according to agreed timelines and ...

Global Head of Risk Testing / QA Tier 1 Investment Bank 120k+

The Credit Risk IT, Market Risk IT and Margin Management IT functions have combined to create a utility function to perform: - QA (testing) - Test ...

NHS - Procurement/Purchasing/Sourcing - Contract - Midlands - Apply!

The ability to think of the wider implications of problems and the ability to then act on that decisively and promptly. Project Management Experience ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers