Teenage cyber criminal handed curfew order by UK court

A teenager from Bedworth, Warwickshire, UK, has been handed a two-month curfew after admitting he sent millions of emails to a firm, causing its server to collapse. David Lennon, who worked for the Domestic & General Group, a UK-based insurer, on a part-time basis until 2003, carried out his denial of service attack in early 2004, in apparent revenge for his sacking. The DoS attack lasted almost a week, with five million email messages being sent during that period.

The firm that was targeted suffered tens of thousands of pounds in damages as a result of Lennon’s malicious actions. Police investigating the attack traced the emails back to Lennon’s home computer, which led to his appearance in court, the first successful prosecution of this type of offence under the Computer Misuse Act 1990. Representatives of the Metropolitan Police Computer Crime Unit, which worked on the case, were understandably happy to see the attacker convicted and fitted with an offender’s electronic tag. Detective Chief Inspector Charlie McMurdie, head of the unit, said: “This demonstrates the commitment of the MPS Computer Crime Unit to work with industry to prosecute individuals who use technology to cause harm.”

Cases of malicious use of technology are notoriously difficult to prosecute, and this one was not different in that respect. Lennon originally appeared in court in November last year, but at that time the judge deemed he had no case to answer. The Crown prosecution Service decided to go ahead with an appeal, which led to this first successful conviction in a UK court. The authorities now certainly hope this conviction will send out a strong warning to other budding cyber criminals in Britain.