Cybercrime & Computer Misuse

Quick Overview

Cybercrime & Computer Misuse β€” Key Facts

Cybercrime covers a broad range of criminal conduct carried out using computers or the internet. The primary legislation is the Computer Misuse Act 1990, which creates offences ranging from basic unauthorised access through to attacks causing serious damage to national infrastructure.

  • Maximum Sentence: Life imprisonment where an attack caused, or created a significant risk of, serious damage to human welfare or national security (section 3ZA). Up to 14 years for other serious section 3ZA offences.
  • No Definition of Computer: The Act does not define a computer. The courts apply a broad definition covering any device used for storing, processing, and retrieving information.
  • Ethical Hackers Are Not Protected: The Computer Misuse Act 1990 provides no defence for probing a system without authorisation, even where the purpose is to identify security vulnerabilities.
  • Jurisdictional Reach: UK investigators work closely with international agencies. Investigations can be triggered by activity on UK servers even where the suspect is based abroad.
  • Immediate Protection: Cybercrime investigations are technically complex. Do not speak to investigators without specialist legal advice before attending any interview.
Full article below↓

Under investigation?

Facing a charge for Cybercrime

Speak to a specialist criminal defence solicitor immediately. Early legal advice is critical when facing investigation or potential charges.

Speak to a Solicitor Now 0161 383 8855 Get My Free Case Review
"Being investigated does not guarantee a charge. Early intervention is often the difference between a conviction and a dropped case."
Confidential
No obligation
SRA regulated
In this article

Offences Under the Computer Misuse Act 1990

Section 1 (unauthorised access) carries a maximum of two years. Section 2 (unauthorised access with intent to commit further offences) carries five years. Section 3 (unauthorised acts impairing computer operation β€” including malware, ransomware, and DDoS attacks) carries ten years. Section 3ZA (acts causing or risking serious damage to human welfare, the environment, the economy, or national security) carries 14 years rising to life. Section 3A (making or supplying articles for use in offences) carries two years.

OffenceSectionMaximum
Unauthorised accesss.1 CMA 19902 years
Unauthorised access β€” further offencess.2 CMA 19905 years
Impairing computer operation (DDoS, malware)s.3 CMA 199010 years
Causing or risking serious damages.3ZA CMA 199014 years / life
Making / supplying articles for offencess.3A CMA 19902 years

Identity Theft, Phishing, and Fraud

Identity theft is not a specific offence but the conduct gives rise to charges under the Fraud Act 2006 or Theft Act 1968. Common methods include phishing, smishing, vishing, and trashing. Charges may include fraud by false representation, possession of articles for use in fraud, and obtaining services dishonestly.

Dark Web Offences

The anonymity offered by the dark web does not prevent investigation or prosecution. Law enforcement agencies have developed significant capability in identifying those responsible for dark web offences. The offences alleged are the same as those applicable to offline conduct β€” what distinguishes them is the technical complexity and the international dimension.

Jurisdiction and International Investigations

Under section 4 of the Computer Misuse Act, the courts have jurisdiction where there is at least one significant link with England and Wales β€” established by the presence of the suspect, the location of the victim, or the involvement of a UK server. Investigations may be conducted by UK agencies alongside international counterparts under mutual legal assistance treaties.

What to Do if You Are Under Investigation

If you are arrested, have had devices seized, or have been asked to attend a voluntary interview in connection with a cybercrime investigation, do not speak to investigators without a solicitor present. Cybercrime investigations involve technically complex digital evidence that requires careful scrutiny by specialists. Early legal intervention allows representations to be made to the CPS before a charging decision is taken.

Quick Overview
Cybercrime & Computer Misuse β€” Key Facts

Cybercrime covers a broad range of criminal conduct carried out using computers or the internet. The primary legislation is the Computer Misuse Act 1990, which creates offences ranging from basic unauthorised access through to attacks causing serious damage to national infrastructure.

  • Maximum SentenceLife imprisonment where an attack caused, or created a significant risk of, serious damage to human welfare or national security (section 3ZA). Up to 14 years for other serious section 3ZA offences.
  • No Definition of ComputerThe Act does not define a computer. The courts apply a broad definition covering any device used for storing, processing, and retrieving information.
  • Ethical Hackers Are Not ProtectedThe Computer Misuse Act 1990 provides no defence for probing a system without authorisation, even where the purpose is to identify security vulnerabilities.
  • Jurisdictional ReachUK investigators work closely with international agencies. Investigations can be triggered by activity on UK servers even where the suspect is based abroad.
  • Immediate ProtectionCybercrime investigations are technically complex. Do not speak to investigators without specialist legal advice before attending any interview.
Full article below ↓
πŸ“ž Call 0161 383 8855 βœ‰ Email Us

Offences Under the Computer Misuse Act 1990

Section 1 (unauthorised access) carries a maximum of two years. Section 2 (unauthorised access with intent to commit further offences) carries five years. Section 3 (unauthorised acts impairing computer operation β€” including malware, ransomware, and DDoS attacks) carries ten years. Section 3ZA (acts causing or risking serious damage to human welfare, the environment, the economy, or national security) carries 14 years rising to life. Section 3A (making or supplying articles for use in offences) carries two years.

OffenceSectionMaximum
Unauthorised accesss.1 CMA 19902 years
Unauthorised access β€” further offencess.2 CMA 19905 years
Impairing computer operation (DDoS, malware)s.3 CMA 199010 years
Causing or risking serious damages.3ZA CMA 199014 years / life
Making / supplying articles for offencess.3A CMA 19902 years

Identity Theft, Phishing, and Fraud

Identity theft is not a specific offence but the conduct gives rise to charges under the Fraud Act 2006 or Theft Act 1968. Common methods include phishing, smishing, vishing, and trashing. Charges may include fraud by false representation, possession of articles for use in fraud, and obtaining services dishonestly.

Dark Web Offences

The anonymity offered by the dark web does not prevent investigation or prosecution. Law enforcement agencies have developed significant capability in identifying those responsible for dark web offences. The offences alleged are the same as those applicable to offline conduct β€” what distinguishes them is the technical complexity and the international dimension.

Jurisdiction and International Investigations

Under section 4 of the Computer Misuse Act, the courts have jurisdiction where there is at least one significant link with England and Wales β€” established by the presence of the suspect, the location of the victim, or the involvement of a UK server. Investigations may be conducted by UK agencies alongside international counterparts under mutual legal assistance treaties.

What to Do if You Are Under Investigation

If you are arrested, have had devices seized, or have been asked to attend a voluntary interview in connection with a cybercrime investigation, do not speak to investigators without a solicitor present. Cybercrime investigations involve technically complex digital evidence that requires careful scrutiny by specialists. Early legal intervention allows representations to be made to the CPS before a charging decision is taken.

"The Computer Misuse Act provides no defence for ethical hacking β€” probing a system without authorisation may give rise to a section 1 offence regardless of intent."

β€” Lostock Legal Solicitors
Devices seized or under investigation?
Do not speak to investigators alone.

Cybercrime investigations involve technically complex digital evidence. Early legal intervention allows representations to the CPS before any charging decision is taken.

Call Now β€” 0161 383 8855
Or email for a confidential review
Get in touch

Speak to a specialist

Cybercrime defence · SRA regulated


πŸ”’ Strictly confidential · 24/7 Response within 2 hours

Common questions

Cybercrime FAQ

No. The Act provides no defence for probing a system without authorisation, even where the purpose is to identify security vulnerabilities. Without the explicit permission of the system owner, a section 1 offence may be committed regardless of intent.

Yes. DDoS attacks constitute unauthorised acts impairing the operation of a computer under section 3 of the Computer Misuse Act 1990, following the case of DPP v Lennon [2006]. Section 3 carries a maximum sentence of ten years on indictment.

Device data, network logs, internet activity records, server logs, cryptocurrency transaction records, and IP address data are all commonly used. Investigators may also use cell site analysis and international mutual legal assistance requests to obtain evidence held abroad.

Yes, where there is at least one significant link with England and Wales β€” established by the presence of the suspect here, the location of the victim, or the involvement of a UK server. The UK also participates in mutual legal assistance arrangements and has extradition treaties with many countries.

πŸ“ž Call Now βœ‰ Free Consultation
Get in touch

Talk to us today.
No obligation.

Whether you've been arrested, received a police letter, or are currently under investigation β€” the earlier you speak to us, the more we can do. All enquiries are strictly confidential.

Phone 0161 383 8855
Email admin@lostocklegal.com
Address Office 6, First Floor, St Thomas House,
18 St Thomas Road, Chorley PR7 1HR
Strictly confidential
No obligation
SRA regulated

Send us a message

We'll respond within 2 hours during business hours


Strictly confidential  Β·  SRA regulated  Β·  No obligation

Client reviews

What our clients say

5.0
β˜…β˜…β˜…β˜…β˜…
Verified Google Reviews
β˜…β˜…β˜…β˜…β˜…

Amazing guys. Incredibly professional, very helpful in answering all my questions and got the verdict we wanted.

UN
Uwais Nagouda
July 2024 Β· Google Β· Verified
β˜…β˜…β˜…β˜…β˜…

Thanks to Alex and his team I've managed to keep my driving licence. Complex case, made it straightforward.

IA
Imtiaz Ali
June 2024 Β· Google Β· Verified
β˜…β˜…β˜…β˜…β˜…

I've been using Alex for years, always goes above and beyond. Very knowledgeable and very good at what he does.

KA
Kevin Aspinall
Sept 2024 Β· Google Β· Verified
β˜…β˜…β˜…β˜…β˜…

Exceptional service from start to finish. Alex kept me informed at every stage and achieved a brilliant result.

SB
Sarah Birchall
Oct 2024 Β· Google Β· Verified
β˜…β˜…β˜…β˜…β˜…

Would not hesitate to recommend. Took the time to explain everything clearly and fought hard for the right outcome.

MH
Mohammed Hussain
Nov 2024 Β· Google Β· Verified
β˜…β˜…β˜…β˜…β˜…

Incredibly reassuring during an incredibly stressful time. Professional, discreet, and delivered exactly what they promised.

JT
James Turner
Dec 2024 Β· Google Β· Verified
Common questions

Cybercrime FAQ

Is ethical hacking a defence under the Computer Misuse Act?
No. The Act provides no defence for probing a system without authorisation, even where the purpose is to identify security vulnerabilities. Without the explicit permission of the system owner, a section 1 offence may be committed regardless of intent.
Can I be prosecuted for a DDoS attack?
Yes. DDoS attacks constitute unauthorised acts impairing the operation of a computer under section 3 of the Computer Misuse Act 1990, following the case of DPP v Lennon [2006]. Section 3 carries a maximum sentence of ten years on indictment.
What evidence is used in cybercrime investigations?
Device data, network logs, internet activity records, server logs, cryptocurrency transaction records, and IP address data are all commonly used. Investigators may also use cell site analysis and international mutual legal assistance requests to obtain evidence held abroad.
Can UK courts prosecute activity that occurred abroad?
Yes, where there is at least one significant link with England and Wales β€” established by the presence of the suspect here, the location of the victim, or the involvement of a UK server. The UK also participates in mutual legal assistance arrangements and has extradition treaties with many countries.
Fraud

Cybercrime & Computer Misuse

Facing this allegation is serious β€” and often unexpected. Early specialist advice makes all the difference to the outcome.

Quick Overview
Cybercrime & Computer Misuse β€” Key Facts

Cybercrime offences in England and Wales are primarily prosecuted under the Computer Misuse Act 1990. Conduct ranges from unauthorised access to attacks on national infrastructure carrying life imprisonment.

  • Maximum Sentence Life imprisonment for s.3ZA offences involving national security or human welfare. Up to 14 years for other serious data damage.
  • Broad "Computer" Definition The law applies to any device that stores, processes, and retrieves information, including servers, smartphones, and IoT devices.
  • Ethical Hackers The CMA 1990 provides no defence for probing systems without explicit written permission, even for security research.
  • Global Jurisdiction Investigations are often triggered by activity on UK servers, allowing the NCA to prosecute even where the suspect is based abroad.
  • Immediate Protection Digital evidence (logs, device data) is technically complex. Do not attend an interview without a specialist cybercrime solicitor.
Full article below ↓
πŸ“ž Call 0161 383 8855 βœ‰ Email Us
Cybercrime Law Fraud Crypto Seizure Voluntary Interviews Pre-Charge

Cybercrime Offences in England and Wales

Cybercrime covers criminal conduct using computers, networks, or the internet. While the Computer Misuse Act 1990 (CMA) is the primary legislation, the Fraud Act 2006 and Terrorism Act 2000 are also frequently applied.

In the UK, the National Crime Agency (NCA) leads on serious cases, often working with the FBI. Because servers and suspects are often in different countries, you may face simultaneous investigations across multiple jurisdictions.

"Digital forensics can be misinterpreted by investigators. Early legal intervention allows us to challenge the 'intent' behind system access before a charging decision is made."

β€” Lostock Legal Solicitors

Offences Under the Computer Misuse Act 1990

The Act is divided into four main sections, each escalating in severity:

  • Section 1: Unauthorised Access – Simply accessing a program or data without permission. The prosecution must prove you knew it was unauthorised.
  • Section 2: Intent to Commit Further Offences – Gaining access to a system to facilitate theft, fraud, or blackmail.
  • Section 3: Impairing Computer Operation – Acts intended to hinder access to data or reliability, such as DDoS attacks or malware deployment.
  • Section 3ZA: Risking Serious Damage – Unauthorised acts causing or risking damage to national security, the economy, or human welfare.

Sentencing for Cybercrime

Offence SectionMax Sentence
s.1 Unauthorised access2 Years
s.2 Intent to commit further crime5 Years
s.3 Impairing operation (DDoS/Malware)10 Years
s.3ZA Serious damage / Nat. Security14 Years / Life
s.3A Supplying/Obtaining exploit tools2 Years
Devices seized or under investigation?
Protect your digital rights immediately.

Police investigators use the Investigatory Powers Act to bypass encryption. We work with independent forensic analysts to ensure the interpretation of your data is accurate and lawful.

Call Now β€” 0161 383 8855
Or email for a confidential review

Jurisdiction and International Reach

Under Section 4 of the CMA, UK courts have jurisdiction if there is a "significant link" to the country. This is established if the suspect is in the UK, the victim is in the UK, or the server used in the offence is based here.

We provide specialist representation for individuals facing extradition proceedings or mutual legal assistance requests from foreign law enforcement agencies like Europol or the FBI.

Get in touch

Talk to us today

Cybercrime & technical defence specialist · SRA regulated


πŸ”’ Strictly confidential · 24/7 Response within 2 hours

Client reviews

What our clients say

β˜…β˜…β˜…β˜…β˜… 5.0 Google Reviews
β˜…β˜…β˜…β˜…β˜…

"Exceptional technical understanding. I was facing charges for unauthorised access during a security audit. Lostock Legal managed to prove a lack of criminal intent and got the case dropped."

SN
Simon N.
6 months ago
β˜…β˜…β˜…β˜…β˜…

"When the NCA seized my devices, I thought my life was over. Alex and his team deconstructed the logs and successfully challenged the prosecution's DDoS narrative. Highly recommend."

JT
James Turner
Dec 2024
Common questions

Cybercrime FAQ

Yes. Section 1 of the CMA makes the act of unauthorised access a crime, regardless of whether data was taken or damage was caused. The offence is complete the moment you gain access.

No. The Computer Misuse Act does not currently provide a 'public interest' or 'research' defence. Unless you have prior written authorisation from the system owner, your actions are legally unauthorised.

Yes, if the victim or the computer/server you targeted is located in the UK. The NCA works closely with Interpol and the FBI to pursue suspects across international borders.

Contact us immediately. We can monitor the forensic imaging process and advise you on Section 49 notices (compelled disclosure of passwords), which carry their own criminal penalties if ignored.

Related advice

You may also need advice on

01

Fraud Offences

β€Ί
02

Crypto Seizure

β€Ί
03

Pre-Charge Representation

β€Ί
πŸ“ž Call Now βœ‰ Free Consultation