Denial-of-service attacks can land you in jail

The primary law governing computer-related crime in the United Kingdom is the Computer Misuse Act, passed in 1990. In 2002, an attempt was made to amend the Act so that DoS attacks would be specifically included, but the amendment failed. Subsequent changes were made to include these specific types of attacks and became law in Scotland in October 2007, and in England and Wales in October 2008.

The modifications to the Computer Misuse Act now criminalize DoS attacks -- perpetrators can now be fined and sentenced to prison for up to 10 years. Other changes also increase the penalty for accessing computer systems in an unauthorized manner. However, the law includes a controversial provision that criminalizes any activity that assists in the commission of a DoS or similar attack, and includes a two-year prison sentence for such assistance. Some are concerned that simply providing information about security flaws might qualify as assistance to a criminal activity, and so could be considered a crime under the newly modified law.

More information is available at http://www.out-law.com/page-9592.