Advanced Search

Cybercrime - Legal Guidance

Introduction

This overarching guidance provides an overview of the main cybercrime offences and the relevant CPS legal guidance. It is designed to provide a summary of the main types of cybercrime offending and highlight where further guidance is available and should be considered. This guidance explains:

  • The definition of cybercrime;
  • Cyber-dependent crimes and the legislation which should be considered when reviewing and charging a cyber-dependent case;
  • Cyber-enabled crimes and the legislation which should be considered when reviewing and charging a cyber-enabled case; and
  • Practical and operational points to consider when prosecuting a cybercrime case.

Top of page

Understanding cybercrime

The extent to which criminals are exploiting digital technology to commit offences has accelerated. The term cybercrime refers to any type of criminal activity conducted through, or using, an Information and Communications Technology (ICT) device. The aim of such activity may be to commit sexual offences such as grooming or viewing and sharing indecent images, controlling or disrupting computer systems, or to steal money, goods, information or data. The internet is also used by gangs to trade a wide range of commodities online, for example, drugs, firearms, indecent images of children. Cybercrime can take place in conjunction with a variety of related criminal activity, and cyber techniques have proliferated to the more traditional criminal community, for example, urban gang members buying compromised data online.

Definition of cybercrime

Cybercrime is an umbrella term used to describe two closely linked, but distinct ranges of criminal activity. The Government's National Cyber Security Strategy (published in November 2016) defines them as follows:

  1. Cyber-dependent crimes - crimes that can be committed only through the use of Information and Communications Technology (ICT) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g. developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity).
  2. Cyber-enabled crimes - traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).

Top of page

Cyber-Dependent Crimes

Cyber-dependent crimes fall broadly into two main categories:

  • illicit intrusions into computer networks, such as hacking; and
  • the disruption or downgrading of computer functionality and network space, such as malware and Denial of Service (DOS) or Distributed Denial of Service (DDOS) attacks.

Cyber-dependent crimes are committed for many different reasons by individuals, groups and even sovereign states. For example:

  • Highly skilled individuals or groups who can code and disseminate software to attack computer networks and systems, either to commit crime or facilitate others to do so;
  • Individuals or groups with high skill levels but low criminal intent, for example protest hacktivists;
  • Individuals or groups with low skill levels but the ability to use cyber tools developed by others;
  • Organised criminal groups;
  • Cyber-terrorists who intend to cause maximum disruption and impact;
  • Other states and state sponsored groups launching cyber-attacks with the aim of collecting information on or compromising UK government, defence, economic and industrial assets; and
  • Insiders or employees with privileged access to computers and networks.

The majority of cyber criminals have relatively low skills levels, but their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cybercriminals to exploit a wide range of vulnerabilities.

The main forms of cyber-dependent crime are outlined below.

Hacking

Hacking is a form of intrusion targeted at computers, including mobile phones and personal tablet devices. It is the unauthorised use of, or access into, computers or networks by exploiting identified security vulnerabilities. Hacking can be used to:

  • gather personal data or information of use to criminals;
  • deface websites; or
  • launch DoS or DDoS attacks.

Cybercriminals may use a number of methods to hack into a computer system or network. In many cases, the offender may be motivated by personal profit or financial gain. Prosecutors will therefore need to consider the impacts associated with the primary offending behaviour as well as any subsequent offending. For larger organisations, the financial losses may be very significant, or may have severe impacts on infrastructure, which also need to be taken into account.

Disruption of Computer Functionality

Malware (malicious software) spreads between computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system crashes, but may also be used to steal personal data. Prosecutors need to be aware that some programmes have a dual use. They have a legitimate function but can also be used for criminal purposes. Types of malware include:

  • Viruses are one of the most well-known types of malware. They can cause mild computer dysfunction, but can also have more severe effects in terms of damaging or deleting hardware, software or files. They are self-replicating programs, which spread within and between computers. They require a host (such as a file) in a computer to act as a carrier, but they cannot infect a computer without human action to run or open the infected file.
  • Worms are also self-replicating programs, but they can spread autonomously, within and between computers, without requiring a host or any human action. The impact of worms can therefore be more severe than viruses, causing destruction across whole networks. Worms can also be used to drop Trojans onto the network system.
  • Trojans are malicious computer programs that present themselves as useful, routine, or interesting in order to persuade a victim to install it. This malware can perform functions, such as stealing data, without the user's knowledge and may trick users by undertaking a routine task while actually undertaking hidden, unauthorised actions.
  • Spyware is software that invades users' privacy by gathering sensitive or personal information from infected systems and monitoring the websites visited. This information may then be transmitted to third parties. Spyware can sometimes be hidden within adware (free and sometimes unwanted software that requires you to watch advertisements in order to use it). One example of spyware is key-logging software which captures and forwards keystrokes made on a computer, enabling collection of sensitive data such as passwords or bank account details.
  • Ransomware is software that can hold your data hostage, for example, a trojan may copy the contents of the My Documents folder into a password-protected file and delete the original file. It will then send a message demanding payment in exchange for access to the folder.

Malware may be distributed by spam - unsolicited or junk email that is not targeted but typically sent in bulk to millions of recipients around the world. Sending junk email can be a way of committing offences under the Computer Misuse Act, or other offences such as those under the Fraud or Data Protection Acts.

A botnet is a term for a number of internet-connected computers under the control of a botnet controller. Usually the computers that make up a botnet have been infected with code that enables the botnet controller to undertake illegal activity through multiple devices.

Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Distributed denial-of-service (DDoS) is where the attack source is more than one, and often thousands of, unique IP addresses. A common method is to flood an internet server with so many requests that they are unable to respond quickly enough. This can overload servers causing them to freeze or crash, making websites and web-based services unavailable to users.

Offences and Legislation which should be considered when reviewing and charging a Cyber-Dependent Case

Computer Misuse Act 1990

The Computer Misuse Act (CMA) (1990) is the main piece of UK legislation relating to offences or attacks against computer systems such as hacking or denial of service.

The CMA deliberately does not define what is meant by a 'computer', to allow for technological development. In DPP v McKeown and, DPP v Jones [1997] 2 Cr App R 155 HL, Lord Hoffman defined computer as

'a device for storing, processing and retrieving information';


this means that a mobile smartphone or personal tablet device could also be defined as a computer in the same way as a traditional 'desk-top' computer or 'PC'.

There is jurisdiction to prosecute all CMA offences if there is "at least one significant link with the domestic jurisdiction" (England and Wales) in the circumstances of the case.

Offences under the Computer Misuse Act:

  • Section 1 - unauthorised access to computer material. This offence involves 'access without right' and is often the precursor to more serious offending. There has to be knowledge on the part of the offender that the access is unauthorised; mere recklessness is not sufficient. There also must have been an intention to access a program or data held in a computer.
  • Section 2 - unauthorised access with intent to commit or facilitate commission of further offences.
  • Section 3 - unauthorised acts with intent to impair the operation of a computer. The offence is committed if the person behaves recklessly as to whether the act will impair, prevent access to or hinder the operations of a computer. Section 3 should be considered in cases involving distributed denial of service attacks (DDoS).
  • Section 3ZA - Unauthorised acts causing, or creating risk of, serious damage, for example, to human welfare, the environment, economy or national security. This section is aimed at those who seek to attack the critical national infrastructure.
  • Section 3A - making, supplying or obtaining articles for use in offences contrary to sections 1,3 or 3ZA. Section 3A deals with those who make or supply malware.

There is jurisdiction to prosecute all CMA offences if there is "at least one significant link with the domestic jurisdiction" (England and Wales) in the circumstances of the case.

Further guidance can be found in the CPS legal guidance Computer Misuse Act 1990.

Regulation of Investigatory Powers Act 2000

It is an offence under Section 1(1)(b) of RIPA for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of a public telecommunication system.

It is an offence under Section 1(2) for a person to intercept any communication in the course of its transmission by means of a private telecommunication system.

Either or both offences could apply in a 'hacking' case in which content was unlawfully intercepted through cyber-enabled means. Prosecutors should consider whether to charge offences under RIPA instead of or in addition to CMA. RIPA would usually be used if material was unlawfully intercepted in the course of its transmission; CMA would usually be used when material is acquired through unauthorised access to a computer.

Data Protection Act 1998

Section 55 of the Data Protection Act creates criminal offences that may be committed alongside cyber-dependent crimes.

These include:

  • Obtaining or disclosing personal data
  • Procuring the disclosure of personal data
  • Selling or offering to sell personal data

For example, Trojans can appear as legitimate computer programs but facilitate illegal access to a computer in order to steal personal data without a user's knowledge.

For further guidance, prosecutors should consider the CPS legal guidance Data Protection Act 1998 - Criminal Offences.

Top of page

Cyber-Enabled Crimes

These are crimes which do not depend on computers or networks but have been transformed in scale or form by the use of the internet and communications technology. They fall into the following categories:

  • Economic related cybercrime, including:
    • Fraud
    • Intellectual property crime - piracy, counterfeiting and forgery
  • Online marketplaces for illegal items
  • Malicious and offensive communications, including:
    • Communications sent via social media
    • Cyber bullying / Trolling
    • Virtual mobbing
  • Offences that specifically target individuals, including cyber-enabled violence against women and girls (VAWG):
    • Disclosing private sexual images without consent
    • Cyber stalking and harassment
    • Coercion and control
  • Child sexual offences and indecent images of children, including:
    • Child sexual abuse
    • Online grooming
    • Prohibited and indecent images of children
  • Extreme pornography, obscene publications and prohibited images, including
    • Extreme Pornography
    • Obscene publications

Economic related Cybercrime

Economic related cybercrimes include unauthorised access, sabotage or use of computer systems with the intention to cause financial gain to the perpetrator or financial loss to the victim. It may involve computer fraud or forgery, hacking to steal personal or valuable data for commercial gain or the distribution of viruses.

Victims may not report these crimes if, for example, they feel that the issue is trivial or do not actually recognise that what has happened to them is in fact a crime. Additionally, where individuals have had their bank account details accessed or hacked, either the bank or the individual or both may not report the crime if the individual is reimbursed by their bank. Similarly, some businesses may not report for the same reasons, or for fear of reputational damage, or may choose to deal with such issues internally.

The following categories describe economic related cyber offences:

Fraud

Cyber-enabled fraud is possibly the most common of all cybercrime offences. The internet allows offenders to hide their identities behind websites and email addresses, providing a forum in which they never have to meet a victim in person to commit the crime. Some offenders may also be part of a wider criminal gang who may also never meet each other, with members based anywhere in the world.

Online fraud can be committed in a number of ways. For example:

  • Electronic financial frauds, for example, online banking frauds and internet enabled card-not-present (CNP) fraud. Internet-enabled CNP fraud involves transactions conducted remotely, over the internet, where neither cardholder nor card is present. Related to this are e-commerce frauds, which refer more generally to fraudulent financial transactions related to retail sales carried out online. Both businesses and customers may be victims.
  • Fraudulent sales through online auction or retail sites or through fake websites, which may offer goods or services that are not provided. Alternatively buyers may be led to purchase a counterfeit product (when led to believe it was an original). This may also include other retail misrepresentations, such as online ticketing fraud.
  • Mass-marketing frauds and consumer scams, including but not limited to:
    • Phishing scams are a particular kind of mass-marketing fraud: they refer specifically to the use of fraudulent emails disguised as legitimate emails that ask or fish for personal or corporate information from users, for example, passwords or bank account details. Phishing attempts can be sent out en masse to a range of potential targets;
    • Pharming occurs where a user is directed to a fake website, sometimes from phishing emails, to input their personal details; and
    • Online romance (or social networking/dating website) frauds. Individuals may be contacted via social networking or dating sites and persuaded to part with personal information or money following a lengthy online relationship.

Cyber criminals may seek to obtain personal and financial data for fraudulent purposes. Valuable forms of data may include:

  • personal information (names, bank details, and National Insurance numbers);
  • company accounts;
  • client databases; and
  • intellectual property (for example, new company products or innovations).

Action Fraud is the UK's national reporting centre for fraud and cybercrime and more details about specific types of cyber fraud is available on the Action Fraud website.

Offences and legislation which should be considered when reviewing and charging a cyber-enabled fraud case

Offences under the Fraud Act 2006 are applicable to a wide range of cyber-frauds by focussing on the underlying dishonesty and deception. The nature of the offending will dictate the appropriate charges, and prosecutors may also consider offences under the Theft Act 1968, Theft Act 1978, Computer Misuse Act 1990, Forgery and Counterfeiting Act 1981 and Proceeds of Crime Act 2002.

Prosecutors should note that if an offender accesses data, reads it and then uses the information for his/her own purposes, then this is not an offence contrary to the Theft Act. Confidential information per se does not come within the definition of property in section 4 of the Theft Act 1968 and cannot be stolen: Oxford v Moss 68 Cr App R 183 DC. It is likely however that this would constitute an offence under section 1(1) Computer Misuse Act 1990. Also, if it was done with the intent to commit or facilitate the commission of further offences, it would constitute an offence contrary to section 2(1) Computer Misuse Act 1990.

Where there are a number of suspects allegedly involved in an online fraud, a statutory conspiracy under section 1 of the Criminal Law Act 1977, or common law conspiracy to defraud may be appropriate. Prosecutors should consider the Attorney General's Guidelines on the Use of the common law offence of Conspiracy to Defraud before making a charging decision. Where several people have the same access to a computer, one way to seek to prove the involvement of suspects will be to follow the payment trail as payments will often be required to be sent to a designated account, and may be attributed to an individual.

The acts of setting up a false social networking accounts or aliases could also amount to criminal offences under the Fraud Act 2006 if there was a financial gain, as under section 8 possession or making or supplying articles for use in frauds includes any program or data held in electronic form.

For further guidance, prosecutors should refer to the legal guidance The Fraud Act 2006.

Intellectual Property Crime - piracy, counterfeiting and forgery

Intellectual property is defined as a right by an owner, of a copyright, design, patent or trademark. Intellectual property crime can cover a wide range of activities, such as the unauthorised use of another's intellectual property, through the manufacture, use, sale/import of the property without prior permission.

Most intellectual property crime falls under the umbrella of counterfeiting goods, where trademarks are wilfully infringed (see below) and breaches of copyrights, which are usually termed as piracy, and the development of technology to enable such offences to be committed.

Piracy is the unauthorised copying of an original recording for profit. Pirated products will often have different packaging to the genuine product and may often take the form of newly created compilations.

The internet may be used to distribute, share or make available pirated music, films, games or other items in the following ways:

  • Use of legitimate file sharing technologies to share copies of music and films etc. without permission of the intellectual property right holder;
  • Posting protected content on a webpage without permission, for example, uploading a copy of a new cinema release;
  • Streaming live sports matches, or concerts, out to audiences directly over the internet, without permission; and
  • Putting protected content, like a video game, into a cyber- locker, or online storage system, and providing the details on how to access the content on the internet, or a specific group of people.

Counterfeiting is when money or currency is forged but may also relate to goods if they are not manufactured or produced by the designated manufacturer or producer given on the label or flagged by the trademark symbol.

The internet may be used as a way of counterfeiting goods, and physical copies of pirated media through:

  • offering items, either billed as genuine, or clearly fake, for sale through online shops and auction sites, or on social networking sites;
  • Setting up and running sophisticated websites, for example which purport to be genuine retail outlets; and
  • Using easily available technology to set up websites offering fake goods, either billed as genuine, or clearly fake.

Forgery involves making a false object or document with the intention to induce somebody to accept it as genuine and thereby act to his own or another's prejudice. Computers (including computer files), mobile phones, social networking and internet sites can all be used in the creation and transmission of forged or falsified instruments or documents. Moreover, the documents or instruments created can also be used for further offending.

Offences and legislation which should be considered when reviewing and charging cases involving intellectual property crime

Cyber piracy of music/films/e-books and other items is copyright infringement and is an offence under the Copyright Designs and Patents Act 1988. Counterfeiting goods is a trade mark infringement and is an offence under the Trade Marks Act 1994.

When considering cases involving intellectual property crime prosecutors should also consider the Counterfeiting and Forgery Act 1981, Video Recordings Act 2010, the Registered Designs Act 1949.

As well the predicate intellectual property offences governed by the relevant legislation, general statutory offences under the Fraud Act 2006 and money laundering offences under the Proceeds of Crime Act 2002 should also be considered.

For instance, if an individual offers a fake item for sale online, which they falsely represent to be a genuine article, prosecution under the Forgery and Counterfeiting Act 1981 should be considered, alongside offences under the Fraud Act 2006 and Proceeds of Crime Act 2002.

In instances where an individual offers fake identity documents online, prosecution should also be considered under the Identity Documents Act 2010, where the document is one prescribed under section 7.

For further guidance, prosecutors should refer to the legal guidance Intellectual Property Crime.

For further guidance, prosecutors should refer to the legal guidance Forgery and Counterfeiting.

Online Marketplaces for Illegal Items

Criminals are increasingly using online marketplaces not just to trade cyber skills, tools and techniques, but to trade and sell other illegal items, such as stolen credit card details, drugs and firearms.

These marketplaces are often 'hidden' online, and facilitated by individuals coordinating the trading of these goods.

Where more than one individual is collectively running such a website, a charge of conspiracy against those doing so, under Section 1(1) of the Criminal Law Act 1977, may be considered.

However, when considering a case involving the trading of illegal goods online, it is advisable to consider charges against individuals 'selling', or facilitating the selling of objects online, as distinct from those who are 'buying'. Each case must be considered on its merits, but in many instances, there may not be sufficient evidence to demonstrate a large conspiracy between multiple users of one marketplace, where a number of seemingly distinct transactions have been made.

In the event that an individual is selling or facilitating the trading of illegal goods online, prosecutors should consider charges of encouraging or assisting an offence, under s.46 of the Serious Crime Act 2007. It can be charged where the defendant does an act capable of encouraging or assisting the commission of one or more of a number of offences, believing one or more will be committed.

Where individuals are suspected of purchasing illegal goods online, prosecutors should consider charges of attempting to commit an offence, such as one under the Fraud Act (2006), Misuse of Drugs Act (1971), or Firearms Act (1968), where it can be proved the suspect has gone beyond the preparatory stage of doing so. A charge of conspiracy under Section 1(1) of the Criminal Law Act 1977, or the common law offence of conspiracy to defraud, may also be appropriate.

For further guidance, prosecutors should consult the legal guidance Inchoate Offences.

Malicious and Offensive Communications

Every day millions of communications are sent via the internet and online platforms such as social media and photo sharing sites. Some individuals use these online forums to send abusive, threatening, indecent, offensive and false messages that could be capable of committing a criminal offence.

Communications sent via social media

When considering whether an offence might be committed by a communication via social media, prosecutors should make an initial assessment of the content of the communications and the conduct in question to distinguish between those which:

  1. are a credible threat (violence to the person or damage to property);
  2. specifically target an individual or individuals and which may constitute harassment or stalking, controlling or coercive behaviour, disclosing private sexual images without consent, an offence under the Sexual Offences Act 2003, blackmail or another offence;
  3. are breaches of court orders or a statutory provision; and
  4. are grossly offensive, indecent, obscene or false.

Cases falling within categories 1, 2 and 3 should be prosecuted robustly under the relevant legislation.

Cases falling within category 4 will usually be considered either under section 1 of the Malicious Communications Act (1988) or under section 127 of the Communications Act (2003). These cases will be subject to a high threshold and in many cases a prosecution is unlikely to be in the public interest.

The high threshold applies equally to hate crime offences that fall within category 4. However, prosecutors are reminded to give particular consideration to paragraph 4.12(c) of the Code for Crown Prosecutors, which states that 'prosecutors must have regard to whether the offence was motivated by any form of discrimination against the victim's ethnic or national origin, gender, disability, age, religion or belief, sexual orientation or gender identity, or the suspect demonstrated hostility towards the victim based on any of those characteristics. The presence of any such motivation or hostility will mean it is more likely that prosecution is required'.

Prosecutors will also need to balance the fundamental right of free speech with the need to prosecute those who are involved in serious wrongdoing; this can only be assessed on a case by case basis.

Malicious Communications Act

Section 1 of the Malicious Communications Act 1988 makes it an offence for a person, with the intention of causing distress or anxiety, to send certain items to another person which convey an indecent or grossly offensive message or are themselves of an indecent or grossly offensive nature, or which convey a threat or information which is false and known or believed to be false by the sender.

Section 32 of the Criminal Justice and Courts Act 2015 makes the offence an either-way offence and increases the maximum penalty to 2 years' imprisonment and/or a level 4 fine. This will allow more time for investigation, and make a more serious penalty available in appropriate cases. This came into force on 13 April 2015.

Communications Act

Section 127 of the Communications Act (2003) makes it an offence to send through a 'public electronic communications network' a message or other matter that is 'grossly offensive' or of an 'indecent, obscene or menacing character'. The same section also provides that it is an offence to send or false message 'for the purpose of causing annoyance, inconvenience or needless anxiety to another'.

The offence is summary-only, with a maximum penalty of 6 months' imprisonment.

For further guidance, prosecutors should refer to Guidelines on prosecuting cases involving communications sent via social media.

Cyber-bullying/trolling

Cyber bullying is bullying that takes place using communications technology, such as social media, but also text messages, apps, chats, emails and other forms of communication. Depending on the nature of the bullying, it may also constitute criminal activity and prosecutors should apply the principles outlined in the legal guidance on communications via social media when considering allegations of this nature. For example, cyber bullying might involve harassment, threatening behaviour, sending false information about someone, impersonation, cyber stalking or grossly offensive messages.

It is important to remember that evidence of bullying online may be indicative of bullying and possible further offences offline too.

Virtual mobbing

Virtual mobbing occurs when a number of individuals use social media or messaging to make comments about another individual, usually because they are opposed to that person's opinions. As above, the principles outlined in the legal guidance on communications sent by social media should be applied. In cases where certain individuals encourage others to send such messages, prosecutors should consider offences of encouraging or assisting crime under sections 44 - 46 under the Serious Crime Act 2007.

False accounts

The acts of setting up a false social networking accounts or aliases could amount to criminal offences under the Fraud Act 2006 if there was a financial gain, as under section 8 possession or making or supplying articles for use in frauds includes any program or data held in electronic form. Some social networking sites may disable false accounts when they became aware of them.

Offences that specifically target Individuals, including Cyber-Enabled Violence Against Women and Girls (VAWG)

Developments in technology have also created a new landscape for controlling, sexually-motivated or other forms of interpersonal relationship offending. Disclosing private sexual images without consent, cyber stalking and harassment, and coercive and controlling behaviour crimes are predominately but not exclusively perpetrated against women and girls, with online activity being used to humiliate, control and threaten as well plan and orchestrate acts of violence.

Prosecutors are reminded that such crimes are often part of a wider pattern of behaviour and incidents should be viewed within this wider context which can encapsulate both online and offline activity, including physical abuse. All VAWG related charging decisions should consider the context of the crime including the potential use of social media to exert power and control. For example, in cases of 'honour' based violence and forced marriage, threats to post personal information on social media can be used to bring shame on victims in order to silence and coerce.

Prosecutors are also reminded that offences under the Computer Misuse Act, such as unauthorised access to computer material with the intent to commit further offences or to impair the operation of a computer, are also often part of a wider pattern of coercive and controlling offending or stalking and harassment. For example, a stalking victim may have their bank or social media accounts compromised or private intimate photographs copied from their computer hard drive, leading to a range of harm from theft and defamation to a physical attack.

As with online romance fraud, offenders may use online dating sites or social media to facilitate offending under the Sexual Offences Act 2003, by arranging to meet a victim with a view to committing rape or other sexual offences. In these cases, prosecutors should consult the legal guidance Rape and Sexual Offences.

This section provides examples of cyber-enabled offences that specifically target individuals, including cyber-enabled VAWG, but does not provide an exhaustive list.

Disclosing private sexual images without consent

Section 33 of the Criminal Justice and Courts Act 2015 created an offence of disclosing private sexual photographs or films without the consent of an individual who appears in them and with intent to cause that individual distress.

The legislation specifies the offence as "photographs or films which show a person engaged in sexual activity or depicted in a sexual way where part or all of their genitals or pubic area is exposed, and where what is shown would not usually be seen in public".

The offence is known colloquially as "revenge pornography", which is a broad term that usually refers to the actions of an ex-partner, who uploads a sexually intimate photograph or a video where a person is engaged in a sexual activity on to the internet, or shares by text or email, with the intent of causing the victim humiliation or embarrassment as revenge for the breakup of their relationship.

The offence is an either way offence which carries a maximum penalty of 2 years' imprisonment and/or a fine.

The provisions came into force on 13 April 2015 and do not have retrospective effect.

For further guidance, prosecutors should refer to the legal guidance Guidelines on prosecuting the offence of disclosing private sexual images without consent.

Cyberstalking and online harassment

There is no legal definition of cyberstalking, nor is there any specific legislation to address the behaviour. Generally, cyberstalking is described as a threatening behaviour or unwanted advances directed at another, using forms of online communications. Cyberstalking and harassment are often combined with other forms of 'traditional' stalking, such as being followed or, receiving unsolicited phone calls or letters, as well as 'traditional' forms of harassment. Examples of cyberstalking may include:

  • threatening or obscene emails or text messages;
  • spamming (where the offender sends the victim multiple junk emails);
  • live chat harassment or flaming (a form of online verbal abuse);
  • leaving improper messages on online forums or message boards;
  • trolling or cyber bullying;
  • sending electronic viruses;
  • sending unsolicited email; and,
  • cyber identity theft.

In such cases the gathering of data from electronic storage devices and social networking sites will be vital for case building.

For further guidance, prosecutors should refer to:

Domestic Abuse: Coercion and Control

The Serious Crime Act 2015 introduced a domestic abuse offence to capture coercive and controlling behaviour in intimate and familial relationships. This offence closed a gap in the law around patterns of coercive and controlling behaviour in an on-going relationship between intimate partners or family members. This is an either way offence which carries a maximum penalty of 5 years imprisonment, a fine or both. The pattern of behaviour and access to resources that the victim has must be considered when contemplating this offence. The use of the internet, social media, spyware and software to track and monitor the whereabouts of a victim and control their contact with others must be taken into account.

This provision came into force on 29 December 2015 and does not have retrospective effect.

For further guidance prosecutors should also refer to:

Child Sexual Offences and Indecent Images of Children

The rapid growth of cyberspace has given perpetrators of child sexual abuse, and those who create and disseminate indecent images, a range of new tools to facilitate their offending. These crimes can be perpetrated through various social media, such as chat rooms, social networking sites, gaming devices that connect to the internet, as well as through direct email addresses or mobile numbers belonging to victims.

Child Sexual Abuse

Cyberspace has the potential to allow offenders to target hundreds of children at a time and once initial contact with a child is made, the children may be subjected to threats and intimidation. The online abuse can be an end in itself without any contact offences taking place. However, contact offences may occur through arranging to meet up with the child, or persuading them to engage in sexual activity whilst they are filmed or photographed. Further offending may also occur through the dissemination of these films or photographs.

Offenders for example may use various control elements as a tool to stop a victim reporting the sexual abuse (the control might take the form of threatening to publish photographs or recordings of them, including images of the victim being naked or being abused).

Charges under the Sexual Offences Act 2003, Sexual Offences Act 1956 and Indecency with Children Act 1960 may all be considered. Prosecutors should also be aware that s.69 of the Serious Crime Act 2015 created the offence of possessing a paedophile manual or any item that contains advice or guidance about abusing children sexually. This offence captures material giving advice on how to entrap or groom a child, commit other child abuse offences and escape capture.

For further guidance, prosecutors should refer to the legal guidance Guidelines on prosecuting cases of Child Sexual Abuse and Rape and Sexual Offences.

Online grooming

Predatory individuals may access internet sites that children and young people visit in order to search for potential victims by location or interest. Children and young people may often reveal personal information online, such as where they live or go to school, or their family name, which is used by groomers to manipulate behaviours and build relationships with their victims. Information may be published through a number of different online platforms which are accessible to others, including social networking sites, multi-player gaming portals and other web-based forums.

Section 36 of the Criminal Justice and Courts Act 2015 amends section 15 of the Sexual Offences Act 2003 (the offence of meeting a child following sexual grooming etc.) so that the number of initial occasions on which the defendant must meet or communicate with the child in question in order to commit the offence is reduced from two to one.

Following any initial communication or meeting, the defendant must intentionally meet, arrange to meet or travel with the intention of meeting the child, or the child must travel with the intention of meeting the defendant; and the defendant must intend to do something to or in respect of the child during or after any meeting which would, if done in England and Wales, amount to an offence under Part 1 of the Sexual Offences Act 2003.

Section 36 came into force on 13 April 2015. The offence can only be committed as amended (i.e. by proof of a single initial communication or meeting) if that communication or meeting took place on or after 13 April 2015.

For further guidance, prosecutors should refer to legal guidance Guidelines on prosecuting cases of Child Sexual Abuse and the Sentencing Council's Sexual Offences: Definitive Guidelines.

Indecent Images of Children (IIOC)

The use of cyberspace and the variety of digital tools available has further facilitated the taking, making, showing and distribution of indecent images of children. Advances in digital programs, technological solutions and enhanced computer graphics have also made it easier to create 'pseudo-photographs' of children.

It is an offence for a person to take, make, distribute or advertise indecent images of children. The main offences for consideration when dealing with this type of offending fall within:

  • Section 1 of the Protection of Children Act (PCA) 1978
  • Section 160 of the Criminal Justice Act (CJA) 1988.

These are either way offences, but offences under the PCA are likely to be the appropriate charges in the majority of cases, as the charge of 'making' under s.1(1)(a) has been developed to cover activities such as opening attachments to emails and downloading or simply viewing images on the internet (as a copy of the image will automatically be created on the device in question's hard drive). By contrast, the same conduct often cannot lead to a possession charge contrary s.160 of the CJA.

The decision of whether to charge 'making' under s.1(1)(a) of the PCA 1978, or 'possessing' contrary to s.160 of the CJA will often depend how the images came to be located on a device and how accessible they are.

S.1 of the PCA has a maximum sentence of 10 years imprisonment. Section 160 of the CJA carries a maximum sentence of 5 years imprisonment.

The Sentencing Council for England and Wales 'grades' indecent images of children within three categories depending on the seriousness of the image involved.

A Child Abuse Image Database (CAID) has been established to assist the police in identifying and grading IIOC. Images which are seen repeatedly are given a 'trusted' grade. As CAID develops, it is hoped this will avoid the need for police and prosecutors to view large numbers of images and speed up investigations and prosecutions as a result.

For further guidance, prosecutors should refer to the legal guidance Indecent Images of Children (IIOC).

In cases involving non-photographic images, such as computer generated images (CGI's), cartoons, manga images and drawings, prosecutors should consider the legal guidance Prohibited Images of Children.

Extreme Pornography and Obscene Publications

Whilst the creation of extreme pornography, obscene publications and prohibited images are offences in their own right, cyber-enabled dissemination, usually on a large scale, may also be occurring and should be considered by prosecutors. Dissemination can be via various avenues such as chat rooms, social networking sites, gaming devices that connect to the internet, as well as through a direct email address or mobile number.

Extreme Pornography

When considering what may be classified as extreme pornography, it should be borne in mind that all extreme pornography is obscene as defined by the Obscene Publications Act 1959; however, not all obscene material is extreme.

The offence of possessing extreme pornographic images, under section 63 of the Criminal Justice and Immigration Act (2008), requires the consent of the DPP to institute proceedings and should be sought at the earliest opportunity. Consent cannot be implied by the fact that the CPS is conducting proceedings.

For further guidance, prosecutors should refer to the legal guidance Extreme Pornography.

Obscene Publications

Prosecutions may be instituted to deal with online publication of obscene material. The Obscene Publications Act 1959 was amended to deal with electrically stored data or the transmission of that data.

Transmitting comments to another person in the context of an internet relay chat is publication, even if there is just one recipient and one likely reader of the article. If the publication is obscene, prosecution under the Obscene Publications Act (OPA) 1959 can be considered.

For further guidance, prosecutors should refer to the legal guidance Obscene Publications.

Top of page

Practical and Operational Advice

This section relates to casework preparation and in particular how complex and large cases should be managed. Prosecutors should consider the following when reviewing and charging cybercrime cases:

Digital Evidence Gathering

Prosecutors should refer to the ACPO (now NPCC) 2012 Good Practice Guide for Computer-Based Electronic Evidence when reading this section.

Computer systems and their components can provide valuable evidence. The hardware and software together with items stored on the computer itself, such as documents, photos, image files, photographs, emails and attachments, databases, financial information, internet browsing history, chat logs, event logs etc. can all be used as potential sources of evidence.

Games consoles connected to the internet may also provide a source of electronic evidence. Some devices will contain on-board or removable flash storage which allows the user to not only play games, but to also visit websites and store videos, photos, messages etc.

Many mobile phones have multimedia functionality, allowing internet access and access to email, in addition to sending text messages and photographs. Different phones will have varying capabilities and often require specialist equipment to capture the information effectively whilst retaining the integrity of the evidence. Portable media players (such as tablets or music players) may also be used to store and play digital media.

Digital evidence and communications data can also be obtained directly from Communication Service Providers (CSPs) as well as from computers and digital storage devices. Investigators have the power to serve orders on CSPs that oblige them to disclose communications data. Many CSPs are based in the US and will require Mutual Legal Assistance or Letters of Request (see below).

Verifying the origin and use of some digital evidence can be challenging as it may have been created using complex codes and data, but this should not be seen as a barrier to presenting digital evidence in court. It is important to stress that digital evidence is no different to other evidence, however it is worth noting that:

  • digital evidence can be easily altered by a user and may sometimes be hard to detect;
  • some digital evidence may need to be interpreted by a specialist;
  • some evidence may be altered or destroyed through normal use (for example, saving a document alters its properties); and
  • the nature and source of digital evidence is constantly evolving as the technology advances.

It is important that evidence is handled in an appropriate way from the moment it is identified.

When presenting communications data in court, prosecutors must give careful consideration to the way in which it will be presented to the jury and make it as simple to understand as possible.

Case Management

In complex cases involving large volumes of data, prosecutors should ensure that the Case Management and Record Keeping guidance is used so that a consistent approach is taken. Prosecutors should encourage early contact with investigators and agree a plan regarding the handling of bulk electronic material. It is important that prosecutors consult the CPS guidance on the service of bulk electronic material as part of the prosecution case.

Disclosure Management

In relation to complex cybercrime cases, prosecutors should refer to the casework hub for the Disclosure Management Document (DMD). For cases which fall within the mandatory disclosure regime, the DMD should be prepared and served by the prosecutor to assist in management of disclosure.

Prosecutors should also note that a complex cybercrime case is likely to have voluminous electronic data, including communications data and other computer downloads, GPS data, memory or cloud storage, banking evidence and digital tachographs. The disclosure of unused electronic data must be carried out in accordance with the Criminal Procedure and Investigations Act (CPIA) 1996. The normal rules of disclosure apply to material in electronic form and prosecutors are responsible for serving evidence as is appropriate to prove the case for the prosecution, in accordance with the Criminal Procedure Rules. Bulk electronic material should not be served wholesale without consideration of this overriding principle.

Prosecutors should consult CPS guidance on the service of bulk electronic material as part of the prosecution case and refer to the Attorney General's Guidelines on Disclosure: Supplementary Guidelines on Digitally Stored Material or the Disclosure Manual.

Jurisdiction

Where jurisdiction is challenged, the courts look at where the site is hosted, its intended audience, the material posted, the nationality of the webmaster and where the information was created and downloaded, applying the 'substantial measure' principle set out in R v Smith (Wallace Duncan) (no.4) (2004) 2 Cr App R 17, which states:

"The English Courts ... seek ... to apply the English criminal law where a substantial measure of the activities constituting the crime take place in England, and restricts its application in such circumstances solely to cases where it can be seriously be argued on a reasonable view that these activities should on the basis of international comity not be dealt with by another country."

R v Sheppard and Whittle (2010) EWCA Crim 65 - Sheppard posted racially inflammatory material to a website, registered in his name and operated by him, but based in California. Once the material reached the server in California, it was posted online and made available on the internet to all those visiting the website, including people in the jurisdiction of England and Wales. The court came to the conclusion that jurisdiction was governed by the substantial measure principle enunciated by the court in R v Smith (supra). Everything in the case related to England and Wales except for the server being in California.

International Enquiries - Mutual Legal Assistance for computer evidence

Mutual Legal Assistance (MLA) is a method of cooperation between states for obtaining assistance in the investigation or prosecution of criminal offences. MLA is generally used for obtaining material that cannot be obtained on a police cooperation basis, particularly enquiries that require coercive means. Requests are made by a formal international Letter of Request (LOR), usually on the basis of a bilateral treaty or multilateral convention.

It may not always be necessary for a prosecutor to issue an MLA request. Evidence and information for use in the prosecution phase could be obtained by liaison between UK and overseas law enforcement agencies. In cases where the requirement of information may be for only traffic data, then an MLA request is unlikely to be required; some information could be sought directly from the communication service provider or by the police.

Joint Investigation Teams

Complex cybercrime investigations often span several jurisdictions. Investigators and prosecutors need to be able to co-ordinate their approach and respond quickly to developments and opportunities to disrupt or prevent illegal activity, obtain evidence and make arrests. Prosecutors may wish to consider whether a Joint Investigation Team (JIT) is appropriate.

A JIT is a team set up between two or more Member States, under judicial supervision, for the purpose of investigating specific serious cross-border crime and with a limited duration. The legal basis of a JIT is under Article 13 of the EU Convention on Mutual Legal Assistance in Criminal Matters, which was adopted 29th May 2000.

Eurojust can assist when considering the creation of a joint investigation team, or when dealing with jurisdictional and logistical issues where offending occurs in more than one country. It provides a neutral venue for meetings where prosecutors and investigators from two or more Member States can review such cases and agree future actions. Prosecutors should always consider early consultation with the UK Eurojust desk when dealing with transnational crime, particularly if the offending occurs in three or more EU states.

The aim of a JIT is to encourage and modernise co-operation between judicial and law enforcement agencies in EU Member States. There are a number of advantages in considering a JIT for a complex case. For example, it allows JIT members to:

  • share information directly / request investigative measures without the need for formal requests or Letters of Request;
  • be present at house searches, interviews, etc;
  • co-ordinate efforts on the spot;
  • informally exchange specialised knowledge;
  • build mutual trust between practitioners from different jurisdictions working together and deciding on investigative and prosecution strategies; and
  • enable Eurojust and Europol to be involved with direct support and assistance.

Further assistance

The Global Prosecutors E-Crime Network (GPEN) was launched in 2008 with the aim of assisting countries to establish a safe and secure online environment, by ensuring prosecutors have the tools to deal effectively with cybercrime. Under the umbrella of the International Association of Prosecutors (IAP) each organisational member nominates at least one prosecutor to be registered as the GPEN national contact point. The GPEN network provides a:

  • database of nominated e-crime prosecutors from around the world;
  • forum for the exchange of expertise, queries and advice;
  • collection of e-crime prosecution resource material, for example; national legislation and legal guidance;
  • virtual Global E-Crime Prosecutors' College, a database of e-crime training courses and presentations; and
  • global community of e-crime prosecutors sharing expertise and experience.

GPEN was the initiative of the CPS and since its inception the CPS has promoted GPEN both nationally and internationally, has contributed training material to the GPEN library and has assisted in capacity building in a number of countries. To access GPEN please contact HQ Policy.

Top of page

Annex A: Cybercrime types and related Cyber-Dependent Offences

Hacking (using technology to steal personal data)

  • Offences to consider
    • Section 1 of the Criminal Law Act 1977
    • Sections 1 - 3ZA of the Computer Misuse Act 1990
    • Section 1 of the Regulation of Investigatory Powers Act 2000
    • Sections 44 - 46 of the Serious Crime Act 2007
    • Money laundering offences under the Proceeds of Crime Act 2002
    • Section 55 of the Data Protection Act
  • Relevant legal guidance
    • Computer Misuse Act 1990
    • Covert Law Enforcement Manual
    • Proceeds of Crime
    • Fraud - The Fraud Act 2006
    • Data Protection Act - Criminal Offences

Manufacture and/or distribution of virus software, Trojans, malware and Worms

  • Offences to consider
    • Sections 1 - 3ZA of the Computer Misuse Act 1990 (CMA)
    • Section 7 of the Fraud Act 2006
    • Sections 44 - 46 of the Serious Crime Act 2007
    • Section 6 of the Fraud Act 2006
    • Section 7 of the Fraud Act 2006
    • Money laundering offences under the Proceeds of Crime Act 2002
    • Section 55 of the Data Protection Act
  • Relevant legal guidance
    • Computer Misuse Act 1990
    • Proceeds of Crime
    • Fraud - The Fraud Act 2006
    • Data Protection Act - Criminal Offences

Manufacture and use of Spyware

  • Offences to consider
    • Sections 1 - 3ZA of the Computer Misuse Act 1990 (CMA)
    • Sections 6 - 7 of the Fraud Act 2006
    • Encouraging or assisting another to commit an offence under section 45 of the Serious Crime Act 2007
    • Sections 44-46 of the Serious Crime Act 2007
    • Money laundering offences under the Proceeds of Crime Act 2002
    • Section 55 of the Data Protection Act
  • Relevant legal guidance
    • Computer Misuse Act 1990
    • Proceeds of Crime
    • Fraud - The Fraud Act 2006
    • Data Protection Act - Criminal Offences

Top of page

Annex B: Cybercrime types and related Cyber-Enabled Offences

Economic related cybercrime

  • Electronic / financial / e-commerce frauds; Fraudulent sales through online auction / retail sites; Scams and mass-marketing frauds; Phishing scams
    • Offences to consider
      • Section 2 of Computer Misuse Act 1990
      • Section 3 of the Computer Misuse Act 1990
      • Sections 1 - 2 of the Fraud Act 2006
      • Section 6 of the Fraud Act 2006
      • Offences under the Theft Act 1968 and the Theft Act 1978
      • Section 1 of the Criminal Law Act 1977
      • Money laundering offences under the Proceeds of Crime Act 2002
      • Offences under the Forgery and Counterfeiting Act 1981
    • Relevant legal guidance
      • Computer Misuse Act 1990
      • Fraud - The Fraud Act 2006
      • Proceeds of Crime
      • Attorney General's Guidelines on charging conspiracy to defraud, in particular paragraphs 12 to 15
      • Forgery and Counterfeiting
      • Data Protection Act 1998 - Criminal Offences
  • Online romances / Persuasive tactics with intent to deceive / defraud
    • Offences to consider
      • Sections 1 - 2 of the Fraud Act 2006
    • Relevant legal guidance
      • Fraud - The Fraud Act 2006
  • Intellectual Property
    • Offences to consider
      • Sections 107, 198, 296ZB and 297 of the Copyright Designs and Patents Act 1988
      • Section 92 of the Trade Marks Act 1994
      • Sections 9 - 14 of the Video Recordings Act 2010
      • Fraud Act 2006
      • Proceeds of Crime Act 2002
      • Video Recording Act 2010
    • Relevant legal guidance
      • Intellectual Property Offence
  • Forgery and counterfeiting
    • Offences to consider
      • Sections 1 - 5 of the Forgery and Counterfeiting Act 1981
      • Sections 4 - 6 of the Identity Document Act 2010
    • Relevant legal guidance
      • Forgery and Counterfeiting

Online Marketplaces for Illegal Items

  • Selling illegal goods online
    • Offences to consider
      • Section 1 of the Criminal Law Act 1977
      • Section 46 of the Serious Crime Act 2007
    • Relevant legal guidance
      • Inchoate Offences
  • Purchasing illegal goods online
    • Offences to consider
      • Section 1 of the Criminal Law Act 1977
      • Predicate offences, under, for example, the Fraud Act 2006, the Misused of Drugs Act 1971, or the Firearms Act 1968
    • Relevant legal guidance
      • Inchoate Offences
      • Fraud - The Fraud Act 2006
      • Drug Offences
      • Firearms

Malicious communications

  • Offensive Communication
    • Offences to consider
      • Section 1 of the Malicious Communications Act 1988
      • Section 127 of the Communications Act 2003
    • Relevant legal guidance
      • Guidelines on prosecuting cases involving communications sent by social media
  • Cyber bullying / Trolling; Virtual mobbing
    • Offences to consider
      • Sections 125 - 127 of the Communications Act 2003
      • Sections 2 - 5 of the Protection from Harassment Act 1997
      • Sections 44 - 46 of the Serious Crime Act 2007
    • Relevant legal guidance
      • Guidelines on prosecuting cases involving communications sent by social media
      • Stalking and Harassment
      • Inchoate Offences

Offences that specifically target individuals, including Cyber-enabled Violence Against Women and Girls (VAWG)

  • Disclosing private sexual images without consent
    • Offences to consider
      • Sections 33 - 35 and Schedule 8 of the Criminal Justice and Courts Act 2015
      • Sections 2 - 5 of the Protection from Harassment Act 1997
      • Section 1 of the Protection of Children Act 1978 (where the image was taken before the subject was 18)
      • Section 1 of the Computer Misuse Act 1990 (where the images have been obtained through computer hacking)
      • Section 21 of the Theft Act
    • Relevant legal guidance
      • Guidelines on prosecuting the offence of disclosing private sexual photographs and films
      • Stalking and Harassment
  • Cyber-stalking and online harassment
    • Offences to consider
      • Sections 2 - 5 Protection from Harassment Act 1997
      • Sections 125 - 127 Communications Act 2003
      • Section 1 Malicious Communications Act 1988
    • Relevant legal guidance
      • Stalking and Harassment
      • Guidelines on prosecuting cases involving communications sent by social media
  • Domestic Abuse: Coercion and Control
    • Offences to consider
      • Section 76 of the Serious Crime Act 2015
      • Sections 2 - 5 of the Protection from Harassment Act 1997
      • Sections 125 - 127 of the Communications Act 2003
      • Section 1 of the Malicious Communications Act 1988
      • Sections 33 - 35 and Schedule 8 of the Criminal Justice and Courts Act 2015
    • Relevant legal guidance
      • Guidelines on prosecuting the offence of disclosing private sexual photographs and films
      • Guidelines on prosecuting cases involving communications sent by social media
      • Domestic Abuse Guidelines for Prosecutors
      • Stalking and Harassment

Child Sexual Offences and Indecent Images of Children (IIOC)

  • Online grooming
    • Offences to consider
      • Sections 12, 14 and 15 of the Sexual Offences Act 2003
    • Relevant legal guidance
      • Child Sexual Abuse
      • Guidelines on prosecuting cases involving communications sent by social media
  • Prohibited and indecent images of children; Sexual offences
    • Offences to consider
      • Sections 1 - 7 of the Protection of Children Act 1978
      • Section 160 of the Criminal Justice Act 1988
      • Section 62 (for non-photographic images) of the Coroners and Justice Act 2009
    • Relevant legal guidance
      • Indecent Images of Children (IIOC)
      • Child Sexual Abuse
      • Prohibited Images of Children

Extreme Pornography and Obscene Publications

  • Extreme Pornography
    • Offences to consider
      • Section 63 of the Criminal Justice and Immigration Act 2008
    • Relevant legal guidance
      • Extreme Pornography
  • Obscene Pornography
    • Offences to consider
      • Section 2 of the Obscene Publications Act 1959
    • Relevant legal guidance
      • Obscene Publications

Top of page

Annex C: Abbreviations and Glossary

Action Fraud

The UK's national reporting centre for fraud and cybercrime.

Address

The term address is used in several ways:

  • An Internet address or IP address is a unique computer (host) location on the Internet.
  • A Web page address is expressed as the defining directory path to the file on a particular server.
  • A Web page address is also called a Uniform Resource Locator, or URL.
  • An e-mail address is the location of an e-mail user (expressed by the user's e-mail name followed by an "at" sign (@) followed by the user's server domain name.

Archive file

A file that contains other files (usually compressed files). It is used to store files that are not used often or files that may be downloaded from a file library by Internet users

BIOS

Basic input output system. A programme stored on the motherboard that controls interaction between the various components of the computer.

Botnet

Computers can be unknowingly co-opted to be part of a network used by controller to undertake illegal activity (such as being used in a Distributed Denial of Service attack). Such computers are known as botnets.

Byte

In most computer systems, a byte is a unit of data generally consisting of 8 bits. A byte can represent a single character, such as a letter, a digit, or a punctuation mark.

Cache

A place to store something more or less temporarily. Web pages browsed to are stored in a browser's cache directory on a hard disk. When returning to a page recently browsed to, the browser can get it from the cache rather than the original server, saving time and the network the burden of some additional traffic. Two common types of cache are cache memory and a disk cache.

CEOP

Child Exploitation and Online Protection Centre. CEOP is part of the National Crime Agency.

Cloud

A network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Coding

Coding is used to write computer programmes or software. Highly-skilled coders are able to write sophisticated programmes (using 'scripts') to facilitate unauthorised access to networks or data.

Communications data

The 'who', 'when' and 'where' of communication, but not the 'what' (i.e. the content). For examples, internet connection records ICRs can tell the authorities which websites and applications a user has visited, but not what specific pages on those websites they viewed or what information they exchanged with the app.

CSP

Communications Service Provider. A CSP is a company which provides a particular communication service. Examples would be Vodafone, BT, Apple, Google or WhatsApp. Many are based overseas rather than in the UK.

Computer

Defined as 'a device for storing, processing and retrieving information' In DPP v McKeown and DPP v Jones [1997] 2Cr App R 155 HL. This means the term encompasses mobile smartphones, personal tablet devices and games consoles as well traditional 'desk-top' computer or laptops.

Computer network

A computer network is where a number of different computers are connected. These can vary in size from either a small local network - where a number of computers are joined together, such as in a workplace - to the internet which is essentially a connection of billions of computers.

CPU (Central Processing Unit)

The most powerful chip in the computer. Located inside a computer, it is the "brain" that performs all arithmetic, logic and control functions.

CMA

Computer Misuse Act 1990

Cybercrime

Umbrella term for criminality which involves the use or exploitation of computers or computer networks. It encompasses both 'cyber-dependent' and 'cyber-enabled' crimes.

Cyber-dependent crime

Crimes which are targeted primarily at a computer network itself, with the intention of controlling, disrupting or exploiting the network or the data it holds.

Cyber-enabled crime

'Traditional' crimes such as fraud or indecent image offences which are committed using digital technology. These are crimes which do not depend on computers or networks but have been transformed in scale or form by the use of the internet and communications technology.

Cyber stalking and online harassment

There is no legal definition of cyberstalking, nor is there any specific legislation to address the behaviour. Generally, cyberstalking is described as a threatening behaviour or unwanted advances directed at another, using forms of online communications which may include threatening or obscene emails, spamming, live chat harassment, trolling or targeted sending of viruses.

Data

Digital material which may be stored on physical devices or in the 'cloud'. Data can include personal or sensitive information which may be exploited by criminals if obtained by them.

Database

Structured collection of data that is organised so that it can easily be accessed, managed, and update e.g. database of addresses.

Deleted files

A subject may delete files in an effort to eliminate evidence but depending on how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.

Denial of Service (DoS)

An attack to make a machine or network resource unavailable to its intended users, to temporarily or indefinitely interrupt or suspend services offered by a website. DoS attacks can be undertaken for criminal, political/protest or other purposes.

Distributed Denial of Service (DDoS)

Similar to DoS attacks but effected by using multiple devices (often thousands) to bombard a website with requests, causing it to cease effective functioning. Like a DoS, this tactic may be employed for criminal, protest/political or other purposes.

e-commerce fraud

Fraudulent financial transactions related to retail sales carried out online. This may include fraudulent card-not-present (CNP) transactions, which take place over the internet when both cardholder and card are based remotely.

Encryption

The process of scrambling, or encoding, information in an effort to guarantee that only the intended recipient can read the information.

Flaming

Online verbal abuse, similar to trolling.

Gigabyte

A gigabyte is a measure of memory capacity and is roughly one thousand megabytes or a billion bytes.

GPEN

Launched in 2008, the Global Prosecutors E-Crime Network is a global community of cybercrime prosecutors and a forum for sharing expertise and experience. Each country nominates one individual to be a national contact point.

Hacking

A loosely-defined term which refers to the unauthorised access to a device or computer network. This can either be through the use of illegally-obtained passwords or more sophisticated technical know-how to bypass security systems. Hacking can be used to gather personal data or information, or disrupt computer networks.

Hacktivism

When hacking activities are motivated by political rather than criminal causes, for example to raise awareness of a protest movement.

JIT

A Joint Investigative Team is set up between two or more EU Member States, under judicial supervision, for the purpose of investigating specific serious cross-border crime and with a limited duration. The legal basis of a JIT is under Article 13 of the EU Convention on Mutual Legal Assistance in Criminal Matters.

MCA

Malicious Communications Act 1988.

Malware

Malware is malicious software designed to interfere with or destroy computers or data. This includes stealing or destroying personal data. Malware is an umbrella term for viruses, worms, Trojans, spyware and ransomware. Malware may be distributed by spam (unsolicited) mail.

Memory

Often used as a shorter synonym for random access memory (RAM). Memory is the electronic holding place for instructions and data that a computer's microprocessor can reach quickly. RAM is located on one or more microchips installed in a computer.

MLA and LoR

Mutual Legal Assistance and Letters of Request. The process by which evidential material held by Communication Service Providers (CSPs) based overseas is requested.

Online grooming

When children are deliberately targeted and groomed by an individual who intends to meet them.

Operating system

Software that is usually loaded into the computer memory upon switching the machine on and is a prerequisite for the operation of any other software.

Pharming

Where a user is directed to a fake website, sometimes from phishing emails, to input their personal details into what they think is a legitimate website but is actually fake.

Phishing

Use of fraudulent emails disguised as legitimate communication which ask or 'fish' for personal or corporate information from users, for example, passwords or bank account details.

Pirate software

Software that has been illegally copied.

Port

  1. An interface on a computer to which you can connect a device. Personal computers have various types of ports, including internal ports for disk drives, display screens and external ports for connecting modems, printers and other peripheral devices.
  2. A computer or a program connects to somewhere or something else on the Internet via a port. The port number in a URL identifies what type of port it is.

Ransomware

Software that can collect personal data, documents or information and demand payment in order to avoid its destruction.

Removable media

Items e.g. floppy disks, CDs, DVDs, cartridges, tape that store data and can be easily removed. Small-sized data storage media which are more commonly found in other digital devices such as cameras, PDA's (Personal Digital Assistants) and music players.

Scripts

Lines of code which amount to programmes or instructions which tell computers what actions to take.

Social media

These are computer-based tools which allow people or companies to create, share or exchange information, ideas, pictures and videos. Facebook and Twitter are both examples of social media.

Software

Programmes which run on computers or other devices. Some malicious software may be specifically designed to attack computer networks and systems.

Spyware

Software that secretly gathers sensitive or personal information from infected systems, including monitoring websites visited. This information may then be transmitted to third parties. One example of spyware is key-logging which captures and forwards keystrokes made on a computer, enabling collection of sensitive data such as passwords or bank account details.

Trojan

Malicious computer programmes, that present themselves as useful, routine or interesting in order to persuade a victim to install them. They can then perform functions such as stealing data without the user's knowledge.

Trolling / cyber bullying

Bullying that takes place using communications technology, such as social media, but which may also involve text messages, apps, chats, emails and other forms of communication. Cyber bullying might involve harassment, threatening behaviour, sending false information about someone, impersonation, cyberstalking or grossly offensive messages.

Virus

Self-replicating programs, that spread within and between computers. They can cause mild computer dysfunction, but can also have more severe effects in terms of damaging or deleting hardware, software or files.

Virtual mobbing

This occurs when a number of individuals use social media or messaging to make directed comments about another individual, usually because they are opposed to that person's opinions.

Worm

A self-replicating program, that can spread autonomously within and between computers. The impact of worms can be more severe than viruses, causing destruction across whole networks. Worms can also be used to drop Trojans onto the network system.

Top of page