Slashdot Mirror

← Back to Stories (view on slashdot.org)

Prosecuting DDoS Attacks?

Posted by timothy on from the secret-prisons-too-good-for-'em dept.

dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"

12 of 164 comments (clear)

  1. Slashdotted by Anonymous Coward · · Score: 5, Funny

    We get away with it daily here.

  2. Several recent examples by AnonymousX · · Score: 5, Informative

    2 chanologists got a year in the slam each thanks to their DDOS of Scientology.

  3. Illegal; but.... by fuzzyfuzzyfungus · · Score: 5, Insightful

    The basic problem with DDoSes is that anyone who isn't a moron(ie. the teenage punks who get caught), is generally working from behind multiple layers of indirection and usually across a number of jurisdictions. What they are doing is probably illegal in all of them; but the degree to which the authorities care, or are on the ball enough to do anything about it can be pretty limited.

    It doesn't help that a lot of the DDoS victims are either clueless and irrelevant(Yup, the feds don't really care about dialup users getting ping-flooded on IRC), widely considered to be a little shady themselves(*Call to the FBI* "Hi guys, I run this offshore gambling site in Antigua, and I've been having some problems with DDoS attacks that are really cutting in to my ability to serve American customers during peak sporting-event times...." *click*), or are parties in some sort of nationalist pissing match, of the sort where many "patriotic excesses" have a tendency to be overlooked(Yeah, I'm sure the Russian authorities are working night and day to bring to justice anybody involved in atttacks against Estonia...)

    While, as a matter of law, DDoSing is hard to do legally, even in fairly shady areas(if nothing else, your botnet likely implies a fair number of computer-intrusion crimes in jurisdictions where that is an offense, and it is unlikely at best that you are properly reporting and paying taxes on the "protection" money that you are collecting). However, with the complexity of cross-jurisdiction investigation and prosecution, and without the massive public antipathy that something like kiddie porn has, the odds of actually getting brought to justice are fairly low, unless you are basically just a petty vandal, hitting some high-profile target in the same country as you.

    1. Re:Illegal; but.... by fuzzyfuzzyfungus · · Score: 5, Insightful

      Perhaps I am underestimating the public's perverse acceptance of broad criminalization of all kinds of stuff; but I find it hard to believe that any scheme where Joe Public could find himself paying serious fines or doing serious time just for plugging in a commercially available computer and running normal software would possibly be adopted.

      I'd be delighted if there were something that caused people to wipe their flyblown zombie-boxes more often than they do now; but essentially criminalizing getting compromised seems cruel and ineffective when it is so easy to do and sometimes so hard to detect. You don't have to be "negligent", in any useful sense of the term, to get hit.

    2. Re:Illegal; but.... by berzerke · · Score: 5, Insightful

      ...not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately...

      Even having one isn't nearly as much protection as most of us would like to believe. A 2007 research study by Panda Labs found that about 23% of infected machines had active and up-to-date AV software.

      My own tests of AV software were less than encouraging and made the 23% quite believable. The better software either had more than a few false positives (Avira), or can be a PITA for non-techie users, and even techie users, (Comodo).

  4. Dear China... by Anonymous Coward · · Score: 5, Informative

    My company, and our hosting clients, are victims of DDoS attack at a surprisingly high frequency. Although this has cost us thousands, and if you believe our angry customers it's cost them millions, we've never even attempted to prosecute a DDoS perpetrator for the following reasons:

    1) The fact that a DDoS is distributed means we'll be left with a list, in the best case scenario, of hundreds or thousands of IP addresses, without the slightest clue which one might lead to the real troublemaker. In fact, for most types of DDoS, none of them lead to the perp in any special way. Often times DDoS attack machines are just zombied desktop computers, infected by a virus the genius user got from clicking on a porn ad.

    2) In my experience, the vast majority of DDoS IPs are zoned to foreign countries. Mostly developing nations, or nations not particularly interested in Internet crimes against a US hosting company.

    3) Even if the person or persons responsible for the attack were my next-door neighbors, we'd still need to track their actions through servers zoned in other countries. Try sending a subpoena to a (the?) Chinese ISP, asking for logs (if they even exist) from a server within their borders. Even if the log files showed activity from the perpetrator, it would still be somewhat circumstantial, and up for debate ("My computer has been hacked before / My wifi connection isn't secured / etc").

    4) Even if you somehow managed, against all odds, to find the perpetrators, who were within a sane legal jurisdiction, and you won a contentious civil court case against them... Is a 17 year-old script kiddie really going to have any money?

    It simply isn't worth the hundreds, if not thousands of man hours for us to jump down the rabbit hole for what's honestly not going to be much, if any, reward. I have never once in my life heard of a single successful DDoS prosecution that justified the cost in doing so.

  5. Ask slashdot by dominious · · Score: 5, Funny

    Does this mean DDoS is a fairly safe crime to conduct?

    Oh I see "someone" is very interested in DDoS attacks for "research" right? Dude, listen, just give the link here and your problems will be solved.

    1. Re:Ask slashdot by rtfa-troll · · Score: 5, Funny

      No no; that's the DDOSer's command and control site. Can't you tell just by looking at the comments? At first sight they look as if written by a human, but if you start to read them they are all free of meaningful content and obviously just disguised botnet commands. What else could they be?

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  6. Not true - you still need sufficient horsepower by davidwr · · Score: 5, Informative

    "Any properly configured web-server can easily handle the slashdot effect."

    Obviously your definition of "properly configured" excludes servers designed to handle less than n different machines connecting to it per second, where

    n = the number generated by a typical linking from Slashdot.

    The guy stuck in the last decade running a web server on an old Pentium machine serving up a streaming video of his latest stupid pet trick comes to mind. Sure, he may be able to serve up a few hundred, maybe thousands, of unique visitors per second, but at some point he's going to fall over and die when the load gets too high, and there's nothing he can do about it short of getting new hardware.

    Yes, your point is taken, web sites can be designed so a click on a link here is handled with a minimum of resource utilization while still serving up useful content. But my point is if you are getting burst traffic of BIGGISHNUM unique visitors per second because of the /. effect, your web server and Internet connection better be up to handling those visitors in a graceful manner, preferably one more useful than "server busy, try again later."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Re:Well done. by Spewns · · Score: 4, Funny

    No link tn the article. Smart move.

    Here's a link to the article: http://ask.slashdot.org/story/10/06/06/2051226/Prosecuting-DDoS-Attacks

  8. Re:Don't do if you don't want a other Terry Childs by EdZ · · Score: 4, Funny

    thus everyone reading will click on the link

    HAH! A common error!

  9. Re:Don't do if you don't want a other Terry Childs by tsm_sf · · Score: 4, Funny

    It wouldn't be a matter of if this blew up in our faces, but when. It's still the only workable method.

    Fortunately, since this would be run by the US, oversight would be provided by diligent public servants backed by an informed electorate.

    --
    Literalism isn't a form of humor, it's you being irritating.