Here we go again - ISP DPI, but is it interception?

James Firth james2 at
Fri Jul 30 12:37:38 BST 2010

Nicholas Bohm wrote:

> > I suspect Clive's refering to the case involving Daniel Cuthbert
> >
> > aka the "Tsunami Hacker"
> >
> >
> >
> Thanks to Chris and Peter for their pointers.
> The decision of a magistrate isn't of course binding as a precedent,
> but
> it's a good real-world example, and one must wonder whether Talk Talk
> have overlooked it.

As a professional who works often on security-related web stuff this
conviction has always made me feel uncomfortable.  

Firstly the speed in which a large firm can get the police to act contrasts
starkly with the experience of many smaller server owners/operators who
suffer serious prolonged and sophisticated attacks.

And secondly this type of "attack" should really only be viewed as an attack
if prolonged multiple requests are made using well-known attack vectors
(such as including the quote characters ` and ' as per an SQL "injection"

But as memory serves me a conviction was somewhat inevitable in this case
because the defendant via a somewhat circuitous argument showed intent
because as a self-proclaimed security researcher he should have known his
actions could cause data loss or downtime.

But it happens all the time.  I run a URL shortening service and also host a
microsite used by the Telegraph for publication of school league tables.  I
get URL "attacks" nearly every day, most of them probably from curious types
who wouldn't dream in a lifetime that what they're doing could be criminal.
They're just seeing what's on my servers, how the servers work, and, as
sometimes is the case, having a sneaky check to see if they server is
vulnerable to common attacks.

(I'm sure there are people on this list far more familiar with the Cuthbert
case than me.)

James Firth

More information about the ukcrypto mailing list