Is it Illegal to Launch a DDoS Attack?

DDoS attacks tend to catch a lot of public attention, especially when they hit huge targets. While the truly major incidents occur relatively infrequently, the threat is set to become increasingly prevalent, with DDoS attacks projected to increase dramatically over the next three years.

We already discussed the dire state of privacy legislation in the past, but that raises the question - is policy surrounding DDoSing similarly dismal?

DDoS Policy

The United States has actually passed a bill designed to handle digital abuses. Originally passed in the mid 90’s, the “Computer Fraud and Abuse Act,” lays the groundwork for what is and isn’t legal in techy spaces. This is a regularly updated document, with new caveats being constantly introduced to keep up with the rapid pace of technological advancements.

In some cases, certain clauses are simply expanded to be understood in more relevant ways, such as the “Damaging a Computer” clause. While it originally has explicit physical destruction in mind, the law states that any action that results in “damage” to a computer is illegal in the United States, including things like DDoS attacks, viruses, spyware, and more.

Limitations

While this legal precedent is wonderful, actually prosecuting these crimes is an entirely different story. In some cases, DDoS attacks come from adversarial government agencies, which are naturally impossible to bring to an American court.

Additionally, smaller time criminals tend to cover their tracks with things like VPNs. It’s simple `enough to reroute any traffic through remote targets, thus making tracing their origins to anybody specific essentially impossible. This technology of course has beneficial applications, but in this case it’s basically a hindrance.

Keeping yourself safe from DDoS attacks

Without getting too deep into specific strategies to keep you or your business safe, here's a list of general tips to avoid significant problems.

• Conceal your IP with a VPN
• Consult your web host
• Use cloud based systems
• Use DDoS prevention tools

It's also worth mentioning that for the vast majority of businesses and individuals, DDoS attacks are not something to be worried about. If you work in a sensitive field or are very open to the public, you should consider pursuing these options.