Is DDoS Illegal: What Is It, How Do Laws Regulate it, and What Are the Penalties for It
If you have your own online store or blog, then you probably have a website that you have spent both time and money maintaining the reputation of. Imagine that one day you wake up and find many complaints from users and customers. Most likely, you are the victim of a DDoS attack. Is DDoS illegal? Absolutely yes. During such an attack, a huge amount of data requests are sent to the web service. What is the benefit of this? It slows down your site’s performance. As a result, the platform slows down or crashes. DDoSing is illegal regardless of the purpose of the attack. In other words, if you wanted to play a prank on a friend on April 1, then you will be prosecuted. Most developed countries have long passed laws that regulate this type of crime. We will look at them a bit later on the example of the UK and the USA. And also a few examples that have become famous all over the world.
How Does DDoSing Illegal Process Work?
This attack occurs between multiple computers and special devices on the Internet, most often the IoT. They are infected with viruses and controlled by cybercriminals. Due to excessive requests, the webserver becomes full and when real visitors want to visit the website, they will be denied.
What Types of DDoS is illegal?
Of course, any type will be illegal, but we would like to tell you about the most common ones. If you know the very specifics of the process, it will be easier for you to navigate and stop the attack.
- Volumetric attacks. An attacker floods the webserver with data packets. This fills every possible space with bots and real visitors are denied access. Such attacks are also divided into types, and the most famous of them is DNS.
- Application attacks. This is a simpler type as it requires less server saturation. Unlike the previous one, there is a saturation of Internet requests here.
- Protocol attacks. This type depletes server resources for firewalls. For example, the SYN flood attack has three stages: the host receives the message, confirms the request, and the connection is closed by the server.
In connection with the development of technology, cybercrimes have also appeared. Therefore, the legal systems of states need to regulate them. Let’s find out if the United States and the UK have successfully coped with this task.
DDoSing Law in the USA
The Computer Fraud and Abuse Act (CFAA) is the main statute that governs cybercrime in the USA. Is DDoSing a federal crime? Yes. it is. Initially, the law had a narrower specialization and regulated:
- the illegality of obtaining access to information on national security;
- the illegality of obtaining access to financial information using unauthorized access to a computer;
- illegal entry into the government computer and all subsequent actions with the information received.
In 1986, significant amendments were made. For example, trading in passwords, damaging computers through viruses, illegal access to a computer to deceive, and more. The DDoS law has been constantly amended to keep its provisions in line with the present.
DDoSing Legal Act in the UK
Part of the impetus for the adoption of the Computer Misuse Act was the case of R v Gold & Schifreen. Its essence was based on the fact that using home computers and modems, access to the data of British Telecom was obtained. Several important amendments have been adopted to keep the Law up to date. Also, this act prompted other countries to adopt DDoS laws. As in the United States, this is a crime. In May 2021, Priti Patel (UK Home Secretary) announced a formal revision of the Act. She also encouraged the public to submit proposals on how to strengthen the legal regulation against cybercrime. Therefore, soon, British citizens are waiting for new edits, which will definitely need to be familiarized.
Can You Get Arrested for DDoSing?
Is DDoS a federal crime? We have already found out that yes. It means that you can get a real punishment for this. For example, in the UK, this offense can lead to fines and even imprisonment. Let’s have a look at these penalties:
- up to a £5,000 fine / up to 6 months in prison (unauthorized access to computer material);
- unlimited fine / up to 5 years in prison (unauthorized access to computer materials with intent to commit a further crime, and unauthorized modification of data);
- unlimited fine / up to 10 years in prison (making, supplying, or obtaining anything which can be used in computer misuse offenses).
In 2015, the British authorities organized a fight against DDoS attacks. Cybercriminals turned out to be 6 teenagers, aged 15 to 18 years. They attacked a national newspaper, school, online game companies, and online stores. Despite their age, according to the DDoSing laws, each of them was obliged to pay a fine.
In the USA for DDoS federal crime, you can be imprisoned for 1, 5, 10 years, or need to pay a fine as a remedy. In 2020, during the US election race, Google warned users of an increase in attacks from several Chinese ISPs.
The main goal of any state’s law is to protect its citizens and prevent similar crimes in the future. We advise you to familiarize yourself with DDoSing law in your country so that you can identify a cyber-attack and know what next steps to take. Do not try to solve the issue on your own, save your time and nerves. You can always seek legal assistance. Thank you for reading the article to the end. See you very soon on the pages of our blog!
- Great! Did you like the article and we would like to know what it was about?
- You didn't like the article? Tell us why!