Computer hackers will face at least two years in jail under new rules proposed by the EU, it has emerged. The wide-ranging measures, which are aimed at tackling the rise of online crime, are likely to hit hacktivism groups such as Anonymous.
The proposals will make it illegal to possess so-called “hacking tools” and will impose EU-wide minimum sentences for hacking crimes, much harsher than those currently prescribed by British laws.
“It feels like overkill in some cases. A lot of the so-called hacktivists are teenagers who are doing it for kicks or who do not necessarily understand the consequences of what they are doing. While they should not be doing it, locking someone up for two years for briefly taking a website offline is perhaps not beneficial,” said Graham Cluley, an online security expert with the firm Sophos.
He added: “The rules on owning hacking tools will need to be clarified because IT technicians and firms often legitimately own and use them to operate their own systems. For example, an IT helpdesk may use a password cracking tool to help staff and a company may use a tool to simulate a large amount of traffic hitting its website all at once to test it, which is technically a denial of service attack.”
Under the rules, likely to be adopted as an EU Directive in the Summer, using another person’s electronic identity to commit attacks would be punishable by three years in prison and companies who employ hackers to attack competitors could be shut down.
“We are dealing here with serious criminal attacks, some of which are even conducted by criminal organisations. The financial damage caused for companies, private users and the public side amounts to several billions each year,” said the European Parliament’s rapporteur Monika Hohlmeier.
She added: “No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world.”
Earlier this month, police swooped on members of hacktivism groups Anonymous and LulzSec after the leader of the latter, Hector Xavier Monsegur – known as Sabu, turned informant. It emerged this week that a splinter group, called LulzSecReborn had carried out its first attack, stealing 170,000 records from American military dating website militarysingles.com.