In R v Martin [2013] EWCA Crim 1420, the Court of Appeal considered an appeal against a sentence totalling two years’ imprisonment where the offender had carried out denial of service attacks directed at the Universities of Oxford and Cambridge and Kent Police. The offender had pleaded guilty at the first opportunity. The list of offences also included an offence relating to one individual where the offender had used that person’s Paypal account to pay for a pizza and another where he had obtained information about the individual causing him to change passwords and involving him in considerable trouble and cost.
While acknowledging that the offender’s activities were not (with one exception) carried out for profit but mainly out of bravado, and indeed did not match the impact of which he boasted to the university victims, Leveson LJ took the view that the offences fell into the highest level of culpability – carefully planned offences which did and were intended to cause harm both to the individuals and organisations targeted. He went on to say (at [43]):
The prevalence of computer crime, its potential to cause enormous damage, both to the credibility of IT systems and the way in which our society now operates, and the apparent ease with which hackers, from the confines of their own homes, can damage important public institutions, not to say individuals, cannot be understated. The fact that organisations are compelled to spend substantial sums combating this type of crime, whether committed for gain or out of bravado, and the potential impact on individuals such as those affected in this case only underlines the need for a deterrent sentence.
R v Mangham [2012] EWCA Crim 973 should not considered a benchmark for sentencing such offences and custodial sentences measured in years rather than months should now be expected. The sentence of two years’ imprisonment was ‘amply justified’ and was upheld.