Lawyer For Accused: DDoS Is A Legal Form Of Protest

from the this-could-get-interesting dept

Last year, we discussed whether or not things like Operation Payback by Anonymous (DDoSing sites of organizations they didn't like) was really the equivalent of a modern-day sit-in protest, rather than a criminal hacking, as law enforcement (and victims) wanted to allege. It appears that this may be a question that courts are going to need to answer. Nick points us to the news that the lawyer for a homeless guy accused of setting up a DDoS on the City of Santa Cruz (he was pissed about a law) is claiming that DDoS attacks are legal and protected speech in the form of a protest:
“There’s no such thing as a DDoS ‘attack’,” Leiderman said. “A DDoS is a protest, it’s a digital sit in. It is no different than physically occupying a space. It’s not a crime, it’s speech.”

Leiderman said the crimes shouldn’t be prosecuted at all. “Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era.”
In this case, the case has nothing to do with Anonymous, Lulzsec or any of those high profile groups, but they might want to pay attention to the case. It seems that some of those already arrested in various sweeps against Anonymous and Lulzsec have indicated that they're considering the same defense strategy. In that last one, involving Mercedes Haefer, who was charged with being a part of Anonymous, her lawyer is pointing out that President Obama has asked supporters to overload the switchboards of Congress -- and that's a form of a denial of service attack:
"I think this is a political persecution, end of story," Cohen said. "This administration wants to send a message to those who would register their opposition: 'you come after us, we're going to come after you.' That's what has happened in the Eric Holder Department of Justice."

"When Obama orders supporters to inundate the switchboards of Congress, that's good politics, when a bunch of kids decide to send a political message with roots going back to the civil rights movement and the revolution, it's something else," Cohen told TPM, stipulating that he was not indicating that his client was even involved. "Barack Obama urged people to shutdown the switchboard, he's not indicted."
Not surprisingly, I'm sympathetic to this argument, though I do wonder how well it'll play in court. In both of these cases, I think a decent case can be made that the actions are a form of speech, in that they were both designed to protest certain actions. The question is whether or not the courts will recognize them as legitimate and protected protests. And that may very well come down to the judges in the cases.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Scote, Sep 30th, 2011 @ 10:55am

    Sit in protesters are arrested for trespassing

    I think the argument is interesting, but in this case the analogy backfires.

    A sit in is a form of civil protest. It is peaceful, but that doesn't mean it is legal. Civil protesters deliberately risk arrest during their protest because a sit in is a form of trespassing if the protesters don't leave when asked to do so. So claiming that a DDoS is like a sit in is like asking the jury to convict his client.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Chris Rhodes (profile), Sep 30th, 2011 @ 11:14am

      Re: Sit in protesters are arrested for trespassing

      Agreed. +1 for you.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      HothMonster, Sep 30th, 2011 @ 11:19am

      Re: Sit in protesters are arrested for trespassing

      id rather get convicted of trespassing than hacking

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Chuckles, Oct 4th, 2011 @ 3:55pm

        Re: Re: Sit in protesters are arrested for trespassing

        OK, you're going to get convicted for one count of trespassing for each DDOS message string you send.

        If you opt for concurrent sentencing, I'm going to ask for fines. If you want jail time, we'll go with consecutive sentences.

        Any other brilliant ideas?

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      xs (profile), Sep 30th, 2011 @ 12:13pm

      Re: Sit in protesters are arrested for trespassing

      I think that's exactly what he's trying to do. Get his client to be at most convicted of digital equivalent of trespassing, instead of the digital equivalent of break and entering or worse, attempted robbery.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Sep 30th, 2011 @ 2:30pm

      Re: Sit in protesters are arrested for trespassing

      A sit in is a form of civil protest. It is peaceful, but that doesn't mean it is legal.

      Rather depends on where you sit, doesn't it.

      a sit in is a form of trespassing

      only if you sit somewhere you don't have the right to.

      A ddos - like some forms of sit in - only involves individual actions that are entirely legal.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Derek Kerton (profile), Sep 30th, 2011 @ 2:53pm

        Re: Re: Sit in protesters are arrested for trespassing

        "A sit in is a form of civil protest. It is peaceful, but that doesn't mean it is legal.

        Rather depends on where you sit, doesn't it."

        Right. When unions go on strike, there is a reason they walk in circles. Because standing still is often loitering. But there's no law against walking on the sidewalk.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          The eejit (profile), Oct 1st, 2011 @ 3:59am

          Re: Re: Re: Sit in protesters are arrested for trespassing

          By that logic, you could DDoS-spam all over the world, so long as you didn't stop. That seems bizarre, to me.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Victor David, Sep 30th, 2011 @ 10:59am

    That is a very interesting argument and one that I too am sympathetic with. However, I'm not holding my breath for the courts to go along with this.

    The fact that the president advocates for much the same sort of action will likely fall on deaf ears. It's been apparent for many years that we have two sets of laws.

    Moreover, if a DDOS made it difficult for a regular customer to buy a book or transfer some money into PayPal, that's felony obstruction of profit, worse than taking a human life.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That Anonymous Coward (profile), Oct 1st, 2011 @ 6:19pm

      Re:

      Ahh but Visa, MC, PayPal all told everyone that the DDOS was not interrupting their core service, only the outward facing public websites.
      So the DDOS at worst made their main websites invisible for the period of time, but did not interfere with this business... and well its really stupid of them to admit now that it did interfere with their business because one then has to ask your the largest payment transaction providers online and a group of meddling "kids" were able to cripple your operation?

      It is sort of like the hysteria when CIA was "hacked", they want everyone to believe that these "super hackers" now have access to all the secrets in the world... not that they took down an outward facing website that had nothing but the sanitized version of what they do on it, some kids games, and the hours of operation for their gift shop.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 11:00am

    Not surprisingly, I'm sympathetic to this argument, though I do wonder how well it'll play in court.

    You should wonder. You should also wonder about the culpability of those who allowed their servers to be used in the attacks.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous American, Sep 30th, 2011 @ 11:38am

      Re:

      Tangential to that, until the fines for a security breach in which identity theft takes place exceeds the cost of securing it in the first place, companies and the government will CONTINUE to not give a good god-damned.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Chuck Norris' Enemy (deceased) (profile), Sep 30th, 2011 @ 12:13pm

      Re:

      FAIL!
      Or the telcos for putting up the wire to transmit the DDOS.
      Try again!

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Nick (profile), Sep 30th, 2011 @ 8:54pm

      Re: servers

      Did you read the original article? the whole point of the defence is that no illegal hacking happened... no damage, no theft...no servers being hacked...it was (as are a lot of these recent dox [DDoS] attacks) voluntary...a bunch of people have a little app that they installed on their computer...knowingly, they point it at a server, the server responds rinse and repeat, one person no big deal 1000 people DOX....the whole other question stemming from the fact that it was voluntary is...was it an act of protest (see 1st amendment)or a criminal act, and if it was a criminal act on what level...

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous, Sep 30th, 2011 @ 11:09am

    Scote makes a most salient point.
    DDoS may be akin to civil disobedience, but that doesn't make any more legal than analog forms of civil disobedience.

    And the fact that it's perpetrated by a single individual (or a very small group, relatively) will imply, I'm guessing, a proportionally concentrated punishment.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Paul L (profile), Sep 30th, 2011 @ 11:19am

      Re:

      There's another point in all this as well;

      DoS attacks and DDoS attacks are not the same. If this truly was a DISTRIBUTED DoS attack, the perp would likely have needed to gain control of a group of machines to collectively perform the attack. Did he have permission from all the machine owners to use their computers in such a way?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Ninja (profile), Sep 30th, 2011 @ 11:41am

        Re: Re:

        That would be impossible to verify. Any1 can set up LOIC and help with the 'attack'. How can you tell a determined request came from a zombie computer or not? You'd have to identify each and every ip, get to each and every machine and test it for the presence of malware allowing remote control and use for attack.

        Even if there were zombie machines used in the attack you'd have then to proceed in checking where the command to attack came for those zombies and see if it was a direct action of the said organizer of the protest or some kid that went overboard while participating in the said act (and thus the organizers are not necessarily at fault).

        I can see the logic in this argument and I can also see how it's impossible to break it since law enforcement usually lacks an e-penis that big (in the sense that they aren't capable of doing such a large forensics work).

        Hmmm.... Maybe I've just found a way to support the claim that ddos is a legal form of protest?

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        WysiWyg (profile), Oct 1st, 2011 @ 1:50am

        Re: Re:

        Actually, if a group of people do a DoS-attack together, doesn't that make it a DDoS?

        Then again, it probably is just a case of most people not knowing the difference.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    HothMonster, Sep 30th, 2011 @ 11:11am

    "the lawyer for a homeless guy accused of setting up a DDoS on the City of Santa Cruz"

    This homeless guy has a computer and legal counsel? How did he get caught, did they trace his IP back to his cardboard box? Seeing as he has nothing better to do couldn't he have just actually staged a sit-in?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Killer_Tofu (profile), Sep 30th, 2011 @ 11:17am

      Re:

      Homeless doesn't mean out on the streets. IIRC he stayed at various friends houses mostly living out of his car. He had his computer online and everything. Just not in his own house.

      That being said, I do not really think the word homeless should be repeated in these stories about the guy every time. It does feel like leading people to conclude that he was indeed out on the streets as that seems to be most people's initial reaction.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Sep 30th, 2011 @ 11:34am

      Re:

      Seeing as he has nothing better to do couldn't he have just actually staged a sit-in?

      Homeless doesn't equate to unemployed. Have you watched the evening news in the last year or two? Something like 1 in 4 are facing foreclosure these days.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        HothMonster, Sep 30th, 2011 @ 12:25pm

        Re: Re:

        yeah my brain makes a jump from homeless to street person. I wouldn't consider everyone who doesn't own a home to be homeless. Though I guess that would be exactly what the word means. In my mind it just implies a more transient, living on the street kind of thing more than house foreclosed moved in with friends kind of thing.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Gwiz (profile), Sep 30th, 2011 @ 2:18pm

          Re: Re: Re:

          I agree. The word "homeless" does invoke visions of a dirty street person trying to wash your windshield with newspapers.

          Unfortunately, the homeless problem has grown exponentially in the last couple of years. Whole families living in cars or in shelters when there is space for them and trying to keep the kids in school at the same time. A lot of these people are still employed (or underemployed) or are trying to find work and that is made even more complicated when you don't have a permanent address.

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    Paul L (profile), Sep 30th, 2011 @ 11:17am

    I really have objections to this attorney's way of thinking. I think we should organize a protest, as in free speech.

    I'm sure he wouldn't mind if a DDoS was organized against http://leidermandevine.com considering his viewpoint that it should be protected speech and all.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 11:22am

    I'm pretty sure a sit-in isn't legal either (trespassing).

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      HothMonster, Sep 30th, 2011 @ 12:26pm

      Re:

      yeah but trespassing cant get you 25 years. The point isnt that he didnt commit any crime just that its not the one they are accusing him of

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    btr1701 (profile), Sep 30th, 2011 @ 11:23am

    Sit-Ins

    > This was merely a digital sit in. It is no different from occupying
    > the Woolworth’s lunch counter in the civil rights era.

    I wonder when someone is going to point out to this guy that sit-ins *are* illegal. Occupying the Woolworth's lunch counter was trespassing. You can't just walk into someone's private business and 'occupy' it against their wishes and say it's legal because it's a form of protest.

    Claiming a DDoS isn't a crime because it's the equivalent of a sit-in isn't exactly a winning argument.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      out_of_the_blue, Sep 30th, 2011 @ 11:31am

      Re: Sit-Ins: "Occupying the Woolworth's lunch counter was trespassing."

      IF you mean Negroes asserting public accomodations rights at a lunch counter that refused to serve them because color of skin, then you're flatly wrong. Businesses aren't "private" and above common law. Thought that was clear. Evidently we're de-volving back to barbarism.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Gwiz (profile), Sep 30th, 2011 @ 11:50am

        Re: Re: Sit-Ins: "Occupying the Woolworth's lunch counter was trespassing."

        IF you mean Negroes asserting public accomodations rights at a lunch counter that refused to serve them because color of skin, then you're flatly wrong.

        Nope. At the time it *was* illegal. The civil disobedience during that time did cause a change in laws, but when it was happening it was against the law.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        hegemon13, Sep 30th, 2011 @ 12:49pm

        Re: Re: Sit-Ins: "Occupying the Woolworth's lunch counter was trespassing."

        "Evidently we're de-volving back to barbarism."

        No, we'd be upgrading to liberty.

        By the way, with that upgrade would come some other interesting results:
        1. The segregationist company would go out of business, or at least suffer massive losses due to bad publicity.
        2. The government would not have the authority to bail the company out.
        2. Neither the federal nor state government would not have the power to defend such businesses with nonsense like the Jim Crow laws. Based on their current power to regulate who private business can serve, they have the authority to re-institute laws just as dreadful. It's not hard to imagine a time in the near future where such authority could ban service to Muslims, immigrants, etc. (Do you realize that the Jim Crow laws were passed to protect segregationist companies from the effects of boycotts, which were destroying those businesses even back in much more racist times than these? The two most racist policies in our history -- segregation and slavery -- were both instituted by government. Both were defeated by the people. Yet, you want the government in charge of such things?)

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          hegemon13, Sep 30th, 2011 @ 12:49pm

          Re: Re: Re: Sit-Ins: "Occupying the Woolworth's lunch counter was trespassing."

          Apparently, I can't count. 2nd 2 should be a 3.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        btr1701 (profile), Sep 30th, 2011 @ 9:37pm

        Re: Re: Sit-Ins: "Occupying the Woolworth's lunch counter was trespassing."

        > IF you mean Negroes asserting public accomodations rights at
        > a lunch counter that refused to serve them because color of skin,
        > then you're flatly wrong. Businesses aren't "private" and above
        > common law.

        They were at the time.

        And common law at the time said segregation was okay. It was only subsequent statutory law (the Civil Rights Act) that overruled it and banned segregation.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Sep 30th, 2011 @ 11:51am

      Re: Sit-Ins

      I'm not sure, I think protesting is illegl nowadays. Any form.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    out_of_the_blue, Sep 30th, 2011 @ 11:23am

    Sit-ins are not entirely illegal: a jury can decide justified.

    In the remnants of the United States, such action by citizens are weighed in context of greater good and free speech. So you legalistic weenies asserting they're illegal are wrong.

    That said, only up to a point in practice. Temporarily hampering a machine from access to the internet isn't very serious. But we obviously can't allow every yahoo to do so without limit or reason.

    I'd advise play to jury as justified, but it'll be a tough sell.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Sep 30th, 2011 @ 11:53am

      Re: Sit-ins are not entirely illegal: a jury can decide justified.

      That was a pretty sane comment from you. Great, 10/10 and fully agreed.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Sep 30th, 2011 @ 12:20pm

      Re: Sit-ins are not entirely illegal: a jury can decide justified.

      Sit-ins are not entirely illegal: a jury can decide justified.

      In the remnants of the United States, such action by citizens are weighed in context of greater good and free speech. So you legalistic weenies asserting they're illegal are wrong.


      Not really sure what you are trying to say here Blue. If something is illegal, it's illegal. No grey area whatsoever.

      I agree that a jury can nullify a conviction on an individual case and acquit the accused, but the law remains unchanged. Juries cannot change laws.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Rich Kulawiec, Sep 30th, 2011 @ 11:43am

    Interesting compare/contrast point

    "When Obama orders supporters to inundate the switchboards of Congress, that's good politics, when a bunch of kids decide to send a political message with roots going back to the civil rights movement and the revolution, it's something else," Cohen told TPM, stipulating that he was not indicating that his client was even involved. "Barack Obama urged people to shutdown the switchboard, he's not indicted."

    That's a good point. Deliberately inundating the switchboards of Congress (or the White House, or Jim's Bank and Donuts) is a DoS attack if launched from a single point, a DDoS attack if launched from many. So why hasn't the DoJ indicted everyone who carried that out (after all: they can easily acquire their phone numbers) and why haven't they gone after those instigating it?

    Of course, calling for mass phone calls (or letters, or anything else) is hardly new and unique; it's an old tactic, and many politicians have used it over the years. So have corporations, lobbyists, public interest groups, and many others. All that's changed are the media: e.g., now email is sometimes used, perhaps tomorrow something else will be.

    This shouldn't be read as approval, by the way. But I do think there's an inconsistency here that needs to be addresssed.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 12:07pm

    One difference is that in a sit-in, there are a bunch of individuals occupying some space in protest. A DDoS attack does not necessarily mean a bunch of individuals. If a single person launches a DDoS attack, the sit-in equivalent would have to be a single person occupying some space, which is not a sit-in unless that space is a broom closet.

    I think that in order for any sort of DDoS attack to be similar to a sit-in, many individuals must voluntarily occupy the digital space. Botnets, malware, etc. shouldn't count because they are not voluntary individuals. The only grey area I see is what constitutes an individual's action. Must the person manually be hitting refresh, or can they have some device or program that participates?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Bengie, Sep 30th, 2011 @ 12:16pm

    Another analogy

    A DDoS is less like a sit-in and more like walking into a restaurant, talking over the menu with the waiter/waitress, then canceling your order. over and over and over.

    An ICMP ping flood would be closer to a sit-in.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 12:55pm

    Not surprisingly, I'm sympathetic to this argument, though I do wonder how well it'll play in court. In both of these cases, I think a decent case can be made that the actions are a form of speech, in that they were both designed to protest certain actions. The question is whether or not the courts will recognize them as legitimate and protected protests. And that may very well come down to the judges in the cases.

    It's not surprising--you'll latch onto any halfway plausible argument if you agree with the result. Yes, protesting is a form of protected speech, but there is a line that can be crossed where it becomes illegal. Obviously DDOSers like Anonymous are crossing that line. You'll milk all the FUD out of this you can, but no judge is going to buy this argument because it's bullshit.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    fb39ca4, Sep 30th, 2011 @ 1:02pm

    It is only a legit form of protest when it is many people *knowingly* flooding the server with requests, rather than some guy ordering his botnet to do so. This would actually empower people to protest without even leaving their homes-the organizers would only have to ask people to run a program to flood the server with requests.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Derek Kerton (profile), Sep 30th, 2011 @ 1:25pm

    DDOS Doesn't Require Hacking

    A DDOS attack just means overloading a server with requests, to the point that it can't handle the requests. Mike makes a good parallel with the Obama request to overload a switchboard.

    This overloaded server cannot provide service to legitimate users, thus whatever service was hosted on it is blocked. This sounds a lot like a strike picket line, an blockade, a sit in, chaining yourself to a tree, etc. Sure, it's subject to arrest if trespass if that occurs, but that's not a serious crime.

    DDOS does not mean hacking in. It does not mean cracking security. It does not mean stealing information, nor providing false credentials. It does not mean sneaking past electronic locks. It just means "overwhelming". Are you guilty of DDOS when you get on the freeway and become part of a traffic jam? No.

    Calling up your 2000 twitter followers to execute a DDOS does seem like free speech, or legal action to me. In fact, I don't even see any sign of trespass. The server is there to accept requests from the Net, and you are doing just that. Perhaps you would be in violation of some Terms of Service or fair use guidelines, but there's no crime in that either.

    The only way DDOS should be seriously illegal is when executed with a botnet of hacked computers. At some point, those computers were illegally hacked. This, as we know, is the most common form of DDOS, but a DDOS could also be organized through computers you control legitimately, friends you organize, or a grassroots movement.

    I dunno what the homeless guy in the story did, but I don't agree that DDOS is automatically a crime.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 30th, 2011 @ 5:49pm

      Re: DDOS Doesn't Require Hacking

      Derek, what Obama was doing was asking each individual person to make one phone call. He wasn't asking a single person to make a million phone calls.

      A single man with a single connection in a single browser cannot create a DoS (unless the server is truly weak). So it requires software to automatically make hundreds or thousands of connections, or perhaps the use of corrupted machines to make such an attack (a good example would be to seed something in the computers of every public library in the area).

      A sit in (or a phone in) requires many people exercising their individual rights. a DDoS can be made by a single person. No really fair, is it?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Derek Kerton (profile), Sep 30th, 2011 @ 6:33pm

        Re: Re: DDOS Doesn't Require Hacking

        Well, you're not disagreeing with me, just pointing out that a DDOS can be (and usually is) one guy with a ill-begotten botnet. I never suggested a single man with a single PC could pull a DDOS attack; if you read again, you'll see that I suggested a single man calling on 2,000 of his Twitter followers to use ALL their PCs could pull it off.

        I mean, of course I know one guy with one PC can't pull off a DDOS. My comment alone shows that I'm not an idiot. The first D is for distributed, which is important because if it's just one guy, the server easily detects it is getting bombarded from that IP, and reacts by ignoring it. Similarly, filters in any ISPs along the route could also block/ignore that ping. But when the attack is Distributed, it is harder to block.

        It is possible for someone with a big following to trigger a DDOS, with no bots - just many individuals actively pinging from one browser each. With enough people, DDOS!

        That is to say, the illegal part is the botnet, or specifically how it is created. The DDOS part is "speech", or a picket line.

        I dunno anything about this homeless guy's case. I just want to reserve the right for myself to take part in a DDOS, as just one person with one PC, someday, if I so choose.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Sep 30th, 2011 @ 6:39pm

        Re: Re: DDOS Doesn't Require Hacking

        "A single man with a single connection in a single browser cannot create a DoS (unless the server is truly weak). So it requires software to automatically make hundreds or thousands of connections, or perhaps the use of corrupted machines to make such an attack (a good example would be to seed something in the computers of every public library in the area)."

        Nope all you need is a URL and a plugin to reload that page.

        https://addons.mozilla.org/en-US/firefox/addon/reloadevery/
        http://www.chromeextensions.or g/utilities/auto-reload/

        So everyone can just keep reloading one page.

        Peopole can also set the ping command to keep pinging some range of IP' addresses indefinetely, this is also known as ping of death.

        Now a DDoS can't be accomplished by a single person unless that single person commands thousands of machines, no single user machine can flood a network, you need thousands of machines.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Sep 30th, 2011 @ 9:51pm

          Re: Re: Re: DDOS Doesn't Require Hacking

          The "ping of death" no longer works (and if tried, PING requests can be dropped at the border and the attack defeated outright). Most simplistic attacks are just not functional anymore.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 1:55pm

    Automation

    A big difference between DDoS and both the sit-ins and the calling of the Congress switch-board is the automation aspect. There's a one-to-one ratio of number of people initiating the calls to the switch-board, or the number of people occupying seats in a restaurant. Additionally, the protest only continues as long as the protestors are themselves physically engaged in the protest. If Obama had sent around a robo-dialer program to all his friends, with an automated message and told them pound the Congress switch-board the example would be more analogous to DDoS. I don't believe the automation aspect has any bearing in the law. I'm just pointing out a difference to the analogies used.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Sep 30th, 2011 @ 2:42pm

      Re: Automation

      A big difference between DDoS and both the sit-ins and the calling of the Congress switch-board is the automation aspect.

      But a DDOS isn't necessarily automated.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 1st, 2011 @ 4:41pm

      Re: Automation

      It should be noted that a sit in at a private company would almost certainly lead to mass arrests for trespassing. They could, at best, stand outside of the business and chant slogans.

      If they kept calling the company order lines over and over again, to keep the phone lines busy, I am sure that there would be some law that would apply as well.

      Remember, for a protest to be a protest, you have to communicate something. Normally it is with placards, banners, picket signs, chants... what have you. What message does a DDoS deliver? Nothing, except "computer down for an unknown reason".

      A DDoS (as opposed to a DoS) suggests organization. I somehow doubt that a homeless guy lead a huge crusade with thousands of people helping him out. Sounds more like one guy, a few hacked computers, and automated software to attack the server in question. There is very little in his actions that can be taken as protest, and everything shows vengeance and a vile attitude.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Mike Raffety (profile), Sep 30th, 2011 @ 2:11pm

    DENIAL of service

    Wait, let's look at what this is called, DENIAL of service. DENYING an entity the ability to do its normal activity, like operating a web site, due to all this traffic, certainly SHOULD be illegal (and hopefully IS illegal).

    The physical world equivalent would be forming a human chain to prevent people from entering a building -- and police will and do break those up.

    Standing around with signs and bullhorns chanting is like having another web site, or posting messages on their web site. It does not actually interfere with their ability to operate (other than in the mind of potential customers/visitors).

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Derek Kerton (profile), Sep 30th, 2011 @ 2:25pm

      Re: DENIAL of service

      OK, so if you contribute to a traffic jam by driving. That jam then denies me my ability to run my delivery business. Did you commit a crime?

      If a service is denied by virtue of offering service to any host that reaches out to it, and getting overwhelmed, which host is responsible for the denial. Every one individually? All of them in aggregate?

      BTW, the use of the word "DENIAL" comes from whoever named the form of "attack". If the web community had instead called it "Distributed Overwhelming Of A Server, I Say" (DO AS I Say), would you then have called it authoritarian? It seems very arbitrary to conclude that the made up terminology precisely defines the intent of the one guy accused.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 2nd, 2011 @ 6:18am

        Re: Re: DENIAL of service

        OK, so if you contribute to a traffic jam by driving. That jam then denies me my ability to run my delivery business. Did you commit a crime?


        How about motive Derek. Are you such a sniveling apologist that you ignore that element entirely?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          WysiWyg (profile), Oct 2nd, 2011 @ 6:42am

          Re: Re: Re: DENIAL of service

          But when we start punishing people not for what they do, but the reason they do it, we're in extremely deep crap.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Willton, Oct 2nd, 2011 @ 12:06pm

            Re: Re: Re: Re: DENIAL of service

            But when we start punishing people not for what they do, but the reason they do it, we're in extremely deep crap.

            Um, hello? That's the whole basis of the criminal system. We don't punish the act unless there was a criminal intent element as well. We legal types call that "mens rea" (i.e., guilty mind). Therefore, the reasons for one's actions are extremely relevant to punishment. Otherwise we would have a regime of strict liability crimes (i.e., punishment for acts regardless of intent).

             

            reply to this | link to this | view in chronology ]

        •  
          icon
          Derek Kerton (profile), Oct 4th, 2011 @ 8:10pm

          Re: Re: Re: DENIAL of service

          Apoligist? Meh. I want to reserve my right to peacefully and lawfully interfere with somebody such that I might send a political message. I don't care about the guy in this case. I want to protect my right to expression.

          When striking workers picket a plant, one of their intents is to disrupt the flow of goods and resources in and out...usually in a legal way. Can you convict them for their intent?

          When workers organize a "work to rule" campaign, which means they follow every rule in the book to the letter, seriously reducing their efficiency, is it illegal because their intent is to disrupt the business?

          If French farm workers drive their tractors on the Champs Elysees (legally) with the intent to disrupt traffic, is it illegal?

          Hitting a publicly open and available server for information is not illegal. Doing so with intent to disrupt service should not be any more illegal.

          Screw the criminals who hack PCs to make botnets. But get them for the hacking, not the DDOS. And let's protect the citizens and their right to form a true grassroots protest.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Willton, Oct 2nd, 2011 @ 12:15pm

        Re: Re: DENIAL of service

        OK, so if you contribute to a traffic jam by driving. That jam then denies me my ability to run my delivery business. Did you commit a crime?

        Did I intend to deny you the ability to run your delivery business? Or was that merely a consequence of me exercising my legal privilege to drive on the road?

        If a service is denied by virtue of offering service to any host that reaches out to it, and getting overwhelmed, which host is responsible for the denial. Every one individually? All of them in aggregate?

        All of whom intended to disrupt the service from operating. Those individuals with the appropriate culpability should be jointly and severally liable.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 30th, 2011 @ 6:45pm

      Re: DENIAL of service

      No it is not unless that business depends solely on the web to do its business.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 30th, 2011 @ 3:23pm

    Sit ins when they first happened where considered crimes too, people got jail time, were beaten, but people kept doing until some got tired of fighting people over and over and over again.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Derek Kerton (profile), Sep 30th, 2011 @ 6:43pm

    A Theoretical Case

    Let's say Bono of U2, a massively popular dude worldwide, says at some globally simulcast concert: "I really hate Monsanto. They make it harder for poor people to grow food. I wish that on Sunday, everybody just hit that website all day, just to bring them down a peg. I mean, we need to send them a message that the world is watching. Now, this is not a rebel song, this song is...Sunday Bloody Sunday..." and cue the Edge.

    OK, so on Sunday, U2 fans from around the world, and other Monsanto haters, all ping the crap outta those servers. DDOS will result. But let's assume no botnets need be involved (it's my hypothetical case, after all).

    Questions for the class:
    - Is Bono a criminal for the DDOS?
    - If he didn't touch one keyboard or launch one packet, how is he responsible for a DDOS?
    - Did he yell "fire" in a cinema?
    - Is each individual who heeded Bono's call a criminal?
    - Was Bono just exercising free speech?
    - Is the DDOS on Monsanto just a legal protest so that they would "hear everyone's voices" of disapproval?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Njdobber (profile), Sep 30th, 2011 @ 9:03pm

    edit of Re: servers

    Anonymous Coward, Sep 30th, 2011 @ 11:00am
    Not surprisingly, I'm sympathetic to this argument, though I do wonder how well it'll play in court.

    You should wonder. You should also wonder about the culpability of those who allowed their servers to be used in the attacks.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    kharrell904, Oct 1st, 2011 @ 9:47am

    Except that whole taking up a physical space thing usually means sitting off the premises and not blocking people from entering the actual physical space.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Njdobber (profile), Oct 20th, 2011 @ 4:28pm

    just a question...

    how would i go about claiming this story? as i contributed it but didn't have a techdirt account yet?

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This