DDoS (distributed denial of service) legal aspects

sirgzu wrote: »

Isn't that contradictory with the three strikes thing? I mean the ISPs have right to cut down your internet I think? Am I right?

Also under the hypothesis that a ddos is an unlawful act; are zombie computer owners liable? What if they willingly joined the ddos? What about normal web-browsing? And ultimately how do you differentiate between these in practice?

This is where everything becomes very grey

I think the 3 strikes you're referring to is for uploading copyrighted material.

Proving the above is not always going to be easy and in some cases down right impossible.

DDoS attacks don't just use up the server's CPU time and RAM, they use up HUGE amounts of bandwidth, and can cost the owner's of the site loads in bandwidth costs. They can cause servers to overheat, and do serious damage to them and even start a fire.

Amazon cloud users pay something like €0.20/GB of data transfer. This can get extremely expensive when you have loads of people DDoS attacking.

Not only that they are also taking down websites that are completely unrelated to the target but are hosted on the same server, in the same datacenter or even on the same bandwidth provider.

Its also worth noting that most of the traffic from the DDoS attacks are coming from botnets and hacked internet connections, so these guys launching the DDoS attacks are breaking many laws and IMO it isn't a moral way to have a protest when you are effecting much more people than just the target and are wasting loads of expensive bandwidth etc etc.

Blazr wrote: »

As far as I know, zombie computer owners can be held responsible if it is thought they did not do enough to secure their computer. Its like leaving your car door wide open with keys in the ignition parked right outside a bank which happens to be in the process of being robbed. If a court thinks you didn't sufficiently secure your PC/car, you could be held somewhat liable.

Be interesting to test this theory with a 70yr old yahoo bingo player who's bingo client brought down some website in the Bahama's because she didn't know what do with the windows update button.

MagicSean wrote: »

http://www.irishstatutebook.ie/1991/en/act/pub/0031/print.html#sec1

to damage” includes—


(b) in relation to data—


(i) to add to, alter, corrupt, erase or move to another storage medium or to a different location in the storage medium in which they are kept (whether or not property other than data is damaged thereby), or


(ii) to do any act that contributes towards causing such addition, alteration, corruption, erasure or movement,

I don't see how a Ddos attack would fall under this definition

A DDoS may be covered in the Theft and Fraud Offences Act. But I doubt the Government suffered any loss. It's more common in commercial websites.

Unlawful use of computer.

9.—(1) A person who dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another, or of causing loss to another, is guilty of an offence.

(2) A person guilty of an offence under this section is liable on conviction on indictment to a fine or imprisonment for a term not exceeding 10 years or both.