A Midland teenager who crippled the IT system of one of the country's top insurance firms by bombarding it with five million hoax emails has been convicted in the first case of its kind.
David Lennon sent his former colleagues at Domestic & General Group PLC cryptic e-mails which quoted from the cult horror film The Ring and appeared to come from Microsoft supremo Bill Gates.
The week-long campaign by Lennon, who was then 16, led to the firm's mail server and router - which processes emails in the UK, Germany, France and Spain - collapsing, costing it about £30,000.
Lennon, now 19, from Hatters Court, Bedworth, Warwickshire, was given a two-month curfew and tagging when he appeared at Wimbledon Youth Court yesterday. He admitted "causing an unauthorised modification to a computer" under Section 3 of the Computer Misuse Act.
He originally appeared in court last November but a judge ruled there was no case to answer. Proceedings started again after the Director of Public Prosecutions appealed against the decision.
Senior police officers yesterday hailed what they said was the first successful prosecution of its kind, but technology experts warned the law was inadequate for dealing with computer-literate teenagers bent on wreaking havoc.
Graham Cluley, of IT threat management firm Sophos, said the 1990 Computer Misuse Act was "as much use as a chocolate teapot" when it came to the latest cyber crimes.
He said it was time the law was revised to cope with the rapidly-evolving world of denial-of-service attacks and email spamming.
He added: "It's essential that young people learn that the internet is not a playground where any kind of behaviour is acceptable.
"Computer-literate teens need to understand that bombarding others with email or malware can lead to them ending up in court.
"Kids who are knowledgeable about computers should put their enthusiasm into more positive activities."
Lennon's emails during his "malicious" campaign appeared to come from other colleagues or billionaire Bill Gates, but police traced them to his home computer.
Detective Constable Bob Burls, an investigator from the Computer Crime Unit, described the teenager's actions as a "malicious and premeditated email attack".
Lennon carried out the cyber attack between January 31 and February 4, 2004. He had been a part-time employee of the Domestic and General Group before being dismissed in 2003.
Detective Chief Inspector Charlie McMurdie, head of the Metropolitan Police's Computer Crime Unit, said: "This is the first successful prosecution in the UK for this type of offence."
Detective Constable Burls said: "This was a malicious and premeditated email attack by the offender on a former employer that resulted in financial loss and disruption to business.
"The Metropolitan Police Computer Crime Unit and the CPS were always confident that the Computer Misuse Act adequately catered for the circumstances of this particular case and the Court of Appeal confirmed our beliefs."
