Hackers to face two years in jail under new rules proposed by EU

 

Kevin Rawlinson
Wednesday 28 March 2012 17:32 BST

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Computer hackers will face at least two years in jail under new rules proposed by the EU, it has emerged. The wide-ranging measures, which are aimed at tackling the rise of online crime, are likely to hit hacktivism groups such as Anonymous.

The proposals will make it illegal to possess so-called “hacking tools” and will impose EU-wide minimum sentences for hacking crimes, much harsher than those currently prescribed by British laws.

“It feels like overkill in some cases. A lot of the so-called hacktivists are teenagers who are doing it for kicks or who do not necessarily understand the consequences of what they are doing. While they should not be doing it, locking someone up for two years for briefly taking a website offline is perhaps not beneficial,” said Graham Cluley, an online security expert with the firm Sophos.

He added: “The rules on owning hacking tools will need to be clarified because IT technicians and firms often legitimately own and use them to operate their own systems. For example, an IT helpdesk may use a password cracking tool to help staff and a company may use a tool to simulate a large amount of traffic hitting its website all at once to test it, which is technically a denial of service attack.”

Under the rules, likely to be adopted as an EU Directive in the Summer, using another person’s electronic identity to commit attacks would be punishable by three years in prison and companies who employ hackers to attack competitors could be shut down.

“We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations. The financial damage caused for companies, private users and the public side amounts to several billions each year,” said the European Parliament’s rapporteur Monika Hohlmeier.

She added: “No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world.”

Earlier this month, police swooped on members of hacktivism groups Anonymous and LulzSec after the leader of the latter, Hector Xavier Monsegur – known as Sabu, turned informant. It emerged this week that a splinter group, called LulzSecReborn had carried out its first attack, stealing 170,000 records from American military dating website militarysingles.com.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in