A document summarizes several cases prosecuted under the UK's Computer Misuse Act 1990. It describes cases such as:
- A former IT professional who launched a 15-day cyber attack on his former employer, costing over £180,000, and was sentenced to 10 months in prison.
- A student who hacked into social media and gaming accounts and sold victims' personal information, receiving a 4-month suspended sentence.
- An IT specialist who sabotaged his previous employer's computer system via a DDoS attack, leading to a "catastrophic crash", and was sentenced to 3.5 years in prison.
The document provides brief summaries of multiple other cases involving offenses like unauthorized
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
These are from the National Cyber Security Alliance (NCSA) for National Cyber Security Awareness Month (NCSAM) and are free to use. See https://staysafeonline.org/ for more info.
An unfortunate number of women are becoming victims of cyber crimes. According to a recent study more women are known to use the Internet to enrich their relationships compared to men. Young women, those 18-24, experience certain severe types of harassment at disproportionately high levels: 26% of these young women have been stalked online, and 25% were the target of online sexual harassment. The growing reach of the Internet and the rapid spread of information through mobile devices has presented new opportunities that could put some women at risk, so it’s important to be mindful of the dangers.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
These are from the National Cyber Security Alliance (NCSA) for National Cyber Security Awareness Month (NCSAM) and are free to use. See https://staysafeonline.org/ for more info.
An unfortunate number of women are becoming victims of cyber crimes. According to a recent study more women are known to use the Internet to enrich their relationships compared to men. Young women, those 18-24, experience certain severe types of harassment at disproportionately high levels: 26% of these young women have been stalked online, and 25% were the target of online sexual harassment. The growing reach of the Internet and the rapid spread of information through mobile devices has presented new opportunities that could put some women at risk, so it’s important to be mindful of the dangers.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Our team presenting Cyber laws in India in brief and and what are the penalties and fines under different sections applicable under IT Act 2000 and IPC act.
Cyber Security & Awareness for Local CouncilsScribe
Risk Manager at BHIB Insurance Brokers, Brian Brookes, will be guiding you through the basics of cyber security to help you understand cyber threats and reduce the risk of your council becoming a target.
This PPt is very useful for any students , Law enforcement agencies, Cyber Forensic Experts. It includes Overview of Cyber Law in India which includes cyber offences and penalties. This ppt will help for the public to aware about cyber crime. This ppt covers Information Technology Act, 2000 and highlights on IT (Amendment) Act, 2008. This PPt also covers applicability of IT Act and Other Act's sections to Cyber crimes.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 2/50
Sentenced to 18
months community
order and unpaid
work requirement.
R v Mark
Andrews
Chester Crown
Court 11 June
2020
Computer
Misuse Act
1990 s1
Unauthorised
access, Theft
Self employed IT
support specialist
Mark Andrews, 38,
stole over £31,000
in cryptocurrency
from a business
owner client.
Sentenced to 20
months
imprisonment,
including 10
months for CMA
offences
Manchester
Evening News
The Register
R v John
Johnson
Reading Crown
Court 19 March
2020
Computer
Misuse Act
1990 s1
Unauthorised
access, s3A
Making,
supplying or
obtaining
articles
Student John
Johnson, 22,
created software
used to harvest
user names and
passwords in order
to gain access to
online services
without charge.
Guilty pleas to 12
CMA charges,
sentenced to six
months
imprisonment.
Reading Chronicle
R v Robert
Field
Chelmsford
Crown Court 13
March 2020
Computer
Misuse Act
1990 s1
Unauthorised
access
Robert Field, 38,
hacked into 297
iCloud accounts to
get intimate
personal images to
share online.
Guilty Plea to 28
counts. Sentenced
to 32 months in
jail.
Essex Police Leicester
Mercury
R v Tony
Spencer
Basildon Crown
Court 30
January 2020
Computer
Misuse Act
1990 s1
Unauthorised
access, s3A
Making,
supplying or
obtaining
articles,
Voyeurism,
Making
Indecent
Images
Tony Spencer, 38,
Guilty pleas.
Sentenced to 32
months
imprisonment (9
counts Voyeurism,
5 counts Indecent
Images, 11 Counts
CMA s1
Unauthorised
access, 1 count
s3A. Placed on Sex
Offenders Register
for life.
Essex Police The Register Eastern
Daily Press
R Vladimir
Yanpolsky
Kingston Crown
Court 22
January 2020
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair
IT specialist
Vladimir Yanpolsky,
45, sabotaged
previous
employer's (IT
service provider)
Met Police Surrey
Comet
3. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 3/50
computer system
using a DDoS
attack that led to a
"catastrophic"
crash
Found guilty and
sentenced to
imprisonment for
three and a half
years.
R v Anwar
Batson
Southwark
Crown Court 10
January 2020
Computer
Misuse Act
1990 s1
Unauthorised
access, s3A(2)
and s3A(3)
Making,
supplying or
obtaining
articles; Fraud
Anwar Batson, 29,
used hacking tool
Sentry MBA to
attack UK National
Lottery operator
Camelot's database
of 9m customer
accounts.
Guilty pleas to four
counts under CMA.
Jailed for nine
months.
Birmingham Mail The Register
R v Scott
Cowley
Liverpool
Crown Court 6
January 2020
Computer
Misuse Act
1990, s2
Unauthorised
access with
intent;
Voyeurism
Scott Cowley, 27,
purchased
Imminent Monitor
RAT (IM-RAT) that
he used to spy on
three women's
webcams and
secretly film them
undressing and
having sex.
Guilty pleas to four
counts under CMA.
Jailed for two years
and ordered to
sign on the Sex
Offenders Register
and comply with a
Sexual Harm
Prevention Order
for 10 years.
InfoSecurity Liverpool
Echo
R v Scott
Burns
Leeds Crown
Court 18
December
2019
Computer
Misuse Act
1990 s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
Disgruntled former
Jet2 IT contractor
Scott Burns, 27,
deleted an entire
domain's user
accounts in a
revenge attack
that shut down
Jet2's systems for
12 hours in
January 2018 and
accessed the email
account of Jet2's
chief executive.
Recovery from the
attack cost the
company
£165,000.
Guilty pleas to
eight counts under
BBC The Register
4. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 4/50
CMA. Sentenced to
imprisonment for
10 months. Laptop
order to be
destroyed. Judge
referred to the
"pernicious and
far-reaching
impact" of this
type of attack.
R v Sherry
Bray and
Christopher
Ashford
Swindon Crown
Court 23
September
2019
Computer
Misuse Act
1990 s1
Unauthorised
access
Bray (49) a
Director of Camera
Security Services
Limited
Chippenham and
her employee
Ashford (62) were
driven by morbid
curiosity and
accessed CCTV
footage of the post
mortem of
footballer Emiliano
Sala.
Guilty Pleas. Bray
sentenced to 14
months in prison
and Ashford to 5
months in prison
CPS BBC
R v Elliott
Gunton
Norwich Crown
Court 16
August 2019
Computer
Misuse Act
1990; money
laundering
Convicted hacker
(aged 16 at time of
TalkTalk attack)
Gunton, 19, used a
suite of hacking
tools to penetrate
network providers
and take over high
profile social media
accounts before
offering them for
sale on hacker
forums. Australian
telecoms provider
Telstra attack
yielded an
Instagram account
with a following of
1.3m users whose
credentials were
sold on.
Sentenced to 20
months in prison,
ordered to pay
£407k and given a
three and a half
year Criminal
Behaviour Order
BBC Eastern
Daily Press
Eastern
Daily Press
R v Liam
Watts
Chester Crown
Court 12
August 2019
Computer
Misuse Act
1990 s3 (2)(b)
Unauthorised
acts with intent
to impair
Convicted hacker
Watts, 20, used
SYN flood DDoS
denial of service
attacks on GMP
and Cheshire police
Register BBC
5. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 5/50
public websites
that made them
inaccessible.
Claimed one attack
was in retaliation
for a separate
conviction for a
bomb hoax days
after Manchester
Arena bombing
Guilty pleas.
Sentenced to 16
months in a young
offenders'
institution, five
year restraining
order to prevent
him from deleting
browser history,
police inspections
and destruction of
computers
R v
Okechukwu
Efobi
Westminster
Magistrates’
Court 3 July
2019
Computer
Misuse Act
1990 s1
Unauthorised
access
Serving Met Police
officer Sergeant
Efobi accessed Met
police databases to
check progress of a
criminal
investigation of his
own conduct.
Guilty plea to three
offences.
Sentenced to 12
month community
order, 150 hours of
community service
and payment of
£90 victim
surcharge and
£450 costs
Met Police The Register
R v Graeme
Brandon
Bournemouth
Crown Court 3
May 2019
Computer
Misuse Act
1990 s1
Unauthorised
access; Sending
indecent
communications
Brandon, 44, stole
a user's identity
from a Facebook
account and used
it to send
WhatsApp
messages with
indecent images of
himself to 27
women whose
mobile numbers he
had harvested
from Gumtree.
The identity theft
victim and his wife
were threatened by
vigilantes, had
their car damaged
and were forced to
move home.
Guilty plea to 29
charges.
BBC Mirror
6. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 6/50
Sentenced to 30
months in jail.
R v Zain
Qaiser
Kingston Crown
Court 8 April
2019
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair;
Blackmail;
Fraud by false
representation;
Possessing
criminal
property
Multi-million pound
global blackmail
conspiracy.
Between 2012 and
2014 Computer
Science student
Qaiser, 24, planted
ransomeware
attacks (using
Angler Exploit Kit )
on porn websites
designed to display
threatening
warning messages
from the FBI or
local police force
and to lock users'
computers (using
Reveton or
Cryptolocker).
National Crime
Agency
investigation.
Defendant initially
claimed that he
had been hacked.
Guilty plea to four
CMA charges.
Sentenced to six
years and five
months prison.
Widely reported as
the UK’s most
serious cybercrime
case
NCA BBC CPS
R v Scott
Willey
Inner London
Crown Court 29
March 2019
Computer
Misuse Act
1990 s1
Unauthorised
access; Fraud
by false
representation
Willey, who had
failed law
examinations and
with no legal
qualifications
accessed a
barrister
colleague's email
account to copy his
Practising
Certificate in order
to produce a faked
copy in his own
name. Practised as
a barrister working
on 18 cases from
October 2017 to
June 2018.
Guilty plea. Jailed
for two years and
three months.
Law Gazette Standard
R v Zammis
Clark and
Blackfriars
Crown Court 28
March 2019
Computer
Misuse Act
1990 s3
Security researcher
Clark, 24, aka
Slipstream /
The Register Evening
Standard
The Verge
7. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 7/50
Thomas
Hounsell
Unauthorised
acts with intent
to impair
Raylee and
Hounsell, 26,
hacked into
Microsoft OS
software
development
systems,
downloaded
43,000 files and
shared details of
their exploits
online with other
hackers; damage
estimated at $2M.
Clark also hacked
into Nintendo
systems and stole
2,000 user ID
credentials;
damage estimated
at £1.4M.
Autistic Clark
pleaded guilty to
three CMA
charges.
Sentenced to 15
month prison
sentence
suspended for 18
months,
rehabilitation
activity order (25
days), 5 year
serious crime
prevention order
and £140 victim
surcharge.
Hounsell pleaded
guilty to one CMA
charge. Sentenced
to 6 month prison
sentence
suspended for 18
months, unpaid
work order (100
hours) and £115
victim surcharge.
R v Steffan
Needham
Reading Crown
Court 1 March
2019
Court of Appeal
(Criminal
Division)
18/09/2019
[2019] EWCA
Crim 1541
Computer
Misuse Act
1990 s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
Sacked IT
consultant
Needham, 36, used
a former IT
colleague's Login
ID to delete client
data on his former
employer Voova's
23 servers. Losses
estimated at
£500,000 and
several
redundancies
resulted.
Found guilty.
Sentenced to two
The Register getReading
8. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 8/50
years in prison
Appeal dismissed
R v Norman
Stephens
Warwick Crown
Court 13
February 2019
Computer
Misuse Act
1990 s1
Unauthorised
access
Warwickshire Police
Detective
Constable
Stephens, 47, used
force incident
management,
intelligence and
ANPR SYSTEMS to
check colleagues'
personal data.
Guilty plea.
Sentenced to 12
month community
order, ordered to
do 150 hours
unpaid work and
pay £270 costs
BBC Birmingham
Mail
R v Samir
Desai
Birmingham
Crown Court 15
January 2019
Computer
Misuse Act
1990 s2
Unauthorised
access with
intent to
commit further
offence, s3
Unauthorised
acts with intent
to impair
Desai, 41, attacked
his former
employer's
computer system
and caused "
significant
disruption and
financial loss".
Guilty plea.
Sentenced to 15
month prison
suspended for two
years, ordered to
pay compensation
of £20,000 and
£1,800 of costs.
The Leamington
Observer
R v Daniel
Kaye
Blackfriars
Crown Court,
11 January
2019
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair;
Possession of
Criminal
Property
"Hacker for hire"
Kaye, 30, was paid
$30,000 by a
competitor to
attack Liberian
mobile phone
company Lonestar
systems using a
zombie botnet to
execute DDoS
attacks that
brought down
Lonestar's servers.
Guilty plea.
Sentenced to 32
months
imprisonment.
Investigation by
the NCA’s National
Cyber Crime Unit
(NCCU)
NCA Daily Mail
R v Jane
Denmark
Leicester
Magistrates
Court 7
Computer
Misuse Act
1990 s1
Civilian employee
Denmark, 56, used
her privileged
access as a control
Leicester Mercury
9. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 9/50
December
2018
Unauthorised
access
room call handler
at Leicestershire
Police to access
police computer
systems to find her
son's address.
Guilty plea. Six
months community
order
R v Ernest
Edjeren
Reading Crown
Court 16
November
2018
Computer
Misuse Act
1990 s1
Unauthorised
access; Fraud
by false
Representation
Edjeren, 39,
attempted to steal
the pensions of
retired public
sector workers in
Orange County
USA by breaking
into their accounts
and setting up
payments using his
own Paypal
account. Pension
company
defrauded of
£100,00 and spent
£200,00 on fixing
their software.
Found guilty of
Unauthorised
access by a
majority verdict.
Found guilty of
fraud by
unanimous verdict.
Sentenced to three
years in prison.
SEROCU Cyber
Crime Unit
investigation
SAM FM Thames
Valley
Reading
Chronicle
R v Mustafa
Kasim
Wood Green
Crown Court 12
November
2018
Wood Green
Crown Court 15
July 2019
Computer
Misuse Act
1990 s1
Unauthorised
access
Kasim used a
former co-worker's
login credentials to
steal personal
details (names,
phone numbers,
vehicle and
accident details)
from his former
employer's vehicle
repair software
package.
Guilty plea.
Sentenced to six
months in prison.
First successful
CMA prosecution
brought by the
Information
Commissioner’s
Office (ICO)
ICO BBC Automotive
Management
10. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 10/50
July 2019 hearing
found that Kasim
had benefitted
financially and
ordered to pay a
£25,500
confiscation order
and £8,000 costs
R v Matthew
Hanley and
Connor
Allsopp
Central
Criminal Court
19 November
2018
Court of Appeal
(Criminal
Division) 30
January 2019
Computer
Misuse Act
1990 s1(1)
Unauthorised
access, s3A
Making,
supplying or
obtaining
articles; Fraud
Hanley, 23, and
Allsopp, 21, stole
more than 150,000
customer records
in the £77 million
2015 attack on
TalkTalk website
vulnerabilities to
DDoS and SQL
injection attacks.
Guilty pleas.
Hanley sentenced
to 12 months jail
and Allsopp to
eight months
Allsopp's appeal
against sentence
failed.
BBC The Register The
Guardian
R v Phillip
Tong, Adam
Hinkley and
Others(5)
Derby Crown
Court 26
October 2018
Court of Appeal
(Criminal
Division) R
(Pensions
Regulator) v
Workchain Ltd
[2019] EWCA
Crim 1422
Computer
Misuse Act
1990 s1(1)
Unauthorised
access
Owner/Directors
and managers at
employment firm
Smart Recruitment
AKA Workchain Ltd
made bogus
telephone calls to
obtain employees'
account IDs. Then
used the IDs to log
onto the NEST
online system to
opt the workers
out of their
pension schemes,
thus avoiding the
firm making
pension payments
on their behalf.
All seven
defendants
pleaded guilty.
Owner/Directors
Phillip Tong and
Adam Hinkley
received four
month prison
terms suspended
for two years,
ordered to
complete 200
hours community
service and were
ordered to pay
costs of £11,250
each. Five
managers given
BBC Derby
Telegraph
Employee
Benefits
11. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 11/50
suspended
sentences and/or
ordered to
complete
community service
orders and pay
costs.
Workchain LTD was
fined £200,000.
Prosecution by The
Pensions Regulator.
Largest financial
penalties to date
and first fine of a
corporate entity.
On appeal Court of
Appeal amended
the fine handed
down to Workchain
from £200,000 to
£100,000.
R v Dominik
James
Basildon Crown
Court 18
August 2018
Computer
Misuse Act
1990 s1
Unauthorised
access
James, 31, hacked
into over 30
women's iCloud
accounts to take
private information
and photographs
and share them
online.
Guilty plea to five
s1 counts.
Sentenced to eight
month concurrent
sentences.
Essex Police Thurrock
Gazette
R v Sadiyya
Dakri
Leicester
Crown Court 10
July 2018
Computer
Misuse Act
1990 s1
Unauthorised
access
Dakri, 22, a temp
at Leicestershire
Police accessed
police systems
without
authorisation,
photographing
sensitive police
documents relating
to her brother in
law.
Guilty plea to four
counts of
unauthorised
access to computer
material.
Sentenced to 12
months in prison.
Leicester Mercury
R v Grant
West
Southwark
Crown Court 25
May 2018
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair;
Conspiracy to
defraud, Misuse
of Drugs
West, 26, used
Brute force attacks
(Sentry MBA) in
August and
September 2017 to
target some 100
companies'
websites (including
Just Eat,
BBC CPS
12. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 12/50
Sainsburys, Nectar,
Groupon, AO.com,
Ladbrokes, Coral
betting, Uber,
Asda, T mobile and
Argos) to harvest
tens of thousands
of customers' email
addresses,
passwords and
financial data to be
sold on the dark
web.
Guilty pleas.
Sentenced to 10
years eight months
in jail.
R v Kane
Gamble
Leicester
Crown Court
06/10/2017
Central
Criminal Court
20/04/2018
Computer
Misuse Act
1990 s1
Unauthorised
access, s2
Unauthorised
access with
intent to
commit further
offence, s3
Unauthorised
acts with intent
to impair
15 year-old
Leicester male
founder of Crackas
With Attitude
(CWA) used Social
engineering to
target email
accounts of US
government chiefs
including John
Brennan (CIA),
James Clapper and
Mark Giuliano (FBI)
and their families.
Guilty plea to eight
s1 and two s3
offences.
Sentenced to two
years in youth
detention. Order
for seizure of his
computers.
BBC
BBC
Telegraph
Guardian
Leicester
Mercury
R v Michelle
Denne
Birmingham
Magistrates
Court
24/04/2018
Computer
Misuse Act
1990 s1
Unauthorised
access; Data
Protection Act
PC Denne, 44,
accessed
Staffordshire Police
computer systems
to obtain
information on her
partner's ex-wife
and children, and
her neighbours.
Guilty plea to six
CMA counts.
Sentenced to a six
month community
service order, ten
days of community
rehabilitation work.
Ordered to pay
£185 court costs
and £85 victim
surcharge.
BBC DailyMail
R v Andrew
Howe
Newcastle
Crown Court
05/04/2018
Computer
Misuse Act
1990 s1
PC Howe accessed
Northumbria Police
computer systems
Newcastle
Chronicle
13. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 13/50
Unauthorised
access
to obtain
information to pass
on to a female
publican with who
he was having an
“inappropriate
relationship”.
Guilty pleas.
Sentenced to four
months prison
suspended for 12
months and
ordered to pay
£1,460 costs.
R v Adam
Mudd
Central
Criminal Court
25/04/2017,
27/03/2018
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair
Teenager Mudd
wrote Titanium
Stresser DDoS
malware and used
it for 595 DDoS
attacks against
181 IP addresses.
Received Rental
Income of some
£386,000 from
112,000 registered
users.
Guilty plea.
Sentenced to two
years in a young
offenders institute.
Ordered (27 March
2018) to pay back
£70k within three
months or face
further two years
detention.
The Register BBC
BBC
Guardian
R v Craig
Steinberg
Newcastle
Crown Court
05/03/2018
Computer
Misuse Act
1990 s1
Unauthorised
access
31 year-old Bar
manager hacked
into 272 Apple
iCloud accounts to
grab private,
sexual photographs
that he posted on
his websites and
charged members
to access.
Steinberg used
software and
guesswork to gain
access to
photographs of
Apple iCloud
customers' most
intimate moments.
Guilty plea. Jailed
for 34 months.
Newcastle
Chronicle
Sunderland
Echo
R v Gavin
Paul Prince
Mold Crown
Court
28/02/2018
Computer
Misuse Act
1990
37 year-old IT
expert launched
revenge cyber
attack on previous
employer company
LetsXL of Colwyn
Daily Post
Daily Post
14. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 14/50
Bay in April 2017.
Over a four day
period he changed
the passwords and
accessed
mailboxes of five
company
employees.
Guilty plea to five
CMA offences.
Sentenced to 10
months in prison.
R v Goncalo
Esteves
Blackfriars
Crown Court
16/02/2018
Computer
Misuse Act
1990; Proceeds
of Crime Act
Esteves (aka
KillaMuvz) ran the
reFUD.me website
which charged
hackers for testing
whether their
malware would
evade Anti Virus
and Malware
scanners from
2011 to 2015.
Sentenced to two
years in jail.
National Crime
Agency (NCA)
Info
Security
The Register
R v Alex
Bessell
Birmingham
Crown Court
18/01/2018
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair;
money
laundering
Bessell, 21,
created malware
sold on the dark
web that allowed
others to conduct
Distributed Denial
of Service (DDoS)
attacks. Had
remote control of
over 9,083 bots.
Guilty plea.
Sentenced to two
years
imprisonment and
given a Serious
Crime Prevention
Order.
BBC West
Midlands
Police
R v Abiola
Ajibade
City of London
Magistrates'
Court
17/01/2018
Computer
Misuse Act
1990 s1
Unauthorised
access
Ex Santander
branch manager
gave boyfriend
customer
information used
for fraudulent
transactions worth
£15k.
Guilty plea.
Sentence not
known.
The Register ITWiser
R v Jack
Chappell
Manchester
Minshull Street
Crown Court
20/12/2017
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair;
money
laundering.
Chappell, 19,
launched 2,000
Distributed Denial
of Service (DDoS)
attacks including
on Amazon,
NatWest and
Netflix.
The Register Manchester
Evening
News
15. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 15/50
Guilty plea.
Sentenced to 16
months in youth
custody,
suspended for two
years, and ordered
to undertake 20
days rehabilitation.
R v Karen
Enabofio
Manchester
Magistrates
Court
30/11/2017
Computer
Misuse Act
1990 s1
Unauthorised
access
43 year-old Private
Hospital financial
administrator
accessed
colleagues' payroll
data to find out
their salaries.
Guilty plea.
Sentenced to
twelve weeks
imprisonment
suspended for one
year and ordered
to complete ten
days of
rehabilitation.
Manchester
Evening News
Daily Mail
R v Nigel
Mungur
Chester Crown
Court
06/10/2017
Computer
Misuse Act
1990 s1
Unauthorised
access;
Misconduct in a
public office;
Money
laundering
Police Constable
accessed
Lancashire
Constabulary
systems 21,802
times over 7 years
to obtain personal
details of car crash
victims to sell on
to ambulance
chasing claims
firms. Proceeds
totalled £363,000.
Guilty plea.
Sentenced to five
years in prison.
BBC Liverpool
Echo
CPS
R v Pardeep
Parmar
Westminster
Magistrates
Court
04/10/2017
Computer
Misuse Act
1990 s1
Unauthorised
access; Theft
Ex-Harrods IT
worker asked
computer repair
shop to help him
retrieve personal
files (including his
National Insurance
number) on his
company-issued
laptop.
Guilty plea to CMA
s1 charge. Fined
£135 for the CMA
s1 offence, ordered
to pay £85 costs
and £30 victim
surcharge
The Register The Register
R v Grant
McCabe
Liverpool
Crown Court
27/09/2017
Computer
Misuse Act
1990 s1
Unauthorised
Merseyside PC
accessed police
intelligence
systems to snoop
on two girlfriends
Liverpool Echo
16. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 16/50
access; Data
Protection Act
and their previous
partners
Guilty plea.
Sentenced to nine
months in jail
suspended for two
years, 200 hours of
unpaid work, six
month curfew 7pm
and 7am
(monitored by a
tag) and 20
rehabilitation
activity days.
R v Alexander
Akinyele
Preston Crown
Court
12/09/2017
Computer
Misuse Act
1990 s1
Unauthorised
access; Fraud;
Possession of
False ID
ID Theft. 37 year-
old found in
possession of 500
BT and 500 Sky
usernames and
passwords. NCA
investigation.
Guilty plea.
Sentenced to two
years 4 months in
prison.
NW Evening Mail Yorkshire
Post
R v Jason
Polyik
Derby Crown
Court
17/08/2017
Computer
Misuse Act
1990 s1
Unauthorised
access
Hacker accessed
two websites
including Sports
Direct and shut it
down for half an
hour.
Sentenced to 10
months in prison
suspended for a
year
Nottingham Post ITV News
R v Sean
Caffrey
Birmingham
Crown Court 16
June 2017
Computer
Misuse Act
1990 s1
Unauthorised
access
25 year-old
accessed a US
military satellite
communications
system in June
2014 and stole 800
users' usernames,
ranks and email
addresses and
details of about
30,000 satellite
phones. US
Department of
Defense (DoD)
estimated cost to
fix the damage at
about $628,000 (c.
£450,000).
Guilty plea.
Sentenced to 18
months in prison,
suspended for 18
months.
The Register BBC CPS
R v Daniel
Devereux
Norwich Crown
Court 16 June
2017
Computer
Misuse Act
1990 s1
Devereux aka "His
Royal Gingerness"
hacked into the
BBC Norfolk
Police
17. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 17/50
Unauthorised
access
websites of
Norwich airport
and the Norfolk
and Norwich
hospital in 2015.
The airport's
website was down
for three days and
said the breach
cost £40,000 to
fix.
Guilty plea.
Sentenced to 32
weeks in prison,
issued with a
Criminal behaviour
Order (CBO)
preventing him
from owning an
internet enabled
device unless he
follows a set of
strict rules for five
years and ordered
to pay £150 as a
victim surcharge
R v
Christopher
Hutcheson
(Snr), Chris
Hutcheson
(Jnr) and
Adam
Hutcheson
Central
Criminal Court
7 June 2017
Computer
Misuse Act
1990 s1
Unauthorised
access
Restaurateur
Gordon Ramsay
family feud. After a
series of toxic civil
disputes, father-in-
law Christopher
Hutcheson (Snr)
and his two sons
used key logger to
capture passwords
and hacked into
Gordon Ramsay
Holdings Ltd
systems to access
email accounts of
employees,
financial data and
details of
intellectual
property (IP)
rights.
Guilty pleas.
Hutcheson (Snr)
sentnced to six
months
imprisonment;
Chris Hutcheson
(Jnr) and Adam
Hutcheson given
four-month prison
sentences,
suspended for two
years
Guardian Daily Mail
R v Paul
Dixon
Newcastle
Crown Court 3
April 2017
Computer
Misuse Act
1990 s3
Unauthorised
South Shields man
mounted DoS
attacks against
CeX, Durham
Constabulary,
BBC
18. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 18/50
acts with intent
to impair
Police Scotland and
British Airways
websites in
October 2014.
British Airways site
down for an hour
at an estimated
cost of £100,000.
Guilty plea.
Sentence not
known.
R v Thomas
Fendall
Liverpool
Crown Court
17/03/2017
Unauthorised
access;
Misconduct in
Public Office;
Perverting the
course of
justice
PCSO with a
personal grievance
accessed restricted
material on the
GMP police
intelligence
computer system
to try to frame an
innocent man for
attempted murder
Guilty plea.
Sentenced to
ninteen months
imprisonment
BBC Manchester
Evening
News
R v Shaun
Turner
Peterborough
Crown Court 30
January 2017
Computer
Misuse Act
1990 s2
Unauthorised
access with
intent to
commit further
offence, s3
Unauthorised
acts with intent
to impair, s3A
Making,
supplying or
obtaining
articles;
Possession of
indecent
images of a
child;
Voyeurism
29-year-old man
spied on female
victims using their
personal webcams
and used RAT
malware to
download intimate
and personal files
held on their
computers.
Refused to provide
key to two
encrypted hard
drives.
Guilty plea.
Sentenced to three
years
imprisonment
(including 10
months
consecutive for
Failure to comply
with RIPA section
49 notice to
provide encryption
key).
Cambridge News
R v Paul
Andre
Newcastle
Magistrates
Court 23
January 2017
Computer
Misuse Act
1990 s1
Unauthorised
access
43 year old Crime
prevention officer
at Northumbria
Police used force IT
system to find out
about an incident
involving tenants
at his flat without
authorisation.
Guilty plea. 12-
month conditional
The Chronicle
19. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 19/50
discharge, ordered
to pay £85 costs
and a £30 victim
surcharge.
R v Daniel
Kelley
Central
Criminal Court
13 December
2016
Central
Criminal Court
10 June 2019
Computer
Misuse Act
1990 s1
Unauthorised
access s3
Unauthorised
acts with intent
to impair;
Blackmail;
Money
laundering
19 year old man
involved in 2015
attack on ISP
TalkTalk when
more than 150,00
customers' data
was stolen and
demanded a
payment of 465
bitcoins.
DDoS attack on
Coleg Sir Gar
website where he
was a student.
Guilty pleas to 11
charges.
Sentenced to four
years' detention in
a young offenders
institution
BBC Independent BBC Wales
R v Leon
Street
Chelmsford
Crown Court 30
November
2016
Computer
Misuse Act;
Fraud; Money
laundering
Essex man
harvested 2,133
passwords and
usernames found
in his possession in
order to commit
online fraud. Also
supplied "stressor"
and "booter" tools
to allow others to
carry out
Distributed Denial
of Service (DDoS)
attacks. ERSOU
Cyber Crime Unit
investigation.
Guilty plea.
Sentenced to
prison for 18
months suspended
for two years, to
200 hours
community service,
and ordered to
attend a
rehabilitation
course and to pay
back the profits of
his crime
(£8,829.32).
ERSOU
R v Paul
Whitehead
Cambridge
Crown Court
17/10/2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Police officer
misused
Bedfordshire Police
systems to locate
his victim (a
cleaner at Luton
Police Station) and
Bedfordshire
News
Police
Professional
20. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 20/50
defraud him out of
his inheritance.
Guilty plea.
Sentenced to five
years, seven
months
imprisonment
R v Paul
Streeter, Paul
John Cox,
Alistair
Barnard,
Steve Davies,
Jon
Townsend
Oxford Crown
Court, 30 Sep
2016
Computer
Misuse Act
1990 s1
Unauthorised
access
"The Quadsys Five"
hacked into a
business rival IT
security reseller's
computer system
to access customer
and pricing data.
Guilty pleas.
Directors Barnard,
Cox and Streeter
sentenced to 10
months
imprisonment,
suspended for two
years, three month
curfew, 150 hours
of unpaid work and
victim surcharge of
£100; Manager
Steve Davies
sentenced to nine
months
imprisonment,
suspended for two
years, 150 hours of
unpaid work, and
victim surcharge of
£100; IT Security
Consultant Jon
Townsend a 12-
month community
order, 275 hours of
unpaid work, three
month curfew and
victim surcharge of
£60.
The Register Oxford Mail
R v Paul
Potter
Southwark
Crown Court
26th
September
2016
Computer
Misuse Act
1990, Data
Protection Act
Met police
community support
officer (PCSO)
Potter used Met
police computer
system in a dispute
over a dodgy
second-hand car
he had bought.
Mr Potter
acquitted.
Barrhead News
R v Nazariy
Markuta
Southwark
Crown Court 22
September
2016
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair
Founder member
of international
cyber crime
network D33Ds
used SQL injection
attacks to obtain
300k usernames
and passwords
National Crime
Agency
The Register
21. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 21/50
from Yahoo and
offered them for
sale. Also attacked
a website selling
computer game
codes that were
obtained for resale.
Investigation by
the National Crime
Agency.
Jailed for two years
after guilty pleas to
three offences
under CMA 1990
s3 and fraud.
R v Adam
Penny
Kingston Crown
Court 12
September
2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Unemployed
hacker accessed a
gold bullion firm
website to obtain
names, addresses
and tracking
numbers of
customers to
enable associates
to intercept the
gold deliveries.
Pleaded guilty to
conspiracy to steal,
unauthorised
access to a
computer and
blackmail and
sentenced to five
years and four
months in jail.
Standard The Register
R v Neil
Hempsell
Teesside Crown
Court 5
September
2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Police officer
trawled police
computers to
contact sex
workers, track
down a former
lover and make
195 checks on a
Gateshead
gangster who he
had fallen out with
following a
Christmas day
brawl.
Sentenced to 255
hours unpaid work
and ordered to pay
costs.
Northern Echo
R v David
Buchanan
Guildford
Magistrates'
Court 2 August
2016
Computer
Misuse Act
1990 s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
Bored 17 year-old
developed scripts
to help harvest
Mumsnet
usernames and
passwords and
hacked into his
school intranet.
BBC News ITPro SC Magazine
22. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 22/50
Sentenced to a 12-
month community
order and 200
hours of unpaid
community work.
R v Kyoji
Mochizuki
Lewes Crown
Court 19
August 2016
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair
Man aka Tariq
Elmughrabi
bombarded Sussex
Police's contact
centre with 3,000
emails in six hours.
Pleaded guilty and
sentenced to ten
months jail,
suspended for 18
months.
Sussex Police
R v G Plymouth Youth
Court 20 July
2016
Computer
Misuse Act
1990 s3
Unauthorised
acts with intent
to impair
14-year old
Plymouth boy
launched DDoS
attacks against
animal rights
target websites
and Devon and
Cornwall Police and
tweeted bomb
hoaxes to
American Airlines
and Delta Air
Lines.
Three offences
under Computer
Misuse Act Section
3 (the DDoS
attacks) admitted.
Convicted of two
offences under
Section 51 of the
Criminal Law Act
(the bomb
hoaxes). District
Judge Diana Baker
had considered 12
month jail but
sentenced him to a
two year Youth
Rehabilitation
Order and ordered
his laptop to be
destroyed.
Expert evidence for
the convicted
Defendant. Agreed
Joint Experts
Report.
BBC News The Register
R v Matthew
Oaten
Winchester
Crown Court 13
June 2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Thames Valley
police officer
accessed
information on
police computer
system without
authorisation.
Oxford Mail BBC News
23. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 23/50
Sentenced to 150
hours community
service and £1,000
costs
R v Helen
Logins
Nottingham
Crown Court 29
April 2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Nottingham City
Council manager
used council
computer systems
to search
confidential
records and case
files.
Sentenced to
twelve months in
prison, suspended
for 18 months and
250 hours
community service
BBC News Mirror
R v John
Sabatina
Preston
Magistrates
Court 10 March
2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Merseyside police
officer accessed
information on
police computer
system over eight
years without
authorisation.
Sentenced to two
months in prison,
suspended for 12
months.
Liverpool Echo
R v Matt
Swash
Cambridge
Crown Court 17
February 2016
Computer
Misuse Act
1990 s1
Unauthorised
access
Cambridgeshire
police officer
accessed
information on a
police computer
system without
authorisation.
Sentenced to two
months in prison,
suspended for 12
months.
BBC News
R v Ian
Sullivan
Liverpool
Crown Court 13
November
2015
Computer
Misuse Act
1990
51-year old father
of six launched
DDoS attacks
against over 300
websites after his
five children were
taken into social
care.
Guilty plea to 21
offences.
Sentenced to eight
and a half months
in prison.
Daily Mail The Register
R v Sundar
Banerjee
Central
Criminal Court
30 October
2015
Computer
Misuse Act
1990 s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
Former Met Police
detective used MPS
computer systems
for 230 searches
between 2009 and
2013 for private
use.
The Royal
Borough Observer
24. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 24/50
Sentenced to nine
months in prison.
R v Charlton
Floate
Birmingham
Crown Court 19
October 2015
Computer
Misuse Act
1990
Teenager launched
global distributed
denial-of-service
(DDoS) attacks
against UK Home
Office and FBI
websites.
Guilty plea to the
DDoS attacks and
two counts of
possessing 111
prohibited images.
Eight month
sentence
suspended for 18
months, an order
restricting his
access to the
internet and
computer activity
and an order to
complete 250
hours unpaid of
work.
Solihull Observer CPS
R v Stefan
Rigo
Leeds
Magistrates
Court 7
October 2015
Computer
Misuse Act
1990
Webcam voyeur
used Blackshades
Remote Access
Trojan (RAT)
malware to spy on
people through
their webcams.
Sentenced to a 40
week suspended
sentence, seven
years on the sex
offenders register,
200 hours of
unpaid work and
the forfeiture of all
his computer
equipment.
Action Fraud Naked
Security
R v Richard
Neale
Guildford
Crown Court 24
August 2015
Computer
Misuse Act
1990, s3
Unauthorised
acts with intent
to impair
Revenge attacks by
ex-Director on
former network
security company
Esselar and its
client Aviva over
five months. 900
Aviva employees'
phones hacked;
Expenses claims
rejected. Esselar
Twitter account
defaced. Esselar
lost Aviva contract.
Aviva recovered
from attack within
24 hours.
Pleaded guilty to
four counts of
BBC Daily Mail
25. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 25/50
unauthorised or
reckless acts with
intent to impair
computer
operation. Actions
had "damaged
confidence and
reputations in a
way that can be
far-reaching and
serious".
Sentenced to 18
months.
R v Andrew
Skelton
Bradford Crown
Court 17 July
2015
Computer
Misuse Act
1990, s2
Unauthorised
access with
intent
Senior Internal
Auditor at
Morrisons
supermarket
accessed and
uploaded
confidential
personal data
(including
employees' names,
addresses, NI and
bank details) of
nearly 100,000
employees to
newspaper and
data sharing
websites.
Found guilty of
fraud by abuse of
position of trust,
securing
unauthorised
access to computer
material and
disclosing personal
data. Data breach
cost the company
more than £2m to
rectify. Sentenced
to eight years.
CPS BBC
R v Seth
Nolan-
Mcdonagh
Southwark
Crown Court 10
July 2015
Computer
Misuse Act
1990, s2
Unauthorised
access with
intent
Teenager using the
nickname Narko
launched a series
of crippling global
distributed denial-
of-service (DDoS)
attacks against
internet exchanges
and services
including
Spamhaus.
Guilty plea to two
counts of an
unauthorised act
with intent to
impair computer
operation.
Sentenced to 240
hours of
community service.
BBC The Register
26. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 26/50
R v Lee Rees Cardiff Crown
Court
26/06/2015
Computer
Misuse Act
1990, s1
Unauthorised
access;
Blackmail;
Indecent
images of
children
Self-styled
paedophile hunter
posed as underage
girls in chatrooms
to entice men to
send indecent
images of
themselves that he
exchanged for
other indecent
images that
concealed malware
to obtain their
personal details for
blackmail. £40,000
proceeds. Guilty
pleas. Sentenced
to nine years in
prison
Sentencing
Remarks
ITV News Mirror
R v Zoe
Gregory
Norwich Crown
Court 4 June
2015
Computer
Misuse Act
1990, s1
Unauthorised
access
Teaching Assistant
hacked into the
school email
system at
Ormiston Victory
Academy and used
pupil's account to
send email "There
will be a bomb in
school Monday".
Guilty plea to one
count of
communicating
false information
and one count of
unauthorised
computer access.
Sentenced to 15
months
imprisonment for
both offences.
Norfolk
Constabulary
BBC
R v Rupert
King
June 2015 Computer
Misuse Act
1990
On over 40
occasions over four
months in 2011
ex-employee
hacked the
computer systems
of business
competitor Rouncy
Media Ltd,
publisher of Coach
& Bus Week
magazine, for sales
and email data.
Four year
investigation by
Cambridgeshire
Police.
Convicted, fined
and given a
community service
order of 180 hours.
Coach & Bus
Week
R v Imran
Uddin
Birmingham
Crown Court 24
Computer
Misuse Act
Adult student at
University of
Independent Telegraph Mail
27. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 27/50
April 2015 1990, s2
Unauthorised
access with
intent
Birmingham
installed four
keyboard spying
devices to steal
staff passwords
used to obtain
access to his
examination
results and
improve grades.
Guilty plea to six
CMA charges -
unauthorised
access to computer
material, intent to
commit further
offences and
impairing the
operation of a
computer. Four-
month prison
sentence.
R v Mark
Johnson
Birmingham
Crown Court 7
November
2014
Computer
Misuse Act
1990, s3
Unauthorised
acts with intent
to impair
44 year old Casino
croupier and
supporter of
Anonymous
published DDoS
cyber attack links
to UK Home Office
and Home
Secretary Theresa
May websites on
Twitter.
Charged with
encouraging or
assisting an
offence. Found
Guilty.
BBC CPS
R v Anthony
Elliott
Leeds Crown
Court 9
September
2014
Computer
Misuse Act
1990
Disgruntled ex-
employee used
access credentials
to disable 120 of
former employer's
time-lapse
cameras at
construction sites
around the world.
Unauthorised acts
with intent to
impair operation of
a computer. Cost
to restore the
service, by sending
an engineer to
each location, was
estimated at
around £50,000.
Jailed for 10
months.
Huddersfield
Examiner
R v Andrew
Meldrum
Woolwich
Crown Court 30
May 2014
Computer
Misuse Act
1990, s2
Cyber-stalking
Peeping Tom
installed
ITV News Naked
Security
28. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 28/50
Unauthorised
access with
intent;
Voyeurism
iCamSource
software to spy on
three young
women in their
bedrooms.
Guilty plea to three
counts of
unauthorised
access to computer
material and found
guilty of two
counts of
voyeurism. 12-
month suspended
sentence. Ordered
to forfeit his
computer and pay
a contribution to
prosecution costs
of £2,100 plus a
£100 victim
surcharge.
Expert advice.
R v Piotr
Smirnow and
Patryk
Surmacki
Manchester
Crown Court 18
December
2013
Computer
Misuse Act
1990. Blackmail
Blackmailers
threatened a £30M
online casino with
DDoS denial of
service attacks.
Guilty plea. Both
sentenced to five
years and four
months in prison.
The Register The Inquirer
R v Stephen
Burrell
Northampton
Magistrates
Court 28
November
2013
Computer
Misuse Act
1990, s2
Unauthorised
access with
intent, s3
Unauthorised
acts with intent
to impair
Burrell unlawfully
accessed the
accounts of 3,872
players of online
game Runescape
with intent to steal
gaming resources
and actually
modified 105
player accounts
Guilty plea.
Sentenced on 28
November 2013 to
12 month
community order
with supervision
and 150 hours of
unpaid work, Costs
of £100 and
surcharge of £60
Daily Mail
R v Tyrone
Ellis
Central
Criminal Court
14 November
2013
Computer
Misuse Act
1990 s3A
Making,
supplying or
obtaining
articles for use
in offence under
section 1 or 3;
Fraudsters posted
fake job adverts
for Harrods on
Gumtree.
Respondents were
sent a link to an
online application
form that
downloaded
malware to capture
BBC
29. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 29/50
Conspiracy to
defraud
financial and
personal data.
National Crime
Agency (NCA)
investigation.
Malware writer Ellis
found guilty and
jailed for four and
a half years
R v Lewys
Stephen
Martin
Maidstone
Crown Court 16
May 2013
T20130081
Computer
Misuse Act
1990, s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair; s3A
Making,
supplying or
obtaining
articles for use
in offence under
section 1 or 3
NullCrew hacktivist
Lewys Martin aka
sl1nk launched
Denial of Service
(DOS) attacks on
the websites of
Kent Police (site
temporarily
unavailable to the
public) and
universities of
Oxford and
Cambridge; both
universities
estimated that
around two man
weeks were spent
dealing with the
attacks.
Guilty plea to five
counts of
Unauthorised
modification, two
counts of
Unauthorised
access and two
counts of Making,
supplying or
obtaining articles.
Sentenced to two
years
imprisonment.
BBC News Kentonline
R v Martin Court of Appeal
(Criminal
Division) 31st
July 2013
[2013] EWCA
Crim 1420
Appeal on
sentencing.
Planning of the
attacks was
sophisticated and
they were intended
to cause harm and
did so. The
offences found to
be of the highest
level of culpability.
Custodial
sentences
measured in years
rather than months
should now be
expected.
Sentence of two
years'
imprisonment was
"amply justified".
Appeal dismissed.
Judgement
30. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 30/50
R v Ryan
Cleary, Jake
Davis, Ryan
Akroyd and
Mustafa Al-
Bassam
Southwark
Crown Court 16
May 2013
Computer
Misuse Act
1990, s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
LulzSec collective
hactivists Ryan
Ackroyd, Jake
Davis, Mustafa Al-
Bassam and Ryan
Cleary used DDoS
attacks to crash
websites of major
global institutions
including USAF,
CIA, FBI, SOCA,
Sony and Nintendo
and stole personal
data including
passwords and
credit card details
belonging to
millions of people
that was posted
online en clair.
Damages
estimated in
millions of pounds.
All four defendants
pleaded Guilty.
Ryan Cleary (aka
ViraL), 21, to six
charges and was
jailed for 32
months. Ryan
Ackroyd (aka
Kayla), 26, was
jailed for 30
months. Jake Davis
(aka Topiary), 20,
was jailed for 24
months. Mustafa
Al-Bassam (aka
tFlow), 18, was
sentenced to 20
months suspended
for two years, and
200 hours of
unpaid community
work.
Independent Guardian Wikipedia
R v Matthew
Beddoes
Kingston-upon-
Thames Crown
Court 19 Mar
2013
Computer
Misuse Act
1990, s1
Unauthorised
access
Zeus Trojan
developed by
Beddoes a.k.a
Black Dragon, 32,
used in attempted
transfers of some
750,00 carbon
credits worth
£6.5m from
accounts at the UN
in Bonn and
Spain's Carbon
Credit Registry to a
UK broker co-
defendant.
Guilty plea to six
counts of
conspiring to do
unauthorised acts,
Telegraph SOCA
31. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 31/50
with intent to
impair computer
programs, four
counts of
unauthorised
access to business
computers, three
counts of
possessing
electronic files
containing data
from 3,000 credit
cards. Sentenced
to 2 years and 9
months
imprisonment.
R v
Christopher
Weatherhead,
Ashley
Rhodes, Peter
Gibson, and
Jake Burchall
Southwark
Crown Court 24
January 2013
Computer
Misuse Act
1990, s3
Unauthorised
acts with intent
to impair;
Conspiracy
Hacking group
Anonymous
members
Christopher
Weatherhead a.k.a
"Nerdo", 22,
Ashley Rhodes, 28,
Peter Gibson, 24,
and Jake Burchall,
18 carried out
DDoS attacks in
retaliation for
withdrawal of
services to
WikiLeaks by
PayPal, Visa and
Mastercard
between August
2010 and January
2011; one online
attack was said to
have cost PayPal at
least £3.5m .
All four convicted.
Weatherhead
sentenced to 18
months in prison,
Rhodes to seven
months in prison
and Gibson to six
months prison
(suspended).
Sentencing of
Burchall
adjourned.
Guardian BBC
R v James
Marks and
James
McCormick
Leicester
Crown Court 11
Jan 2013
Computer
Misuse Act
1990, s1
Unauthorised
access
James Marks, 27,
and James
McCormick, broke
into Sony Music's
servers and
downloaded 7,900
files including
tracks recorded by
Elvis, JLS and
Beyoncé and
unreleased Michael
Jackson tracks.
Telegraph SOCA Outlaw
32. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 32/50
Guilty pleas. Both
sentenced to six
month in prison,
suspended for one
year and ordered
to do 100 hours of
unpaid community
service.
R v Matthew
Higgins
Caernarfon
Crown Court 2
November
2012
Computer
Misuse Act
1990
Revenge attack
after bullying at
school. Sixth form
pupil hacked into
his school
computer system
and accessed
personal data on a
female pupil.
Sentenced to a 12
month community
order with
supervision and
120 hours unpaid
work.
BBC
R v James
Goodwill
Luton Crown
Court 21
August 2012
Computer
Misuse Act
1990, s1
Unauthorised
access.
Misconduct in
public office
Cambridgeshire
Police officer
attracted to a
female witness
used force
computer system
to obtain her
phone number.
Guilty plea.
Sentenced to four
months
imprisonment
BBC News This is
Lincolnshire
R v Astrid
Curzon
Swindon
Magistrates
Court
17/08/2012
Computer
Misuse Act
1990, s1
Unauthorised
access
Business manager
of Royal Wootton
Bassett Academy
had recently been
made redundant
when she accessed
the school email
system using the
login and password
of another school
employee and read
private emails from
the Head.
Defendant
convicted. Fined
£200. Ordered to
pay court costs of
£675 and £15 to a
victim.
Swindon
Advertiser
R v Junaid
Hussain
Southwark
Crown Court
27/07/2012
Computer
Misuse Act
1990, s1
Unauthorised
access
18 year-old
TeamPoison hacker
Junaid Hussain aka
TriCk hacked into a
Gmail account
used by Katy Kay,
a former special
advisor to Tony
Blair and accessed
The Register Telegraph
33. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 33/50
and published
personal details of
150 contacts
including Tony Blair
and family. Also
used Skype to
swamp UK anti-
terrorism hotline
with hoax calls.
Guilty plea. Six
months youth
detention
sentence.
R v Pavel
Cyganok and
Ilja Zakrevski
Southwark
Crown Court
02/07/2012
Computer
Misuse Act
1990, s3
Unauthorised
acts with intent
to impair
SpyEye trojan used
to steal login
credentials for
online banking
accounts and then
uploaded to
servers controlled
by Cyganok and
Zakrevski. Tip-off
by Estonian Police
led Metropolitan
Police's Central E-
Crime Unit (PCEU)
to seize one of the
UK-based servers.
An estimated
1,000 computers
had been infected
with victims in the
UK, Denmark, The
Netherlands and
New Zealand.
Guilty pleas. Pavel
Cyganok was jailed
for five years. Ilja
Zakrevski for four
years.
The Register BBC News
R v Gareth
Crosskey
Southwark
Crown Court
16/05/2012
[2012] EWCA
Crim 1645;
[2013] 1
Cr.App.R.(S.)
76
Computer
Misuse Act
1990, s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
19 year-old
McDonald's
employee hacked
into the Facebook
account of Justin
Bieber's girlfriend
Selena Gomez by
posing as the
actress' step-
father/manager to
persuade Facebook
staff to change the
password to the
account. After
accessing and
copying her private
emails he
contacted celeb
magazines offering
to reveal
information about
her.
Metropolitan
Police
The Register Telegraph
34. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 34/50
Guilty plea.
Sentenced to
twelve months
imprisonment.
Sentence reduced
to eight months on
appeal.
R v James
Jeffery
Southwark
Crown Court
13/04/2012
Computer
Misuse Act
1990, s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair
Defendant
associated with
Anonymous group
used log-on details
of a system admin
to access 10,000
database records
from abortion
provider BPAS
(British Pregnancy
Advisory Service)
and post anti-
abortion messages
on its home page.
Sentenced to 2
years 8 months
imprisonment.
ZDNet UK News BBC News Guardian
R v Glenn
Mangham
Southwark
Crown Court
17/02/2012
Computer
Misuse Act
1990, s1
Unauthorised
access, s3
Unauthorised
acts with intent
to impair; s3A
Making,
supplying or
obtaining
articles for use
in offence under
section 1 or 3
Software
development
student from York
repeatedly hacked
into Facebook and
extracted internal
material in Spring
2011 using the
account of a
Facebook
employee who was
on holiday. His
targets included
Facebook Puzzle
and Mailman
servers and a
restricted area of
the Facebook
Phabricator server.
Guilty plea on two
counts. Sentenced
to 8 months
imprisonment.
Serious Crime
Prevention Order
(SCPO) made
restricting access
to the internet and
forfeiture of
computer.
ZDNet UK News BBC News
R v Glenn
Mangham
Court of Appeal
Criminal
Division
04/04/2012
[2012] EWCA
Crim 973
Appeal allowed.
Sentence reduced
to four months
imprisonment.
SCPO quashed.
Judgement
R v Oliver
Baker
Cardiff Crown
Court 2011
Computer
Misuse Act
Defendant IT
contractor sacked
South Wales Echo
35. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 35/50
[2011] EWCA
Crim 928
1990, s1
Unauthorised
access
by Welsh Assembly
(for producing fake
pay and display
parking tickets)
hacked into the
Assembly's
computer system
on twenty
occasions to read
sensitive emails.
Sentenced to four
months
imprisonment.
Sentence upheld
on appeal.
R v Zachary
Woodham
Southwark
Crown Court
13/05/2011
Computer
Misuse Act
1990, s3
Unauthorised
modification
Teenager using
alias Colonel Root
repeatedly
attacked
Punkyhosting web
hosting company
and caused it to
cease trading.
Guilty plea.
Sentenced to 12
months'
imprisonment
suspended for two
years and 240
hours unpaid work.
The Register Metropolitan
Police
R v Paul
McLoughlin
Southwark
Crown Court
13/05/2011
Computer
Misuse Act
1990, s3A
Making,
supplying or
obtaining
articles for use
in offence under
section 1 or 3
Student used
Istealer password-
stealing kit to
create Trojan that
he wrapped in
several malware
programs. Users
tricked into
downloading which
enabled Defendant
to harvest login
credentials of over
100 web users via
an FTP server.
Charged with
adapting an article
intending it to be
used to commit, or
to assist in the
commission of, an
offence under
section 1 or 3.
Guilty plea.
Sentenced to eight
months'
imprisonment
suspended for 12
months.
Believed to be the
first conviction for
new S3A offence.
The Register ZDNet UK
News
R v Gary Paul
Kelly,
Southwark
Crown Court 2
Computer
Misuse Act
Creators of
Gh0stMarket forum
Metropolitan
Police
The
Guardian
ZDNet
36. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 36/50
Nicholas
Webber, Ryan
Thomas,
Shakira
Ricardo
March 2011 1990, s3
Unauthorised
modification.
Conspiracy to
defraud.
used by thousands
to trade unlawfully
obtained
credit/debit card
details, confidential
personal
information and
malware tools.
Guilty pleas. Kelly
sentenced to five
years
imprisonment,
Webber five years,
Thomas four years
and Ricardo 18
months.
R v Ashley
Mitchell
Exeter Crown
Court
03/02/2011
Computer
Misuse Act
1990, s1
Unauthorised
access
Poker addict
hacked into
American poker
company Zynga
and stole £7m
worth of virtual
poker chips for
resale on
Facebook. Guilty
plea. Sentenced to
two years
imprisonment
(including term for
breach of previous
suspended
sentence for
hacking).
The Register The
Guardian
R v Daniel
Woo
Southwark
Crown Court
20/08/2010
[Not Known] Bulgarian
pretending to be a
student installed
key logging
software to capture
passwords and
access emails
containing personal
and financial data.
Guilty plea.
Sentenced to eight
months
imprisonment,
suspended for two
years. Two year
supervision order,
200 hours unpaid
work and £21,000
costs and
compensation
ordered.
The Register Metropolitan
Police
R v Matthew
Anderson
Southwark
Crown Court
22/10/2010
Computer
Misuse Act
1990, s3
Unauthorised
modification
Franchise manager
aka Warpigs virus
writer used
malware attached
to spam to spy on
victims using their
webcams and steal
personal
information. Guilty
plea. Sentenced to
The Register S T V
37. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 37/50
eighteen months
imprisonment.
R v Dale
Trever
Hull Crown
Court
16/09/2010
Computer
Misuse Act
1990, s1
Unauthorised
access
Primary Care Trust
data manager
accessed
confidential female
NHS patient
medical records.
Guilty plea.
Sentenced to six
months
imprisonment,
suspended for two
years.
The Register Yorkshire
Post
R v Balwinder
Basran
Cannock
Magistrates
Court
09/09/2010
Computer
Misuse Act
1990, s1
Unauthorised
access
Police officer
accessed police
computer records
for private use.
Guilty plea. Fined
£2,000.
Birmingham Mail
R v Robert
Campbell
Guildford
Crown Court
08/06/2010
Computer
Misuse Act
1990, s1
Unauthorised
access
Sexual adventurer
Police officer
accessed police
computer records
for private use.
Guilty plea. 18
month Conditional
Discharge and
ordered to pay
£1,200 costs.
The Independent
R v Susan
Holmes
Horseferry
Road
Magistrates
Court
15/02/2008
Computer
Misuse Act
1990, s1
Unauthorised
access
Falling registrations
at Nannies Inc
traced back to ex-
employee Susan
Holmes continuing
to access Nannies
Inc registrations on
AOL email account
months later.
Holmes pleaded
guilty and fined
£500.
The Register
R v Mark
Hopkins
Westminster
Magistrates
Court
09/08/2007
Computer
Misuse Act
1990, s1
Unauthorised
access
MD and Website
designer of NXGN
hacked into
competitor ME
Publishing's
Motorcycle Trader
website. Defendant
pleaded Guilty.
Five months
sentence
suspended for two
years, 100 hours
community service
and £5,000
compensation
order.
The Register
R v Scott
Gelsthorpe
and Jeremy
Young
Southwark
Crown Court
27/06/2007
Computer
Misuse Act
1990, s3
Unauthorised
Moonlighting
serving police
officers Gelsthorpe
and Young set up
private detective
BBC News The
Guardian
38. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 38/50
modification -
Conspiracy
agency Active
Investigation
Services aka
"Hackers are Us"
to hack into
computers for
wealthy clients.
Jeremy Young
pleaded guilty on
15 counts and was
jailed for 27
months.
R v Q Inner London
Crown Court 22
January 2007
Inner London
Crown Court 6
June 2007
Computer
Misuse Act
1990, s3
Unauthorised
modification
Employment
dispute. Systems
administrator
alleged to have
hacked in to
employer's system
to delete data in a
revenge attack
causing losses
estimated in the
hundreds of
thousands of
pounds. Case
collapsed after four
days of trial.
Re-trial.
Prosecution offer
no evidence.
Defendant
acquitted of all
charges. Expert
evidence for the
Defence in both
trials.
R v Matthew
Byrne
Southwark
Crown Court
07/11/2006
Computer
Misuse Act
1990, s3
Unauthorised
modification -
Web site
defacement
Hacker used
dictionary attacks
to crack passwords
to access and
deface members'
profiles on
loveandfriends.com
dating website.
Guilty plea.
Sentenced to eight
months
imprisonment,
suspended for two
years and two
years supervision
order.
The Register ZDNet UK
News
R v David
Lennon
Wimbledon
Youth Court
23/08/2006
Computer
Misuse Act
1990, s3
Unauthorised
modification
Teenager alleged
to have bombarded
his ex-employer's
mail server with
5,000,000 emails.
Defendant pleaded
guilty and
sentenced to a two
month curfew and
electronic tagging.
ZDNet UK News The Register
R v Daniel
Cuthbert
Horseferry
Road
Computer
Misuse Act
IT security
consultant donated
BBC News The Register ZDNet UK
News
39. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 39/50
Magistrates
Court
07/10/2005
1990, s1
Unauthorised
access
£30 to Disasters
Emergency
Committee
Tsunami appeal
website, then
checked site
security. Defendant
found guilty of
unauthorised
access "with deep
regret", convicted
and fined £400.
R v Joseph
McElroy
Southwark
Crown Court
03/02/2005
First-year
university student
sought shared
internet storage for
music, games and
warez.
Compromised site
was a US
Department of
Energy research
lab. Defendant
convicted and
sentenced to 200
hours community
service.
BBC News The
Guardian
The Register
R v Nathan
Rae
Wellingborough
Magistrates
Court
17/02/2004
Computer
Misuse Act
1990, s3
Unauthorised
modification
Ex-employe
deleted mail boxes
in attack on
mirrored IBM
AS/400 systems.
Three counts of
unauthorised
modification.
Guilty plea.
Ordered to pay
£5,000
compensation and
£87 costs.
Northamptonshire
Telegraph
R v Aaron
Caffrey
Southwark
Crown Court
17/10/2003
Computer
Misuse Act
1990, s3
Unauthorised
modification
DDoS attack that
crippled the Port of
Houston, Texas.
Attack mounted
from teenaged
Defendant's PC.
Defendant
acquitted after
Trojan Defence -
other hackers had
taken control of his
PC using a Trojan
Horse.
BBC News The
Guardian
R v Simon
Vallor
Southwark
Crown Court
21/01/2003
EWCA Crim
2288
Computer
Misuse Act
1990, s3
Unauthorised
modification
Web designer
created Gokar,
Redesi, Admirer
mass mailing
viruses that
infected 22,000
PCs worldwide.
Defendant pleaded
guilty, convicted
and sentenced to
BBC News The Register
40. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 40/50
two years jail.
Appeal against
sentence failed.
R v Delamare [2003] EWCA
Crim 424
[2003] 2 Cr
App Rep (S)
474
Computer
Misuse Act
1990, s1
Unauthorised
access
Defendant bank
official was paid
£100 to use the
bank's computer
system to obtain
account details on
two accounts.
Guilty plea, 4
months
imprisonment.
R v Victor
Lindesay
[2002] 1 Cr
App Rep (S)
370
Computer
Misuse Act
1990, s3
Unauthorised
modification
Revenge attack
following a contract
dispute. Defendant
freelance computer
consultant
accessed the
websites of three
clients of his
former employer
using passwords
he knew and
caused £9K
damage by
deleting data.
Guilty plea.
Sentenced to 9
months
imprisonment.
Upheld on appeal.
Shout99
R v Stephen
Carey
Hove Crown
Court
19/09/2002
Computer
Misuse Act
1990, s3
Unauthorised
modification
Computer engineer
deleted a
company's files in
a payment dispute.
Defendant
convicted, 18-
month prison
sentence.
IT Week News
Yarimaka v
Governor of
HM Prison
Brixton
Queens Bench
Division [2002]
EWHC 589
(Admin)
20/03/2002
Computer
Misuse Act
1990, s3
Unauthorised
modification -
Meaning of
"modification" -
Extradition -
Habeas Corpus
Attempt by
Kazakhs to
blackmail Mayor of
New York Michael
Bloomberg for the
sum of $200,000
by exposing
security flaws in
Bloombergs'
computer system.
Held that address
spoofing affected
the reliability of
information for the
purposes of s.3
Computer Misuse
Act 1990.
Applications for
writs of habeas
corpus denied.
R v Raphael
Gray
Swansea Crown
Court
06/07/2001
Computer
Misuse Act
1990
Unauthorised
Teenage hacker
aka Curador
demonstrated
security
BBC News The
Guardian
41. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 41/50
access -
Unauthorised
modification
weaknesses in e-
commerce web-
sites and accessed
23,000 credit card
records, some
posted on his web-
site. Viagra sent to
Bill Gates using his
credit card. Guilty
plea. Defendant
convicted and
sentenced to three
years probation
and medical
treatment for
obsessive mental
disorder.
R v Paul
Brogden
Exeter Crown
Court
19/04/2001
Computer
Misuse Act
1990
Owner of Sure
Computers sent
price-war rival a
virus in an e-mail
attachment.
Defendant
convicted and
sentenced to 175
hours community
service, hardware
confiscated.
Sophos article
R v Paul
Maxwell King
Court of Appeal
(Criminal
Division)
24/11/2000
The Times 2
January 2001
Computer
Misuse Act
1990, s3
Unauthorised
modification -
Incitement to
others
Small-scale sale of
hardware chips
designed to access
cable TV channels
without
authorisation or
payment.
Defendant pleaded
guilty and
sentenced to four
months
imprisonment by
Doncaster Crown
Court.
Appeal against
sentence. Held -
Appropriate
sentences for
small-scale
offences were a
substantial fine or
a period of
community service.
Appeal allowed.
The Times Report Swarbrick
Comment
Appeal
Judgement
R v William
Culbert
Southwark
Crown Court
Computer
Misuse Act
1990, ss1, 2, 3
Unauthorised
access -
Unauthorised
modification
Associated
Newspapers print
technician with
superuser status
offered Express
Newspapers to
destroy his
employer's
computerised print
centres for GBP
600,000 Defendant
BBC News
42. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 42/50
pleaded guilty and
convicted.
Sentenced to 18
months
imprisonment.
Morgans v
Director of
Public
Prosecutions
House of Lords
17/02/2000
[2000] 2 WLR
386 The Times
29 December
1998; [1999] 1
WLR 968;
[1999] Masons
CLR 102
Computer
Misuse Act
1990, s 1(1)
Unauthorised
access -
Admissibility -
Unlawful
interception -
Time limit on
prosecution
Computer
Misuse Act
1990 s 11(2)
Hacking for
purposes of
making free
overseas telephone
calls. Printouts
from BT Monolog
telephone call
logger. Held - time
runs from when
Prosecutor has
knowledge of the
relevant evidence
under Computer
Misuse Act 1990 s
11 (2). Appeal
allowed in respect
of five CMA 1990
charges,
convictions
quashed.
Judgement
R v Michelle
Begley
Coventry
Magistrates
Court
Computer
Misuse Act
1990, s1
Unauthorised
access -
Harassment -
Misuse of police
national
computer
WPC used police
national computer
to access electoral
rolls and car
registration records
in attempts to
track down woman
who had an affair
with her boyfriend.
Defendant
convicted.
Sentence of three
months
imprisonment.
R v Bow
Street
Magistrates
Court and
Allison ex
parte
Government
of USA
House of Lords
05/08/1999
The Times 7
September
1999; [1999] 4
All E R 1;
[1999] 3 WLR
620; [1999]
Masons CLR
380 [1998] 3
WLR 1156;
[1998] Masons
CLR 234; The
Times 2 June
1998. [1999]
C&L Oct/Nov,
21
Computer
Misuse Act
1990, ss1, 2,
15, 17(5)
Unauthorised
access -
Authority -
Meaning of
"control access"
in s 17(5) -
Extradition -
Conspiracy
Authorised US
American Express
credit analyst
gained access to
unauthorised credit
card accounts and
PINs. Accomplice
Allison used forged
Amex cards in
London in ATM US$
1M fraud. Held -
unauthorised
access applies to
the use of a
computer to obtain
unauthorised
access to data.
"Hacking" held to
refer to all forms of
unauthorised
access whether by
insiders or
outsiders.
Comments of
House of Lords in R
v Bignell on
Judgement
43. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 43/50
meaning of
"control access" in
Computer Misuse
Act 1990 s.17 (5)
distinguished.
Habeas corpus
denied.
R v Ian Morris
and Richard
Airlie
Cardiff Crown
Court
Computer
Misuse Act
1990
Unauthorised
access -
Unauthorised
modification -
Website
defacement
Disgruntled IT
supplier hacked
estate agency
website and
replaced pictures
of houses with
pornography.
Defendants
convicted. £1250
fine and 100 hours
community service
(first web
defacement
conviction).
R v Matthew
Bevan
Bow Street
Magistrates
Court
21/11/1997
Computer
Misuse Act
1990, s3
Unauthorised
access -
Unauthorised
modification -
Conspiracy
Defendant teenage
hacker aka Kuji
charged with
unauthorised
access and
unauthorised
modification of
USAF and
Lockheed web sites
(see also R v
Pryce). Alleged
cost of damage
US$ 211k. No
evidence offered
by Prosecution at
abuse of process
hearing. Defendant
acquitted.
Wikipedia Article
R v Simon
Regan, Julian
Taylor
Horseferry
Road
Magistrates
Computer
Misuse Act
1990, s1
Unauthorised
access - Theft
of information
PC service
engineer Taylor
passed personal
diaries copied from
Michael Portillo
MP's House of
Commons PC to
Regan, editor of
Scallywag
magazine.
Defendants
convicted. £250
and £750 fines.
R v
Christopher
Moody
Bristol Crown
Court 1997
Computer
Misuse Act
1990, s3
Unauthorised
modification -
Admissibility
PACE s69 -
Reliability
Ex-employee IT
specialist charged
with accessing
remote
maintenance port
of Local authority's
computerised
telephone switch.
Outgoing calls
could not be made
and all incoming
44. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 44/50
calls routed to a
single extension.
Expert evidence for
the Defendant.
Voire dire on the
reliability of files
extracted from
forensic image
copy of hard disk
of seized PC that
had been
corrupted by
previous police
investigation.
Indictment stayed.
DPP v Bignall
and Another
Queens Bench
Division [1997]
EWHC Admin
4706/06/1997
[1998] 1 Cr
App R 1;
[1997] Masons
CLR 16; [1997]
CLSR 13 No 5
352; The Times
6 June 1997
[1997] CLSR
Vol 13, No. 4,
222
Computer
Misuse Act
1990, ss1, 2,
15, 17
Unauthorised
access -
Authority -
Meaning of
"control access"
in s 17(5) -
Misuse of police
national
computer
Two Metropolitan
Police PCs caused a
police computer
operator to obtain
DVLA motor
vehicle registration
and ownership
data via the Police
National Computer
for their own
private purposes.
Held - Defendants
generally
authorised to
control access to
data; Access for an
unauthorised
purpose not an
offence.
Unauthorised
access held to
apply to external
hackers.
Defendants
acquitted.
Comment
Edward
Yearly v
Crown
Prosecution
Service
Queens Bench
Division
[1997]EWHC
Admin
30821/03/1997
Computer
Misuse Act
1990, s1
Unauthorised
access -
Admissibility
PACE s 69
Computer engineer
copied a security
file while on-site at
Marks & Spencer's
Harrow store. File
was then posted on
Gates of
Underworld BBS.
Late Defence
challenge to
admissibility under
PACE s 69. Held
that court of first
instance had and
was entitled to
exercise its
discretion to allow
the prosecution
case to be re-
opened.
R v Pryce Bow Street
Magistrates
21/03/1997
Computer
Misuse Act
1990, ss1, 3
Unauthorised
Teenage hacker
aka Datastream
Cowboy charged
with unauthorised
IT Week News Article
45. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 45/50
access -
Unauthorised
modification -
Conspiracy
access and
modification of
USAF and
Lockheed websites.
Phone-freaking to
Seattle ISP via
Bogota telephone
switch (see R v
Bevan aka Kuji).
Defendant pleaded
guilty and
convicted. £1200
fine for twelve
Unauthorised
access offences
and £250 costs
order.
R v Dyson Daventry
Magistrates
Court
Computer
Misuse Act
1990, s3
Unauthorised
modification
Commercial
dispute between
company and
software supplier.
Alleged logic
bomb/timelock
caused by batch
file that denied
access to software.
Investigation of
computer evidence
by unqualified
freelance
examiner.
Expert evidence on
the procedures
used for the
seizure and
preservation of the
computer
evidence, the
possibility of
corruption of the
computer evidence
and its reliability.
Indictment stayed.
R v Feltis Reading Crown
Court
Computer
Misuse Act
1990, s3
Unauthorised
modification
Video surveillance
of computer
operator
disconnecting
cables on IBM
AS/400 at Thorn
UK. Alleged cost of
damage £500,000.
Defendant
convicted.
Sentence of twelve
months
imprisonment.
Appeal
Judgement
R v Pile Plymouth
Crown Court
15/11/1995
Computer
Misuse Act
1990, ss 2, 3
Unauthorised
access -
Unauthorised
modification
Defendant aka The
Black Baron
authored Pathogen
and Queeg viruses.
Polymorphic
encryption engine
used to conceal
viruses within
46. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 46/50
innocuous
programs.
Defendant
convicted.
Sentence of 18
months
imprisonment (first
virus writer jailed).
R v Mahomet Middlesborough
Magistrates
Unreported
Computer
Misuse Act
1990, s1
Unauthorised
access -
Authorisation
Disclosure to
journalist by BT
Customer Services
staff of ex-
directory telephone
numbers.
Defendant
acquitted.
R v Birch Gloucester
Crown Court
Computer
Misuse Act
1990, s3
Unauthorised
modification
Stock control
barcodings
modified by
Safeway employee
in Gloucester
supermarket.
Defendant
convicted. 150
hours community
service order.
R v
Spielmann
Bow Street
Magistrates
Computer
Misuse Act
1990, ss 1, 3
Unauthorised
access -
Unauthorised
modification
Ex-employee of
Bloomberg
financial news
agency used
another
employee's
authorised account
to delete and
modify emails and
to send obscene
messages to
subscribers.
Defendant
convicted.
Sentence of 12
months conditional
discharge. Costs
order of £160.
R v Rymer Liverpool
Crown Court
Computer
Misuse Act
1990, s3
Unauthorised
modification
Defendant male
nurse obtained
doctor's password
by shoulder-surfing
and used that user
account to modify
Hospital patient
prescription and
treatment records.
Defendant pleaded
guilty to two
charges of
unauthorised
modification and
convicted.
Sentence of 12
months in prison.
R v Malcolm
Farquharson
Croydon
Magistrates
Court
Computer
Misuse Act
1990, ss 1, 2
Mobile phone
cloning. Accused
instructed (i.e.
47. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 47/50
09/12/1993
Computer
Weekly 13
January 1994
Unauthorised
access -
Authorisation
without personally
accessing a
computer) an
accomplice to
access records by
telephone (see R v
Pearce). Held - use
of telephone to
instruct accomplice
to access records
by telephone made
defendant a party
to hacking by
accomplice (see R
v Pearce).
Defendant found
guilty of three
counts of
unauthorised
access and
convicted.
Sentenced to six
months
imprisonment.
R v Emma
Pearce
Croydon
Magistrates
09/12/1993
Computer
Weekly 13
January 1994
Computer
Misuse Act
1990, s1
Unauthorised
access -
Authorisation
Mobile phone
cloning. Accused
instructed by
Farquharson to
access telephone
records (see R v
Farquharson).
Defendant
convicted. £300
fine.
R v Alfred
Whittaker
Scunthorpe
Magistrates
Court
Computer
Misuse Act
1990, s3
Unauthorised
modification
Software developer
AAS Management
Systems installed
bespoke software
with covert
timelock for
Protech
Formulations Ltd.
Timelock activated
and denied access
to software after
dispute arose over
unpaid fees. Held -
installing and
activating a covert
software time-lock
is an Unauthorised
modification.
Defendant
convicted.
Conditional
discharge. Decision
widely reported as
"time-locks are
illegal".
R v Vatsal
Patel
Aylesbury
Crown Court
02/07/1993
[1993] C&L Vol
5 Issue 1 April
1994
Computer
Misuse Act
1990, s3
Unauthorised
modification -
Contract
programmer
alleged to have
deleted software
development files
to prolong his
Case Report
48. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 48/50
Computing 15
July 1993
Admissibility -
PACE s 69
contract.
"Wrecking
programs" ran
automatically in
background to
delete software
development
team's work. Held
- evidence of file
directory entries
was admissible,
and that doubts on
its reliability go to
weight of evidence.
Defendant
acquitted (first
Computer Misuse
Act 1990, s 3
acquittal after
trial).
R v
Strickland, R
v Woods
Southwark
Crown Court
21/05/1993
Computer
Misuse Act
1990, ss 1, 3
Unauthorised
access -
Unauthorised
modification -
Conspiracy
Hacking by Eight
Legged Groove
Machine 8LGM
gang - JANET Joint
Academic Network,
NAA, BT, Financial
Times, European
Commission sites
hacked by 8LGM.
Alleged damage of
£120,000.
Defendants
pleaded guilty and
convicted.
Sentence of 6
months
imprisonment (first
CMA jail
sentences).
Hacking described
as "intellectual
joyriding" and "not
harmless".
R v Paul
Bedworth
Southwark
Crown Court
Computer
Misuse Act
1990, ss 1, 3
Unauthorised
access -
Unauthorised
modification -
Conspiracy
Hacking by Eight
Legged Groove
Machine 8LGM
gang - JANET, BT,
Financial Times,
European
Commission sites.
Alleged damage of
£120,000. Expert
psychiatric
evidence of
obsessive addiction
to hacking. Held -
defendant was
"addicted to
hacking", and
lacked criminal
intent. Defendant
acquitted.
R v Elaine
Borg
[Not Known] Computer
Misuse Act
1990, s2
Computer operator
at Henderson
Financial
49. 25/02/2021 Computer Evidence - Computer Misuse Act 1990 cases
https://www.computerevidence.co.uk/Cases/CMA.htm 49/50
Unauthorised
access with
intent to
commit further
offence
Investment
Services accused
of hacking into the
company's
computer system
with intent to
defraud her
employer of one
million pounds.
Defendant
acquitted on
Computer Misuse
Act 1990, s 2
charge
R v Gareth
Hardy
Old Bailey Computer
Misuse Act
1990, s3
Unauthorised
modification -
Denial of access
Encryption package
installed by
defendant
computer manager.
Time-lock (data no
longer decrypted)
activated one
month after end of
defendant's
employment.
Defendant pleaded
guilty and
convicted. £3000
compensation
order and 140 hrs
community service
order.
R v Trollope Worcester
Crown Court
Computer
Misuse Act
1990, s 3; Theft
Act 1968
Unauthorised
modification -
Theft of client
list -
Confidential
information
Ex-employee stole
1,700 customer
records on backup
tape before setting
up competitive PC
networking
company. Alleged
denial of access to
original customer
records by virus.
Defendant
convicted of theft
and acquitted of
unauthorised
modification virus
charge. Conditional
discharge and £15
compensation
order.
Attorney-
General's
Reference
(No.1 of
1991)
Court of Appeal
16/06/1992
[1992] 3 WLR
432, [1992] 3
All ER 897,
[1992] CL&P
Vol 8, No 4 95
Computer
Misuse Act
1990, s1
Unauthorised
access -
Meaning of "any
computer"
Cropp Appeal -
appeal against
acquittal of ex-
employee alleged
to have obtained
70% discount to
which he was not
entitled using POS
till. Held - meaning
of "any computer"
was not "any other
computer".
R v Richard
Goulden
Southwark
Crown Court
Computer
Misuse Act
Software
contractor in