Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

UK Government Wants More Jail Time for Hackers

In the speech delivered at the start of the parliamentary session, Queen Elizabeth II revealed the UK government’s plans to hand out tougher sentences for those found guilty of launching cyber attacks.

In the speech delivered at the start of the parliamentary session, Queen Elizabeth II revealed the UK government’s plans to hand out tougher sentences for those found guilty of launching cyber attacks.

The British government has proposed the Serious Crime Bill, under which the Computer Misuse Act 1990 will be amended “to ensure sentences for attacks on computer systems fully reflect the damage they cause.”

Digital Fingerprint UK

The Serious Crime Bill “will be brought forward to tackle child neglect, disrupt serious organized crime and strengthen powers to seize the proceeds of crime,” the Queen said in her speech.

In the current version of the Computer Misuse Act, individuals who cause “a significant risk of severe economic or environmental damage or social disruption” face a 10-year prison sentence, but if the legislation is updated, the maximum sentence will become 14 years.

Cyberterrorists ─ those responsible for cyber attacks that result in “loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof” ─ will face life in prison once the Computer Misuse Act is updated.

The proposed changes would also allow those suspected of committing cetrain terrorism-related offences overseas to be prosecuted in the UK.

In addition to the changes made to the Computer Misuse Act, the Serious Crime Bill also targets those who possess “pedophilic manuals.”

Cyber security experts in Britain are not happy about the changes, highlighting the fact that the government also needs to ensure that those involved in security research are not erroneously identified as cybercriminals.

“I have serious concerns regarding the proposed changes to the Computer Misuse Act; I suspect it’s more smoke and mirrors than anything of real substance,” Paul Moore, a UK-based IT security consultant, told SecurityWeek.

“We already have sufficient laws in place to prosecute where there are clear cases of cyber crime, but they’re rarely put to good use. Without a general consensus on what constitutes ‘cyber crime,’ penetration testers/research firms are often unfairly tarred with the same brush,” Moore added.  

“Purely from a technical standpoint, it’s true there are many similarities. The difference however is intent; itself notoriously difficult to prove.  If security issues are handled according to the principles of responsible disclosure, there should be no need to pursue the matter through the courts.”

In October 2013, the United Kingdom launched the National Crime Agency, which has been responsible for tackling organized crime, economic crime, border policing, child exploitation and cybercrime. The government is also involved in several initiatives aimed at teaching the public about cyber threats, such as CyberStreetWise and GetSafeOnline.

However, these programs have been heavily criticized by security experts over the past period, with many agreeing that the UK is still far from being properly prepared against cyber threats.

“The recent issues surrounding GetSafeOnline, NCA and CyberStreetWise are testament enough to how woefully ill-prepared we are to the threat of cyber crime.  If we can’t discuss and raise awareness to, let alone mitigate, the threat of malware without vital pieces of national infrastructure collapsing for 16+hrs, you have to wonder what’s gone wrong,” Moore told SecurityWeek.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack