Home | Data Examination | Expert Evidence | Case Experience | Services | Michael J L Turner | Contact

Computer Evidence

Michael J L Turner MA FBCS CITP MAE FEWI

Home > Cases > Computer Misuse
E-mail Michael Turner e-mail Michael Turner
Print friendly page Print-friendly CV
E-mail this site Tell a colleague!

Computer Misuse Act 1990 cases

The following table of Computer Misuse Act 1990 cases archived at http://www.computerevidence.co.uk/Cases/CMA.htm is an extract from a database that has been compiled and maintained by Michael J L Turner. © Copyright in the database and this extract Michael J L Turner 1993 - 2014. All contributions welcomed, please submit any suggested additions and corrections by e-mail.

R v Piotr Smirnow and Patryk Surmacki Manchester Crown Court 18 December 2013 Computer Misuse Act 1990. Blackmail

Backmailers threatened a £30M online casino with DDoS denial of service attacks.

Guilty plea. Both sentenced to five years and four months in prison.

The Register The Inquirer  
R v Stephen Burrell

Northampton Magistrates Court 28 November 2013

Computer Misuse Act 1990, s 2 Unauthorised access with intent, s 3 : Unauthorised modification

Burrell unlawfully accessed the accounts of 3,872 players of online game Runescape with intent to steal gaming resources and actually modified 105 player accounts

Guilty plea. Sentenced on 28 November 2013 to 12 month community order with supervision and 150 hours of unpaid work, Costs of £100 and surcharge of £60

Daily Mail    
R v Lewys Stephen Martin Maidstone Crown Court 16 May 2013 T20130081

Computer Misuse Act 1990, s 1 : Unauthorised accesss, s 3 : Unauthorised modification; s 3A : Making, supplying or obtaining articles for use in offence under section 1 or 3

NullCrew hacktivist Lewys Martin aka sl1nk launched Denial of Service (DOS) attacks on the websites of Kent Police (site temporarily unavailable to the public) and universities of Oxford and Cambridge; both universities estimated that around two man weeks were spent dealing with the attacks.

Guilty plea to five counts of Unauthorised modification, two counts of Unauthorised access and two counts of Making, supplying or obtaining articles. Sentenced to two years imprisonment.

BBC News kentonline  

R v Martin

Court of Appeal (Criminal Division) 31st July 2013

[2013] EWCA Crim 1420

 

Appeal on sentencing. Planning of the attacks was sophisticated and they were intended to cause harm and did so. The offences found to be of the highest level of culpability. Custodial sentences measured in years rather than months should now be expected. Sentence of two years' imprisonment was "amply justified". Appeal dismissed.

 

Judgement

   
R v Ryan Cleary, Jake Davis, Ryan Akroyd and Mustafa Al-Bassam Southwark Crown Court 16 May 2013 Computer Misuse Act 1990, s 1 : Unauthorised access, s 3 : Unauthorised modification

LulzSec collective hactivists Ryan Ackroyd, Jake Davis, Mustafa Al-Bassam and Ryan Cleary used DDoS attacks to crash websites of major global institutions including USAF, CIA, FBI, SOCA, Sony and Nintendo and stole personal data including passwords and credit card details belonging to millions of people that was posted online en clair. Damages estimated in millions of pounds.

All four defendants pleaded Guilty. Ryan Cleary (aka ViraL), 21, to six charges and was jailed for 32 months. Ryan Ackroyd (aka Kayla), 26, was jailed for 30 months. Jake Davis (aka Topiary), 20, was jailed for 24 months. Mustafa Al-Bassam (aka tFlow), 18, was sentenced to 20 months suspended for two years, and 200 hours of unpaid community work.

Independent Guardian Wikipedia
R v Matthew Beddoes

Kingston-upon-Thames Crown Court 19 Mar 2013

Computer Misuse Act 1990, s 1 : Unauthorised access

Zeus Trojan developed by Beddoes a.k.a Black Dragon, 32, used in attempted transfers of some 750,00 carbon credits worth £6.5m from accounts at the UN in Bonn and Spain's Carbon Credit Registry to a UK broker co-defendant.

Guilty plea to six counts of conspiring to do unauthorised acts, with intent to impair computer programs, four counts of unauthorised access to business computers, three counts of possessing electronic files containing data from 3,000 credit cards. Sentenced to 2 years and 9 months imprisonment.

Telegraph SOCA  
R v Christopher Weatherhead, Ashley Rhodes, Peter Gibson, and Jake Burchall

Southwark Crown Court 24 January 2013

Conspiracy to carry out an unauthorised act in relation to a computer. Computer Misuse Act 1990, s 3 : Unauthorised modification

Hacking group Anonymous members Christopher Weatherhead a.k.a "Nerdo", 22, Ashley Rhodes, 28, Peter Gibson, 24, and Jake Burchall, 18 carried out DDoS attacks in retaliation for withdrawal of services to WikiLeaks by PayPal, Visa and Mastercard between August 2010 and January 2011; one online attack was said to have cost PayPal at least £3.5m .

All four convicted. Weatherhead sentenced to 18 months in prison, Rhodes to seven months in prison and Gibson to six months prison (suspended). Sentencing of Burchall adjourned.

Guardian BBC  
R v James Marks and James McCormick

Leicester Crown Court 11 Jan 2013

Computer Misuse Act 1990, s 1 : Unauthorised access

James Marks, 27, and James McCormick, broke into Sony Music's servers and downloaded 7,900 files including tracks recorded by Elvis, JLS and Beyoncé and unreleased Michael Jackson tracks.

Guilty pleas. Both sentenced to six month in prison, suspended for one year and ordered to do 100 hours of unpaid community service.

Telegraph SOCA Outlaw
R v James Goodwill Luton Crown Court 21 August 2012 Computer Misuse Act 1990, s 1 : Unauthorised access. Misconduct in public office

Cambridgeshire Police officer attracted to a female witness used force computer system to obtain her phone number.

Guilty plea. Sentenced to four months imprisonment

BBC News This is Lincolnshire  
R v Astrid Curzon Swindon Magistrates Court 17/08/2012 Computer Misuse Act 1990, s 1 : Unauthorised accesss

Business manager of Royal Wootton Bassett Academy had recently been made redundant when she accessed the school’s email system using the login and password of another school employee and read private emails from the Head.

Defendant convicted. Fined £200. Ordered to pay court costs of £675 and £15 to a victim.

Swindon Advertiser    
R v Junaid Hussain

Southwark Crown Court 27/07/2012

Computer Misuse Act 1990, s 1 : Unauthorised access

18 year-old TeamPoison hacker Junaid Hussain aka TriCk hacked into a Gmail account used by Katy Kay, a former special advisor to Tony Blair and accessed and published personal details of 150 contacts including Tony Blair and family. Also used Skype to swamp UK anti-terrorism hotline with hoax calls.

Guilty plea. Six months youth detention sentence.

The Register Telegraph  
R v Pavel Cyganok and Ilja Zakrevski Southwark Crown Court 02/07/2012 Computer Misuse Act 1990, s 3 : Unauthorised modification

SpyEye trojan used to steal login credentials for online banking accounts and then uploaded to servers controlled by Cyganok and Zakrevski. Tip-off by Estonian Police led Metropolitan Police's Central E-Crime Unit (PCEU) to seize one of the UK-based servers. An estimated 1,000 computers had been infected with victims in the UK, Denmark, The Netherlands and New Zealand.

Guilty pleas. Pavel Cyganok was jailed for five years. Ilja Zakrevski for four years.

The Register BBC News  
R v Gareth Crosskey Southwark Crown Court 16/05/2012 Computer Misuse Act 1990, s 1 : Unauthorised accesss, s 3 : Unauthorised modification

19 year-old McDonald's employee hacked into the Facebook account of Justin Bieber's girlfriend Selena Gomez by posing as the actress' step-father/manager to persuade Facebook staff to change the password to the account. After accessing and copying her private emails he contacted celeb magazines offering to reveal information about her.

Guilty plea. Sentenced to twelve months imprisonment.

Metropolitan Police The Register Telegraph
R v James Jeffery

Southwark Crown Court 13/04/2012

Computer Misuse Act 1990, s 1 : Unauthorised access, s 3 : Unauthorised modification

Defendant associated with Anonymous group used log-on details of a system admin to access 10,000 database records from abortion provider BPAS (British Pregnancy Advisory Service) and post anti-abortion messages on its home page.

Sentenced to 2 years 8 months imprisonment.

ZDNet UK News BBC News Guardian
R v Glenn Mangham

Southwark Crown Court 17/02/2012

Computer Misuse Act 1990, s 1 : Unauthorised accesss, s 3 : Unauthorised modification; s 3A : Making, supplying or obtaining articles for use in offence under section 1 or 3

Software development student from York repeatedly hacked into Facebook and extracted internal material in Spring 2011 using the account of a Facebook employee who was on holiday. His targets included Facebook Puzzle and Mailman servers and a restricted area of the Facebook Phabricator server.

Guilty plea on two counts. Sentenced to 8 months' imprisonment. Serious Crime Prevention Order (SCPO) made restricting access to the internet and forfeiture of computer.

ZDNet UK News BBC News  
R v Glenn Mangham Court of Appeal Criminal Division 04/04/2012 [2012] EWCA Crim 973   Appeal allowed. Sentence reduced to four months’ imprisonment. SCPO quashed. Judgement    
R v Oliver Baker Cardiff Crown Court 2011 [2011] EWCA Crim 928 Computer Misuse Act 1990, s 1 : Unauthorised access Defendant IT contractor sacked by Welsh Assembly (for producing fake pay and display parking tickets) hacked into the Assembly's computer system on twenty occasions to read sensitive emails. Sentenced to four months imprisonment. Sentence upheld on appeal. South Wales Echo    
R v Zachary Woodham Southwark Crown Court 13/05/2011 Computer Misuse Act 1990, s 3 : Unauthorised modification Teenager using alias Colonel Root repeatedly attacked Punkyhosting web hosting company and caused it to cease trading. Guilty plea. Sentenced to 12 months' imprisonment suspended for two years and 240 hours unpaid work. The Register Metropolitan Police  
R v Paul McLoughlin Southwark Crown Court 13/05/2011 Computer Misuse Act 1990, s 3A : Making, supplying or obtaining articles for use in offence under section 1 or 3

Student used Istealer password-stealing kit to create Trojan that he wrapped in several malware programs. Users tricked into downloading which enabled Defendant to harvest login credentials of over 100 web users via an FTP server.

Charged with adapting an article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3. Guilty plea. Sentenced to eight months' imprisonment suspended for 12 months.

Believed to be the first conviction for new S3A offence.

The Register ZDNet UK News  
R v Gary Paul Kelly, Nicholas Webber, Ryan Thomas, Shakira Ricardo Southwark Crown Court 2 March 2011 Computer Misuse Act 1990, s 3: Unauthorised modification. Conspiracy to defraud.

Creators of Gh0stMarket forum used by thousands to trade unlawfully obtained credit/debit card details, confidential personal information and malware tools.

Guilty pleas. Kelly sentenced to five years imprisonment, Webber five years, Thomas four years and Ricardo 18 months.

Metropolitan Police The Guardian ZDNet
R v Ashley Mitchell

Exeter Crown Court 03/02/2011

Computer Misuse Act 1990, s 1 : Unauthorised access

Poker addict hacked into American poker company Zynga and stole £7m worth of virtual poker chips for resale on Facebook. Guilty plea. Sentenced to two years imprisonment (including term for breach of previous suspended sentence for hacking).

 

The Register The Guardian  
R v Daniel Woo Southwark Crown Court 20/08/2010 [Not Known] Bulgarian pretending to be a student installed key logging software to capture passwords and access emails containing personal and financial data. Guilty plea. Sentenced to eight months imprisonment, suspended for two years. Two year supervision order, 200 hours unpaid work and £21,00 costs and compensation ordered. The Register Metropolitan Police  
R v Matthew Anderson Southwark Crown Court 22/10/2010 Computer Misuse Act 1990, s 3 : Unauthorised modification Franchise manager aka Warpigs virus writer used malware attached to spam to spy on victims using their webcams and steal personal information. Guilty plea. Sentenced to eighteen months imprisonment. The Register S T V  
R v Dale Trever Hull Crown Court 16/09/2010 Computer Misuse Act 1990, s 1 : Unauthorised access Primary Care Trust data manager accessed confidential female NHS patient medical records. Guilty plea. Sentenced to six months imprisonment, suspended for two years. The Register Yorkshire Post  
R v Balwinder Basran Cannock Magistrates Court 09/09/2010 Computer Misuse Act 1990, s 1 : Unauthorised access Police officer accessed police computer records for private use. Guilty plea. Fined £2,000. Birmingham Mail    
R v Robert Campbell

Guildford Crown Court 08/06/2010

 

Computer Misuse Act 1990, s 1 : Unauthorised access Sexual adventurer Police officer accessed police computer records for private use. Guilty plea. 18 month Conditional Discharge and ordered to pay £1,200 costs. The Independent    
R v Susan Holmes Horseferry Road Magistrates Court 15/02/2008 Computer Misuse Act 1990, s 1 : Unauthorised access Falling registrations at Nannies Inc traced back to ex-employee Susan Holmes continuing to access Nannies Inc registrations on AOL email account months later. Holmes pleaded guilty and fined £500. The Register    

R v Mark Hopkins

Westminster Magistrates Court 09/08/2007 Computer Misuse Act 1990, s 1 : Unauthorised access MD and Website designer of NXGN hacked into competitor ME Publishing's Motorcycle Trader website. Defendant pleaded Guilty. Five months sentence suspended for two years, 100 hours community service and £5,000 compensation order. The Register    

R v Scott Gelsthorpe and Jeremy Young

Southwark Crown Court 27/06/2007 Computer Misuse Act 1990, s 3 : Unauthorised modification - Conspiracy Moonlighting serving police officers Gelsthorpe and Young set up private detective agency Active Investigation Services aka "Hackers are Us" to hack into computers for wealthy clients. Jeremy Young pleaded guilty on 15 counts and was jailed for 27 months. BBC News Metropolitan Police The Guardian
R v Q

Inner London Crown Court 22 January 2007

 

 

Inner London Crown Court 6 June 2007

Computer Misuse Act 1990, s 3 : Unauthorised modification

Employment dispute. Systems administrator alleged to have hacked in to employer's system to delete data in a revenge attack causing losses estimated in the hundreds of thousands of pounds. Case collapsed after four days of trial.

Re-trial. Prosecution offer no evidence. Defendant acquitted of all charges. Expert evidence for the Defence in both trials.

     

R v Matthew Byrne

Southwark Crown Court 07/11/2006 Computer Misuse Act 1990, s 3 Unauthorised modification - Web site defacement Hacker used dictionary attacks to crack passwords to access and deface members' profiles on loveandfriends.com dating website. Guilty plea. Sentenced to eight months imprisonment, suspended for two years and two years supervsion order. The Register ZDNet UK News Metropolitan Police

R v David Lennon

Wimbledon Youth Court 23/08/2006 Computer Misuse Act 1990, s 3 Unauthorised modification Teenager alleged to have bombarded his ex-employer's mail server with 5,000,000 emails. Defendant pleaded guilty and sentenced to a two month curfew and electronic tagging. ZDNet UK News The Register  
 

R v Daniel Cuthbert

Horseferry Road Magistrates Court 07/10/2005

Computer Misuse Act 1990, s 1 Unauthorised access

IT security consultant donated £30 to Disasters Emergency Committee Tsunami appeal website, then checked site security. Defendant found guilty of unauthorised access "with deep regret", convicted and fined £400.

BBC News

 

The Register ZDNet UK News

R v Joseph McElroy

Southwark Crown Court 03/02/2005

Computer Misuse Act 1990, s 3 Unauthorised modification

First-year university student sought shared internet storage for music, games and warez. Compromised site was a US Department of Energy research lab. Defendant convicted and sentenced to 200 hours community service.

BBC News The Guardian The Register

R v Aaron Caffrey

Southwark Crown Court 17/10/2003

Computer Misuse Act 1990, s 3 Unauthorised modification

DDoS attack that crippled the Port of Houston, Texas. Attack mounted from teenaged Defendant's PC. Defendant acquitted after Trojan Defence - other hackers had taken control of his PC using a Trojan Horse.

BBC News The Guardian

R v Simon Vallor

Southwark Crown Court 21/01/2003 EWCA Crim 2288

Computer Misuse Act 1990, s 3 Unauthorised modification

Web designer created Gokar, Redesi, Admirer mass mailing viruses that infected 22,000 PCs worldwide. Defendant pleaded guily, convicted and sentenced to two years jail. Appeal against sentence failed.

BBC News The Register
R v Delamare

[2003] EWCA Crim 424 [2003] 2 Cr App Rep (S) 474

Computer Misuse Act 1990, s 1 Unauthorised access Defendant bank official was paid £100 to use the bank's computer system to obtain account details on two accounts. Guilty plea, 4 months imprisonment.  
R v Victor Lindesay [2002] 1 Cr App Rep (S) 370 Computer Misuse Act 1990, s 3 Unauthorised modification Revenge attack following a contract dispute. Defendant freelance computer consultant accessed the websites of three clients of his former employer using passwords he knew and caused £9K damage by deleting data. Guilty plea. Sentenced to 9 months imprisonment. Upheld on appeal. Shout99

R v Stephen Carey

Hove Crown Court 19/09/2002

Computer Misuse Act 1990, s 3 Unauthorised modification

Computer engineer deleted a company's files in a payment dispute. Defendant convicted, 18-month prison sentence.

IT Week News

Yarimaka v Governor of HM Prison Brixton

Queens Bench Division [2002] EWHC 589 (Admin) 20/03/2002

Computer Misuse Act 1990, s 3 Unauthorised modification - Meaning of "modification" - Extradition - Habeas Corpus

Attempt by Kazakhs to blackmail Mayor of New York Michael Bloomberg for the sum of $200,000 by exposing security flaws in Bloombergs' computer system. Held that address spoofing effected the reliability of information for the purposes of s.3 Computer Misuse Act 1990. Applications for writs of habeas corpus denied.

R v Raphael Gray

Swansea Crown Court 06/07/2001

Computer Misuse Act 1990 Unauthorised access - Unauthorised modification

Teenage hacker aka Curador demonstrated security weaknesses in e-commerce web-sites and accessed 23,000 credit card records, some posted on his web-site. Viagra sent to Bill Gates using his credit card. Guilty plea. Defendant convicted and sentenced to three years probation and medical treatment for obsessive mental disorder.

BBC News The Guardian

R v Paul Brogden

Exeter Crown Court 19/04/2001

Computer Misuse Act 1990

Owner of Sure Computers sent price-war rival a virus in an e-mail attachment. Defendant convicted and sentenced to 175 hours community service, hardware confiscated.

Sophos article

R v Paul Maxwell King

Court of Appeal (Criminal Division) 24/11/2000 The Times 2 January 2001

Computer Misuse Act 1990, s 3 Unauthorised modification - Incitement to others

Small-scale sale of hardware chips designed to access cable TV channels without authorisation or payment. Defendant pleaded guilty and sentenced to four months imprisonment by Doncaster Crown Court. Appeal against sentence. Held - Appropriate sentences for small-scale offences were a substantial fine or a period of community service. Appeal allowed.

The Times Report Swarbrick Comment

R v William Culbert

Southwark Crown Court

Computer Misuse Act 1990, ss 1, 2, 3 Unauthorised access - Unauthorised modification

Associated Newspapers print technician with superuser status offered Express Newspapers to destroy his employer's computerised print centres for GBP 600,000 Defendant pleaded guitly and convicted. Sentenced to 18 months imprisonment.

BBC News

Morgans v Director of Public Prosecutions

House of Lords 17/02/2000 [2000] 2 WLR 386 The Times 29 December 1998; [1999] 1 WLR 968; [1999] Masons CLR 102

Computer Misuse Act 1990, s 1(1) Unauthorised access - Admissibility - Unlawful interception - Time limit on prosecution Computer Misuse Act 1990 s 11(2)

Hacking for purposes of making free overseas telephone calls. Printouts from BT Monolog telephone call logger. Held - time runs from when Prosecutor has knowledge of the relevant evidence under Computer Misuse Act 1990 s 11 (2). Appeal allowed in respect of five CMA 1990 charges, convictions quashed.

Judgement

R v Michelle Begley

Coventry Magistrates Court

Computer Misuse Act 1990, s 1 Unauthorised access - Harassment - Misuse of police national computer

WPC used police national computer to access electoral rolls and car registration records in attempts to track down woman who had an affair with her boyfriend. Defendant convicted. Sentence of three months imprisonment.

R v Bow Street Magistrates Court and Allison ex parte Government of USA

House of Lords 05/08/1999 The Times 7 September 1999; [1999] 4 All E R 1; [1999] 3 WLR 620; [1999] Masons CLR 380 [1998] 3 WLR 1156; [1998] Masons CLR 234; The Times 2 June 1998. [1999] C&L Oct/Nov, 21

Computer Misuse Act 1990, ss 1, 2, 15, 17(5) Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Extradition - Conspiracy

Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM US$ 1M fraud. Held - unauthorised access applies to the use of a computer to obtain unauthorised access to data. "Hacking" held to refer to all forms of unauthorised access whether by insiders or outsiders. Comments of House of Lords in R v Bignell on meaning of "control access" in Computer Misuse Act 1990 s.17 (5) distinguished. Habeas corpus denied.

Judgement

R v Ian Morris and Richard Airlie

Cardiff Crown Court

Computer Misuse Act 1990 Unauthorised access - Unauthorised modification - Website defacement

Disgruntled IT supplier hacked estate agency website and replaced pictures of houses with pornography. Defendants convicted. £1250 fine and 100 hours community service (first web defacement conviction).

R v Matthew Bevan

Bow Street Magistrates Court 21/11/1997

Computer Misuse Act 1990, s 3 Unauthorised access - Unauthorised modification - Conspiracy

Defendant teenage hacker aka Kuji charged with unauthorised access and unauthorised modification of USAF and Lockheed web sites (see also R v Pryce). Alleged cost of damage US$ 211k. No evidence offered by Prosecution at abuse of process hearing. Defendant acquitted.

Kuji website Article

R v Simon Regan, Julian Taylor

Horseferry Road Magistrates

Computer Misuse Act 1990, s 1 Unauthorised access - Theft of information

PC service engineer Taylor passed personal diaries copied from Michael Portillo MP's House of Commons PC to Regan, editor of Scallywag magazine. Defendants convicted. £250 and £750 fines.

R v Moody

Bristol Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification - Admissibility PACE s69 - Reliability

Ex-employee IT specialist charged with accessing remote maintenance port of Local authority's computerised telephone switch. Outgoing calls could not be made and all incoming calls routed to a single extension. Voire dire on Expert evidence on the reliability of files extracted from forensic image copy of hard disk of seized PC that had been corrupted by previous police investigation. Indictment stayed.

DPP v Bignall and Another

Queens Bench Division [1997] EWHC Admin 4706/06/1997 [1998] 1 Cr App R 1; [1997] Masons CLR 16; [1997] CLSR 13 No 5 352; The Times 6 June 1997 [1997] CLSR Vol 13, No. 4, 222

Computer Misuse Act 1990, ss 1, 2, 15, 17 Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Misuse of police national computer

Two Metropolitan Police PCs caused a police computer operator to obtain DVLA motor vehicle registration and ownership data via the Police National Computer for their own private purposes. Held - Defendants generally authorised to control access to data; Access for an unauthorised purpose not an offence. Unauthorised access held to apply to external hackers. Defendants acquitted.

Judgement Comment

Edward Yearly v Crown Prosecution Service

Queens Bench Division [1997]EWHC Admin 30821/03/1997

Computer Misuse Act 1990, s 1 Unauthorised access - Admissibility PACE s 69

Computer engineer copied a security file while on-site at Marks & Spencer's Harrow store. File was then posted on Gates of Underworld BBS. Late Defence challenge to admissibility under PACE s 69. Held that court of first instance had and was entitled to exercise its discretion to allow the prosecution case to be re-opened.

Judgement

R v Pryce

Bow Street Magistrates 21/03/1997

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Teenage hacker aka Datastream Cowboy charged with unauthorised access and modification of USAF and Lockheed websites. Phone-freaking to Seattle ISP via Bogota telephone switch (see R v Bevan aka Kuji). Defendant pleaded guilty and convicted. £1200 fine for twelve Unauthorised access offences and £250 costs order.

IT Week News Kuji website Article

R v Dyson

Daventry Magistrates Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Commercial dispute between company and software supplier. Alleged logic bomb/timelock caused by batch file that denied access to software. Investigation of computer evidence by unqualified freelance examiner. Expert evidence on the procedures used for the seizure and preservation of the computer evidence, the possibility of corruption of the computer evidence and its reliability. Indictment stayed.

R v Feltis

Reading Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Video surveillance of computer operator disconnecting cables on IBM AS/400 at Thorn UK. Alleged cost of damage £500,000. Defendant convicted. Sentence of twelve months imprisonment.

Appeal Judgement

R v Pile

Plymouth Crown Court 15/11/1995

Computer Misuse Act 1990, ss 2, 3 Unauthorised access - Unauthorised modification

Defendant aka The Black Baron authored Pathogen and Queeg viruses. Polymorphic encryption engine used to conceal viruses within innocuous programs. Defendant convicted. Sentence of 18 months imprisonment (first virus writer jailed).

R v Mahomet

Middlesborough Magistrates Unreported

Computer Misuse Act 1990, s 1 Unauthorised access - Authorisation

Disclosure to journalist by BT Customer Services staff of ex-directory telephone numbers. Defendant acquitted.

R v Birch

Gloucester Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Stock control barcodings modified by Safeway employee in Gloucester supermarket. Defendant convicted. 150 hours community service order.

R v Spielmann

Bow Street Magistrates

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification

Ex-employee of Bloomberg financial news agency used another employee's authorised account to delete and modify emails and to send obscene messages to subscribers. Defendant convicted. Sentence of 12 months conditional discharge. Costs order of £160.

R v Rymer

Liverpool Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Defendant male nurse obtained doctor's password by shoulder-surfing and used that user account to modify Hospital patient prescription and treatment records. Defendant pleaded guilty to two charges of unauthorised modification and convicted. Sentence of 12 months in prison.

R v Malcolm Farquharson

Croydon Magistrates Court 09/12/1993 Computer Weekly 13 January 1994

Computer Misuse Act 1990, ss 1, 2 Unauthorised access - Authorisation

Mobile phone cloning. Accused instructed (i.e. without personally accessing a computer) an accomplice to access records by telephone (see R v Pearce). Held - use of telephone to instruct accomplice to access records by telephone made defendant a party to hacking by accomplice (see R v Pearce). Defendant found guilty of three counts of unauthorised access and convicted. Sentenced to six months imprisonment.

R v Emma Pearce

Croydon Magistrates 09/12/1993 Computer Weekly 13 January 1994

Computer Misuse Act 1990, s 1 Unauthorised access - Authorisation

Mobile phone cloning. Accused instructed by Farquharson to access telephone records (see R v Farquharson). Defendant convicted. £300 fine.

R v Alfred Whittaker

Scunthorpe Magistrates Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Software developer AAS Management Systems installed bespoke software with covert timelock for Protech Formulations Ltd. Timelock activated and denied access to software after dispute arose over unpaid fees. Held - installing and activating a covert software time-lock is an Unauthorised modification. Defendant convicted. Conditional discharge. Decision widely reported as "time-locks are illegal".

R v Vatsal Patel

Aylesbury Crown Court 02/07/1993 [1993] C&L Vol 5 Issue 1 April 1994 Computing 15 July 1993

Computer Misuse Act 1990, s 3 Unauthorised modification - Admissibility - PACE s 69

Contract programmer alleged to have deleted software development files to prolong his contract. "Wrecking programs" ran automatically in background to delete software development team's work. Held - evidence of file directory entries was admissible, and that doubts on its reliability go to weight of evidence. Defendant acquitted (first Computer Misuse Act 1990, s 3 acquittal after trial).

Case Report

R v Strickland, R v Woods

Southwark Crown Court 21/05/1993

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Hacking by Eight Legged Groove Machine 8LGM gang - JANET Joint Academic Network, NAA, BT, Financial Times, European Commission sites hacked by 8LGM. Alleged damage of £120,000. Defendants pleaded guilty and convicted. Sentence of 6 months imprisonment (first CMA jail sentences). Hacking described as "intellectual joyriding" and "not harmless".

R v Paul Bedworth

Southwark Crown Court

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Hacking by Eight Legged Groove Machine 8LGM gang - JANET, BT, Financial Times, European Commission sites. Alleged damage of £120,000. Expert psychiatric evidence of obsessive addiction to hacking. Held - defendant was "addicted to hacking", and lacked criminal intent. Defendant acquitted.

R v Elaine Borg

[Not Known]

Computer Misuse Act 1990, s 2 Unauthorised access with intent to commit further offence

Computer operator at Henderson Financial Investment Services accused of hacking into the company's computer system with intent to defraud her employer of one million pounds. Defendant acquitted on Computer Misuse Act 1990, s 2 charge

R v Gareth Hardy

Old Bailey

Computer Misuse Act 1990, s 3 Unauthorised modification - Denial of access

Encryption package installed by defendant computer manager. Time-lock (data no longer decrypted) activated one month after end of defendant's employment. Defendant pleaded guilty and convicted. £3000 compensation order and 140 hrs community service order.

R v Trollope

Worcester Crown Court

Computer Misuse Act 1990, s 3; Theft Act 1968 Unauthorised modification - Theft of client list - Confidential information

Ex-employee stole 1,700 customer records on backup tape before setting up competitive PC networking company. Alleged denial of access to original customer records by virus. Defendant convicted of theft and acquitted of unauthorised modification virus charge. Conditional discharge and £15 compensation order.

Attorney-General's Reference (No.1 of 1991)

Court of Appeal 16/06/1992 [1992] 3 WLR 432, [1992] 3 All ER 897, [1992] CL&P Vol 8, No 4 95

Computer Misuse Act 1990, s 1 Unauthorised access - Meaning of "any computer"

Cropp Appeal - appeal against acquittal of ex-employee alleged to have obtained 70% discount to which he was not entitled using POS till. Held - meaning of "any computer" was not "any other computer".

R v Richard Goulden

Southwark Crown Court The Times 10 June 1992 Computer Weekly 18 June 1992

Computer Misuse Act 1990, ss 1, 3 Unauthorised modification - Denial of access

Software contractor in dispute with company over unpaid fees installed access control security package. Denial of access by witholding password. Alleged damage of £36,000. Defendant convicted. Conditional discharge and £1650 fine.

R v Cropp

Snaresbrook Crown Court 05/07/1991 [1991] 7 CLSR 168, [1991] CL&P July/August 270 Computer Weekly 11 July 1992

Computer Misuse Act 1990, ss 1, 2 Unauthorised access - Theft

Defendant ex-employee alleged to have obtained 70% discount to which he was not entitled using POS till. Defendant acquitted after jury instructed that access was required from another computer.

R v Ross Pearlstone

Bow Street Magistrates Court

Computer Misuse Act 1990, ss 1, 2 Unauthorised access

Ex-employee made unauthorised use of his former employer's Mercury telephone account to make "free" calls. Defendant pleaded guilty to two charges and convicted (first CMA 1990 conviction). £900 fine.

R v Bennett

[Not Known]

Computer Misuse Act 1990, s 1 Unauthorised access - Misuse of police national computer.

Ex-police superintendent used police national computer to track down his ex-wife's new partner Defendant pleaded guilty and convicted. Fined £150 and costs order.

       
© Copyright Michael J L Turner 1993 - 2014