The Cuthbert conviction

By on

The conviction of Daniel Cuthbert last month for attempted unauthorised access of the Disasters Emergency Committee's tsunami appeal website on New Year's Eve stakes out a whole new area of potential prosecution for infosec pros.

This is the first conviction for attempted, rather than actual, unauthorised access to a computer system. So why did Cuthbert end up in the dock for just trying it on?

The defence counsel claimed Cuthbert was testing the security of the site – to which he had given his details – by "nudging the door".

But Judge Purdy said that Cuthbert's ultimate aims, whether "malevolent or benevolent", did not bear upon the fact that "unauthorised access, however praiseworthy the motives, is an offence."

Several factors led to his conviction, not least the fact that he initially lied to the police when he was arrested.

"The Disasters Emergency Committee's... donation portal was pivotal to the charity fundraising efforts in support of the tragic events of the tsunami," said DI Chris Simpson, head of the Met's Computer Crime Unit.

"Any loss of public confidence in that site, such as the revealing of a security vulnerability, would have seriously undermined the level of donations and, ultimately, UK-based charities' response to that crisis."

What Cuthbert did on the afternoon of New Year's Eve last year took between 30 seconds and two minutes. But what long-lasting effect this will have on the IT security community is unclear.

The case will set a precedent, albeit for comparatively minor infringements of 1990's Computer Misuse Act. And recent proposed changes to the CMA, namely the inclusion of DoS/DDoS as a named crime and increased sentences, will give the police further powers to extradite cybercriminals based abroad.

Peter Sommer, a senior research fellow with the LSE's Information Systems Integrity Group, said security professionals would now almost certainly have to be more careful and would want to have a cast-iron description, when hired, of what they were authorised to do.

Sommer, who examined logs for Cuthbert's defence and was an expert witness to the court, said he thought Cuthbert had paid a very heavy penalty and that he had had "grave misgivings" about the decision to prosecute.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?