The criminalisation of denial of service attacks is to be delayed by six months, the Home Office has revealed.
Measures to criminalise DoS attacks have been lying unused in existing laws since November 2006, and had been due to be activated this Spring. But that now won't happen until October, the Home Office said today in a statement.
"The Government intends to implement the changes to the Computer Misuse Act 1990, as set out in the Police and Justice Act 2006 and subsequently further amended in the Serious Crime Act 2007, in October 2008," read the statement. "The Government intends to bring all of the changes in together."
The changes will formalise criminalise DoS attacks. Though they are technically already illegal, there have been recent cases where hackers have escaped punishment.
Struan Robertson, a technology lawyer at Pinsent Masons said: "There is a misconception at the moment that denial of service attacks are legal. They're not, but that's not widely understood. It's useful to have the clarity that comes with the changes to the law. They put beyond any doubt that it's illegal."
The delayed changes will also criminalise the distribution of hacking tools. Some critics claimed some ethical hacking practices could become illegal.
But Robertson played down such concerns. "It shouldn't affect white hat hackers. It's unlikely the law would be used in that way, to affect anyone using these tools for legitimate purposes," he said.
Once the changes have been activated, the maximum penalty for launching a denial of service attack will be ten years and the penalty for gaining unauthorised access to computer systems will be quadrupled from six months to two years.
The changes are already in force in Scotland, having been introduced in October 2007.