DDoS attacks tend to catch a lot of public attention, especially when they hit huge targets. While the truly major incidents occur relatively infrequently, the threat is set to become increasingly prevalent, with DDoS attacks projected to increase dramatically over the next three years.
We already discussed the dire state of privacy legislation in the past, but that raises the question - is policy surrounding DDoSing similarly dismal?
The United States has actually passed a bill designed to handle digital abuses. Originally passed in the mid 90’s, the “Computer Fraud and Abuse Act,” lays the groundwork for what is and isn’t legal in techy spaces. This is a regularly updated document, with new caveats being constantly introduced to keep up with the rapid pace of technological advancements.
In some cases, certain clauses are simply expanded to be understood in more relevant ways, such as the “Damaging a Computer” clause. While it originally has explicit physical destruction in mind, the law states that any action that results in “damage” to a computer is illegal in the United States, including things like DDoS attacks, viruses, spyware, and more.
While this legal precedent is wonderful, actually prosecuting these crimes is an entirely different story. In some cases, DDoS attacks come from adversarial government agencies, which are naturally impossible to bring to an American court.
Additionally, smaller time criminals tend to cover their tracks with things like VPNs. It’s simple `enough to reroute any traffic through remote targets, thus making tracing their origins to anybody specific essentially impossible. This technology of course has beneficial applications, but in this case it’s basically a hindrance.
We’ll talk more in detail about strategies to protect you or your website from these attacks in the future, but here’s a list of things to keep in mind.