All About HackingBlackhat Hacking ToolsFree CoursesHacking

Case study – News of the world phone hacking scandal (NoTW)

In this article we will discuss about News of the world phone hacking scandal.

News of the world phone hacking scandal:

Authors –

The world is growing rapidly with different technologies and therefore illegal activities are increasing in adopting these new technologies. Each country has its own laws and regulations. In the UK, people are convicted under the Computer Misuse Act 1990 for illegal activities that are carried out using technology and there is evidence that many people have been convicted under this act (Turner, M., 2013). In addition, there are few regulations such as RIPA 2000 which give certain authorities in the UK the power to carry out surveillance or intercept communications against a person for a specific reason. The question is, are these laws being used effectively and sensibly?

Obtaining information by illegal means or abuse of authority is against the law, and publishing such information is unethical and against media regulations. The News of the World hacking scandal is an ongoing case that has raised huge concerns about these laws, leading to an inquiry into media regulation. This documentary will discuss the issues and analyze how the News of the World came to its demise due to illegal activities such as the hacking of many people’s personal phones to find internal information and the legal issues involved.

Overview of computer laws in the UK

According to Feng, X., (2013), UK computer users must comply with the following UK laws:

Communication Act (2003): This Act gave OfCom (Office of the Communication) more power to regulate media and communication service providers. Provisions § 125 and 126 established that criminal offenses are criminal offenses of improper use of a public electronic communications network, possession or supply of equipment to violate the law. It also made it illegal to use an unknown Wi-Fi broadband connection without its owner’s permission (Legislation Government UK, 2003). Evidence: In July 2005, a West London magistrate fined a man £500 and 12 months under the Communications Act (2003) for using others’ Wi-Fi without the owner’s permission (BBC, 2005).
Human Rights Act (1998): Section (10) of the Human Rights Act (1998) allows an individual to express his own opinion, published article or leaflet and communicate over the Internet, even if other people may not like it and find it offensive. However, using offensive language that offends others with the motive of targeting a racial or ethnic group can be a criminal offence. Journalists and media reporters will be able to express or criticize the government or political party without fear. However, Article (8) can be used to punish anyone who is involved in the personal life of another, which is considered disrespectful (Legislation Government UK, 1998).
Privacy and Electronic Communications Regulations (2003): Made it illegal to send automated recorded messages via telephone or mobile voice or SMS for marketing purposes without the user’s prior permission (Legislation Government UK, 2003).
Computer Misuse Act (1990): This Act makes it illegal to hack or introduce a virus into the devices of others. The Computer Misuse Act (1990) or CMA (1990) section 1-3 introduced these offenses as follows:
Unauthorized access to computer material (data or program);
Unauthorized access to a computer with intent to commit or facilitate a serious crime;
Unauthorized modification of computer material;
People convicted under this Act can be jailed for 6 months to 5 years and/or fined up to £5000 (Legislation Government UK, 1990).

Regulation on Radio Equipment and Telecommunications Terminal Equipment (2000): Article 3(1)(a) a) established the protection of the health and safety of the user or any other person with regard to the safety requirements that must be met by all installations within the scope of the directive. . Article 3.3 (c) introduced certain conditions for devices covered by the Directive as follows: all devices must include safeguards to ensure that all users’ personal data is protected (Legislation Government UK, 2000).
Data Protection Act (1998/2008): The Data Protection Act (DPA) was designed to protect individuals’ personal data handled by an organization or individual (Legislation Government UK, 2008).
Anti-Terrorism, Crime and Security Act (2001): This legislation gives the power to detain foreigners indefinitely without charge who are a threat to the UK and cannot be deported under human rights legislation. It was introduced after the 9/11 attacks and was later replaced by the Prevention of Terrorism Act (2005) (Legislation Government UK, 2005). It also gives the power to detain a person who uses electronic devices for terrorism-related activity.
Police and Justice Act (2006): The Police and Justice Act (2006) Part 5 contains the Computer Misuse Act (1990) for certain computer-related offenses such as deliberate attacks on a system to impair the operation of a computer (Legislation Government UK, 2006).
European law: European law is largely superior to the legislation of its member states, including that of the United Kingdom (Legislation Government UK, 1973).
Regulation of Investigatory Powers Act 2000: The Regulation of Investigatory Powers Act 2000 (RIPA 2000) is the ultimate regulation that governs the UK government and public bodies used to obtain information about individuals and organizations when necessary (The Guardian, 2009 ). RIPA covers covert technology that can be carried out in accordance with human rights. RIPA 2000 covers a number of important covert activities which include (Legislativa Government of the UK, 2000):
Communication interception – this is the interception of people’s voice messages, text messages, phone calls, etc.
Communication data interception – includes interception of phone bills, credit card records, etc.
Obtaining Encrypted Data (encrypted data) – which includes any secret that relates to electronic data, e.g. PIN, password, etc.
Using human covert intelligence – includes using an undercover officer, informant, or buying information about someone from a reliable source, which may be from those responsible for covert surveillance.
Use of covert surveillance of citizens.
Use of intrusive surveillance when necessary – includes matters involving private property.
The above covert powers were introduced for the purpose of governing the nation and for the safety of citizens from terrorism, immigration issues, for the control of disorder and for the stability of the UK economy (The Parliament Publication UK, 2010). RIPA 2000, as stated above, is only intended for public authorities such as the police and any legal investigative organisation. It must be carried out with an approved warrant from the Secretary of State under section 41 of RIPA 2000 listing the members of the authority who can be granted consent to the proper application and such orders can only be granted in cases of national security or serious crime (The Guardian, 2009 and Telegraph, 2013 ).

The UK Court System

The following figure shows the structure of the UK court system. The Legal System of the United Kingdom is a review of the legal system over nearly 1,000 years. The UK court system rests on three pillars:

  • Parliamentary sovereignty (Parliament of the United Kingdom)
  • Separation of power
  • Legal state

The Parliament of the United Kingdom consists of the House of Lords, the House of Commons and the Crown. The main source of UK law is the UK Parliament. The separation of law consists in a certain degree of independence of power from the functions which are the legislative (House of Lord), executive (cabinet) and judicial (judges) functions of government (Rivlin, 2004). The rule of law is defined as the legal relationship between citizens and the state government.

Figure : The UK Judicial System

Source: Judicial Statistics, Annual Report 2005 (CM6799)

In addition to the main source of UK law, there are various legislative institutions such as the European Union legislature, courts, regulatory bodies and international institutions. UK law became subordinate to European Union law after the UK joined the European Union in 1973 (Rivlin, 2004).

Principles of press regulation

There is a great need for freedom of speech in a society that is independent and should be fair. The media use this right to question any influential subject or story. It is self-regulating and not subject to any legal regulations. The Press Complaints Commission (PCC) was created by the print industry itself and provides guidance for media professionals rather than laws. The PCC has its own code of 16 articles covering a wide range of issues including harassment, intrusion, children, privacy, accuracy, wiretapping devices, confidential sources, discriminatory payment for articles (PCC, 2009). The balance of this effect cannot be maintained only by self-regulation, and this has not been achieved. Other systems seem to work well enough for different industries and different authorities.

Following news of murdered schoolgirl Milly Dowler, whose phone was hacked by the News of the World, Prime Minister David Cameron launched a public inquiry into the ethics of the press. During November 2011 and June 2012, a number of witnesses who were also victims of phone hacking and disturbing behavior were heard during Lord Justice Leveson’s inquiry. A new press regulation system was called for after Leveson published a 1,987-page report in November 2012. The report also mentioned that the press caused many people to face hardships and also caused chaos to some innocent people and therefore looked down upon them. about their rights and freedoms (Castella, T., 2013).

To see if regulation is good enough, we need to look at the UK Better Regulation Task Force of 1997, which set out five principles of good regulation that are still used by the Department for Business Innovation and Skills today. says that the regulation must be:

  • Transparent – ​​must be open, simple and easy to understand and usable by all.
  • Accountable – subject to public scrutiny.
  • Consistent – ​​Must be fairly and accurately implemented.
  • Targeted – must be attentive to the core of the problem.
  • Reasonable – it must be well balanced and must be carried out when it is genuinely needed and when it is appropriate to the nature and extent of the harm that could be caused, and the associated costs must also be clearly stated and minimized (Carnegieuktrust, 2011).

RIPA 2000

RIPA 2000 section 1(1) describes that it is an offense to unlawfully intercept any communication, such as a public postal service or a public telecommunications service. In § 1 paragraph 7 letter a) and b) it is clearly stated that whoever does so shall be punished with imprisonment for a term which may extend to 2 years or with fine or with both. Section 19(4) established that a person who is part of a statutory eavesdropping body and discloses information obtained from such activities must remain secret, is a criminal offense and faces a fine or a sentence of up to 5 years or both. RIPA 2000 Part 3 Section 53 made it an offense to fail to comply with an information protection key disclosure notice and a person or organization who does so will be liable to a maximum penalty under this Act. In 2007, Clive Goodman and Glen Mulcaire were sentenced under RIPA 2000 and the Computer Misuse Act 1990 to 4 months and 6 months respectively for intercepting the Royal Family’s voicemails. Former police officer Jeremy Young was convicted and sentenced to 27 months in 2007 for illegally intercepting communications by various agencies under RIPA 2000.

The Regulatory Investigatory Powers Act (RIPA) 2000 was established in 2000 to fight terrorism and protect the public. Where there is no authorization to carry out covert business with regard to the right to privacy, it is considered unlawful under Article 8 of the European Convention on Human Rights under Section 6 of the Human Rights Act 1998 (Telegraph, 2013). Local authorities are strongly advised to obtain permission under the Powers Act 2000 where surveillance is likely to interfere with human rights. There are several press reports about public authorities carrying out covert surveillance of individuals with abuse and implication of power as well as unlawful invasion of human privacy (Walsall Government UK, 2012). In 2008, the BBC labeled RIPA an “anti-terror law” due to a misinterpretation of a published report (Walsall Government UK, 2012). A number of requests have been made to councils regarding its matters of secret surveillance, access to communications data and the use of RIPA 2000 (Walsall Government UK, 2012).

Councilors considered a regular internal report for RIPA 2000 to ensure that RIPA 2000 is being consistently followed in line with council policy to maintain its purpose and no further powers beyond that (Telegraph, 2013). New policies and procedures were approved in RIPA 2000 on 30 January 2012 by the Audit Committee, which requires a new attestation code created by the Office of the Supervisory Commissioner as “roles and responsibilities of senior responsible officers, roles of members, in particular roles of supervisory board members”. Audit Committee, Key Personnel Changes to Officers with Empowerment Responsibilities’ (Democracy York Government UK, 2008).

RIPA 2000 Sec (37) (38) introduced the protection of the Freedoms Act 2012, which was amended in 2012. It sets out certain conditions for local authorities to comply with when they carry out surveillance under RIPA 2000. According to Brightbrotherwatch, ( 2011), from 399 cases were brought under RIPA 2000 between 2008 and 2010. The same survey found that local councils were abusing RIPA 2000 for absurd reasons and wasting taxpayers’ money. It also found that only 4.6% of investigations resulted in prosecution. Brightbrotherwatch (2011) concluded that local councils must not have RIPA 2000 power and if they need it, they should have a warrant or order from the Magistrates Court and the case must be investigated by the police, not local councils.

When RIPA 2000 was introduced, only nine public organizations were given the power, but now more than 1,000 public organizations have been granted the power to intercept communications, which can pose a serious threat to privacy and freedom. As we discussed earlier, it is proven that abuse of this act is inevitable. Removing the power of local authorities and getting injunctions from judges can reduce this serious problem. Also, this act can only be used in case of serious threat to the nation, not for civil cases.

Computer Misuse Act 1990

The Computer Misuse Act (CMA) was established in 1990 following a dispute between two hackers, R.V. Gold and Schifreen, who attempted to connect and obtain private information from a British telecommunications organization (Edshare Soton, 2010). Prior to the introduction of the CMA 1990, there was no law or punishment to govern such a crime and a hacker was relatively free to break into any system if he was able to do so (Gorril, M, 1998). Although with the comprehensive development of technology in recent years following the introduction of the Computer Misuse Act, the CMA 1990 was amended as ‘The Police and Justice Act 2006 received Royal Assent on 8 November 2006. Part 5 of this Act contains amendments to the existing Computer Misuse Act Act of 1990’ to meet crime rates as well as protect the privacy of citizens in the UK (The CPS Government UK, 1990). The CMA 1990 acts as a guide in many countries for the adoption of such laws. The latest situation of the CMA 1990 is that the CMA will be amended to be in line with the European Convention on Cybercrime with a maximum sentence of 2 years imprisonment and after the infamous NOTW phone hacking scandal, smartphones will be regulated as computer equipment under the CMA 1990 .the act

Although this act is strong enough and appropriate, very few cases have happened and been convicted in the last 30 years. The problem is that most of the cases happened due to ignorance of ignorance of what happened. Tracking down the person who carries out this activity is very difficult and time-consuming, and often even the slightest damage cannot be traced, even if the perpetrator is caught.

There are many people who have been convicted and sentenced under cybercrime laws for various computer-related wrongdoings such as information theft and virus spreading. The Metropolitan Service’s Central e-Crime Unit investigated the issue of unauthorized access to one person’s Facebook account. An investigation revealed that Crosskey, 21, was sentenced to twelve months for deliberately hacking an individual’s Facebook account. He was punished under the Computer Misuse Act 1990 Sections 1 and 3 which depict that he intended to use a computer to effect unauthorized access to data belonging to a client on the computer (Knowles, J., 2012). According to Hunt, K., (2013), Lewys Martin, a computer hacker was sentenced to two years under the Misuse of Computers Act 1990, Sections 1, 3 and 3A, who repeatedly attacked the Kent Police (DoS) website. and the universities of Oxford and Cambridge.

Christopher Weatherhead and his associates were jailed for up to 18 months under Section 3 of the Computer Misuse Act 1990 for carrying out cyber attacks on PayPal, Visa and MasterCard using DoS attacks. Judge Testar reveals that four people were involved in this activity, two of whom were jailed for assault and one online assault and a third person was sentenced to six months in prison and the fourth person’s sentencing was deferred (Halliday, J., 2013). Computer related misbehavior would affect businesses on a large scale and cyber thugs can lead individuals to death as we have seen many cases around the world recently.

Also Read:Ethical Hacking Interview Questions 2023

James Marks and James McCormick were convicted under the CMA Act 1990 Sec 1 for unauthorized access to Sony’s music servers and downloading of music tracks. They were sentenced to 6 months in prison and 100 hours of unpaid community service. Junaid Hussain, the 18-year-old hacker who hacked the Gmail account of Katy Kay, former adviser to Tony Blair and accessed and published personal contacts, was convicted under the CMA 1990 and given 6 months in a youth detention center (Purnell, B., 2012). Student Paul McLoughlin used Istealer to create a Trojan and injected data into the malware program to obtain credentials. He was convicted under CMA 1990 Sec 3A (Leyden, J, 2011).

World News

The News of the World was one of the best selling newspapers in the UK. It was also one of the oldest newspapers, sold in the United Kingdom from 1843 to 2011. Owned by the renowned media company News Limited, of which Rupert Murdoch, America’s famous media mogul, was chief executive, the News of the World became most famous for publishing scandals aimed on celebrities and populist recordings. Over the years, the paper has exposed the sexual acts, drug abuse, and criminal activities of many national and local celebrities by fielding journalists in various disguises to hunt down both photographic and video evidence and hack phones.

Since 2006, NOTW has been facing various allegations for its phone hacking scandal, and investigations have revealed that NOTW has not only hacked the voicemails of famous phones, but ordinary people as well. Due to public outcry, it began to lose its battle against the phone hacking scandal and was closed on 10 July 2011. This led to an inquiry into media regulation and the amendment of the smartphone as a computer under the Computer Misuse Act 1990 and raised the question of Data Protection and Privacy.

Case scenario

NOTW has faced a flurry of allegations related to phone hacking spanning a decade. NOTW was alleged to have hacked the phones of several business figures, politicians, celebrities, prominent public figures and members of the British royal family, among others. Prince William’s voicemails were hacked by private investigator NOTW. The police launched an investigation and the royal editor of NOTW and private investigators were convicted and sentenced to prison. The Guardian newspaper published various articles about NOTW phone hacking.

Subsequently, the police launched their own investigation under the name ‘Operation Weetings’. They discovered that NOTW hacked not only celebrities, but also relatives of dead British soldiers, victims of the July 7 London bombing and murdered schoolgirl Milly Dowler to create hot news in their publications. The discovery sparked public outrage and led to an inquiry by Lord Justice Leveson into press regulation and the closure of NOTW. Many NOTW employees were arrested and several were convicted. The case is still in court.

Case history

In 2005, an article published in the News of the World revealed details of a meeting between Prince William and Tom Bradby, ITV’s royal correspondent, before the meeting took place. When Prince William and Bradby finally met, they tried to figure out how information about a potential meeting that only the two of them knew about had leaked. Prince William also expressed concern over how his appointment with a knee surgeon was recently leaked. During the discussion, they realized that such personal information could only be leaked if their phones were hacked and their voicemails were intercepted. After an investigation, it was discovered that the voicemails of Prince William’s aides had been hacked, leading to the leak. Subsequently, the News of the World’s royal editor, Clive Goodman, and Glenn Mulcaire, a private detective, were convicted of the crime and jailed. During the trial it was revealed that in addition to Prince William, the phones of other well-known public figures were also hacked including supermodel Elle Macpherson, MP Simon Hughes, columnist Max Clifford, football agent Skylet Andrew and Gordon of the Professional Footballers’ Association. Taylor (BBC News No. 1, 2007). Andy Coulson, then editor of the News of the World, soon resigned and took responsibility for everything that happened.

Re-investigation: Although the case appeared to be ostensibly resolved with the jailing of Glenn Mulcaire and Clive Goodman and the resignation of Andy Coulson, subsequent investigations by the police, newspapers and Parliament turned up evidence of extensive phone hacking. The Guardian newspaper reported that a confidential settlement of up to £1m has been made with three people whose phones were hacked to close the case.

A series of renewed investigations took place in 2010 and found that the News of the World was targeting more than 4,000 people for phone hacking (BBC News#3, 2012). In addition to celebrities and politicians, the newspaper hacked the phones of relatives of dead British soldiers, victims of the July 7 London bombings and murdered schoolgirl Milly Dowler, whose abduction and killing shocked the nation in 2002. The revelations sparked a nationwide public outcry against Rupert Murdoch and News Corporation, which resulted in the closure of the News of the World in 2011 (BBC News#2, 2013).

Case analysis

Phone hacking is a criminal offense and those involved in phone hacking can be fined and/or jailed. In addition, victims of phone hacking can sue the phone hacker for damages. Section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) makes the deliberate interception of communications carried out over a public telecommunications system a criminal offense unless there is a lawful reason for security services and police investigators to carry out the operation (The Drum, 2011). . Section 3 of RIPA also allows victims of phone hacking to sue perpetrators in civil courts. The Data Protection Act 1998 allows hackers to be prosecuted for criminal activity, including unlawful methods of obtaining, disclosing and obtaining personal data under Section 55 (The Drum, 2011). In addition to RIPA and the DPA, charges could be brought against the perpetrators of phone hacking for violating the right to privacy.

Privacy law in the UK is a combination of an individual’s right to privacy as set out in Article 8 of the European Convention on Human Rights and the Press, freedom of expression as set out in Article 10 of the same convention and confidentiality law (Buben, 2011). The question the court must address is whether a person’s right to privacy should take precedence over the freedom of expression of the press.

The News of the World case has also raised some moral and ethical issues related to the practice of journalism, particularly in the matter of the wiretapping of the late girl Milly Dowler’s voicemail. After Milly Dowler’s disappearance, as her family and friends frantically sent voicemails to her phone, illegal wiretapping and other deletions of important voicemails destroyed potential evidence that could give police officials clues to her killer. Furthermore, the plight of Milly’s parents, who were given false hope that Milly Dowler was still alive due to the interception and deletion of voicemails left on her cell phone, cannot be ignored. Furthermore, hacking into people’s personal phones and sharing information without their knowledge and consent is a totally unethical act which, if practiced by any newspaper intentionally, deserves severe punishment as journalists and media persons compete for higher profit from the circulation of their news copies , subject their victims to untold mental anguish and suffering.

How the case has developed so far

The case begins with the appointment of Rebekah Brooks as editor of NOTW at the age of 32 in 2000. How the case developed year by year is as follows and this timeline information was gathered from various sources such as BBC news, the Guardian and other online materials;

2000: Rebekah Brooks became editor of NOTW at the age of 32 and spearheaded the controversial “Name and Shame” campaign to hunt down suspected pedophiles. It helped with the case of Sarah Payne, who was murdered in July 2000.

2002: Milly Dowler, a 13-year-old girl, goes missing on her way back to her London home in March 2002. NOTW followed the case by hiring private detective Glenn Mulcaire, who apparently snooped on Dowler’s mobile phone voicemail and deleted old voicemails. to make more room for new voice messages. This act led to the wrong direction of the case and gave false hope that he was still alive for Dowler’s family and the police investigation.

2003: Rebekah Brooks and her deputy Andrew Coulson become editors of the Sun and NOTW.

2005: NOTW publishes information about Prince William’s knee injury and the Royal Court opens a police investigation into voicemail snooping.

2006: Private detective Glenn Mulcaire and NOTW royal editor Clive Goodman were arrested on suspicion of phone hacking and sentenced to 4 and 6 months in prison.

2007: Andrew Coulson resigned as editor-in-chief of NOTW, taking full responsibility for the royal family’s phone hacking issue in May 2007. Later that year he became the Conservative Party’s director of communications. Murdoch’s son James Murdoch became CEO of News Corporation’s European and Asian operations in December 2007.

2009: It wasn’t until July 2009 that The Guardian published a report on how NOTW hacked politicians and celebrities. She charged that News Corporation knew about the interception of voice messages at NOTW and paid $1.6 million to settle the dispute. This led to a police investigation and the case was later closed without sufficient evidence. Rebekah Brooks became CEO of News International.

2010: David Cameron became UK Prime Minister and Andrew Coulson became his media chief. The New York Times published an article that Andrew Coulson was aware of phone hacking when he was editor of NOTW. NOTW has spent more than £2m on victims of the phone hacking scandal to settle court cases. Andy Hayman (Assistant Commissioner), who was in charge of Scotland Yard investigations, left the police force to join News International as a columnist.

2011: Due to public and media pressure, Andrew Coulson resigned from his position as Head of Media in January 2011. Scotland Yard has announced it will launch a new investigation into the NOTW phone hacking culture. During this time, The Guardian published a story that NOTW was involved in intercepting voice messages of victims of terrorist attacks in 2005. Former Prime Minister Gordon Brown accused NOTW of releasing his personal information, which had been obtained illegally. Andrew Coulson and Clive Goodman were arrested on charges of police bribery.

In July 2011, Rupert Murdoch and his son appeared before Parliament to testify that they had no knowledge of phone hacking at their company. Brooks resigned as CEO of News International. On July 10, 2011, NOTW released its final publication following the arrest of NOTW’s top officials and employees. NOTW parent News Corporation withdraws takeover bid from BSkyB. The sister concern NOTW Wireless Generation lost the contract with the New York state government project. Lord Justice Leveson’s inquiry was open to investigating journalistic ethics.

2012: Various arrests were made as part of this investigation during this period. Editors and reporters from the Sun, The Daily Mirror, The Daily Star, The Sunday Mirror, The Daily Star Sunday, NOTW reporters, editors and a police officer were arrested.

2013: The trial began for Rebekah Brooks and Andy Coulson.


News of the World, which was a big selling newspaper in the UK, went out of business after their unethical practices of hacking the phones of celebrities, politicians, public figures, family members of dead British soldiers, 7/7 London bombing victims and murdered schoolgirl Milly Dowler. Although the case was apparently solved after a royal newspaper editor, Clive Goodman, and a private detective named Glenn Mulcaire were convicted and jailed for their involvement in the hacking of Prince William’s phone, there was a renewed investigation a few years later after evidence of a large-scale hacking operation was subsequently uncovered of News of the World phones involving more than 4,000 victims. Phone hacking is an offense punishable by either a fine, imprisonment or both under the Regulation of Investigatory Powers Act 2000 and the Computer Misuse Act 1990, which also allows victims of phone hacking to sue perpetrators for damages. In addition, phone hacking violates an individual’s right to privacy and right to confidentiality. When an established newspaper and a media mogul like Murdoch indulge in such unethical practices like hacking to get higher circulation of their news copies, exemplary punishment should be meted out to deter such crimes in the future.


Leave a Reply

Your email address will not be published. Required fields are marked *