Distributed denial-of-service (DDoS) attacks are not hypothetical possibilities. Indeed, they have been bringing down Web sites for quite some time.
Most recently, two men in Britain have been sent to prison for their DDoS attacks perpetrated on PayPal and other sites, according to InformationWeek.
The InformationWeek article notes that six people were arrested in connection with these DDoS attacks. Three of them ultimately were charged under the United Kingdom’s Computer Misuse Act of 1990. Of these three, the head of the group received a prison sentence of 18 months, another was sentenced to seven months in jail, and the third was sentenced to six months in jail which was suspended for two years while he was ordered to serve 100 hours of community service.
This reportedly marks the first instance in which DDoS perpetrators actually have been sentenced to imprisonment in Britain. DDoS attacks can wreak havoc on commercial Web sites. Indeed, InformationWeek notes that PayPal had informed the court that it had suffered $5.5 million in damages for just these attacks. Likely, others will go to jail for such violations.
However, it is not always easy to track down the DDoS attackers. The attacks, which bombard Web sites with numerous packets of information to the point of shutting down the sites, can be launched directly; but they also can be routed through innocent “zombie” sites, making it more difficult to ferret out the originating sources of the attacks.
We no longer live in an era in which there is little knowledge about the possibility of DDoS attacks. Companies and other entities should take protective measures to do their best to secure their Web sites from DDoS attacks. They also should try to safeguard their sites from being used as “zombie” launching pads for attacks on other sites.
We live in a new world where the Internet reigns supreme, but where new risks have emerged that must be addressed.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.