Editing Denial-of-service attack (section)

==Legality==
[[File:FBI DDoS domain seized.png|thumb|Numerous websites offering tools to conduct a DDoS attack were seized by the FBI under the [[Computer Fraud and Abuse Act]].<ref>{{cite web|title=FBI Seizes 15 DDoS-For-Hire Websites|url=https://kotaku.com/fbi-seizes-15-ddos-for-hire-websites-1831239141|website=Kotaku|date=6 January 2019}}</ref>]]
{{See also|Cybercrime|DPP v Lennon}}

Many jurisdictions have laws under which denial-of-service attacks are illegal. [[UNCTAD]] highlights that 156 countries, or 80% globally, have enacted [[cybercrime]] laws to combat its widespread impact. Adoption rates vary by region, with Europe at a 91% rate, and Africa at 72%.<ref>{{Cite web |title=Cybercrime Legislation Worldwide {{!}} UNCTAD |url=https://unctad.org/page/cybercrime-legislation-worldwide |access-date=2024-04-08 |website=unctad.org |language=en}}</ref>

In the US, denial-of-service attacks may be considered a federal crime under the [[Computer Fraud and Abuse Act]] with penalties that include years of imprisonment.<ref>{{cite web|url=http://www.gpo.gov/fdsys/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap47-sec1030.htm |title=United States Code: Title 18,1030. Fraud and related activity in connection with computers &#124; Government Printing Office |publisher=gpo.gov |date=2002-10-25|access-date=2014-01-15}}</ref> The [[Computer Crime and Intellectual Property Section]] of the [[US Department of Justice]] handles cases of DoS and DDoS. In one example, in July 2019, Austin Thompson, aka [[DerpTrolling]], was sentenced to 27 months in prison and $95,000 restitution by a federal court for conducting multiple DDoS attacks on major video gaming companies, disrupting their systems from hours to days.<ref name=Thompson_sentenced_1 >{{cite web | url=https://www.justice.gov/usao-sdca/pr/utah-man-sentenced-computer-hacking-crime | title=Utah Man Sentenced for Computer Hacking Crime | date=2019-07-02 | archive-url=https://web.archive.org/web/20190710153706/https://www.justice.gov/usao-sdca/pr/utah-man-sentenced-computer-hacking-crime | archive-date=2019-07-10 | url-status=live }}</ref><ref name=Thompson_sentenced_2 >{{ cite news | url=https://www.theregister.co.uk/2019/07/04/gamebusting_ddos_wielder_derptrolling_sentenced_to_two_years_in_the_clink/ | title=Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling | last=Smolaks  | first=Max | publisher=[[The Register]] | date=2019-07-04 | access-date=2019-09-27 | quote=Austin Thompson, aka DerpTrolling, who came to prominence in 2013 by launching Distributed Denial of Service (DDoS) attacks against major video game companies, has been sentenced to 27 months in prison by a federal court. Thompson, a resident of Utah, will also have to pay $95,000 to Daybreak Games, which was owned by Sony when it suffered at the hands of DerpTrolling. Between December 2013 and January 2014, Thompson also brought down Valve’s Steam – the largest digital distribution platform for PC gaming – as well as Electronic Arts' Origin service and Blizzard's BattleNet. The disruption lasted anywhere from hours to days. }}</ref>

In European countries, committing criminal denial-of-service attacks may, as a minimum, lead to arrest.<ref>{{cite web|title=International Action Against DD4BC Cybercriminal Group|url=https://www.europol.europa.eu/content/international-action-against-dd4bc-cybercriminal-group|website=EUROPOL|date=12 January 2016}}</ref> The United Kingdom is unusual in that it specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison with the [[Police and Justice Act 2006]], which amended Section 3 of the [[Computer Misuse Act 1990]].<ref>{{cite web|title=Computer Misuse Act 1990|url=http://www.legislation.gov.uk/ukpga/1990/18/section/3|website=legislation.gov.uk — The National Archives, of UK|date=10 January 2008}}</ref>

In January 2019, [[Europol]] announced that "actions are currently underway worldwide to track down the users" of Webstresser.org, a former DDoS marketplace that was shut down in April 2018 as part of [[Operation PowerOFF]].<ref>{{cite web |title=Newsroom |url=https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-down |website=Europol |access-date=29 January 2019 |language=en}}</ref> Europol said UK police were conducting a number of "live operations" targeting over 250 users of Webstresser and other DDoS services.<ref>{{cite web |title=Authorities across the world going after users of biggest DDoS-for-hire website |url=https://www.europol.europa.eu/newsroom/news/authorities-across-world-going-after-users-of-biggest-ddos-for-hire-website |website=Europol |access-date=29 January 2019 |language=en}}</ref>

On January 7, 2013, [[Anonymous (hacker group)|Anonymous]] posted a [[We the People (petitioning system)|petition]] on the [[whitehouse.gov]] site asking that DDoS be recognized as a legal form of protest similar to the [[Occupy movement]], the claim being that the similarity in the purpose of both is same.<ref>{{cite web|url=https://huffingtonpost.com/2013/01/12/anonymous-ddos-petition-white-house_n_2463009.html |title=Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest. |publisher=HuffingtonPost.com |date=2013-01-12}}</ref>