Slashdot Mirror

← Back to Stories (view on slashdot.org)

Prosecuting DDoS Attacks?

Posted by timothy on from the secret-prisons-too-good-for-'em dept.

dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"

37 of 164 comments (clear)

  1. Slashdotted by Anonymous Coward · · Score: 5, Funny

    We get away with it daily here.

  2. Several recent examples by AnonymousX · · Score: 5, Informative

    2 chanologists got a year in the slam each thanks to their DDOS of Scientology.

  3. Re:Don't do if you don't want a other Terry Childs by Ethanol-fueled · · Score: 2, Funny

    ping -f www.slashdot.org

    You will wire one million dollars into my Swiss bank account if you want to keep your precious site alive.

    HahahahahahHAHAHAHAHAHAAAAAAA!

  4. Re:Well done. by Razalhague · · Score: 3, Informative

    Well yeah. That's how Ask Slashdot usually works.

  5. Re:Don't do if you don't want a other Terry Childs by tsm_sf · · Score: 2, Interesting

    One of those "the authorities won't become interested until you take matters into your own hands" situations. And the reason is that, as a law-abiding (ok, more or less) citizen, you're much easier to prosecute.

    What's needed is for one of these new "cyber" security agencies (and I hope this isn't offensive, but they really need to be led by combat veterans with modern prostheses) to be tasked with hunting botnets and taking them over. Displaying a "this computer secured by the U.S. Gub'mint" message is probably the only guaranteed method of getting a user to wipe their machine.

    --
    Literalism isn't a form of humor, it's you being irritating.
  6. Illegal; but.... by fuzzyfuzzyfungus · · Score: 5, Insightful

    The basic problem with DDoSes is that anyone who isn't a moron(ie. the teenage punks who get caught), is generally working from behind multiple layers of indirection and usually across a number of jurisdictions. What they are doing is probably illegal in all of them; but the degree to which the authorities care, or are on the ball enough to do anything about it can be pretty limited.

    It doesn't help that a lot of the DDoS victims are either clueless and irrelevant(Yup, the feds don't really care about dialup users getting ping-flooded on IRC), widely considered to be a little shady themselves(*Call to the FBI* "Hi guys, I run this offshore gambling site in Antigua, and I've been having some problems with DDoS attacks that are really cutting in to my ability to serve American customers during peak sporting-event times...." *click*), or are parties in some sort of nationalist pissing match, of the sort where many "patriotic excesses" have a tendency to be overlooked(Yeah, I'm sure the Russian authorities are working night and day to bring to justice anybody involved in atttacks against Estonia...)

    While, as a matter of law, DDoSing is hard to do legally, even in fairly shady areas(if nothing else, your botnet likely implies a fair number of computer-intrusion crimes in jurisdictions where that is an offense, and it is unlikely at best that you are properly reporting and paying taxes on the "protection" money that you are collecting). However, with the complexity of cross-jurisdiction investigation and prosecution, and without the massive public antipathy that something like kiddie porn has, the odds of actually getting brought to justice are fairly low, unless you are basically just a petty vandal, hitting some high-profile target in the same country as you.

    1. Re:Illegal; but.... by LostCluster · · Score: 3, Interesting

      A DDoS requires many hosts in different places... and that role is usually played by a botnet of unwitting users. If users cared more about their bandwidth consumption, or were responsible for the damage they caused by their insensitivity to the Internet community, then botnets would be a whole lot harder to assemble. I'm sick of the 3am calls from the girl who only calls when her computer won't work for her....

    2. Re:Illegal; but.... by LostCluster · · Score: 3, Funny

      It woulda been nice, but it was Midnight her time when she called.

    3. Re:Illegal; but.... by fuzzyfuzzyfungus · · Score: 5, Insightful

      Perhaps I am underestimating the public's perverse acceptance of broad criminalization of all kinds of stuff; but I find it hard to believe that any scheme where Joe Public could find himself paying serious fines or doing serious time just for plugging in a commercially available computer and running normal software would possibly be adopted.

      I'd be delighted if there were something that caused people to wipe their flyblown zombie-boxes more often than they do now; but essentially criminalizing getting compromised seems cruel and ineffective when it is so easy to do and sometimes so hard to detect. You don't have to be "negligent", in any useful sense of the term, to get hit.

    4. Re:Illegal; but.... by Nemyst · · Score: 2, Interesting

      Even teenagers rarely get caught. I know someone whose server has been flooded multiple times over by one of those punks you speak of. He knows the name, address, school, he called the police, FBI, police in the server's country... And nothing. The police don't give a damn about it, despite the entire thing costing him money every month (it's a large dedicated server that's getting taken down). The FBI didn't hear "child porn" or "terrorism" so they also don't give a damn. Basically, he's entirely stuck alone if he can't reach the guy's parents or if they don't do anything.

      It's incredible that such a thing is running rampant, though, seeing how it can cost people money and business. I can understand the trouble when facing a "professional" hacker who's so well hidden it'd take weeks to track him back, but when all the data is already tracked down, complete with evidence? The police probably prefer eating donuts all day long for all I can tell (sorry to all police officers who dislike donuts or who would actually do something in such a situation).

    5. Re:Illegal; but.... by LostCluster · · Score: 2, Insightful

      Not applying security fixes, or not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately. We need those $15/yr. subscribers to pay the white hat hackers who develop antivirus tech, this isn't like letting a magazine subscription lapse.

    6. Re:Illegal; but.... by berzerke · · Score: 5, Insightful

      ...not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately...

      Even having one isn't nearly as much protection as most of us would like to believe. A 2007 research study by Panda Labs found that about 23% of infected machines had active and up-to-date AV software.

      My own tests of AV software were less than encouraging and made the 23% quite believable. The better software either had more than a few false positives (Avira), or can be a PITA for non-techie users, and even techie users, (Comodo).

    7. Re:Illegal; but.... by Opportunist · · Score: 3, Insightful

      The public's acceptance of that crime is simply the same that applies to everything else:

      Does it affect me?
      No.
      Can I get in trouble for it?
      No.
      Then why the heck should I care?

      That's basically what it comes down to. People do not care about crime that (appearantly, or at least directly) does not affect them. Even if they're being made accomplices. Why? Because it takes an effort to avoid it and there's no gain in it. Simple as that.

      And no, you can't really make people directly liable for the damage they do that way. As much as I'd like it, but even I could, unwittingly, become part of a botnet. A fair lot of malware passes through my machines here on a daily base. That one of them manages to escape the sandboxes sooner or later is a given. So, for simple self preservation, I wouldn't really want to see such a law become reality. Besides, it is near impossible for the average user to 100% avoid becoming subject to an infection. Yes, that includes you, dear reader. Not being a moron does help a lot to minimize the infection propability, but it does not remove it entirely. And with knowledge comes the (false) sense of security that you're too good to be infected. You're not. Well, you might be if you don't use Windows. But don't count on it. How often did you reinstall your Windows in the last 2 years? The average clueless idiot does so about every 6 months. And at least then his machine will be clean again. I have to admit, some of the machines here have been running Windows for over 5 years now. Are they still clean? I sure hope so. Am I sure? Not really.

      But, and here is the point where I'd put the liability angle, I do what I can to keep them clean. I update their software. I keep them patched and sealed. I use a router to avoid external direct access. They are hidden behind a layer of firewalls. And of course they run on-access AV scanners, and are regularely swept with a different on-demand scanner. And aside of the firewall layers this is something that can easily be asked from Joe Randomuser: Get a router, get a AV scanner and get a software firewall. Where's the problem with that? You don't need to have a huge knowledge of computers to install those tools and turn on auto updates on the software you're using.

      I wouldn't call it asking too much from any user to do that. If you got that and still get infected, pity. But you're off the hook. You did everything that could possibly be asked from you as a normal user. But if you install every kind of crap that's sent to you in a spam mail and poke around the net without any protection at all then yes, you're acting negligent. And then you should be liable for the damage you do.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Dear China... by Anonymous Coward · · Score: 5, Informative

    My company, and our hosting clients, are victims of DDoS attack at a surprisingly high frequency. Although this has cost us thousands, and if you believe our angry customers it's cost them millions, we've never even attempted to prosecute a DDoS perpetrator for the following reasons:

    1) The fact that a DDoS is distributed means we'll be left with a list, in the best case scenario, of hundreds or thousands of IP addresses, without the slightest clue which one might lead to the real troublemaker. In fact, for most types of DDoS, none of them lead to the perp in any special way. Often times DDoS attack machines are just zombied desktop computers, infected by a virus the genius user got from clicking on a porn ad.

    2) In my experience, the vast majority of DDoS IPs are zoned to foreign countries. Mostly developing nations, or nations not particularly interested in Internet crimes against a US hosting company.

    3) Even if the person or persons responsible for the attack were my next-door neighbors, we'd still need to track their actions through servers zoned in other countries. Try sending a subpoena to a (the?) Chinese ISP, asking for logs (if they even exist) from a server within their borders. Even if the log files showed activity from the perpetrator, it would still be somewhat circumstantial, and up for debate ("My computer has been hacked before / My wifi connection isn't secured / etc").

    4) Even if you somehow managed, against all odds, to find the perpetrators, who were within a sane legal jurisdiction, and you won a contentious civil court case against them... Is a 17 year-old script kiddie really going to have any money?

    It simply isn't worth the hundreds, if not thousands of man hours for us to jump down the rabbit hole for what's honestly not going to be much, if any, reward. I have never once in my life heard of a single successful DDoS prosecution that justified the cost in doing so.

    1. Re:Dear China... by icebraining · · Score: 2, Interesting

      It depends - one of the most effective ways to kill a small site is to perform a "bandwidth rape" until they cross their monthly limit. A couple dozen people running simple wget loop requesting a large image/video continually can waste hundreds of gigabytes per day.

      --
      Dilbert RSS feed
  8. Ask slashdot by dominious · · Score: 5, Funny

    Does this mean DDoS is a fairly safe crime to conduct?

    Oh I see "someone" is very interested in DDoS attacks for "research" right? Dude, listen, just give the link here and your problems will be solved.

    1. Re:Ask slashdot by rtfa-troll · · Score: 5, Funny

      No no; that's the DDOSer's command and control site. Can't you tell just by looking at the comments? At first sight they look as if written by a human, but if you start to read them they are all free of meaningful content and obviously just disguised botnet commands. What else could they be?

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  9. Re:It depends on the scale of your operation by LostCluster · · Score: 2, Insightful

    And if you're a rich company that can pay for more bandwidth and processing than the other guy, you're virtually immune to DDoS problems.

  10. Not true - you still need sufficient horsepower by davidwr · · Score: 5, Informative

    "Any properly configured web-server can easily handle the slashdot effect."

    Obviously your definition of "properly configured" excludes servers designed to handle less than n different machines connecting to it per second, where

    n = the number generated by a typical linking from Slashdot.

    The guy stuck in the last decade running a web server on an old Pentium machine serving up a streaming video of his latest stupid pet trick comes to mind. Sure, he may be able to serve up a few hundred, maybe thousands, of unique visitors per second, but at some point he's going to fall over and die when the load gets too high, and there's nothing he can do about it short of getting new hardware.

    Yes, your point is taken, web sites can be designed so a click on a link here is handled with a minimum of resource utilization while still serving up useful content. But my point is if you are getting burst traffic of BIGGISHNUM unique visitors per second because of the /. effect, your web server and Internet connection better be up to handling those visitors in a graceful manner, preferably one more useful than "server busy, try again later."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Not true - you still need sufficient horsepower by mikael_j · · Score: 2, Interesting

      In a way I think "properly configured" includes "not running on a 512/128 kbps DSL line", "not running the latest whizbang blogging platform webapp on a 133 MHz Pentium with 64 megs of RAM" and "not trying to server up funny cyborg pet videos on said 512/128 kbps DSL line".

      There seem to be three common scenarios when sites get slashdotted:

      1. "Junk lovers" who take pride in running their home server on some ancient piece of junk they got for free ten years ago, generally have blog posts about how they managed to speed up SpamAssassin so it now only takes ten minutes to process each incoming message, completely oblivious to why it is not advisable to run modern resource-intensive software on ancient hardware.
      2. And then the guys who have shared hosting which they're constantly pushing to its limits even without getting slashdotted ("I have n gigs of transfer per month and I'm only using 96% of that on an average month, why would I upgrade?"), also known as cheapskates.
      3. Extremely resource-intensive server-side processing, I'm not talking about people who run Wordpress on a 486, I'm talking about those "Look at the neat stuff we did" sites that run on some lab server that is unable to handle the load of hundreds of /. users trying it out at the same time.
      --
      Greylisting is to SMTP as NAT is to IPv4
  11. Re:Don't do if you don't want a other Terry Childs by Pharmboy · · Score: 2, Funny

    That's ridiculous. First, every nerd knows they don't have a host named www here, it always redirects. Besides, this script is more effective:

    #!/bin/bash
    while true
    do wget -m -p slashdot.org &
    done

    Second, the easier way is just to submit a popular story that has a link back to slashdot, thus everyone reading will click on the link, and wallah! They /. themselves and self destruct.

    --
    Tequila: It's not just for breakfast anymore!
  12. Re:Well done. by Spewns · · Score: 4, Funny

    No link tn the article. Smart move.

    Here's a link to the article: http://ask.slashdot.org/story/10/06/06/2051226/Prosecuting-DDoS-Attacks

  13. Re:It depends on the scale of your operation by rainer_d · · Score: 2, Interesting

    Well, not from what I know.
    http://magbiz.net/news-en/unknown-person-extorts-shut-down-of-an-erotic-portal/?lang=en

    --
    Windows 2000 - from the guys who brought us edlin
  14. Re:Don't do if you don't want a other Terry Childs by Herkum01 · · Score: 2, Funny

    (In a french accent) I fart in your general direction, now go away or I will ping you a second time!

  15. Re:Don't do if you don't want a other Terry Childs by EdZ · · Score: 4, Funny

    thus everyone reading will click on the link

    HAH! A common error!

  16. Re:Don't do if you don't want a other Terry Childs by tsm_sf · · Score: 4, Funny

    It wouldn't be a matter of if this blew up in our faces, but when. It's still the only workable method.

    Fortunately, since this would be run by the US, oversight would be provided by diligent public servants backed by an informed electorate.

    --
    Literalism isn't a form of humor, it's you being irritating.
  17. Re:Don't do if you don't want a other Terry Childs by Kreigaffe · · Score: 2, Informative

    you mean voila, not wallah

    --
    ... still waiting for this free-as-in-beer free beer I keep hearing about. :|
  18. Re:Fight back with eggs by Kreigaffe · · Score: 2, Informative

    I very, very seriously doubt that vandalism is legal in California.

    You should take those urban legends you hear with a larger grain of salt next time.

    It could be argued that toilet papering someone's house is legal, but eggs can and will easy cause actual damage that takes actual real money to fix. Eggs on a car can cause the whole car to need to be stripped and repainted.
    Eggs are serious fucking business, not a harmless prank.

    --
    ... still waiting for this free-as-in-beer free beer I keep hearing about. :|
  19. Egging them on by billstewart · · Score: 2, Informative

    IIRC, California passed an anti-animal-cruelty referendum, but it's got a couple of years to phase in.

    Most eggs are non-fertile; the main people selling fertile eggs are selling them to random health-fooders, or else they're selling them because it's easier not to check whether your free-range hens have had access to a rooster.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  20. Re:Don't do if you don't want a other Terry Childs by Hotawa+Hawk-eye · · Score: 3, Funny

    Not if you labeled it "Natalie Portman and Olivia Munn rubbing suntan lotion on each other at the beach" or something similar.

  21. Tracking Down BotNet Masters by JumperCable · · Score: 3, Informative

    I found an interesting article on someone tracking down some botnet masters by contacting a few of the infected users, getting a copy of the trojan and running it in a sandbox.

    http://www.bellua.com/bcs/asia07.materials/fredrik_soderblom.pdf (PDF)

  22. nope sorry im busy atm by chronoss2010 · · Score: 2, Funny

    i have a button to push on facebook then a 1030 DDoS attack via proxies to launch

  23. i got dossed ONCE by chronoss2010 · · Score: 2, Interesting

    and i\\when server went down it cost me 150$ i contacted the isp ISP said to email UUNET UUNET told me to CONTACT the iSP after 3 more times at his shit i sent an email to all involved and said "OK if your not willing or able to stop this i will and do not give me any legal repercussion on how i permanently end the problem" I then made apiece a software that targeted the PERSON in Argentina doing it and 75% of the isps in that country. then handed this software to 150 other hackers i knew around the world a week later i asked all to stop i got email from the arse doing this whom apologized that was the last dos i ever had to deal with and its why you never fuck with a hacker site P.S. i never caved and ever started doing what many did post 9/11 and called themselves "security sites either" most of those were shit heads anyhow. BTW before i did it i informed all the top pirates and said your email host thinks its a joke to attack my site , they weren't happy but i said he needs to learn something. its one reason its kinda good to gt in with hackers at least even if your not to serious , just be nice to them and they'll be nice to you. i used ot have some good chats with some pretty high up webmasters of yahoo and other major sites. AND no i've never used this power to extort or force any actions to anyone.Might be one reason ive been running this org for 16 years with no IT arrests in the membership

  24. Re:Well done. by SEWilco · · Score: 2, Funny

    No link tn the article. Smart move.

    Wouldn't want to trigger a DDoS attack on some innocent web server.

  25. Re:Don't do if you don't want a other Terry Childs by The+Yuckinator · · Score: 3, Funny

    I clicked on it just in case.

  26. Re:Don't do if you don't want a other Terry Childs by Maxo-Texas · · Score: 2, Funny

    That was hot!

    Natalie Portman /. Olivia Munn slash fiction!

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  27. Re:Illegal but the FBI does not care. by mindstrm · · Score: 2, Insightful

    What makes you think they don't?