US and UK cybersecurity agencies publish a joint statement warning of a rise in Covid-related cybercrime
Cyber Crime is any criminal activity carried out using computers and/or the internet and covers much more than many realise. In essence, it falls into two broad categories:
For other frequently asked questions around cyber crime, read our cyber crime FAQs
In many cyber crime cases, there is a grey area between freedom of expression and abusive communications. In others, most notably hacking cases, there are legitimate differences in opinion as to what constitutes unlawful activity. The technical nature of some of these offences may mean that private individuals and companies may be unwittingly caught up in an investigation without realising that their actions have given rise to potential criminal liability.
Our dedicated team has the technical, legal and tactical experience to advise you at every stage of your case. Whether you are facing a criminal investigation or prosecution or have found yourself the target of such activity and need to take control of the situation, we can help.
Our cyber crime lawyers can advise on:
Cyber crime is by nature borderless and you may require advice upon mutual legal assistance, extradition and cross-border disclosure regimes. We have extensive expertise in this area complemented by our renowned international crime team who can offer specialist advice in relation to any multi-jurisdictional aspects if required.
We also recognise that cyber crime is often much broader than a purely criminal issue, particularly for those who have fallen victim to such conduct. In those cases, we work closely with our colleagues in dispute resolution, employment and public law to identify and implement the best possible solution.
Whether you are facing an interview under caution, have been charged with an offence or simply require a no-obligation conversation with an experienced solicitor about your options, please contact a member of the cyber crime team to see how we can help.
Should you be faced with a situation involving any of the areas relating to the questions below, our team of specialist cyber crime and internet fraud lawyers will be able to advise on the best course of action to take.
It is a criminal offence to possess, make, take or distribute indecent images of children, and offenders can face up to ten years’ imprisonment. A ‘child’ for these purposes is anybody under the age of 18 (often mistakenly assumed to apply only to those under the age of 16, as this is the age of consent). Those who view indecent images online or download them to their devices are often charged with the ‘making’ offence. The ‘making’ refers to the fact that a copy of the image has been saved to their device as a result of viewing/downloading it. An offence can be committed if somebody views a legal adult pornographic website and pop-ups appear showing indecent images of children, and the person knows these will appear.
When the police review indecent images of children, and when judges are deciding on the most appropriate sentence to pass, the following are used to categorise the images:
Other similar offences include possession of prohibited images of children and extreme pornographic images.
Those whose e-mails, texts, Tweets, WhatsApp messages, Facebook and Instagram posts and comments on social media contain malicious content can find themselves liable for one or more criminal offences.
Section 1 of the Malicious Communications Act 1988 makes it an offence to send another person an electronic communication which conveys an indecent or grossly offensive message (or which is itself of an indecent or grossly offensive nature), a threat or false information, where the sender’s purpose (or one of his purposes) is to cause distress or anxiety to the recipient/another person. The maximum sentence for this offence is two years’ imprisonment.
Under section 127 of the Communications Act 2003, it is an offence to send by means of a ‘public electronic communications network’ (for example, Twitter) a message or other matter that is grossly offensive or of an indecent, obscene or menacing character. In addition, a person will be guilty of an offence if, for the purpose of causing annoyance, inconvenience or needless anxiety to another he sends by means of a public electronic communications network a false message or persistently makes use of a public electronic communications network. The maximum sentence for this offence is six months’ imprisonment.
People may be surprised to learn how easily they can commit one of these offences, especially as there is no requirement under the first of the 2003 Act offences for the sender to have intended any consequence.
There is a whole range of other offences which may be committed in similar circumstances to those which would give rise to these malicious communications offences, including making threats to kill, blackmail, disclosing private sexual images without consent (“revenge porn”), publishing an obscene article, contempt of court, harassment and stalking.
Harassment and stalking are offences which, although not confined to online communications and social media, are increasingly committed by such means.
Under section 2 of the Protection from Harassment Act 1997, it is an offence for a person to pursue a course of conduct which amounts to harassment of another and which the person knows or ought to know amounts to harassment of the other. A ‘course of conduct’ must involve conduct on at least two occasions in relation to the victim. ‘Harassment’ has a broad meaning and includes alarm or distress, but the conduct in question must be unacceptable and oppressive such that it should attract criminal liability.
Section 2A of the 1997 Act creates the offence of stalking. This covers situations where a person commits the offence of harassment and their course of conduct involves acts or omissions associated with stalking. The Act provides several examples of such acts or omissions which are relevant for the purposes of cyber-stalking, including contacting, or attempting to contact, a person by any means, publishing any material about the victim, and monitoring the victim’s use of the internet, email or any other form of electronic communication.
There is also a more serious form of each offence. Under section 4 of the 1997 Act it is an offence for a person to pursue a course of conduct which causes another to fear, on at least two occasions, that violence will be used against them, if that person knows or ought to know that his course of conduct will cause the other so to fear on each of those occasions. Similarly, under section 4A it is an offence for a person to pursue a course of conduct which amounts to stalking and either causes another to fear, on at least two occasions, that violence will be used against them or causes them serious alarm or distress which has a substantial adverse effect on their usual day-to-day activities. The person must know or ought to know that their course of conduct will cause the other person so to fear on each of those occasions or will cause such alarm or distress.
The maximum sentence for harassment and stalking is 6 months’ imprisonment, whilst the more serious forms of both carry a maximum sentence of ten years’ imprisonment.
Sextortion refers to a situation in which a person (or often a group of people) holds embarrassing and potentially incriminating information or evidence relating to another person, and makes demands for payment under threat of disclosure if the demands are not met. As the name suggests, the information or evidence will be of a sexual nature.
Sextortion usually begins with deception of some kind. For example, the extorter may pose as a teenage girl online and start a conversation with an adult, arranging to meet for sex. When the target then arrives at the agreed meeting place, he will be confronted by the extorter who will threaten to inform the police as well as his friends, family and employer, unless he pays a certain sum of money. Alternatively, the extorter may encourage the target to film themselves performing a sexual act whilst they are messaging each other, or send a sexually explicit photograph. The same demands and threats will then be made.
Driven by fear and embarrassment, the victims of sextortion will often give in to the demands and pay money to the extorter. However, they will usually find that the problem does not go away and further demands of increasingly larger payments will be made.
Although the target may have committed a criminal offence (but not always), the extorter will usually be guilty of blackmail, which in itself is a serious criminal offence carrying a maximum sentence of 14 years’ imprisonment. People who find themselves the victim of sextortion face a very difficult decision: should they ignore the demands? Should they give in to them in the hope it will all go away? Or should they report the blackmail to the police, potentially exposing their own criminal liability in the process?
At Kingsley Napley we have a wealth of experience of advising the victims of sextortion and guiding them through the incredibly difficult situation in which they find themselves.
The way businesses process and handle data was overhauled in 2018 with the introduction of the Data Protection Act 2018 and the advent of the General Data Protection Regulation (“GDPR”), the directly effective EU regulation which came into force on 25 May 2018. This legislation repeals and replaces the UK’s existing data protection laws to keep them up to date for the digital age. It sets new standards for protecting personal data and puts obligations on companies that collect our personal data.
There have been plenty of high-profile data breaches in recent years. Under GDPR rules, companies have enhanced commitments regarding how they handle data. We have seen that regulators now have the ability to fine businesses that do not comply with the GDPR standards. Offences can attract unlimited fines, and so not complying with data protection laws can carry significant risks for those handling personal data.
The DPA 2018 creates several criminal offences. Under Section 170(1), it is an offence to obtain, disclose or retain personal data without the consent of the data controller. This offence could be committed in instances such as the removal of client data by a departing employee, or an individual misrepresenting themselves to persuade the data controller to pass over information that otherwise would not be available to them. Section 170 also makes it an offence to sell, or offer to sell, data obtained without the data controller’s consent.
Section 148(2) creates an offence of destroying, disposing, concealing, blocking or falsifying information in response to an information or assessment notice. Similarly, altering, defacing, blocking, erasing, destroying or concealing materials to prevent disclosure via data subject access rights is made an offence under section 173(3).
Further, where the data breach may have been committed by way of computer misuse, there is the parallel spectre of criminal liability under the Computer Misuse Act 1990 [link to next section].
Kingsley Napley’s criminal litigation team is able to assist individuals and business to ensure that data is protected and GDPR expectations are met, and to help in circumstances where there have been breaches and in the event of an investigation by the Information Commissioner’s Office.
Hacking is a form of computer misuse whereby an individual gains unauthorised use or access to other computer systems or networks. The term covers a wide range of behaviours from simplistic and straightforward acts such as correctly guessing another person’s computer password, to sophisticated and complex activities able to penetrate very secure computer systems. Through hacking, it is possible to steal personal data/information and disrupt computer functionality through cyber-attacks.
Under Section 1 of the Computer Misuse Act 1990, it is an offence to knowingly use a computer to ‘hack’ into another computer in order to secure unauthorised access to material. This would include accessing a company’s systems, or another person’s email or social media accounts without permission. Such misuse frequently presents parallel data protection issues [link to previous section]
The Act also makes it illegal to commit the above unauthorised access offence with the additional intent of committing or facilitating the commission of further offences (Section 2). Further offences refer to ones that carry a fixed sentence or a sentence of five years or more, such as fraud. An example of this offence in action would be the provision of customers’ banking details by a bank employee to a third party who then used these details to commit fraud.
The Section 3 offence is committed where the defendant does any unauthorised act with intent to impair, or with recklessness as to impairing, the operation of a computer. Behaviours that would fall under this offence would include releasing computer viruses onto the internet and creating computer programs designed to carry out denial of service attacks on websites, which can have significant effects on the organisations targeted.
The Serious Crime Act 2015 added a new offence to the 1990 Act (under section 3ZA) which targets cyber-threats to critical national infrastructure. This illegalises a knowingly unauthorised act in relation to a computer where the act causes, or creates a significant risk of, serious damage of a material kind, where the defendant intends, or is reckless, to cause such damage.
The Section 3A offence of the 1990 Act, added by the Police and Justice Act 2006, criminalises the making, supplying or obtaining of articles for use in computer misuse offences (i.e. malware and other software tools whose aim is to hack into and/or cause damage to computer systems).
The Terrorism Act 2000 makes the use or threat of an action designed to seriously interfere with/disrupt a computer system a terrorist action if it is designed to influence the government or intimidate the public whilst being designed for the purpose of advancing a political, religious or ideological cause.
These offences can be committed by a UK national even whilst outside the UK and where there is no other link to the UK beyond the accused’s nationality, if the act were also unlawful in the jurisdiction in which it occurred.
The internet offers anonymity, speed and the potential to be able to reach millions of people every day at virtually no cost. It is not hard to see the opportunities that that presents for fraud on a previously unprecedented scale.
The majority of cyber fraud constitutes fraud by false representation (under Section 2 of the Fraud Act 2006). Possessing, making or supplying articles associated with such frauds (e.g. phishing kits, malware and identity theft tools) is an offence under Section 6 or 7 of the 2006 Act.
Cyber fraud comes in many forms and is only limited by the human imagination. In online banking fraud, assets are transferred from an individual’s bank account dishonestly and without their consent. A fraudster may claim to be the account holder and contact the bank, requesting payment to a third party account without the account holder’s knowledge or permission. Another common form of online fraud is phishing, which takes the form of emails which appear genuine and which attempt to persuade the victim to divulge sensitive or personal data such as passwords. Online romance fraud similarly targets victims with the aim of persuading them to provide banking details by creating false identities and befriending them through social networking and dating sites. Fraudulent online scams, such as the classic Nigerian 419 scam and bogus websites which dupe victims into paying for items that never materialise or are grossly misrepresented, are very common.
Cryptocurrency-related fraud has seen a significant spike in recent years. Digital currencies such as Bitcoin, offering quasi-anonymity, speed of transfer and a lack of centralised controlling authority, offer opportunities to perpetuate fraud and to disseminate the proceeds. Initial Coin Offerings (ICOs), an increasingly popular method of raising capital for cryptocurrency-related business ventures, are also associated with a high risk of fraud.
In recent months, we have advised:
Partner and Head of Department
Practice Development Lawyer
Legal Counsel (Barrister)
Practice Development Lawyer
Senior Associate (Barrister)
Senior Associate (Barrister)
Skip to content Home About Us Insights Services Contact Accessibility