×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

British Teen Cleared in "E-mail Bomb" Case

samzenpus posted more than 8 years ago | from the whatever-I-do-what-I-want dept.

The Courts 155

legaleagll writes "According to this article , a British Judge has ruled that a teen who sent approximately 5,000,000 e-mails to his former employer was not in violation of the U.K.'s Computer Misuse Act. It appears that the Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

155 comments

'editors' heh (3, Informative)

Neil Blender (555885) | more than 8 years ago | (#13938546)

Summary says 3 million, the article clearly, even hyperlinked so it's highlighted, says 5 million.

Re:'editors' heh (2, Funny)

destuxor (874523) | more than 8 years ago | (#13938558)

Just as the rape victim shouldn't've worn a short skirt, the employer should've had a faster mailserver damnit!

being that (0)

Anonymous Coward | more than 8 years ago | (#13938606)

Saying "being that" makes one sound like a dumbass. If I were an editor, I would have thrown out the article submission and ridiculed the submitter.

Re:being that (3, Funny)

Neil Blender (555885) | more than 8 years ago | (#13938621)

And look at that floating comma... "According to this article , a British Judge..." They really should stop calling themselves editors and start calling themselves what they really are - cronjobs. They probably spend five minutes in the morning picking stories and play games for the rest of the day.

Re:being that (3, Funny)

utnow (808790) | more than 8 years ago | (#13938803)

Your mom gave me a cronjob last night...

Re:being that (1)

Neil Blender (555885) | more than 8 years ago | (#13938881)

Really? I didn't know she started working on 2s. I thought she only worked on 5s and 6s.

Moral of the Story (2, Funny)

ShieldW0lf (601553) | more than 8 years ago | (#13939046)

If you live in Britian, drop this article around the office, then start dressing like someone from the matrix and talking in tech jargon. Your boss will fear you, and you'll be able to get away with murder!

Re:Moral of the Story (2, Funny)

Gumph (706694) | more than 8 years ago | (#13939406)

What do you mean START dressing like some from the matrix and talking in tech jargon?

Re:'editors' heh (5, Funny)

austinpoet (789122) | more than 8 years ago | (#13938649)

The editors converted it from British Emails into American e-mails. Thus 5 million becomes 3 million.

Oh wait that's still backwards. *shakes fist* damn editors!

Re:'editors' heh (0)

Anonymous Coward | more than 8 years ago | (#13939694)

Which translates to something like 374 million japanese emails... so if this article ever is put on http://slashdot.jp/ [slashdot.jp] get ready to see that number!

Re:'editors' heh (1, Insightful)

Anonymous Coward | more than 8 years ago | (#13938885)

More importantly, this is a story about an assclown who flooded an e-mail server and got away with his abusive behavior on a technicality in British law... one which will surely be corrected soon.

How the fuck does this have anything to do with "my rights online?"

Unless you think I have an inalienable right to be an assclown, in which case, HAND.

Re:'editors' heh (1)

Taladar (717494) | more than 8 years ago | (#13939282)

I would argue that it is "your right online" not to be flooded by millions of emails from the same person if you run an email server.

Re:'editors' heh (2, Funny)

pe1chl (90186) | more than 8 years ago | (#13939276)

No no no... the summary says 3,000,000 and the article says "5 million".

We all know that "5 million" equals "3,000,000".
If they meant "5,000,000" they would have written "5 mebimillion".

Re:'editors' heh (3, Informative)

Tim C (15259) | more than 8 years ago | (#13939325)

I thought it had been established long ago that the slashdot editors don't edit as such, they just approve and reject stories. No checking for factual accuracy, grammar, spelling, or any other things real editors would do is performed - it's even in the FAQ.

That said, that was fine when this was a hobbyist site; it's somewhat irksome now that it's a commercial venture. Not that I pay anything for it, other than the time spent frequenting and contributing of course...

e-mail bomb? (5, Funny)

Anonymous Coward | more than 8 years ago | (#13938552)

What a nerd. "If my electronic mail-bombe doesn't inconvenience my former employer, then my name isn't Melvin Q. Ucklesworth!"

This is most likely what he said while rubbing his peach-fuzz moustache (nothing to twirl evilly quite yet.)

Re:e-mail bomb? (0)

Anonymous Coward | more than 8 years ago | (#13938618)

All my friends who know nothing about computers have at least unkempt looking peachfuzz (makes them look like bums, hehe) but I and the other computer geeks have none. And we don't shave. I should examine my CRT. And maybe send 5 million emails to the people who look like bums.

Why does my job remind me of a song I once knew? (0, Offtopic)

picz plz (915164) | more than 8 years ago | (#13938553)

It went like this:

One little, two little, three little Indians
Four little, five little, six little Indians
Seven little, eight little, nine little Indians
Ten little Indian boys

Ten little, nine little, eight little 'mericans
Seven little, six little, five little 'mericans
Four little, three little, two little 'mericans
One little 'merican boy

Today's secret word is: methods. For the rest of the day, whenever anybody says the secret word, scream real loud!

Pros and Cons of a good piece of legislation (5, Insightful)

Palal (836081) | more than 8 years ago | (#13938556)

How do we strike a balance between a piece of legislation that covers any crime that may not have been thought up yet, without prohibiting activities that are not necesserily criminal that will be invented in the future? This is something that no country has come up with yet and this is unlikely to happen any time soon due to various governments in power. (cough)

Re:Pros and Cons of a good piece of legislation (4, Insightful)

grogdamighty (884570) | more than 8 years ago | (#13938753)

The obvious answer is that legislation should be for there here and now, updated as necessary for changes in society. Rather, any "enduring" legal work should be through the constitution - the basic rights fleshed out by legislation.

Thus, the Second Amendment allows citizens to bear arms so that they are never helpless before the government, but more current legislation is designed to keep criminals from using guns to harm citizens (no concealed weapons in certain locales, background checks, etc.)

Re:Pros and Cons of a good piece of legislation (0)

Anonymous Coward | more than 8 years ago | (#13938791)

Crap company and crap boss.
They got what they had comming.
It needs to happen more not less.
walmart ne1

Here is what you can do: (1)

ToadMan8 (521480) | more than 8 years ago | (#13938793)

You write something like Miami University has in its Responsible Use of Computing Resources document. You can read it at http://kb.muohio.edu/cgi-bin/webcgi.exe?new,KB=MUK B,case=obj(4831) [muohio.edu] if you are interested.

There is very little technology specific language in it, and it was written many, many years ago. We look to revise it at a certain interval, and always come to the conclusion that it still stands and applies as well as it did when it was written. The student judicial system and technology advisers get involved in the interpretation of the policy if something happens, and the governmental judicial system should do something similar in the real world.

Re:Pros and Cons of a good piece of legislation (2, Insightful)

nunchux (869574) | more than 8 years ago | (#13938825)

I don't like the idea of laws that foresee possible misuses of technology in the future, because by their nature they would have to be so vague that they would almost certainly have an adverse affect on freedom. Of course the DMCA is an example of this.

Really, it should be extremely difficult to pass a new law, and it should be clear that there is a solid need for it. Yes, that means the first people who commit crimes using new technology in new ways may not be prosecuted (note that I'm not talking about using new technology to commit EXISTING crimes), but that's better than the alternative. (And I wouldn't say in this case the kid got away scot free-- he was prosecuted, which at the very least is a scary thing, and potentially costly in legal bills as well.)

Oh and yeah, that kind of sucks for the victim, but in some cases (like this) the matter could at least be taken to civil trial.

Re:Pros and Cons of a good piece of legislation (2, Insightful)

Cl1mh4224rd (265427) | more than 8 years ago | (#13939099)

How do we strike a balance between a piece of legislation that covers any crime that may not have been thought up yet, without prohibiting activities that are not necesserily criminal that will be invented in the future?
What if we give people the responsibility and power to evaluate a given situation as it applies to a certain law? I think we should call them "judges"...

Re:Pros and Cons of a good piece of legislation (0)

Anonymous Coward | more than 8 years ago | (#13939256)

How do we strike a balance between a piece of legislation that covers any crime that may not have been thought up yet, without prohibiting activities that are not necesserily criminal that will be invented in the future?

Anything that's prohibited by criminal law IS necessarily a criminal act. That's what it means for something to be criminal.

Re:Pros and Cons of a good piece of legislation (2, Insightful)

squoozer (730327) | more than 8 years ago | (#13939469)

Simple you provide a set of guidelines, perhaps backed up by examples, that define misuse. For instance phrase it thus:

Any action that deliberately sets out to damage, render unavailable or diminish in capability any computer system.

It would be quite easy to prove that sending 3,000,000 emails to your ex-employer, especially in a short span of time, would fall foul of that law. Yes, you have to prove intent but you would have to do that anyway. Accidents wouldn't fall foul of this law but a clause for negligence could be added. The problem is that a law thus phrased would require interpretation by the jury which is something most Governments seem loath to allow them to do. The upside is that this law would be good for the foreseeable future and would probably cover most new crimes. I suppose the problem is that if we had high level laws and a true trial by jury the Govenment would rapidly lose one of it's basic functions - to make more laws.

Re:Pros and Cons of a good piece of legislation (2, Funny)

DrSkwid (118965) | more than 8 years ago | (#13939614)

Some years ago a friend of mine was a phreaker. Eventually he got caught.
The cops had to individually read out each phone call from the itemized list they had been given saying something like "on 12th september 1985 did you make a call to 555 5555" and he had to answer yes or no. It took them 10 hours of interview to get through the list.
When it got down to it there wasn't a suitable law in statue and they could only charge him with "Theft of Electricity" and he ended up with a minor fine.

Time for a new server. (4, Insightful)

CyricZ (887944) | more than 8 years ago | (#13938562)

Perhaps it is time for that business to invest in a more modern mail server. Indeed, even the lowliest of Dell servers running Linux or FreeBSD can easily handle 5 million email messages, even if sent in a very short period of time. A large amount of mail should never cause the server to completely crash, even if it does consume much bandwidth and cause other delays.

Re:Time for a new server. (1)

OverlordQ (264228) | more than 8 years ago | (#13938584)

Indeed, even the lowliest of Dell servers running Linux or FreeBSD can easily handle 5 million email messages, even if sent in a very short period of time.


Erm, i'd severely doubt that, let me email 5,000,000 messages in 5 minutes and see if your server/network dies.

Re:Time for a new server. (3, Insightful)

CyricZ (887944) | more than 8 years ago | (#13938593)

Would my server straight out die? Of course not. It would queue the messages for as long as possible, and if the server happened to run out of disk space, it would begin rejecting the messages. The one thing it would not do is crash.

Re:Time for a new server. (1)

LogicX (8327) | more than 8 years ago | (#13938603)

And then it spawns more and more processes to process the mail, eating up ram, at which point any other services on the box may be overloaded and deprived of resources.
Immense disk swapping ensues. System load increases.
Server 'crashes' (becomes so unusable as to be unresponsive even to administrative use, much less queueing or sending mail anymore).

Re:Time for a new server. (3, Informative)

Anonymous Coward | more than 8 years ago | (#13938652)

And then it spawns more and more processes to process the mail, eating up ram, at which point any other services on the box may be overloaded and deprived of resources.

The default configuration of sendmail and many other common MTAs is to delay and stop accepting email to prevent exactly that.

Re:Time for a new server. (0)

Anonymous Coward | more than 8 years ago | (#13938814)

It would still be a DOS attack for anyone else wanting to use the server to either send or receive mail from flooding the network.

Re:Time for a new server. (2, Informative)

CyricZ (887944) | more than 8 years ago | (#13938715)

There are numerous ways to limit the excessive resource misallocation you mention. Again, any half decent mail server can do that, as can any half decent operating system.

And a thrashing server is not a crashed server by any means. If it's running a decent operating system (most UNIX-like systems, for instance), it should be working just fine within a short amount of time. Yes, it may not be the most responsive system for a little while, but it sure hasn't crashed.

Re:Time for a new server. (2, Informative)

Fulcrum of Evil (560260) | more than 8 years ago | (#13939001)

And then it spawns more and more processes to process the mail, eating up ram, at which point any other services on the box may be overloaded and deprived of resources.

No, the mail server is a dedicated box, and thee are limits to how many processes it will spawn. What it will do is queue a bunch of messages and work through the backlog. I can build a $3k box (plus the cost of a storage array if needed) that will handle a 20Mbit stream of mail all day long. This isn't rocket science.

Re:Time for a new server. (1)

mcrbids (148650) | more than 8 years ago | (#13939174)

No, the mail server is a dedicated box, and thee are limits to how many processes it will spawn. What it will do is queue a bunch of messages and work through the backlog. I can build a $3k box (plus the cost of a storage array if needed) that will handle a 20Mbit stream of mail all day long. This isn't rocket science.

Perhaps this should start out as "no my mail server is a dedicated box..."?

See, there are other people in the world than yourself. And, while it's not hard to put together a Linux/sendmail server that can handle a 20 Mb stream, building one that also runs, oh, say, a web server, WebDAV, SQL, and a few other services useful to a small business may lead you to places where it's not true anymore. And, since SCSI drives are expensive, you'll typically see a smaller (maybe 20 GB) drive on it on your small business, entry level server that's a year or two old. With an average email sizing about 50k, 50k * 1 million adds up to 50,000,000,000 - whoops! Your hard drive just got seriously whumped!

Plus, your "20 Mb stream" server doesn't take into account anything at all resource-intensive, such as SpamAssassin, anti-virus, greylisting, or most of the other, processor-intensive functions now in common use. In reality, your baseline "20 Mb stream" server only proves that a modern SCSI drive can read/write data at a rate greater than 20 Mbps.

Congratulations! I'm thoroughly unimpressed. Come back when you have something relevant to say.

Re:Time for a new server. (2, Informative)

Fulcrum of Evil (560260) | more than 8 years ago | (#13939251)

See, there are other people in the world than yourself. And, while it's not hard to put together a Linux/sendmail server that can handle a 20 Mb stream, building one that also runs, oh, say, a web server, WebDAV, SQL, and a few other services useful to a small business may lead you to places where it's not true anymore.

Anybody that runs production hardware like that deserves what they get. There are serious security problems with running all-in-one solutions; if your needs are really so small, get a site-hosting arrangement for $25/mo. I was referring to any company large enough to run their own stuff.

And, since SCSI drives are expensive, you'll typically see a smaller (maybe 20 GB) drive on it on your small business, entry level server that's a year or two old.

If it's entry level, then it's probably IDE, and 80GB is easy for a small server 1.5 years old. Sorry, but your numbers aren't really credible.

Plus, your "20 Mb stream" server doesn't take into account anything at all resource-intensive, such as SpamAssassin, anti-virus, greylisting, or most of the other, processor-intensive functions now in common use. In reality, your baseline "20 Mb stream" server only proves that a modern SCSI drive can read/write data at a rate greater than 20 Mbps.

Any modern disk can do 20Mb/sec. SCSI is no longer necessary for much aside from SAN apps. Regardless of the tasks performed, my point was that no properly configured server should choke on mail. This is a solved problem.

Re:Time for a new server. (5, Insightful)

mcrbids (148650) | more than 8 years ago | (#13939392)

I take you you have little/no experience working with small businesses?

My "not credible" numbers are very typical for scenarios I work in. In this world of small enterprises, it's very normal to run an entire business with just a single server. Bitch all you want to about whatever security issues, I sure have.

Small business owners tend to have a case of megalomania. If they can pet the box, they "own" it. Thus, they'll spend $2,000 on a server rather than $25/mo on a managed solution because they can pet the box, even as they explain about the increased downtime because they don't have a dedicated admin, like their ISP.

Just because it's not true in your world, doesn't mean it isn't true!

Re:Time for a new server. (1)

Gumph (706694) | more than 8 years ago | (#13939430)

o, the mail server is a dedicated box, and thee are limits to how many processes it will spawn. What it will do is queue a bunch of messages and work through the backlog. I can build a $3k box (plus the cost of a storage array if needed) that will handle a 20Mbit stream of mail all day long. This isn't rocket science. Perhaps this should start out as "no my mail server is a dedicated box..."?
Actually what I think the proper terminology is: "No, MOST mail servers run on a dedicated box!" For this we know to be true!

Re:Time for a new server. (0)

Anonymous Coward | more than 8 years ago | (#13939680)

no way are you going to get exchange or business equivalent for $25 per user per month in the UK, bandwidth is going to be a major expense as well if you want to store mail centrally - think 10K USD / year for your business class 2mbps connection. Oh and account changes cost $ too. suddenly that box and that part time outsourced sys admin seems worth it.

Re:Time for a new server. (1, Funny)

Shut the fuck up! (572058) | more than 8 years ago | (#13938596)

Here is CyricZ's recipe for posting:

1. Grease up arm all the way to the elbow
2. Insert arm into asshole (all the way to the elbow)
3. Firmly grab hold of a 'fact'
4. Post it to Slashdot

Re:Time for a new server. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13938616)

Heads of state who ride and wrangle Who look at your face from more than one angle Can cut you from their bloated budgets Like sharpening knives through Chicken McNuggets... Now, Heads of state who ride and wrangle Who look at your face from more than one angle Can cut you from their bloated budgets Like sharpening knives through Chicken McNuggets... SHUT THE FUCK UP!! Now, SHUT THE FUCK UP!! Right, right learn to buck up Right, shut the FUCK up, heeeey hoooo Now, now, learn to buck up Ah Alright Oh yeah Ah Now nimble fingers that dance on numbers Will eat your children and steel your thunder While heavy torsos that heave and hurl Will crunch like nuts in the mouths of squirrels Now nimble fingers that dance on numbers Will eat your children and steel your thunder While heavy torsos that heave and hurl Will crunch like nuts in the mouths of squirrels SHUT THE FUCK UP!! Now, SHUT THE FUCK UP!! Right now learn to buck up Right, shut the FUCK up, heeeey hoooo Ya, ya, ya, learn to buck up Now simple feet that flicker like fire And burn like canldes in smokey spires Do more to turn my joy to sadness Than somber thoughts of burning planets Now clever feet that flicker like fire And burn like canldes in smokey spires Do more to turn my joy to sadness Than somber thoughts of burning planets Alright Ok I don't wanna I don't wanna hear it That's right Oh no ok I don't wanna I don't wanna Heeeey hoooo I don't wanna I don't wanna

Re:Time for a new server. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13938757)

The state heads who guide and wrangle who look to yours makes from more than an angle they can cut them from theirs bloated the estimates like the affilamento of the blades through pollo the McNuggets... Hour, the state heads who guide and wrangle who look to yours makes from more than an angle they can cut them from theirs bloated the estimates like the affilamento of the blades through pollo the McNuggets... IT CLOSES THE SWEPT ONE IN ON!! Hour, CLOSES The SWEPT One IN ON!! The right, right learns buck in on radrizza, closed the SWEPT one in on, hoooo of heeeey hour, hour, learns buck alright in on barrette nimble of ampere-hour OH yeah the ampere-hour hour that dances on the numbers will eat your children and the steel your thunder while the torsos heavy who raise and launch sgranocchieranno like dice in the mouths of the scoiattoli hour barrette nimble that they dance on the numbers will eat your children and steel that your thunder while the torsos heavy that raises and launch sgranocchieranno as the dice in the mouths of the scoiattoli HAVE CLOSED the SWEPT one IN ON!! Hour, CLOSES The SWEPT One IN ON!! Hour learns buck in on radrizzano, closes the SWEPT one in on, hoooo Ya, the ya, ya of heeeey, learns hour buck in on the simple feet that tremolano like fire and the ustione like the canldes in the spires of smokey ago more in order turning my joy in the sadness that the thoughts of somber of planets burning the hour the intelligent feet that tremolano like fire and the ustione as the canldes in the spires of smokey they make more in order to turn my joy in the sadness that the thoughts of the somber of planets burning approve of it alright do not wish to I does not wish to feel that that no approval is the OH of right I it does not wish I Heeeey I do not wish I do not wish to

Re:Time for a new server. (1)

thej1nx (763573) | more than 8 years ago | (#13938602)

Erm, i'd severely doubt that, let me email 5,000,000 messages in 5 minutes and see if your server/network dies.

Dude, if you can get a server/network which lets you email 5,000,000 messages in 5 minutes then I am pretty sure he can get a server/network to handle them.

Re:Time for a new server. (1)

Anonymous Luddite (808273) | more than 8 years ago | (#13938731)

>> Dude, if you can get a server/network which lets you email 5,000,000 messages in 5 minutes then I am pretty sure he can get a server/network to handle them.

Umm, no. I don't see anything about methods in TFA, but wouldn't you launch the attack from multiple IPs across multiple address blocks. Like, you know, a "distributed" DOS?

Only one outcome to that scenario...

Re:Time for a new server. (0)

Anonymous Coward | more than 8 years ago | (#13938817)

Mod parent down.

Every fucking article he posts some mindless bullshit just for attention. If you don't give trolls attention they go away.

Re:Time for a new server. (3, Interesting)

Anonymous Coward | more than 8 years ago | (#13939417)

I'am wondering if this helps my case in any way. I stand trial in the Netherlands because I informed a spammer I dodn't like there e-mails. Quite often, 70.000 times according to the spammer, but I think rule #1 is in effect. p.s. In the Netherlands initials are used when newspapers report about suspects, my initials are actually A.C.

Proof... (4, Insightful)

hoka (880785) | more than 8 years ago | (#13938576)

That law has a hard time keeping up with technology. It takes a long time for laws to be made, changed, proven, and stand up in court. It doesn't take nearly as long in the technological world for attacks, defenses, and things in general to change. This is where a lot of the problems are coming from, since most of the time when you get things that are pushed out quickly there are all sorts of acts or laws such as the DMCA or Canadian Do-Not-Call list) which contain all sorts of problems in one way or another. It's just a shame it will take so long for things to really shape up.

Really quite a predicament when too fast means you get poorly written laws, and too slow means the bad guys can work "legally" for a while...

Re:Proof... (3, Interesting)

woolio (927141) | more than 8 years ago | (#13938696)

I think its the letter of the law that confuses people.

If 1000 people camped out in the middle of a public road in front of the entrance to a company, would they be breaking a crime by not allowing people to enter/exit? In essence, they would be executing a "denial of service" attack to the companies road.

Or what if a few 18-wheelers decided to park in the middle of an interstate to block it. This is also a DOS attack.

What if 1 million people concertedly & simultaneously dialed 911 for "testing purposes" once a month. This would also be a DOS attack.

In each case different laws might be violated but the principle is the same: resources are being purposely mis-used in order to deprive others of them.

Now a question arises: is the Internet a public utility or just a privately owned network? IANAL, but the latter would seem to make the Britisher's offsense a Civil one, not a Criminal one.

Re:Proof... (1)

Frogbert (589961) | more than 8 years ago | (#13938906)

A long time for laws to be made? Are you kidding?

The minimum time it takes for a law to pass takes precisely as long as it takes for something to blow up. You want a law passed all you need to do is connect it to some explosion and it will be in tomorrow.

Re:Proof... (1)

hoka (880785) | more than 8 years ago | (#13938931)

Thats why I specifically referred to laws that are put together with haste as being riddled with problems, and while not necessarily technologically specific, the PATRIOT act makes an excellent example of this. I'm no lawyer but I'd make a guess that proper laws (or really anything) that has a lot of time and debate put into it will make a better law than something pushed out the door in a few days.

Your Rights Online? (4, Interesting)

goofyheadedpunk (807517) | more than 8 years ago | (#13938581)

At first I was a bit confused as to why this was posted in the your rights online section, until I considered this case from the point of view of the poor bastard that got blasted by the former employee. Denial of service attacks have been around quite some time before 1990. If UK law doesn't considered this sort of computer act to be illegal what else isn't? What is illegal?

Re:Your Rights Online? (0)

Anonymous Coward | more than 8 years ago | (#13938773)

the biggest problem is that the law seems to require a method for something actual result to be illegal.

similar to spam, we dont need spam laws because 99% if not all spam is already illegal: fraud, hacking (zombie networks etc), harrassment etc

they could flat out lock up spammers for breaking much more serious laws but they choose not to use them in a new way and instead bring up a new law that basically adds "on the internet"

Re:Your Rights Online? (1, Insightful)

Vitus Wagner (5911) | more than 8 years ago | (#13939383)

Illegal is to use lynx and to type URL manually, as was covered by previous slashdot posts.
If this guy would be punished for annoying people by sending 3 millions E-Mails, it would set precedent to punish spammers.

It would seriously harm advertising industry, if spam would be banned. No responsible jugde would allow this to happen.

Re:Your Rights Online? (1)

AndrewRUK (543993) | more than 8 years ago | (#13939843)

If UK law doesn't considered this sort of computer act to be illegal what else isn't? What is illegal?
The Computer Misuse Act 1990 [opsi.gov.uk] created three offences: unauthorised access to computer material, unauthorised access with intent to commit or facilitate commission of further offences, and unauthorised modification of computer material. In this case, the judge ruled that a DoS isn't an unauthorised modification because the modification to the server caused by each individual email was authorised. Earlier this year, there was a bill proposed in parliament which would have made DoS attacks illegal, but the general election got in the way.

Only 5 million? (-1, Troll)

x86eon (896508) | more than 8 years ago | (#13938585)

...was accused of sending 5 million e-mail messages to his ex-employer that caused the company's e-mail server to crash.

If their email server could only handle 5 million messages before crashing, I bet they were using Exchange on Windows. Weak. :P

revenge (3, Funny)

Muhammar (659468) | more than 8 years ago | (#13938601)

maybe the company can claim that the dude made some threats in the past. Maybe they can label him as a super-advanced cyber-terrorist and extradite him to US. (Maybe they can make him disapper there - in one of the secret prisons.) Wait - with the Blunkett laws, maybe they can do this without US help.

l33t hax0ring (0)

Anonymous Coward | more than 8 years ago | (#13938647)

I am a leet hax0r. I can launch a DOS with 2 lines of 'code'.

Re:l33t hax0ring (0)

Anonymous Coward | more than 8 years ago | (#13938702)

<..?

for ($i = 0; $i < 5000000; $i++)
    mail("recipient@server.com", "Haha! Take this!", "I am a l33t hax0r");

?...>

Re:revenge (0)

Anonymous Coward | more than 8 years ago | (#13938714)

Hmm, it was a bomb after all so he was *definately* a terrorist.
 
Hey, why not just do what they did to Jean Charles de Menezes? Shoot and kill the poor bugger. There is absolutely no democratic or civilised need to have any due process in Britain.

Re:revenge (0)

Anonymous Coward | more than 8 years ago | (#13939829)

That's right.

Of course, the number of unjustified police shootings in the UK is pretty low given the global competition, but don't let facts stand in the way of your rant, will you?

You're right though; shooting the guy was definitely out of order. Instead, the UK should have arrested everybody who ever visited a mosque and hidden them away permanently without trial on some island somewhere. That's acceptable - everybody does it. Guantanamo Bay is particularly nice this time of year.

Why don't you send this humanitarian suggestion to Scotland Yard? If we get lucky, they'll take offense and shoot you :)

So let's see.. (4, Funny)

EiZei (848645) | more than 8 years ago | (#13938630)

It's illegal to mod your gaming console or copy your copy-protected CDs to your iPod but go ahead and fuck up some email servers? Got it.

spam (1, Insightful)

Cave_Monster (918103) | more than 8 years ago | (#13938680)

While he got off on the computer misuse charge, what about spamming? Couldn't it be argued he was sending unsolicited email to this bloke? Do the UK have such laws?

Re:spam (2, Informative)

sr180 (700526) | more than 8 years ago | (#13938868)

He had a previous relationship with the company concerned, them being his employer, so it could not be classified as spam.

Re:spam (2, Interesting)

twoshortplanks (124523) | more than 8 years ago | (#13939549)

I don't think any *criminal* act was carried out here. This doesn't mean the company couldn't sue for loss of earnings or disruption to buisness. It's just not something the Crown can prosecute for. Of course, that's my best guess. I'm no law expert.

3million emails? Bah! (0, Redundant)

cdtoad (14065) | more than 8 years ago | (#13938723)

Pleeeese... 3million emails to a single location? What was it his dad's coffee shop?

Only 5 million emails and the server crashed? (-1, Troll)

threaded (89367) | more than 8 years ago | (#13938726)

After reading the article I would suggest the company that brought the complaint is prosecuted for wasting police and court time.

Only 5 million emails and the system crashed? What sort of junk/badly administered pile did the management allow at the company they worked for?

Are the shareholders of this company aware of the fragility of the key systems of the company they own?

Sorry, but that's a pretty dumb comment... (2, Insightful)

WIAKywbfatw (307557) | more than 8 years ago | (#13938870)

Sorry, but that's a pretty dumb comment. In fact, there isn't one line of it that I can't rip to shreds in seconds.

Do you have any idea of the size of the company involved?

For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate. Not all computer crime is committed against large organisations that have turnovers that are measured in millions or even billions.

Wasting police and court time? Well, if the police were involved then there's a good chance that the prosecution was brought by the Crown Prosecution Service (ie, the government), so someone in the appropriate position of authority thought it was a sensible case to persue.

And even if it was a civil case, well, then that's what courts are for: to listen to all the evidence, consider all the facts, and make a judgment one way or another when two parties are in dispute.

Re:Sorry, but that's a pretty dumb comment... (2, Insightful)

Fulcrum of Evil (560260) | more than 8 years ago | (#13939028)

For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate.

Let's see - 5M messages at 10k each = 50GB. If it were a small company, they may have only had a 1.5Mb line, so that 50GB would take about 50GB/150K/3600 = 92 hours to complete. Any mail server can handle that, and any competent admin should be able to block the messages within four days!

Of course, a 3rd party hosted mail server could handle the mail a bit faster, so the only question is whether 50GB is an excessive amount. Since I have a 300MB quota, it might be. Then again, maybe not - disk space is cheap, and nuking one message sent to any number of people is pretty straightforward.

Re:Sorry, but that's a pretty dumb comment... (3, Informative)

WIAKywbfatw (307557) | more than 8 years ago | (#13939176)

Let's see, small 5-man company with basic ISDN (128Mbit/s) or ADSL (512Mbit/s)internet access used for everything including email, web access, etc that has no dedicated IT professional and whose business grinds to a halt because they can't do anything while their server is heavily attacked.

Don't assume that everyone has full-time IT professionals to hand. Also, don't assume that the messages were small: they could have been 10KB each, but they could easily have been 2MB each, 2,000 times larger than your guess.

Also remember that the crime in question took place at least two years ago, when internet access would have been slower, disk space would have been more expensive, etc, etc. The average business today has better resources now than would have been available then, at least from a bang-per-buck point of view, if nothing else.

Of course, if you're implementing IT strategy for a large corporation then DOS contingency planning will be part of your job description, but if you're running a small company, one where the guy who looks after the PCs is the same guy who puts out the rubbish at the end of the day, then DOS attacks probably won't be on your radar.

Re:Sorry, but that's a pretty dumb comment... (1)

DarkIye (875062) | more than 8 years ago | (#13939221)

Well, from my experience, a small company doesn't like spending its already pretty restricted resources on teens wanting work experience. This is probably a pretty sizable company, and any company interested in lasting more than a few months in the technological climate of today is probably going to hire both a security 'guy' of some description, and a janitor, so he doesn't have to waste his time.

So I guess what I'm saying is, they can't have come off too badly (at least not catastrophically), at the end of the day. However, the kid caught doing the mail bomb should definitely have some kind of penalty placed on him.

Re:Sorry, but that's a pretty dumb comment... (0)

Anonymous Coward | more than 8 years ago | (#13939269)

Its not a dumb comment at all, its spot on!

Get some knowledge of the industry before you comment please, the majority of your 'supporting' information was inaccurate, maybe if this were 1995 you might be right.

Hardly any company still has ISDN.. in fact, most have moved to ADSL or Cable as ISDN speeds were only just comparable with 56k.. yes 64 kilobits not megabits.. dual line ISDN reached 128 kilobits.. who the hell would still use that?

Anyone with a brain would get cheap ass cable/adsl.

Re:Sorry, but that's a pretty dumb comment... (1)

megrims (839585) | more than 8 years ago | (#13939703)

I wish my ADSL was 512Mbit/s. I'm stuck with a measly 1.5Mbit/s.

Re:Sorry, but that's a pretty dumb comment... (1)

nagora (177841) | more than 8 years ago | (#13939710)

Let's see - 5M messages at 10k each = 50GB.

Yep, that's probably what did it: 50GB of space for a mailserver a couple of years ago would have been unusual for a small company. Fill the drive, kill the server; do it over a long weekend.

TWW

Re:Sorry, but that's a pretty dumb comment... (2, Informative)

ultranova (717540) | more than 8 years ago | (#13939589)

For all you know, the company concerned might have no more than a handful of employees, so a mail server capable of handling 5 million emails in a short space of time would be totally inappropriate.

When a mail server gets messages faster than it can handle them, the proper thing to do is store the extra messages to a queue and handle them when it has time. When the queue gets full, or the server is getting messages faster than it can put them to the queue, the proper thing to do is to start refusing connections. Simply eating more and more resources - by allocating more and more memory, by starting more and more subprocesses or threads, by opening more and more files or network connections, or by using more and more diskspace for the queue or temporary files - until the computer runs out and then crashing is never the proper thing to do.

A server that crashes under load is simply buggy. Not small-scale, not only suitable for small companies, but just plain buggy and unsuitable for anything.

In short, if this server was incapable of handling 5 million messages in a short period of time, then it should only have accepted as many as it can handle and rejected the rest.

Re:Only 5 million emails and the server crashed? (2, Insightful)

Frogbert (589961) | more than 8 years ago | (#13938915)

Yeah sure its only 5 million emails, and most systems should be able to handle that. Providing of course that they were only going to one person. What if it went to all staff and there was 30 employees then you have 150 million messages and its a little bit more of a problem. Assume you posted these all at 2 am at night, at 8 the next morning all 30 people get to work and check their emails all at about the same time. Ouch

Re:Only 5 million emails and the server crashed? (2, Interesting)

richi (74551) | more than 8 years ago | (#13939535)

Assume you posted these all at 2 am at night, at 8 the next morning all 30 people get to work and check their emails all at about the same time. Ouch
Well we don't know what mail server they were using, but that would be a problem with some popular servers that don't properly keep single copies of messages sent to multiple recipients CoughExchange5.5Cough. When I worked on OpenMail (now Scalix [scalix.com]) this sort of load would have been no problem for a small server with a few thousand users.

It's a question of minimizing the disk I/O -- or more importantly minimizing the amount that the disk heads need to move.

Re:Only 5 million emails and the server crashed? (1)

a.d.trick (894813) | more than 8 years ago | (#13939018)

IANAL, nor do I know much about british law, but in canadian law there is an idea that the weakness of the victim is the responbility of whoever caused the damages. It doesn't matter if they were running a farm of Linux sendmail servers or Joe Bloe's Free Mail Server on some Windoze box. It's petty obvious that it was intentional and malicious and I think the teenager should be culpable for his actions. I don't think that "5 million emails? It was an accident, truely!" cuts it.

Re:Only 5 million emails and the server crashed? (0)

Anonymous Coward | more than 8 years ago | (#13939330)

It's petty obvious that it was intentional and malicious and I think the teenager should be culpable for his actions. I don't think that "5 million emails? It was an accident, truely!" cuts it.


OK.. so i go add my site to google, then my servers fall over from too many hits.. but google didnt do it maliciously.. its my own fault for having crap load handling/balancing.

The fact of the matter is, regardless of malicious intent, prevention is clearly better.
Just because he's an ex employee and may have knowledge of the system's running there, theres nothing to stop anyone on the internet doing exactly the same thing and running through some proxies to avoid easy traceback.

If your gonna have a server connected to the internet, you have to take these things into account.

Congrats (4, Funny)

SnarfQuest (469614) | more than 8 years ago | (#13938734)

Let's all send him email's of congratulation. 5,000,000 per ./ reader seems appropriate.

Or maybe sign him up for a few catalogs.

slashdotted (1, Funny)

Anonymous Coward | more than 8 years ago | (#13938790)

Computer Misuse Act is a bit outdated being that it was created 15 years ago when a number, perhaps most, of the current methods for misuse of computers were not contemplated.

yes, i'm feeling like slashdotting my employer's website.

Obviously, we need to run a test (3, Funny)

ZachPruckowski (918562) | more than 8 years ago | (#13938792)

If the editors had written it like "his previous employers, who are at this link: _______", then we'd get to see if they got around to updating that server. My money is on 'yes'.

A couple of comments (0)

Anonymous Coward | more than 8 years ago | (#13939143)

Just a couple of comments, obviously the teen should be held responsible for something, but having read the article the correct result seems to have been reached. Without having read the specific law, the words referred to are "unauthorized access" or "unauthorized modification" of computer material, which seems a bit of a stretch to cover a DoS attack. Frankly, I'm surprised that the UK doesn't have other laws to cover this type of crime, as DoS attacks have been around for quite a while, but as other readers have commented, laws often are behind the times when it comes to new technology. That being said, in many instances existing laws may be sufficient to cover many aspects of "new" computer crimes, ie. stealing credit card numbers by computer and then using them will be prosecutable under fraud as well as other more specific offenses.

That being said, there are still civil remedies that may be pursued, such as suing for damages arising from interference with business relations and the like. One of the differences between criminal and tort law is that tort law is not necessarily a closed set, judges in common law jurisdictions may find new torts in adapting to new fact situations (see Lord Denning's judgments for an example). Practically speaking, there probably isn't too much to be gained from suing the teen for damages, except perhaps for deterring future attacks.

Incidentally, given the associated penalties, criminal law is correctly a legislated, closed set of offenses that can only be changed or added to by the will of parliament.

haha! (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13939226)

Hahhahahaha, 5 million mails... tis nothing.. Bet they use MS Exchange ;p exim ftw !

Vengeance (1)

mwvdlee (775178) | more than 8 years ago | (#13939337)

This is so blatantly obvious; since the teen is not doing anything illegal, couldn't the company just do the very same thing. Perhaps stretching it futher to SMS-bomb, phone-bomb, snailmail-bomb and DoS-bomb him for the rest of his sorry life?

These were some nice days for the execs Blackberry (2, Funny)

lonesometrainer (138112) | more than 8 years ago | (#13939353)


Just imagine that :) His device in his pocket, vibrating all day long... neeeeaaat?

Perhaps his exec forced him to do that?

Take him down constable (-1)

Anonymous Coward | more than 8 years ago | (#13939499)

and off to the secret CIA torture facility with him!

computer misuse act does NOT need updating (5, Insightful)

irw (204684) | more than 8 years ago | (#13939641)

The Computer Misuse Act seems to have been designed to encode the electronic equivalent of breaking-and-entering (offences 1 & 2) and criminal damage (offence 3).

Denial of service is probably very difficult to encode in a similar fashion, since I do not see what *criminal* offence it would equate to.

In this particular care, there is no essential difference between sending a million emails and sending a million letters by post - both would swamp the service, but equally both are simply making use of the (e)mailing infrastructure as it was designed. (Yes I know letters cost more. That's irrelevant - they require more effort to deliver, and are priced accordingly).

Taking a different example, such as opening thousands of connections to a server with intent to deprive others' of access to it, I still can't see what equivalent physical world *criminal* offence has been committed. In this case an analogy requires many people, but what difference is it if a thousand people stand on the pavement outside a shop entrance effectively preventing other shoppers from entering, due to weight of numbers? Sure, the police can ask people to move on, which is the same as closing those open connections, no?

Since most electronic systems only enact operations which have equivalents in the physical world, I do not see how it would be right to create a law which makes the electronic equivalent illegal, when the physical original is not. This use of legislation creates the likes of the DMCA.

The Computer Misuse Act is a rare example of a really *good* law which is (1) broad enough to capture most offenders (2) easily tested for applicabilty i.e. not complicated with exceptions, extensions, etc and (3) not so vague that it is open to abuse.

Re:computer misuse act does NOT need updating (1)

irw (204684) | more than 8 years ago | (#13939659)

Hmm, thinking about it, does anyone know if there is a charge of criminal harassment?

Re:computer misuse act does NOT need updating (0)

Anonymous Coward | more than 8 years ago | (#13939770)

Denial of service is probably very difficult to encode in a similar fashion, since I do not see what *criminal* offence it would equate to.

I don't know, seems like a fairly straightforward case of criminal damage to me.

Criminal Damage - Other:
Deliberately, or recklessly, destroying or damaging items, excluding dwellings, buildings or vehicles that belong to someone else (not counted elsewhere).

Maybe if any English solicitors or law students are reading they could explain why this was not the charge in the first place, does criminal damage only count for physical damage?

Re:computer misuse act does NOT need updating (1)

Odiumjunkie (926074) | more than 8 years ago | (#13939780)

The Computer Misuse Act is a rare example of a really *good* law which is (1) broad enough to capture most offenders (2) easily tested for applicabilty i.e. not complicated with exceptions, extensions, etc and (3) not so vague that it is open to abuse.

From TFA:
The CMA, which was introduced in 1990, does not specifically include a denial-of-service attack as a criminal offense, something some members of the U.K. parliament want changed. However, it does explicitly outlaw the "unauthorized access" and "unauthorized modification" of computer material. Section 3 of the act, under which the defendant was charged, concerns unauthorized data modification and tampering with systems.

You think that a law that outlaws "unauthorized [sic] access" of computer material is a good law? Authorised by whom? Some arbitrary publisher of material? Why not set up www.you're-not-allowed-to-look-at-this.com and launch a criminal suit against anyone who has a peek? In fact, you are officially NOT AUTHORISED to read this message. Please give post your e-mail address so I can send details of the criminal suit against you 5 million times.

Do not underestimate the power of the darkmail... (0)

Anonymous Coward | more than 8 years ago | (#13939664)

Anotehr case of The 'Darkmail' Attack Vector [whitedust.net] and people getting away with it. Yes it is a bit lame mail bombing someone but I think it's easy to underestimate the damage a mail bomb attack can do to a business - and on a sliding scale, the smaller the business the more damage it does. I linked to a paper which explains it all - if my company got hit, we would have some serious problems no doubt.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...