The Queen’s Bench division handed down an injunction that IT experts pointed out would be tricky to enforce
The UK High Court has cracked down on cyber-blackmailing following a recent incident involving London barristers’ chambers 4 New Square.
The chambers had brought before the court the perpetrator/s of a cyberattack it was the victim of last month. The attacker/s had threatened to go public with the data it seized during the hit.
Cyber attackers can be slapped with as much as a five-year prison sentence if charged under the Computer Misuse Act 1990.
In a private hearing presided over by Judge Karen Steyn DBE, the court granted 4 New Square an injunction indicating that the cyber attacker/s could not use, publish or communicate or disclose the information indicated in a confidential schedule to any other person except to legal advisors, or unless it was necessary to fulfil the court order.
The court’s order was issued on 28 June at a hearing without notice given the anonymity of the cyber attacker/s and the nature of the blackmail charge. The order included a penal notice advising the cyber attacker/s and their accomplices that they would be held in contempt of court by disregarding the order, which could lead to imprisonment, asset seizure or a fine.
The court acknowledged the possibility that the cyber attacker/s could be outside UK jurisdiction, but said that the order would affect the following:
- anyone who was subject to the court’s jurisdiction
- anyone who was “able to prevent acts or omissions outside the jurisdiction of this court which constitute or assist in a breach of the terms of this order”
- anyone affected by the declaration of their home country or state that the court’s order could be enforced
However, IT experts have deemed the court order difficult to enforce. The UK National Cyber Security Centre has indicated that ransomware groups are generally residents of ex-Soviet nations like Russia, which typically pay no heed to attackers’ activities outside the local jurisdiction.
An article in international tech website The Register pointed out that under these circumstances, such a civil non-disclosure order would have very little, if any, effect.
The UK National Cyber Security Centre has highlighted ransomware as a major threat to corporate IT systems at present. Several law firms across the globe have been targeted in recent attacks, including the US and Australia.