Brit fined for Dubai hack

A British man has been found guilty of hacking into the United Arab Emirates' only internet service provider and causing it to crash throughout May and June of last year, yet he only received a fine of £1900.

Lee Ashurst, a 22-year-old programmer from Manchester, was charged with misuse of telecommunications equipment, as there is no actual law against hacking in the UAE.

He was found guilty but only faced a maximum jail term of six months or a meagre fine because of the lack of law in this area.

Etisalat, the UAE's only ISP, said that Ashurst had been responsible for the widespread disruption of internet services over May and June of last year. The company had come under heavy fire from users over poor service around the same period.

Ashurst was arrested in June of last year and it was reported that Dubai authorities wanted to make an example of the hacker to deter other acts of computer piracy.

The hacker's defence argued that he had been made a scapegoat for the poor performance of Etisalat.

Although Ashurst's lawyers plan to appeal against the guilty verdict, Etisalat also plans to sue him in a civil court for loss of revenue during the disruptions. Should he be found guilty again, the resulting fines may run into thousands this time.

As a result of the case, authorities in the UAE are rushing to introduce hacking legislation to bridge the grey areas highlighted by the case.

In related news, an Albuquerque teenager has been charged with hacking into a Nasa network in California.

Eighteen-year-old Jason Schwab has been charged with modifying data on the system in April of last year. But Schwab's defence is denying the allegations, claiming that Schwab "took no part in the computer abuse".

The case continues.

But Richard Boothroyd, principal security consultant at ICL, said the penalty system for computer crime was seriously flawed.

"If I walk into a bank and rob it, I would be caught and face a heavy sentence," he said. "If I hack a bank, I could well get away with it, or at the most face a six month jail sentence."

He said that further problems are faced if a case gets to court. "If a system is compromised, then it is flawed, and therefore the evidence submitted is flawed," he said. "This makes it very difficult to prosecute cyber-crimes."

Boothroyd said the best defence was to secure a system up front and minimise risk, rather than try to support a case in court after the event.