Police have arrested five young men on suspicion of taking part in distributed denial-of-service attacks launched by Anonymous, the group that has targeted corporate sites for attack in defence of Wikileaks.
The Metropolitan Police have arrested five young men in connection with DDoS attacks launched by Anonymous. Photo credit: Metropolitan Police
The five, who are aged between 15 and 26, were detained at 7am on Thursday at addresses in the West Midlands, Northamptonshire, Hertfordshire, Surrey and London, the Metropolitan Police Central eCrime Unit (PCeU) said in a statement. The suspects were taken to local police stations and remain in custody, the police added.
The Anonymous group of activists undertook a number of distributed denial-of-service (DDoS) attacks last year, using a tool called the Low Orbit Ion Cannon (LOIC) to try to overwhelm servers. The group successfully took down websites belonging to companies including Visa, MasterCard and PayPal, in protest at their suspension of donation-payment processing for the Wikileaks whistle-blowing operation.
The police said the arrests were made as part of an ongoing law enforcement investigation being carried out internationally. It plans to charge the suspects with offences under the Computer Misuse Act, which prohibits impairing the operation of a computer or the readability of data. The offences carry a maximum penalty of 10 years' imprisonment and a fine of £5,000.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Talkback
"prohibits impairing the operation of a computer or the readability of data"
Huh? Broad wording, but I doubt that DdOSing falls under that category - it's not as if they hacked in, scrambled data or blockaded the server. The lawmakers need to clarify or get a life.
Hello, thanks for your comment, tinoesroho.
Yes, you're right, the Computer Misuse Act (CMA) does have quite broad wording. The act basically revolves around unauthorised tampering with a computer system. The Met said this about the DDoS provisions in the CMA:
Under UK law it is a criminal offence to carry out "any unauthorised act in relation to a computer" where the person "has the requisite intent and the requisite knowledge" to carry out the act. The requisite intent is to carry out the act by:
(a) impairing the operation of any computer;
(b) preventing or hindering access to any program or data held in any computer; or
(c) impairing the operation of any program or the readability of any data.
So by my reckoning DDoS would fall under a and b at least, as DDoS impairs the operation of a server and prevents access to data.
I think the layers will make plenty out of this.