Prosecuting DDoS Attacks? 164
dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"
Re:Don't do if you don't want a other Terry Childs (Score:3, Interesting)
One of those "the authorities won't become interested until you take matters into your own hands" situations. And the reason is that, as a law-abiding (ok, more or less) citizen, you're much easier to prosecute.
What's needed is for one of these new "cyber" security agencies (and I hope this isn't offensive, but they really need to be led by combat veterans with modern prostheses) to be tasked with hunting botnets and taking them over. Displaying a "this computer secured by the U.S. Gub'mint" message is probably the only guaranteed method of getting a user to wipe their machine.
Re:Illegal; but.... (Score:4, Interesting)
A DDoS requires many hosts in different places... and that role is usually played by a botnet of unwitting users. If users cared more about their bandwidth consumption, or were responsible for the damage they caused by their insensitivity to the Internet community, then botnets would be a whole lot harder to assemble. I'm sick of the 3am calls from the girl who only calls when her computer won't work for her....
Re:It depends on the scale of your operation (Score:3, Interesting)
Well, not from what I know.
http://magbiz.net/news-en/unknown-person-extorts-shut-down-of-an-erotic-portal/?lang=en [magbiz.net]
Re:Illegal; but.... (Score:3, Interesting)
It's incredible that such a thing is running rampant, though, seeing how it can cost people money and business. I can understand the trouble when facing a "professional" hacker who's so well hidden it'd take weeks to track him back, but when all the data is already tracked down, complete with evidence? The police probably prefer eating donuts all day long for all I can tell (sorry to all police officers who dislike donuts or who would actually do something in such a situation).
Re:Ask slashdot (Score:1, Interesting)
Re:Dear China... (Score:3, Interesting)
It depends - one of the most effective ways to kill a small site is to perform a "bandwidth rape" until they cross their monthly limit. A couple dozen people running simple wget loop requesting a large image/video continually can waste hundreds of gigabytes per day.
i got dossed ONCE (Score:2, Interesting)
Re:Not true - you still need sufficient horsepower (Score:3, Interesting)
In a way I think "properly configured" includes "not running on a 512/128 kbps DSL line", "not running the latest whizbang blogging platform webapp on a 133 MHz Pentium with 64 megs of RAM" and "not trying to server up funny cyborg pet videos on said 512/128 kbps DSL line".
There seem to be three common scenarios when sites get slashdotted: