A cyber scene of crime – in everybody’s home

1 November 2016 by

cybercrime-100534917-primary-idgeThis blog has covered a number of claims for damages arising out of the misuse of private information. The Mirror Group phone hacking case is one example (see my post here and the appeal decision here), and the fall-out from the hapless Home Office official who put private information about asylum-seekers on the Internet, being another – (Gideon Barth’s post on TLT here). See also below for related posts.

But this post is to give a bit of context, via the wider and scarier cyber crime which is going on all around us. It threatens the livelihoods of individuals and businesses the globe over – and has given and will undoubtedly give rise to complex spin-off litigation.

So let’s just start with the other week. On 21 October 2016, it seems nearly half the Internet was hit by a massive DDoS attack affecting a company, Dyn, which provides internet services infrastructure for a host of  websites. Twitter, Reddit, Netflix, WIRED, Spotify and the New York Times were affected. DDoS, for cyber virgins, is Distributed Denial of Service, i.e. an overloading of servers via a flood of malicious requests, in this case from tens of millions of IP addresses. No firm culprits so far, but a botnet called Mirai seems to be in the frame. It is thought that non-secure items like cars, fridges and cameras connected to the Internet (the Internet of Things) may be the conscripted foot soldiers in such attacks.

And now to the sorts of cases which have hit the headlines in this country to date.

On the non-criminal side, so far, things tend to surface via the enforcement of data protection laws. After all, companies don’t like announcing to the world that they have been hacked, so regulation (rather than conventional litigation) brings out the more egregious examples.

Top of the current tree in the UK, is TalkTalk, who, on 5 October 2016,  was fined a record £400,000 for failing to implement “the most basic cyber security measures” on its website, as the Information Commissioner put it – see here. A hacker had released personal data on 156,959 customers, including, in 10% of these cases, their bank account details.  The key to the hefty fine was, unsurprisingly, the release of bank details. TalkTalk’s database software was out of date and no longer supported by the provider. The sequel: the hacker is alleged to have demanded 465 bitcoins  (worth about £216,000) after the attack: see here. He and co-defendants are before the courts at the moment.

For a list of the companies (as well as NHS Trusts and, ahem, a police force) whose collars have been metaphorically felt by the ICO, see their naming and shaming here. Note from the list that 545 new cases sit in the ICO’s inbox.

But then all this might seem like peanuts, compared to the Yahoo hack (happened in 2014, reported in September 2016(!)) affecting 500 million customers – see the helpful Telegraph graphic here giving some other big numbers in recent years, including Myspace’s 360m reported earlier this year. Not perhaps coincidental that the Yahoo hack was revealed as due diligence proceeded on Yahoo’s impending sale to Verizon.

The civil litigation which has emerged tends to be emergency injunctions obtained by the hacked to stop the hacker disclosing information – if you are lucky enough to trace the hacker in time. An example is British Pregnancy Advisory Service v. The Person Using the Alias “Pablo Escobar” here – interim disclosure order made the morning after 26,000 attempts to get into BPAS’s website. To a devoted Narcos watcher, that seems like a good alias, mixing ruthlessness and self-obsession with a squeeze of anarchism.

With some helpful links provided by William Harbage Q.C. and his specialist criminal team at 36 Bedford Row (here for their cyber work), and a full database (here) courtesy of Cambridge academic Alice Hutchings, we can see these and other cases which have hit the criminal courts.

A notorious group of “hactivists”, Ackroyd, Davis, Al-Bassam and Cleary, operated under the name of LulzSec – their motto “Laughing at your security since 2011”. For a full account of their antics, see the Wiki entry here. Their attacks involved the CIA, the FBI, Sony and Nintendo. They stole information and posted it unencrypted on filesharing sites like Pirate Bay. They also initiated DDoS attacks. But they in turn were busted, ending up before Southwark Crown Court in 2013, and were given up to 32 months imprisonment for offences under the Computer Misuse Act 1990.

Or what about Charlton Floate, from Solihull, who caused the Home Office website to crash via Malware infected computers, and did the same to a FBI crime reporting site (when a mere 16 years of age)? The latter was widely celebrated on a hackers’ forum. He also hacked into the Hillsborough Independent Inquiry Panel site. But he was not entirely sophisticated about his own security, as he was “spotted” when he used his own IP address to check how effective his mayhem had been. He received a suspended sentence from Birmingham Crown Court in 2015.

Unsurprisingly, most defendants in this field are hardly out of short trousers – contrast Sullivan, a Merseyside “father of 6”, aged 51, who ended up with 34 weeks in prison for assorted DDoS attacks. His targets included the Conservative Party, British Airways and various banks. His own fatal exception error – announcing the attacks on a Twitter account to which he could be linked.

Then there was Neale, who appeared in Guildford Crown Court in 2015, on a revenge cybercrime. He was the  ex-director of a cyber-security software company who hacked into his erstwhile company’s systems in order to undermine them. He ended up being sentenced to 18 months imprisonment.

Finally, Martin who ended with 2 years inside for repeated attacks on Oxford and Cambridge University websites (see his unsuccessful appeal against sentence here) and on individuals. A rather typical triumphalism can be found in his case, as in a lot of these cases. So he emailed Oxford –

You Just Don’t f***** learn”.


I have owned you once before (DDOS attack about six to seven months ago?) and I am going to do it again along with Cambridge. I have access to your SQL users and password database, they are encrypted as you obviously know but it won’t take long and by the time you have read this message I will have sold the two databases and what is needed to have been done will have been done.

Despite the last, Martin does not in fact appear to have been motivated by the money – his only profit from all this activity one Domino’s pizza obtained using the account details of his then employer.


Just a few stories drawn out of the mass of cases out there. Many more to come, as we must be right at the beginning of the upsurge of cases, criminal and civil. And we should not ignore public law spin-offs – see here, for a relatively recent Malware dispute involving PhonePayPlus. That is before we get to insurers who cover (or may be said by their unfortunate insureds to cover) such corporate disasters.

My thanks to William Harbage Q.C. of 36 Bedford Row and Claire McGregor of 1 Crown Office Row for their comments on earlier drafts.

Sign up to free human rights updates by email, Facebook, Twitter or RSS

Related posts


  1. daveyone1 says:

    Reblogged this on World4Justice : NOW! Lobby Forum..

  2. Ex-Conservative Voter says:

    I think the DWP, HMRC and local government benefit offices have been hacked, and are using hacked information to prosecute people who aren’t guilty too, but who would be able to prove it?

  3. Ex-Conservative Voter says:

    People who work online and claim benefits are being prosecuted as we speak for failing to declare income that isn’t theirs , when their internet providers, software suppliers and banks keep schtum about data hacks and money going through their accounts isn’t theirs, and are finding it so impossible to make head or tail of their accounts, but can’t find solicitors to help because they dont understand computer fraud. Most are being advised to plead guilty to crimes they havent committed, or cutting out the middlemen and taking overdoses while they can still make purchases online.

Comments are closed.

Welcome to the UKHRB

This blog is run by 1 Crown Office Row barristers' chambers. Subscribe for free updates here. The blog's editorial team is:
Commissioning Editor: Jonathan Metzer
Editorial Team: Rosalind English
Angus McCullough QC David Hart QC
Martin Downs
Jim Duffy

Free email updates

Enter your email address to subscribe to this blog for free and receive weekly notifications of new posts by email.




7/7 Bombings 9/11 A1P1 Aarhus Abortion Abu Qatada Abuse Access to justice adoption AI air pollution air travel ALBA Allergy Al Qaeda Amnesty International animal rights Animals anonymity Article 1 Protocol 1 Article 2 article 3 Article 4 article 5 Article 6 Article 8 Article 9 article 10 Article 11 article 13 Article 14 article 263 TFEU Artificial Intelligence Asbestos Assange assisted suicide asylum asylum seekers Australia autism badgers benefits Bill of Rights biotechnology birds directive blogging Bloody Sunday brexit Bribery British Waterways Board Catholic Church Catholicism Chagos Islanders Charter of Fundamental Rights child protection Children children's rights China christianity circumcision citizenship civil liberties campaigners civil partnerships climate change clinical negligence closed material procedure Coercion Cologne Commission on a Bill of Rights common buzzard common law communications competition confidentiality confiscation order conscientious objection consent conservation constitution contact order contempt of court Control orders Copyright coronavirus costs costs budgets Court of Protection crime criminal law Criminal Legal Aid criminal records Cybersecurity Damages data protection death penalty declaration of incompatibility defamation DEFRA Democracy village deportation deprivation of liberty derogations Detention devolution Dignitas dignity Dignity in Dying diplomacy director of public prosecutions disability Disability-related harassment disciplinary hearing disclosure Discrimination Discrimination law disease divorce DNA doctors does it matter? domestic violence Dominic Grieve don't ask don't ask don't tell don't tell Doogan and Wood double conviction DPP guidelines drones duty of care ECHR economic and social rights economic loss ECtHR Education election Employment Environment environmental information Equality Act Equality Act 2010 ethics Ethiopia EU EU Charter of Fundamental Rights EU costs EU law European Convention on Human Rights European Court of Human Rights European Court of Justice european disability forum European Sanctions Blog Eurozone euthanasia evidence Exclusion extra-jurisdictional reach of ECHR extra-territoriality extradition extradition act extradition procedures extradition review extraordinary rendition Facebook Facebook contempt facial recognition fair procedures Fair Trial faith courts fake news Family family courts family law family legal aid Family life fatal accidents act Fertility fertility treatment FGM fisheries fishing rights foreign criminals foreign office foreign policy France freedom of assembly Freedom of Association Freedom of Expression freedom of information Freedom of Information Act 2000 freedom of movement freedom of speech free speech game birds gangbo gang injunctions Garry Mann gary dobson Gary McFarlane gay discrimination Gay marriage gay rights gay soldiers Gaza Gaza conflict Gender General Dental Council General Election General Medical Council genetic discrimination genetic engineering genetic information genetics genetic testing Google government Grenfell grooming Gun Control gwyneth paltrow gypsies habitats habitats protection Halsbury's Law Exchange hammerton v uk happy new year harassment Hardeep Singh Haringey Council Harkins and Edwards Health healthcare health insurance Heathrow heist heightened scrutiny Henry VII Henry VIII herd immunity hereditary disorder High Court of Justiciary Hirst v UK HIV HJ Iran HM (Iraq) v The Secretary of state for the home department [2010] EWCA Civ 1322 Holder holkham beach holocaust homelessness Home Office Home Office v Tariq homeopathy hooding Hounslow v Powell House of Commons Housing housing benefits Howard League for Penal Reform how judges decide cases hra damages claim Hrant Dink HRLA HS2 hs2 challenge hts http://ukhumanrightsblog.com/2011/04/11/us-state-department-reports-on-uk-human-rights/ Human Fertilisation and Embryology Act Human Fertilisation and Embryology Authority human genome human rights Human Rights Act Human Rights Act 1998 human rights advocacy Human rights and the UK constitution human rights commission human rights conventions human rights damages Human Rights Day human rights decisions Human Rights Information Project human rights news Human Rights Watch human right to education human trafficking hunting Huntington's Disease HXA hyper injunctions Igor Sutyagin illegality defence immigration Immigration/Extradition Immigration Act 2014 immigration appeals immigration detention immigration judge immigration rules immunity increase of sanction India Indonesia Infrastructure Planning Committee inherent jurisdiction inherited disease Inhuman and degrading treatment injunction Inquest Inquests insult insurance insurmountable obstacles intelligence services act intercept evidence interception interests of the child interim remedies international international conflict international criminal court international humanitarian law international human rights international human rights law international law international treaty obligations internet internet service providers internment internship inuit investigation investigative duty in vitro fertilisation Iran iranian bank sanctions Iranian nuclear program Iraq Iraqi asylum seeker Iraq War Ireland irrationality islam Israel Italy iTunes IVF ivory ban jackson reforms Janowiec and Others v Russia ( Japan Jason Smith Jeet Singh Jefferies Jeremy Corbyn jeremy hunt job Jogee John Hemming John Terry joint enterprise joint tenancy Jon Guant Joseph v Spiller journalism judaism judges Judges and Juries judging Judicial activism judicial brevity judicial deference judicial review Judicial Review reform judiciary Julian Assange jurisdiction jury trial JUSTICE Justice and Security Act Justice and Security Bill Justice and Security Green Paper Justice Human Rights Awards JUSTICE Human Rights Awards 2010 just satisfaction Katyn Massacre Kay v Lambeth Kay v UK Ken Clarke Ken Pease Kerry McCarthy Kettling Kings College Klimas koran burning Labour Lady Hale lansley NHS reforms LASPO Law Commission Law Pod UK Law Society Law Society of Scotland leave to enter leave to remain legal aid legal aid cuts Legal Aid desert Legal Aid Reforms legal blogs Legal Certainty legal naughty step Legal Ombudsman legal representation legitimate expectation let as a dwelling Leveson Inquiry Levi Bellfield lewisham hospital closure lgbtq liability Libel libel reform Liberal Democrat Conference Liberty libraries closure library closures Libya licence conditions licence to shoot life insurance life sentence life support limestone pavements limitation lisbon treaty Lithuania Litigation litvinenko live exports local authorities locked in syndrome london borough of merton London Legal Walk London Probation Trust Lord Bingham Lord Bingham of Cornhill Lord Blair Lord Goldsmith lord irvine Lord Judge speech Lord Kerr Lord Lester Lord Neuberger Lord Phillips Lord Rodger Lord Sumption Lord Taylor LSC tender luftur rahman machine learning MAGA Magna Carta mail on sunday Majority Verdict Malcolm Kennedy malice Margaret Thatcher Margin of Appreciation margin of discretion Maria Gallastegui marriage material support maternity pay Matthew Woods Mattu v The University Hospitals of Coventry and Warwickshire NHS Trust [2011] EWHC 2068 (QB) Maya the Cat Mba v London Borough Of Merton McKenzie friend Media and Censorship Medical medical liability medical negligence medical qualifications medical records medicine mental capacity Mental Capacity Act Mental Capacity Act 2005 Mental Health mental health act mental health advocacy mental health awareness Mental Health Courts Mental illness merits review MGN v UK michael gove Midwives migrant crisis Milly Dowler Ministerial Code Ministry of Justice Ministry of Justice cuts misfeasance in public office modern slavery morality morocco mortuaries motherhood Motor Neurone disease Moulton Mousa MP expenses Mr Gul Mr Justice Eady MS (Palestinian Territories) (FC) (Appellant) v Secretary of State for the Home Department murder murder reform Musician's Union Muslim NADA v. SWITZERLAND - 10593/08 - HEJUD [2012] ECHR 1691 naked rambler Naomi Campbell nationality National Pro Bono Week national security Natural England nature conservation naturism Nazi negligence Neuberger neuroscience Newcastle university news News of the World new Supreme Court President NHS NHS Risk Register Nick Clegg Nicklinson Niqaab Noise Regulations 2005 Northern Ireland nuclear challenges nuisance nursing nursing home Obituary Occupy London offensive jokes Offensive Speech offensive t shirt oil spill olympics open justice oppress OPQ v BJM orchestra Osama Bin Laden Oxford University paramountcy principle parental rights parenthood parking spaces parliamentary expenses parliamentary expenses scandal Parliamentary sovereignty Parliament square parole board passive smoking pastor Terry Jones patents Pathway Students Patrick Quinn murder Pensions persecution personal data Personal Injury personality rights perversity Peter and Hazelmary Bull PF and EF v UK Phil Woolas phone hacking phone taps physical and mental disabilities physician assisted death Pinnock Piracy Plagiarism planning planning human rights planning system plebgate POCA podcast points Poland Police police investigations police liability police misconduct police powers police surveillance Policy Exchange report political judges Politics Politics/Public Order poor reporting Pope Pope's visit Pope Benedict portal possession proceedings power of attorney PoW letters to ministers pre-nup pre-nuptial Pre-trial detention predator control pregnancy press press briefing press freedom Prince Charles prince of wales princess caroline of monaco principle of subsidiarity prior restraint prison Prisoners prisoners rights prisoners voting prisoner vote prisoner votes prisoner voting prison numbers Prisons prison vote privacy privacy injunction privacy law through the front door Private life private nuisance private use proceeds of crime Professional Discipline Property proportionality prosecution Protection of Freedoms Act Protection of Freedoms Bill Protest protest camp protest rights Protocol 15 psychiatric hospitals Public/Private public access publication public authorities Public Bodies Bill public inquiries public interest public interest environmental litigation public interest immunity Public Order Public Sector Equality Duty putting the past behind quango quantum quarantine Queen's Speech queer in the 21st century R (on the application of) v Secretary of State for the Home Department & Ors [2011] EWCA Civ 895 R (on the application of) v The General Medical Council [2013] EWHC 2839 (Admin) R (on the application of EH) v Secretary of State for the Home Department [2012] EWHC 2569 (Admin) R (on the application of G) v The Governors of X School Rabone and another v Pennine Care NHS Foundation Trust [2012] UKSC 2 race relations Rachel Corrie Radmacher Raed Salah Mahajna Raed Saleh Ramsgate raptors rehabilitation Reith Lectures Religion resuscitation RightsInfo right to die right to family life right to life Right to Privacy right to swim riots Roma Romania Round Up Royals Russia saudi arabia Scotland secrecy secret justice Secret trials security services sexual offence Sikhism Smoking social media social workers South Africa south african constitution Spain special advocates spending cuts Standing starvation statelessness stem cells stop and search Strasbourg super injunctions Supreme Court Supreme Court of Canada surrogacy surveillance swine flu Syria Tax Taxi technology Terrorism terrorism act tort Torture travel treason treaty accession trial by jury TTIP Turkey Twitter UK Ukraine unfair consultation universal jurisdiction unlawful detention USA US Supreme Court vaccination vicarious liability Wales War Crimes Wars Welfare Western Sahara Whistleblowing Wikileaks wildlife wind farms WomenInLaw Worboys wrongful birth YearInReview Zimbabwe


This blog is maintained for information purposes only. It is not intended to be a source of legal advice and must not be relied upon as such. Blog posts reflect the views and opinions of their individual authors, not of chambers as a whole.

Our privacy policy can be found on our ‘subscribe’ page or by clicking here.

%d bloggers like this: