Leading solicitors specialising in defending internet & cyber crime offences (London & Manchester)
Any kind of crime that is committed online could be classed as Cybercrime. Most people would traditionally visualise cybercrime as ‘hacking’ which is governed under the Computer Misuse Act. There are, however, other types of cybercrime and computer related crime which we can look at below.
The Computer Misuse Act 1990
The concept of cybercrime is relatively modern, although the relevant legislation dates back to 1990. When the legislation was created there was still ‘dial up’ internet modems and the internet was used much less than it is today. The legislation was designed to deal with issues raised in the case of R v Gold & Shifreen, where the defendants had used conventional home computers and modems to gain access to British Telecom’s Prestel interactive viewdata service. Armed with information they had obtained from a BT employee the pair explored the system and gained access to the personal message box of Prince Phillip.
The Computer Misuse Act was created at the time to deal with issues raised by this case and although is old law (relative to the speed of how the internet has developed) it is still seen as generally good law, though there have been calls for it to be updated in light of modern developments.
Investigations into cybercrime can carry significant complexities and span jurisdictions. UK investigations are often part of wider investigation conducted by law enforcement around the world. The FBI are regularly at the forefront of this, and can work in tandem with the NCA in the UK.
Prosecutions for cybercrime are brought under the Computer Misuse Act 1990 (CMA). The CMA does not actually define a computer, and this is left to the courts who adopt the definition found in DPP v McKeown, DPP v Jones . Lord Hoffman defined a computer as “a device for storing, processing and retrieving information.”
The CMA details several offences:
Section 1: unauthorised access to computer material
It is an offence under section 1 to cause computer to perform a function with intent to secure access to a programme or data without authorisation. The accused must have knowledge that the access was unauthorised, recklessness is insufficient. Section 1 carries a maximum of two years’ imprisonment.
Section 1(2) shows that the intention of the accused not have to be aimed at a specific programme. Section 1(2) also includes for employees who deliberately exceed their authority and access areas of to which they are denied access.
It should be noted that the legislation does not provide a defence for ‘ethical hackers’ who probe (without permission) a computer system looking for security flaws. Ethical hackers are at risk of prosecuted for doing this, if caught, subject to the interest of justice test. This is discussed further in this article.
Section 2: unauthorised access with intent to commit or facilitate commission of further offences
This offence involves the unauthorised access offence under Section 1 but adds an element of intention to commit or facilitate a more serious ‘further’ offence. A Defendant cleared of the Section 2 offence could still be convicted of under Section 1.
Offences could be theft by diverting electronic funds or gaining sensitive information for the purposes of blackmail. Section 2 carries a maximum penalty on indictment of five years’ imprisonment.
Section 3: unauthorised acts with intent to impair, or with recklessness as to impairing, the operation of a computer
This offence involves an (a) impair the operation of any computer, (b) prevent or hinder access to any program or data held in any computer; (c) impair the operation of any such program or the reliability of any such data; or enable any of the three aforementioned points above to be done.
The case of DPP v Lennon (2006) established that Section 3 is relevant to distributed denial of service attacks (DDoS). This offence carries a maximum sentence on indictment of 10 years’ imprisonment or to a fine or both.
Section 3ZA: unauthorised acts causing, or creating risk of, serious damage
This offence carries a maximum sentence on indictment is 14 years. However, Section 3ZA may carry a life a sentence if it caused or created a significant risk of serious damage to human welfare or national security, as defined in Section 3 (a) and (b).
Section 3A: making, supplying or obtaining articles for use in offence under Section 1, 3 or 3ZA.
This offences covers the market which comprises of electronic malware which can be used to access computer systems. The CMA does not define article but section 8 of the Fraud Act 20017 provides that an article includes any programme or data held in an electronic form. Section 3A(2) involves supplying an article likely to be used to commit an offence under section 1 or 3. This offence carries a maximum sentence on indictment is two years’ imprisonment.
Section 4 liability for the offences under sections 1, 3 or 3ZA requires proof of at least one significant link with the home country concerned. A significant link may entail: presence in the home country at the time of the offence. The victim’s presence in the home country. Online activity involving a server based in the home country.
Other Types of Cybercrime
Dark Web Allegations
The ‘dark web’ has been seen much in the media in recent years. Accessible via TOR it offers a degree of anonymity unlike the ‘normal’ internet.
Various prosecutions have come about through the illicit use of the ‘dark web’. Most famously was the arrest in America by the founder of the ‘Silk Road’ website Ross Ulbricht. Following that there were arrests in the UK of students who were buying and selling drugs on the Silk Road website. This investigation was led by the National Crime Agency in the UK and was the first case of its kind seen here. Olliers represented one of the defendants in that case.
Other allegations often arise from the dark web including the distribution of indecent material. Olliers have dealt with numerous cases involving the investigation and distribution of such material.
Distribution of ‘Pirated’ Copyright Material
Websites and file sharing platforms are often used to distribute films, videos and music illegally. Sometimes this is done by individuals and sometimes by groups. Olliers previously represented a defendant alleged to be part of an online group who were alleged to be responsible for the online distribution of film torrents prior to their official release. We are able to advise in relation to all aspects of the such cases and the implications of dealing with copyrighted and trademarked films and videos.
Terrorism Related Cyber Cases
The Terrorism Act 2000 allowed for an action designed seriously to interfere with, or seriously to disrupt, an electronic system to be categorised as a terrorist action if both of the following conditions are satisfied:
- It is designed to influence the government or to intimidate the public or a section of the public; and
- It is made for the purpose of advancing a political, religious or ideological cause
For more information on terrorism related offences click here.
Identity Theft and Phishing Scams
Identity theft involves the theft of someone’s personal details and can be carried out by a number of different methods.
- Trashing – obtaining discarded documents from rubbish bins, or stealing documents from their owner.
- Phishing – sending emails purporting to be from a reputable organisation, in order to trick victims into revealing their personal information.
- Smishing – sending SMS text messages to trick victims into revealing their personal information.
- Vishing – using the telephone system to trick victims into revealing their personal information.
Although identity theft is not a specific criminal offence, there are a number of other criminal offences which may be charged in cases of identity theft and fraud. These include: theft, fraud by false representation, possession of articles for use in fraud, obtaining services dishonestly and false accounting.
Identity theft is also linked to the commission of other fraud offences such as credit card fraud, bank fraud, tax rebate fraud, benefit fraud and telecommunications fraud.
Other Computer Related Offending
Although arguably not cybercrime there are a number of other offences that would fall under the ‘computer related crime’ umbrella as follows:
- R v PL – The defendant was investigated by his local police force following an NCA investigation into the ‘WeLeakInfo’ website that sold hacked confidential data to subscribers. When we represented him in interview we put forward a pre-prepared statement in interview where he accepted that he had a subscription to the website and accepted that he would look for and use personal data on other gamers he played online games with. He also accepted having received and stored vast amounts of personal data from other gamers. Eventually the case was concluded with the defendant being offered a cybercrime diversionary course, avoiding both a caution and conviction. He described being very relieved and happy with the outcome.
- R v LP – The defendant was investigated for ‘hacking’ his children’s school online system. The system was used by the School to track pupils progress and enable parents to access their own children’s information. The defendant thought that the system appeared insecure and probed the system to see what online weaknesses it had. This triggered the systems security alert and the Police were called in. Initially he denied being involved with another firm of solicitors. When we got involved we advised the defendant that the better approach was to accept he had probed the system but indicate that it wasn’t a ‘malicious hack’ but rather an ethical hack that was well intended. The Police accepted this was the case and allowed a conditional caution instead of him being prosecuted.
- Olliers represented MH, who was prosecuted for 2 counts which were deemed to have assisted and encouraged the co-defendant NC to commit a number of offences against the Company he previously worked at, under the Computer Misuse Act. NC had been made redundant and was aggrieved about this. He communicated with MH and discussed how he planned to get revenge against his former employers. The conversation was via WhatsApp and was used as evidence against them both. During the conversation MH ‘advised’ NC as to what he should do and made various suggestions to him. Thereafter NC launched a ‘cyber attack’ on his previous company during which he diverted funds into his own account, bought items using company funds, used a virus that shut down their website and blackmailed the company to regain access. Olliers successfully argued that MH shouldn’t get a custodial sentence for his role for a number of reasons primarily because he hadn’t envisaged the scale of the attack, that he had never been in trouble before and he offered to compensate the company for the damage caused. This was an excellent result in the circumstances and the outcome could have been more damaging.
- Olliers represented a client at the Police Station and Court for involvement in a large scale global drug dealing group linked to the ‘dark web’ and notorious website ‘The Silk Road’. The client was a student at Manchester University at the time of his arrest that followed the arrest of the creator of the website Ross Ulbricht in America by the FBI. The National Crime Agency (NCA) led the investigation in this Country which involved evidence obtained from the FBI in America.
- Olliers represented a client allegedly involved in an online ‘hacking’ group. This group was alleged to have had early access to a number of films and posted them on a member only access forum illegally. This led to an alleged fraud in the region of £1,500,000.
- Olliers represented a client who was alleged to have interfered with websites shopping cart by altering values reducing cost for purchase. This was an investigation under the Computer Misuse Act.
- Olliers represented a client at the Police Station who was alleged to have been trading Class A and Class C drugs over the ‘Dark Web’. Ultimately the client was only charged with possession of Class C drugs and received a financial penalty at court.
- Olliers represented a client who was alleged to have deleted data from their workplace. The employer alleged that this data breach had led to the closure of their business. We entered a guilty plea on a specific basis limiting their involvement and successfully argued for a non-custodial sentence.
Need a Cybercrime Criminal Solicitor?
If you are facing an allegation of internet or cybercrime, contact us by telephone on 0161 834 1515, email email@example.com or complete the form below to send us a message.