This is an unfortunately common type of situation – the people making the laws don’t understand the concepts of security or attack, or not well enough to figure out a way to respond to them. Rather than trying to put in efforts to block the implementation of botnets or criminalizing the ways in which they’re gathered and exploited – the law makes for a vague ‘impairment’ charge and then promises a vague overall crackdown on anything and everything that could possibly be used to cause an attack. Nevermind that’s pretty much anything, when used to excess.
The changes now make it a criminal offence to conduct DoS attacks. Where the original legislation included offences of unauthorised access to computer material and of unauthorised modification of computer material, there is now a new offence of doing anything without authorisation with intent to impair, or with recklessness as to impairing, the operation of a computer….
The 1990 Computer Misuse Act has also been changed to make it an offence to make, adapt, supply or offer to supply any article which is â€˜likely to be used to commit, or to assist in the commission of, [a hacking or unauthorised modification or DoS] offence’. It is also an offence to supply an article â€“ any program or data – â€˜believing that it is likely’ to be used to commit such an offence.