UK Govt. Publishes Guidelines for Checking Hacking Tools Distribution

The government of the UK has published guidelines for computer users to refer in the use of the proposed laws against hackers but the guidelines have drawn some criticism.

The measure is one of the amendments made to the Computer Misuse Act incorporated in the 2006 Police and Justice Act. However, the prohibition, together with policies to raise the maximum punishment for hacking crimes to ten years and considering denial-of-service offences strictly illegal, are yet to be implemented. This implementation would possibly happen only in May 2008 so that there is no clash with the Serious Crime Bill that is being assessed in the House of Commons.

The UK's laws on computer crime have nearly become outdated and need reviewing and mediations on an urgent basis. According to critics, security consultants and system administrators use several of these applications to legitimately hunt vulnerabilities in systems.

The differences between, say a tool to crack password and one to recover password, or a function used to execute Denial-of-Service (DoS) conditions and one to test the stress factor of a network, are minor. The fact that tools ranging from nmap used for hacking, to perl and wireshark that can be employed for both legal and offensive purposes, creates an obvious problem.

Therefore, if the existing Computer Misuse Act were amended, developing or distributing tools for hacking would become illegal. However, analysts in the industry have criticized the vague way the government has defined a hacking program.

The Home Office, even after lobbying, has rejected the proposal to withdraw the offence that results from distribution. This then could allow prosecution of individuals who distribute nmap.

The offence is partly described as anyone who supplies or offers to supply despite knowing that it would be used directly or indirectly to commit an offence under Computer Misuse Act. So says Cambridge security researcher Richard Clayton via his blog that it is important to understand what it means 'knowing that it would be used'. Pcpro published this on January 3, 2008.

The Crown Prosecution Service guideline hints that prosecutors need to determine if the tool is being used for commercial purposes and being sold legally.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 1/14/2008