Prosecuting DDoS Attacks? 164
dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"
Several recent examples (Score:5, Informative)
Re:Well done. (Score:4, Informative)
Dear China... (Score:5, Informative)
My company, and our hosting clients, are victims of DDoS attack at a surprisingly high frequency. Although this has cost us thousands, and if you believe our angry customers it's cost them millions, we've never even attempted to prosecute a DDoS perpetrator for the following reasons:
1) The fact that a DDoS is distributed means we'll be left with a list, in the best case scenario, of hundreds or thousands of IP addresses, without the slightest clue which one might lead to the real troublemaker. In fact, for most types of DDoS, none of them lead to the perp in any special way. Often times DDoS attack machines are just zombied desktop computers, infected by a virus the genius user got from clicking on a porn ad.
2) In my experience, the vast majority of DDoS IPs are zoned to foreign countries. Mostly developing nations, or nations not particularly interested in Internet crimes against a US hosting company.
3) Even if the person or persons responsible for the attack were my next-door neighbors, we'd still need to track their actions through servers zoned in other countries. Try sending a subpoena to a (the?) Chinese ISP, asking for logs (if they even exist) from a server within their borders. Even if the log files showed activity from the perpetrator, it would still be somewhat circumstantial, and up for debate ("My computer has been hacked before / My wifi connection isn't secured / etc").
4) Even if you somehow managed, against all odds, to find the perpetrators, who were within a sane legal jurisdiction, and you won a contentious civil court case against them... Is a 17 year-old script kiddie really going to have any money?
It simply isn't worth the hundreds, if not thousands of man hours for us to jump down the rabbit hole for what's honestly not going to be much, if any, reward. I have never once in my life heard of a single successful DDoS prosecution that justified the cost in doing so.
Not true - you still need sufficient horsepower (Score:5, Informative)
"Any properly configured web-server can easily handle the slashdot effect."
Obviously your definition of "properly configured" excludes servers designed to handle less than n different machines connecting to it per second, where
n = the number generated by a typical linking from Slashdot.
The guy stuck in the last decade running a web server on an old Pentium machine serving up a streaming video of his latest stupid pet trick comes to mind. Sure, he may be able to serve up a few hundred, maybe thousands, of unique visitors per second, but at some point he's going to fall over and die when the load gets too high, and there's nothing he can do about it short of getting new hardware.
Yes, your point is taken, web sites can be designed so a click on a link here is handled with a minimum of resource utilization while still serving up useful content. But my point is if you are getting burst traffic of BIGGISHNUM unique visitors per second because of the /. effect, your web server and Internet connection better be up to handling those visitors in a graceful manner, preferably one more useful than "server busy, try again later."
Re:Illegal; but.... (Score:1, Informative)
Heck, just look at this little gem [adobe.com](from Adobe, naturally).
"Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris .dll somewhere, and enduring "a non-exploitable crash or error message when opening a PDF file that contains SWF content". Oh, great. That'll be fun.
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX" All vulnerable to an exploit that even Adobe refers to as "critical". Mitigation involves either manually updating flash to 10.1 RC(since 10.1 is still Release Candidate, automatic updates won't even mention it) or manually deleting a
So, yeah, 48 hours and counting from when Adobe clued in, and the overwhelming majority of Flash/Acrobat users, even the ones who update every time they are prompted, are one malicious PDF or Flash ad away from getting cracked.
Re:Don't do if you don't want a other Terry Childs (Score:3, Informative)
you mean voila, not wallah
Re:Fight back with eggs (Score:3, Informative)
I very, very seriously doubt that vandalism is legal in California.
You should take those urban legends you hear with a larger grain of salt next time.
It could be argued that toilet papering someone's house is legal, but eggs can and will easy cause actual damage that takes actual real money to fix. Eggs on a car can cause the whole car to need to be stripped and repainted.
Eggs are serious fucking business, not a harmless prank.
Egging them on (Score:3, Informative)
IIRC, California passed an anti-animal-cruelty referendum, but it's got a couple of years to phase in.
Most eggs are non-fertile; the main people selling fertile eggs are selling them to random health-fooders, or else they're selling them because it's easier not to check whether your free-range hens have had access to a rooster.
Tracking Down BotNet Masters (Score:4, Informative)
I found an interesting article on someone tracking down some botnet masters by contacting a few of the infected users, getting a copy of the trojan and running it in a sandbox.
http://www.bellua.com/bcs/asia07.materials/fredrik_soderblom.pdf [bellua.com] (PDF)
Re:Several recent examples (Score:1, Informative)
Wow, don't remember hearing about this before. So, not so Anonymous then. Shame.