British police issue warning to internet hacktivists

New Scotland YardThe Metropolitan Police have taken the unusual step of using Twitter to send a message to anyone considering supporting internet attacks against companies and governments.

A message posted on the Met Police’s official Twitter account cautioned would-be hacktivists that engaging in denial-of-service (DDoS) attacks, defacing websites or breaking into corporate databases is illegal.

In the past, hacktivists have compared their activities to legitimate civil disobedience – but such a view is not a defence if suspected hackers are brought to court.

Furthermore, the UK police warned, targeting bodies outside Great Britain does not mean that hackers cannot be prosecuted under British law.

Sign up to our free newsletter.
Security news, advice, and tips.

In my opinion, it’s a timely warning by the Met Police, as it comes after a series of arrests of individuals suspected of being involved in Anonymous and LulzSec hacktivist activity, most recently the charging of an 18-year-old man from Shetland alleged to be LulzSec’s spokesman “Topiary”.

After other Anonymous-related arrests, we have seen internet attacks against Dutch and Italian police.

Presumably the UK police are keen that “Topiary”-supporting hacktivists don’t use the internet in a revenge attack.

The full warning posted by the Met Police reads as follows:

Warning from Met Police

The investigation into the criminal activity of so-called "hacktivist" groups #Anonymous and #LulzSec continues. We want to remind people of the law in this area:

The Law Against Computer Misuse

Anyone considering accessing a computer without authority should understand that such acts are unlawful and can carry a term of imprisonment.

Under UK legislation, it is an offence if a person acts from within the UK upon a computer anywhere else in the world. It is also an offence if someone anywhere else in the world to criminally affect a computer within the UK.

The Computer Misuse Act 1990 states that anyone who gains unauthorised access to (or modifies) computer material may be liable to up to 2 years in prison (Section 1). It also says that anyone who gains unauthorised access to a computer and does an act

(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in a computer, or
(c) to impair the operation of any such program or the reliability of any such data;

...may be imprisoned for up to 10 years upon conviction (Section 3).

These offences cover the acts of unauthorised access to personal accounts, Distributed Denial of Service (DDOS) Attacks and intrusive hacks where data is taken or systems changed.

Other jurisdictions have similar law.

Remember folks – if you assist in a denial-of-service attack you could be looking at a lengthy jail sentence.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.