Is DDoSing Illegal? A Glimpse Into DDoS Attacks And Their Legal Consequences

Reading time: 6 min read
Maxym Chekalov
Written by
Maxym Chekalov

Updated · Jul 04, 2023

Maxym Chekalov
SEO Specialist | Joined June 2023 | LinkedIn
Maxym Chekalov

With a master's degree in telecommunications and over 15 years of working experience in telecommunic... | See full bio

Girlie Defensor
Edited by
Girlie Defensor


Girlie Defensor
Joined June 2023
Girlie Defensor

Girlie is an accomplished writer with an interest in technology and literature. With years of experi... | See full bio

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

This act overwhelms the target’s server, slowing it down or crashing it completely to disrupt its operations. 

DDoSing can destroy businesses and organizations. Attacks cost large enterprises an average of $2,000,000. And for small businesses, an average of $120,000. 

This type of cybercrime is a menace. It is important to understand the scale of this attack. 

In this article, discover whether DDoS is illegal and how to prevent it. 

Is DDoSing Illegal?

A DDoS cyberattack involves infecting a network of computers or devices to generate a legion of bots that will wreak havoc on the server. 

The more infected devices there are, the more destructive the DDoS will be. 

DDoSing is a federal criminal offense in the United States. It’s a civil and criminal liability, so court trials are dedicated to it. You could be fined and imprisoned for up to 10 years if proven guilty. 

DDoS attacks have worsened over the past decades. Governments worldwide have declared several laws to penalize offenders and ward off would-be attackers.

Laws Involving DDoSing 

The Federal Computer Fraud and Abuse Act (CFAA) is the only law that prosecutes DDoSing in the US. Enacted in 1986, this statute prohibits anyone from committing cybercrimes. 

Specifically, the CFAA addresses accessing a person’s computer without permission, trespassing on government computers, unauthorized data collecting, trafficking in passwords, online extortion, and many others.

The US punishes guilty DDoS attackers with a criminal prosecution that might lead to a maximum of 10 years imprisonment and a $500,000 fine. A co-conspirator gets a $250,000 fine and five years in jail time. 

The statute also calls for seizing all the computers and devices used for the attack.

Cases Involving DDoSing

The first recorded DDoSing happened in 1996 with Panix. An SYN flood forced services to stop running for several days. 

After that, numerous DDoS attacks have been popping up over the years. And some are notably large, targetting mammoth companies like Yahoo!, Amazon, and Sony’s PlayStation. 

Here are five of the most notorious DDoS incidents:

The AWS Attack (2020)

The attack on Amazon Web Services (AWS) holds the record for having the highest traffic volume in history at a staggering 2.3 Tbps. That’s almost half of all traffic of the entire UK network on a typical day.

In February 2020, hackers attempted a reflection attack and used a third-party server that magnified the usual DDoS malicious traffic. 

Amazon later reported that the attack's peak was 44% bigger than anything they’d encountered before. It went on for three days. Luckily, Amazon’s cybersecurity, AWS Shield, thwarted it.

The Mafiaboy Attacks (2000) 

Considered the largest DDoS incident in history, the Mafiaboy Attacks still strike a chord in the cybersecurity industry today.

In 2000, Michael Calce, a teen hacker from Quebec, brought down Amazon, Dell, eBay, Yahoo!, CNN, Fifa, and  E*TRADE. The attack was so massive; it caused $1.7 billion in total damages and essentially “stopped the internet.”

Michael named his online conquest, Rivolta, which is Italian for rebellion. Later on, the FBI and the Royal Canadian Mounted Police caught him and charged him with more than 50 crimes. 

The teenager pleaded guilty to several charges and was sentenced to only eight months in a youth detention center. 

PlayStation Network and Xbox Live Attack (2014)

Hackers leave no company unscathed, even gaming ones. During 2014’s Christmas Eve, Lizard Squad crashed Sony’s and Microsoft’s gaming networks, spoiling approximately 160 million gamers during their holiday fun. 

For two days, the cyber assault on the two gaming services rendered Xbox and PlayStations consoles useless. 

The group allegedly came back months later for round two. UK Police arrested two men believed to be part of Lizard Squad, but they were never charged.

The GitHub Attack (2018)

Another DDoS attack jammed GitHub on February 2018. Thousands of infected endpoints threw GitHub traffic at 1.35 Tpbs, disabling it for about 20 minutes.

Hackers initiated the attack by exploiting a standard command of Memcached, an open-source, high-performance database caching system for boosting website and network speeds.

This isn’t the first time a DDoS of this scale hit GitHub. According to The Verge, the platform suffered from the same type of cyberattack from China in 2015. The DDoSing lasted for at least 24 hours.

The Estonia Attack (2007)

The Estonia attacks in April and May 2007 left many government and corporate websites in shambles. 

The incident was believed to be a large-scale protest against the government’s decision to move a Soviet World War II memorial from downtown Tallinn on April 27.

A group of Russian activists associated with Nashi, a pro-Kremling group, claimed responsibility for the attack. However, it was never verified.

Preventing DDoS Attacks

If a DDoS attack can infiltrate giant corporations and government organizations, it can be easy for them to attack small businesses and individual users.

Here are several methods you can do to guard your website and network:

  • Practice basic security protocols. Regularly and randomly change your passwords. Keep a secure list offline to avoid forgetting them. 
  • Familiarize the warning signs. Know the difference between a slow internet connection, a server problem, and a DDoS attack. 
  • Switch to a secure cloud-based web server. This allows you to strengthen your server’s bandwidth and resistance to DDoSing. 
  • Enable rate limiting. This method caps requests a single IP can make to your website within a set time. This will prevent individual sources from sending large volumes of requests per second.
  • Launch at least two firewalls. You need more than one firewall when dealing with DDoS. A two-firewall setup forces traffic to pass through double filters plus a Bastion host before it enters your network. The first screen identifies spoofed IP packets and eliminates them. The second filter analyzes what enters and blacklists suspicious IP packets.
  • Plan for the attack. Just in case a DDoS assault does happen, identify the correct people to deal with the problem. Have a list of resources to prioritize to keep services running. And have the contact number of your server provider ready.

Bottom Line

There is no doubt that DDoSing is dangerous. It attacks servers and cripples networks, costing millions of dollars in damages. This is why it is rightfully illegal. 

Putting laws in place won’t stop all attackers from randomly picking you one day. So if you run a website or two, set up a plan to secure them. Get the right services and tools. 

Prevent your sites from suffering the same fate as those swarmed by bot requests. After all, you are your network’s first line of defense.


How long can a DDoS last?

A DDoS attack has no set time limit. How long this cyber assault lasts depends on its scale. Attacks can range from several minutes to days. 

Does VPN stop DDoS?

A VPN can stop a DDoS attack because it hides your IP address. A hacker can’t launch an attack with no IP address to target. And if your current IP address has been compromised, you can set it to a different one using the VPN’s features.

What is DDoS in gaming?

DDoSing in gaming means that hackers attack the game’s server, not the game itself. They send too many requests and information to that server with the single goal of crashing it. This stops thousands or millions of gamers from playing on that server. 


Facebook LinkedIn Twitter
Leave your comment

Your email address will not be published.