Computer hackers could now face up to 10 years in jail, under new laws passed by the Commons on Monday.
The new laws, proposed by Home Secretary Charles Clarke as part of the Police and Justice bill, will also make it possible to extradite hackers from other countries to stand trial in Britain. A large number of attacks are carried out over the internet from outside the UK.
“One of the growing new threats that can only be tackled through extensive international cooperation is the continued threat posed by computing hacking,” Mr Clarke told the Commons on Monday.
New types of activities will become illegal under the new laws. For example, making or supplying “hacking tools” – computer programmes or code that can help crack passwords or bypass security systems – will become punishable by up to two years in prison.
The law will also be clarified to make it illegal to hamper the operation of a computer, closing a loophole that has made it difficult to prosecute hackers for so-called “denial of service” attacks, which are increasingly being used to bring down corporate computer systems.
In these types of attacks, hackers bombard a computer system with hundreds of thousands of requests for information over the internet, so that the servers are overloaded and cannot function.
Criminal gangs have used this technique to shut down the internet sites of large online retailers and gambling companies, demanding that companies pay up large sums to stop the attacks. This can cost online companies millions of pounds in lost business, but current computer laws under the Computer Misuse Act of 1990 are unclear on whether stopping a computer from working is illegal.
Under the amended Act, however, hackers could be sentenced to up to 10 years in prison for denial of service attacks.
Jeremy Beale, head of e-business at the Confederation of British Industry, which has been lobbying government to become tougher on computer crime, said:
“There have been very few prosecutions under the Computer Misuse Act to date, but the new laws could give security a wider currency with businesses.”
Computer crime cost UK companies around £2.45bn in 2004, according to estimates by the National Hi-tech Crime Unit.
The government has been pushing to educate companies on the dangers of computer crime and has issued a number of initiatives and guidelines encouraging companies to install better protection on their computer systems.