2022 has a serious ‘DDoS is not a crime’ vibe. Just over four weeks ago, conducting Distributed Denial of Service (DDoS) attacks was not without its potential consequences. As an activist, one should consider these facts before taking up arms.
I personally feel that the general public views hackers in one of two ways. They are evil threat actors or hacktivists fighting for a cause. Hackers are rarely portrayed as altruistic thinkers who follow the law.
Terms like outcasts, rebels, and criminals crop up frequently when hackers are described in the media. Even movies and TV shows glorify the malicious actions of hackers before the general public without giving a second thought to their impact. Therefore, it is not surprising that we have a distorted perception in today’s digital society when it comes to the legality of piracy.
And I can hardly blame the public at this point. For years, the community has warned about the consequences of not regulating criminal activity. An inexperienced person might naively believe that launching a Denial of Service (DoS) attack is perfectly legal. After all, users can easily find attack tools for rent on the first page of an Internet search engine. And what is worse and more disconcerting for the average user, the criminal sites that offer DDoS services are often protected by legitimate security companies, which gives the illusion that they are legal on some level.
The gray area of cyber
Not only has the security industry failed to regulate blatant criminal activity, but we as a community also appear to be rewarding malicious behavior with attention, leading emotionally engaged and overstimulated first-time hackers to announce publicly and proudly associated with criminal activity. They often believe that their newfound power and moral superiority justify whatever crime they have committed and fit the narrative of ethical hacking.
While this gray area was tolerated in the days of Anonymous, today the hive mentality has evolved and become mainstream. As a result, a more significant percentage of the general public believes that DDoS attacks are not a crime if they are morally aligned and part of a socially acceptable operation.
But is this true?
Take the current war between Russia and Ukraine, for example. Both sides of the conflict have created government-backed IT armies that have recruited tens of thousands of people from around the world. Their targets range from critical information operations and support to organized denial-of-service attacks against government agencies, financial institutions, and even food delivery services.
While both sides have justified their reasons for carrying out cyber attacks in support of war, is it legal for someone outside of Russia or Ukraine to join a foreign cyber legion and engage in cyber warfare?
Or take the recent revelation of the musician. Grimes, who admitted during a Vanity Fair interview to orchestrating a 2012 denial-of-service attack against the now-defunct Hipster Runoff blog. The attack kept the website offline until the owner agreed to remove the article containing a personal photo of her.
Grimes admitted to committing a federal crime during this interview. But we must ask ourselves, why did she feel safe publicly admitting her “coolest hacker moment”? Was it a branding and marketing stunt? Or has hacking, specifically, denial-of-service attacks, become so socially acceptable that society no longer sees the act as a crime?
Risks and consequences of launching a DDoS attack
Perception is reality, but nothing is what it seems. And while launching denial-of-service attacks may now be perceived as a trendy activity to be a part of, it’s actually still a federal crime. For examplein 2021, a man received the maximum sentence of five years in federal prison and was ordered to pay more than $520,000 in restitution for launching multiple DDoS attacks against legal media outlets, bloggers and news sites.
There are also many risks associated with joining a foreign cyber legion, especially if you are not located within a country that is involved in the conflict. The fact that you feel morally or socially obligated to participate does not mean that your actions are considered legal and inconsequential. Even if he gets away with operating during the conflict and his side emerges victorious, he could still face legal charges or travel restrictions for years to come due to his involvement.
Furthermore, in both situations, what appears to be a justifiable and direct denial-of-service attack against the enemy can cause collateral damage to unintended and unrelated targets while in transit. Packets do not magically jump from their source to their destination. When an attacker crafts and sends malicious packets over the Internet, that traffic can cause service-related issues for network operators.
Should I join the cyber war?
DDoS is, until further notice from authorities, considered a federal crime. It is surprising that the security industry and government officials do not inform the general public about the risks and collateral damage that DDoS attacks can cause as part of cyber warfare. This could explain the perception problem regarding the legality of piracy. It’s almost like they want people to get involved, which is fine…if you’re smart about it.
Launching offensive cyber attacks and DDoS attacks is a crime, and hacking carries many risks and responsibilities. If you’re really passionate about an event and feel compelled to get involved, consider that Anonymous’ greatest power doesn’t come from its cyberattacks. It came from the organization and dissemination of information.