Electronic tagging for teenager who admitted email bombing

August 23, 2006 Sophos Press Release

Daniel Lennon was found guilty after sending five million emails
Daniel Lennon was found guilty after sending five million emails.

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has reminded young people of the importance of behaving appropriately online following the news that a teenager has been sentenced for bombarding a former employer with email.

David Lennon, a 19-year-old Briton living in Bedworth, Warwickshire, pleaded guilty today under section 3 of the Computer Misuse Act, having sent five million emails to insurance company Domestic & General Group.

Emails sent by Lennon included a quote from cult horror movie, "The Ring":

bUt He DoEsN't KnOw......" "He DoEsN't KnOw WhAt, SaMaRa?" "EvErYoNe WiLl SuFfEr

The amount of email caused servers at Domestic &ampl General, who Lennon had worked for until he was sacked in 2003, to crash.

"It's essential that young people learn that the internet is not a playground where any kind of behavior is acceptable," said Graham Cluley, senior technology consultant for Sophos. "Computer-literate teens need to understand that bombarding others with email or malware can lead to them ending up in court. Kids who are knowledgable about computers should put their enthusiasm into more positive activities."

Lennon had originally been cleared of the charges last November, after a ruling that it was not an offence under the Computer Misuse Act to overwhelm an email server with millions of messages. This ruling was later challenged by the Crown Prosecution Service, causing the case to be sent back to the Magistrates Court in May 2006.

Lennon was sentenced today at Wimbledon Magistrates Court to a two month curfew, and will be electronically tagged. The curfew has been arranged to not clash with Lennon's job at a local cinema.

"Lennon cannot be classed in the same camp as the organised criminals aiming to steal money from millions of innocent PC users, but his light sentence reflects the inadequacies of the Computer Misuse Act. The 1990 act is about as much use as a chocolate teapot when it comes to dealing with the latest types of cybercrime such as denial-of-service attacks and email mass-bombardment, and it's high time that it was revised," continued Cluley. "Hopefully Lennon is a young man who will learn that what he did was wrong, and will behave more maturely in future."

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam. Businesses should also secure their desktop and servers with automatically updated protection.