Section 3 of the Computer Misuse Act criminalises unauthorised acts that impair the operation of a computer. This section is deemed the most serious as it is targeting criminals that are aiming to cause damage to a target.

The case study for Section 3 is a mail bomb attack. In this instance an employee of Domestic & General Group PLC launched a Denial of Service attack after being dismissed from work. The Avalanche v3.6 tool was used to send a large number of emails to targeted email addresses in an attempt to impact the mail server's ability to function. During the attack, it is estimated that approximately 5 million emails being sent and this eventually overwhelmed servers and managed to take the corporate website offline.

When arrested, Lennon stated that he had not considered he had done anything illegal whereas Domestic & General valued the damage at approximately £18,000. During this case, Lennon was charged with “unauthorised modification” to a computer with the crucial question being whether D&G consented to the modifications to their computer. (modifications in this instance implied the change in operational capability).

As a defence, Lennon’s laywers stated that the purpose of emails are to be sent and received so D&G had provided consent by providing the method to receive emails. This was accepted by a judge and was later appealed by D&G stating that while they consent to receiving emails, Lennon used a tool

for the pure purpose of overwhelming servers and after an undefined threshold, consent could not be assumed. On appeal, Lennon was sentenced to have breached section 3 of CMA.

‍