Following an investigation by the Metropolitan Police Service’s Central e-Crime unit, 21-year-old Gareth Cross of West Sussex was sentenced to twelve months after hacking into a private Facebook account.

In January 2011, Crosskey gained unauthorised access to the Facebook account of an individual including the private email function. The breach was reported to the FBI who traced the source back to the UK.

The case was then passed to the Met’s e-Crime unit which traced it back to Crosskey and arrested him at home in July. Crosskey pleaded guilty to offences under the Computer Misuse Act.

We don’t know the purpose of Crosskey’s breach, whether it was an act of malicious intent or to test his own capabilities, but a twelve month sentence looks as though it will be a deterrent to others planning the same action. If the e-Crime unit and the FBI got involved, it’s a fair guess that something serious was going on.

Computer Misuse Act in action

It’s interesting to see how the Computer Misuse Act is used in cases like this. There are not many to reference, but they are the forerunners of how the law will work in future, based on past examples.

Crosskey was charged with the following:

Section 1 Computer Misuse Act 1990 caused computer to perform function to secure unauthorised access to a program/data. Between 07/01/2011 and 14/07/2011 within the jurisdiction of the Central Criminal Court caused a computer to perform a function with intent to secure unauthorised access to a program or data relating to a client held in a computer belonging to Facebook.

Section 3 Computer Misuse Act 1990 unauthorised acts with intent to impair operation of or prevent/hinder access to a computer. Between 07/01/2011 and 14/07/2011 within the jurisdiction of the Central Criminal Court did an unauthorised act at a time when you knew that it was unauthorised either intending by doing the act or being reckless as to whether the act would enable the operation of a computer to be impaired, access to a program or data held in a computer to be prevented or hindered, or the operation of a program or the reliability of data held in a computer to be impaired.

Basically this is a wordy way of saying ‘you knew what you were doing when you gained access to someone else’s account and that it would mess up that service for the owner’. For what it would take to access anyone’s account, it would be hard to imagine a way to perform this act without realising.

The Police Central e-Crime Unit is a national unit in the UK and forms part of the government’s response to online threats, under the National Cyber Security Programme.

The Unit usually works to reduce harm caused by organised criminals online and in this case, to track down apparently lone hackers who have worked out ways into a Facebook account. Though some hacks are performed simply to see how they can be done, this looks as though law enforcement is willing to take such acts seriously. Hacker beware.