David Lennon, 19, who launched a Denial of Service attack on his former employer (breaching the UK's Computer Misuse Act in the process) was sentenced to two months' curfew yesterday, and ordered to wear an electronic tag.
Lennon used a 'mail bombing' program to attack Domestic & General Group's computer system, sending some 500,000 emails to the insurer's server, which subsequently collapsed under the load.
Lennon, who was charged under section three of the Computer Misuse Act 1990, had previously argued that the purpose of the company's server was to receive emails, therefore the company had consented to the receipt of emails and their consequent modifications in data. But after an appeal from the Director of Public Prosecutions, Lord Justice Keene and Justice Jack agreed that Lennon had broken the law. The notion here is that even although the owner of a computer system would ordinarily consent to the sending of emails to his computer, such implied consent is not without limits. In this case, a criminal act had been committed.
"It’s essential that young people learn that the internet is not a playground where any kind of behaviour is acceptable," said Graham Cluley, senior technology consultant for Sophos. "Computer-literate teens need to understand that bombarding others with email or malware can lead to them ending up in court. Kids who are knowledgeable about computers should put their enthusiasm into more positive activities."
The curfew has been timed so as not to interfere with Lennon’s job (he works at a local cinema), and the prosecution dropped its demand that Lennon should pay costs amounting to $55,000 which arose from his attack.