Computer Evidence

Michael J L Turner MA FBCS CITP MAE FEWI

e-mail Michael Turner

Print-friendly CV

Tell a colleague!

R v Mark Hopkins

R v Scott Gelsthorpe and Jeremy Young

R v Matthew Byrne

R v David Lennon

R v Daniel Cuthbert

Horseferry Road Magistrates Court 07/10/2005

Computer Misuse Act 1990, s 1 Unauthorised access

IT security consultant donated £30 to Disasters Emergency Committee Tsunami appeal website, then checked site security. Defendant found guilty of unauthorised access "with deep regret", convicted and fined £400.

BBC News

R v Joseph McElroy

Southwark Crown Court 03/02/2005

Computer Misuse Act 1990, s 3 Unauthorised modification

First-year university student sought shared internet storage for music, games and warez. Compromised site was a US Department of Energy research lab. Defendant convicted and sentenced to 200 hours community service.

R v Aaron Caffrey

Southwark Crown Court 17/10/2003

Computer Misuse Act 1990, s 3 Unauthorised modification

DDoS attack that crippled the Port of Houston, Texas. Attack mounted from teenaged Defendant's PC. Defendant acquitted after Trojan Defence - other hackers had taken control of his PC using a Trojan Horse.

R v Simon Vallor

Southwark Crown Court 21/01/2003

Computer Misuse Act 1990, s 3 Unauthorised modification

Web designer created Gokar, Redesi, Admirer mass mailing viruses that infected 22,000 PCs worldwide. Defendant pleaded guily, convicted and sentenced to two years jail. Appeal against sentence failed.

R v Stephen Carey

Hove Crown Court 19/09/2002

Computer Misuse Act 1990, s 3 Unauthorised modification

Computer engineer deleted a company's files in a payment dispute. Defendant convicted, 18-month prison sentence.

Yarimaka v Governor of HM Prison Brixton

Queens Bench Division [2002] EWHC 589 (Admin) 20/03/2002

Computer Misuse Act 1990, s 3 Unauthorised modification - Meaning of "modification" - Extradition - Habeas Corpus

Attempt by Kazakhs to blackmail Mayor of New York Michael Bloomberg for the sum of $200,000 by exposing security flaws in Bloombergs' computer system. Held that address spoofing effected the reliability of information for the purposes of s.3 Computer Misuse Act 1990. Applications for writs of habeas corpus denied.

R v Raphael Gray

Swansea Crown Court 06/07/2001

Computer Misuse Act 1990 Unauthorised access - Unauthorised modification

Teenage hacker aka Curador demonstrated security weaknesses in e-commerce web-sites and accessed 23,000 credit card records, some posted on his web-site. Viagra sent to Bill Gates using his credit card. Guilty plea. Defendant convicted and sentenced to three years probation and medical treatment for obsessive mental disorder.

R v Paul Brogden

Exeter Crown Court 19/04/2001

Computer Misuse Act 1990

Owner of Sure Computers sent price-war rival a virus in an e-mail attachment. Defendant convicted and sentenced to 175 hours community service, hardware confiscated.

R v Paul Maxwell King

Court of Appeal (Criminal Division) 24/11/2000 The Times 2 January 2001

Computer Misuse Act 1990, s 3 Unauthorised modification - Incitement to others

Small-scale sale of hardware chips designed to access cable TV channels without authorisation or payment. Defendant pleaded guilty and sentenced to four months imprisonment by Doncaster Crown Court. Appeal against sentence. Held - Appropriate sentences for small-scale offences were a substantial fine or a period of community service. Appeal allowed.

R v William Culbert

Southwark Crown Court

Computer Misuse Act 1990, ss 1, 2, 3 Unauthorised access - Unauthorised modification

Associated Newspapers print technician with superuser status offered Express Newspapers to destroy his employer's computerised print centres for GBP 600,000 Defendant pleaded guitly and convicted. Sentenced to 18 months imprisonment.

Morgans v Director of Public Prosecutions

House of Lords 17/02/2000 [2000] 2 WLR 386 The Times 29 December 1998; [1999] 1 WLR 968; [1999] Masons CLR 102

Computer Misuse Act 1990, s 1(1) Unauthorised access - Admissibility - Unlawful interception - Time limit on prosecution Computer Misuse Act 1990 s 11(2)

Hacking for purposes of making free overseas telephone calls. Printouts from BT Monolog telephone call logger. Held - time runs from when Prosecutor has knowledge of the relevant evidence under Computer Misuse Act 1990 s 11 (2). Appeal allowed in respect of five CMA 1990 charges, convictions quashed.

R v Michelle Begley

Coventry Magistrates Court

Computer Misuse Act 1990, s 1 Unauthorised access - Harassment - Misuse of police national computer

WPC used police national computer to access electoral rolls and car registration records in attempts to track down woman who had an affair with her boyfriend. Defendant convicted. Sentence of three months imprisonment.

R v Bow Street Magistrates Court and Allison ex parte Government of USA

House of Lords 05/08/1999 The Times 7 September 1999; [1999] 4 All E R 1; [1999] 3 WLR 620; [1999] Masons CLR 380 [1998] 3 WLR 1156; [1998] Masons CLR 234; The Times 2 June 1998. [1999] C&L Oct/Nov, 21

Computer Misuse Act 1990, ss 1, 2, 15, 17(5) Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Extradition - Conspiracy

Authorised US American Express credit analyst gained access to unauthorised credit card accounts and PINs. Accomplice Allison used forged Amex cards in London in ATM US$ 1M fraud. Held - unauthorised access applies to the use of a computer to obtain unauthorised access to data. "Hacking" held to refer to all forms of unauthorised access whether by insiders or outsiders. Comments of House of Lords in R v Bignell on meaning of "control access" in Computer Misuse Act 1990 s.17 (5) distinguished. Habeas corpus denied.

R v Ian Morris and Richard Airlie

Cardiff Crown Court

Computer Misuse Act 1990 Unauthorised access - Unauthorised modification - Website defacement

Disgruntled IT supplier hacked estate agency website and replaced pictures of houses with pornography. Defendants convicted. £1250 fine and 100 hours community service (first web defacement conviction).

R v Matthew Bevan

Bow Street Magistrates Court 21/11/1997

Computer Misuse Act 1990, s 3 Unauthorised access - Unauthorised modification - Conspiracy

Defendant teenage hacker aka Kuji charged with unauthorised access and unauthorised modification of USAF and Lockheed web sites (see also R v Pryce). Alleged cost of damage US$ 211k. No evidence offered by Prosecution at abuse of process hearing. Defendant acquitted.

R v Simon Regan, Julian Taylor

Horseferry Road Magistrates

Computer Misuse Act 1990, s 1 Unauthorised access - Theft of information

PC service engineer Taylor passed personal diaries copied from Michael Portillo MP's House of Commons PC to Regan, editor of Scallywag magazine. Defendants convicted. £250 and £750 fines.

R v Moody

Bristol Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification - Admissibility PACE s69 - Reliability

Ex-employee IT specialist charged with accessing remote maintenance port of Local authority's computerised telephone switch. Outgoing calls could not be made and all incoming calls routed to a single extension. Voire dire on Expert evidence on the reliability of files extracted from forensic image copy of hard disk of seized PC that had been corrupted by previous police investigation. Indictment stayed.

DPP v Bignall and Another

Queens Bench Division [1997] EWHC Admin 4706/06/1997 [1998] 1 Cr App R 1; [1997] Masons CLR 16; [1997] CLSR 13 No 5 352; The Times 6 June 1997 [1997] CLSR Vol 13, No. 4, 222

Computer Misuse Act 1990, ss 1, 2, 15, 17 Unauthorised access - Authority - Meaning of "control access" in s 17(5) - Misuse of police national computer

Two Metropolitan Police PCs caused a police computer operator to obtain DVLA motor vehicle registration and ownership data via the Police National Computer for their own private purposes. Held - Defendants generally authorised to control access to data; Access for an unauthorised purpose not an offence. Unauthorised access held to apply to external hackers. Defendants acquitted.

Edward Yearly v Crown Prosecution Service

Queens Bench Division [1997]EWHC Admin 30821/03/1997

Computer Misuse Act 1990, s 1 Unauthorised access - Admissibility PACE s 69

Computer engineer copied a security file while on-site at Marks & Spencer's Harrow store. File was then posted on Gates of Underworld BBS. Late Defence challenge to admissibility under PACE s 69. Held that court of first instance had and was entitled to exercise its discretion to allow the prosecution case to be re-opened.

R v Pryce

Bow Street Magistrates 21/03/1997

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Teenage hacker aka Datastream Cowboy charged with unauthorised access and modification of USAF and Lockheed websites. Phone-freaking to Seattle ISP via Bogota telephone switch (see R v Bevan aka Kuji). Defendant pleaded guilty and convicted. £1200 fine for twelve Unauthorised access offences and £250 costs order.

R v Dyson

Daventry Magistrates Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Commercial dispute between company and software supplier. Alleged logic bomb/timelock caused by batch file that denied access to software. Investigation of computer evidence by unqualified freelance examiner. Expert evidence on the procedures used for the seizure and preservation of the computer evidence, the possibility of corruption of the computer evidence and its reliability. Indictment stayed.

R v Feltis

Reading Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Video surveillance of computer operator disconnecting cables on IBM AS/400 at Thorn UK. Alleged cost of damage £500,000. Defendant convicted. Sentence of twelve months imprisonment.

R v Pile

Plymouth Crown Court 15/11/1995

Computer Misuse Act 1990, ss 2, 3 Unauthorised access - Unauthorised modification

Defendant aka The Black Baron authored Pathogen and Queeg viruses. Polymorphic encryption engine used to conceal viruses within innocuous programs. Defendant convicted. Sentence of 18 months imprisonment (first virus writer jailed).

R v Mahomet

Middlesborough Magistrates Unreported

Computer Misuse Act 1990, s 1 Unauthorised access - Authorisation

Disclosure to journalist by BT Customer Services staff of ex-directory telephone numbers. Defendant acquitted.

R v Birch

Gloucester Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Stock control barcodings modified by Safeway employee in Gloucester supermarket. Defendant convicted. 150 hours community service order.

R v Spielmann

Bow Street Magistrates

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification

Ex-employee of Bloomberg financial news agency used another employee's authorised account to delete and modify emails and to send obscene messages to subscribers. Defendant convicted. Sentence of 12 months conditional discharge. Costs order of £160.

R v Rymer

Liverpool Crown Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Defendant male nurse obtained doctor's password by shoulder-surfing and used that user account to modify Hospital patient prescription and treatment records. Defendant pleaded guilty to two charges of unauthorised modification and convicted. Sentence of 12 months in prison.

R v Malcolm Farquharson

Croydon Magistrates Court 09/12/1993 Computer Weekly 13 January 1994

Computer Misuse Act 1990, ss 1, 2 Unauthorised access - Authorisation

Mobile phone cloning. Accused instructed (i.e. without personally accessing a computer) an accomplice to access records by telephone (see R v Pearce). Held - use of telephone to instruct accomplice to access records by telephone made defendant a party to hacking by accomplice (see R v Pearce). Defendant found guilty of three counts of unauthorised access and convicted. Sentenced to six months imprisonment.

R v Emma Pearce

Croydon Magistrates 09/12/1993 Computer Weekly 13 January 1994

Computer Misuse Act 1990, s 1 Unauthorised access - Authorisation

Mobile phone cloning. Accused instructed by Farquharson to access telephone records (see R v Farquharson). Defendant convicted. £300 fine.

R v Alfred Whittaker

Scunthorpe Magistrates Court

Computer Misuse Act 1990, s 3 Unauthorised modification

Software developer AAS Management Systems installed bespoke software with covert timelock for Protech Formulations Ltd. Timelock activated and denied access to software after dispute arose over unpaid fees. Held - installing and activating a covert software time-lock is an Unauthorised modification. Defendant convicted. Conditional discharge. Decision widely reported as "time-locks are illegal".

R v Vatsal Patel

Aylesbury Crown Court 02/07/1993 [1993] C&L Vol 5 Issue 1 April 1994 Computing 15 July 1993

Computer Misuse Act 1990, s 3 Unauthorised modification - Admissibility - PACE s 69

Contract programmer alleged to have deleted software development files to prolong his contract. "Wrecking programs" ran automatically in background to delete software development team's work. Held - evidence of file directory entries was admissible, and that doubts on its reliability go to weight of evidence. Defendant acquitted (first Computer Misuse Act 1990, s 3 acquittal after trial).

R v Strickland, R v Woods

Southwark Crown Court 21/05/1993

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Hacking by Eight Legged Groove Machine 8LGM gang - JANET Joint Academic Network, NAA, BT, Financial Times, European Commission sites hacked by 8LGM. Alleged damage of £120,000. Defendants pleaded guilty and convicted. Sentence of 6 months imprisonment (first CMA jail sentences). Hacking described as "intellectual joyriding" and "not harmless".

R v Paul Bedworth

Southwark Crown Court

Computer Misuse Act 1990, ss 1, 3 Unauthorised access - Unauthorised modification - Conspiracy

Hacking by Eight Legged Groove Machine 8LGM gang - JANET, BT, Financial Times, European Commission sites. Alleged damage of £120,000. Expert psychiatric evidence of obsessive addiction to hacking. Held - defendant was "addicted to hacking", and lacked criminal intent. Defendant acquitted.

R v Elaine Borg

[Not Known]

Computer Misuse Act 1990, s 2 Unauthorised access with intent to commit further offence

Computer operator at Henderson Financial Investment Services accused of hacking into the company's computer system with intent to defraud her employer of one million pounds. Defendant acquitted on Computer Misuse Act 1990, s 2 charge

R v Gareth Hardy

Old Bailey

Computer Misuse Act 1990, s 3 Unauthorised modification - Denial of access

Encryption package installed by defendant computer manager. Time-lock (data no longer decrypted) activated one month after end of defendant's employment. Defendant pleaded guilty and convicted. £3000 compensation order and 140 hrs community service order.

R v Trollope

Worcester Crown Court

Computer Misuse Act 1990, s 3; Theft Act 1968 Unauthorised modification - Theft of client list - Confidential information

Ex-employee stole 1,700 customer records on backup tape before setting up competitive PC networking company. Alleged denial of access to original customer records by virus. Defendant convicted of theft and acquitted of unauthorised modification virus charge. Conditional discharge and £15 compensation order.

Attorney-General's Reference (No.1 of 1991)

Court of Appeal 16/06/1992 [1992] 3 WLR 432, [1992] 3 All ER 897, [1992] CL&P Vol 8, No 4 95

Computer Misuse Act 1990, s 1 Unauthorised access - Meaning of "any computer"

Cropp Appeal - appeal against acquittal of ex-employee alleged to have obtained 70% discount to which he was not entitled using POS till. Held - meaning of "any computer" was not "any other computer".

R v Richard Goulden

Southwark Crown Court The Times 10 June 1992 Computer Weekly 18 June 1992

Computer Misuse Act 1990, ss 1, 3 Unauthorised modification - Denial of access

Software contractor in dispute with company over unpaid fees installed access control security package. Denial of access by witholding password. Alleged damage of £36,000. Defendant convicted. Conditional discharge and £1650 fine.

R v Cropp

Snaresbrook Crown Court 05/07/1991 [1991] 7 CLSR 168, [1991] CL&P July/August 270 Computer Weekly 11 July 1992

Computer Misuse Act 1990, ss 1, 2 Unauthorised access - Theft

Defendant ex-employee alleged to have obtained 70% discount to which he was not entitled using POS till. Defendant acquitted after jury instructed that access was required from another computer.

R v Ross Pearlstone

Bow Street Magistrates Court

Computer Misuse Act 1990, ss 1, 2 Unauthorised access

Ex-employee made unauthorised use of his former employer's Mercury telephone account to make "free" calls. Defendant pleaded guilty to two charges and convicted (first CMA 1990 conviction). £900 fine.

R v Bennett

[Not Known]

Computer Misuse Act 1990, s 1 Unauthorised access - Misuse of police national computer.

Ex-police superintendent used police national computer to track down his ex-wife's new partner Defendant pleaded guilty and convicted. Fined £150 and costs order.