This is an unfortunately common type of situation – the people making the laws don’t understand the concepts of security or attack, or not well enough to figure out a way to respond to them. Rather than trying to put in efforts to block the implementation of botnets or criminalizing the ways in which they’re gathered and exploited – the law makes for a vague ‘impairment’ charge and then promises a vague overall crackdown on anything and everything that could possibly be used to cause an attack. Nevermind that’s pretty much anything, when used to excess.
The changes now make it a criminal offence to conduct DoS attacks. Where the original legislation included offences of unauthorised access to computer material and of unauthorised modification of computer material, there is now a new offence of doing anything without authorisation with intent to impair, or with recklessness as to impairing, the operation of a computer….
The 1990 Computer Misuse Act has also been changed to make it an offence to make, adapt, supply or offer to supply any article which is ‘likely to be used to commit, or to assist in the commission of, [a hacking or unauthorised modification or DoS] offence’. It is also an offence to supply an article – any program or data – ‘believing that it is likely’ to be used to commit such an offence.
New law introduced to criminalise denial-of-service attacks – SC Magazine UK.