Lawyer Blogger

Is it illegal to DDOS?

DDOS illegal to

Distributed Denial of Service (DDOS) attacks flood a target website with multiple requests for service. This overloads the server, rendering it slow or unable to process services. As such, the website and its business halt.

Different types of DDOS attacks exist, including:

  • Application Layer Attack: exhausts the website’s resources to disrupt or deny access to it or its services.
  • Protocol Attack: targets the networking layer of the target systems to overwhelm the core networking services, firewall, or load balancer that forwards requests to the website.
  • Volumetric Attack: uses botnets to generate a huge surge of traffic and clog up the website’s system.

DDOS attacks are evolving, and their destructive powers have increased over time. According to a Kaspersky report, DDOS attacks cost small businesses around $120,000. For enterprises, that number is around $2,000,000.

As a result, governments are passing laws and improving cybersecurity standards for websites around the world. Below, we discuss such laws and what authorities are doing to combat DDOS attacks.

What the Law Says

The following is a rundown of laws governing cybersecurity and DDOS attacks in major countries in the world.


Canadian laws aim to protect information systems and computer networks from breaches and attacks, which include unauthorized access to protected information, malware, viruses, worms, and, of course, DDOS attacks. Statutes and common law protect Canadian cybersecurity and data protection.

DDOS attacks carry a maximum penalty of 10 years in prison. And if the attack is deemed to be a threat to national security, then the perpetrator can be charged for cyberterrorism and be given a maximum penalty of life in prison.

The US

In the US, DDOS attacks are punishable with 10 years in prison and a $500,000 fine under the Federal Computer Fraud and Abuse Act. Being a co-conspirator can lead to five years in prison and a $250,000 fine.

On the flip side, these punishments are only applicable to attacks without permission. That’s because certain DDOS attack tests are allowed as long as they’re conducted in a controlled manner by professionals alongside the consent and knowledge of the client.

Such attack testings are conducted in a manner that safeguards the business from any irreparable damages. Multiple fail-safes are also required to immediately stop such tests if necessary.

The UK

The UK has similar laws against DDOS attacks. Under the Computer Misuse Act of 1990, it’s illegal to deliberately disrupt an operation of a computer or prevent access to a program or data. Under this act, it’s also illegal to create, supply, or obtain stresser or booter devices that facilitate DDOS attacks.

Moreover, this act has been “updated” through the Police and Justice Act of 2006. The 2006 act expands the provisions and criminalizes someone who does an unauthorized activity to a computer with malicious intent. It also increases the penalty for unauthorized access from six months to two years of imprisonment.


In Australia, the Criminal Code Act of 1995 criminalizes cybercrime and is applied universally to various cybersecurity-related crimes, such as phishing, ransomware, identity theft, and DDOS attacks.

Under this law, any “unauthorized impairment of electronic communication” is an offense. That is, it’s illegal to deliberately impair any electronic communication to or from a computer without any authorization. The maximum penalty for such an offense is 10 years’ imprisonment.


China has a highly developed internet system, making it a key market for IT-related businesses that do almost everything online. On top of that, China is no exception when it comes to cybercrime attacks, including DDOS, which is the most common security attack in the country.

Given that, the Asian country also has some of the most stringent cybersecurity laws around the world. Certain websites are blocked in China, and all websites must have valid ICP licenses.

Under China’s Criminal Law, DDOS attacks are punishable by five years imprisonment as well as administrative penalties. Detentions are also not uncommon in terms of punishments for violations of national laws, which include the Public Security Administration Punishments Law and Cybersecurity Law.

How to Prevent DDOS Attacks

Although DDOS attacks have been evolving, techniques on preventing them have also been improving. The following are some of the ways you can reinforce your network security and avoid DDOS attacks:

  • Understanding of Warning Signs: while network slowdown, spotty connectivity, and intermittent shutdowns are common among networks, they’re also signs observed during DDOS attacks. Know when your network is experiencing normal errors versus when it’s suffering from something more serious.
  • Developing a DDOS Response Plan: this is a plan on the first steps you’ll take when responding to a malicious attack. Make a system checklist, form a response team, define procedures, and ensure everybody knows who to contact for what.
  • Secure Network Infrastructure: this includes threat management systems that combine firewalls, anti-spam, VPNs, and other layers of DDOS defense tools. Make sure your systems are up to date because old, outdated systems come with a lot of loopholes.
  • Maintain Strong Architecture: create redundant network resources so that if a server is attacked, others can handle the extra network traffic. If possible, your servers should be located in different places in a location.
  • Use the Cloud: using outsourced, cloud-based service providers give you more bandwidth and resources to counter a DDOS attack. Cloud-based apps can absorb harmful traffic before it reaches their destination. At the same time, outsourced providers often hire software engineers solely to monitor new and leading DDOS tactics.
  • Practice Basic Security Measures: this involves allowing as little user error as possible and engaging in strong security practices. These measures can be as simple as regularly changing complex passwords, employing anti-phishing methods, and using firewalls that permit little outside traffic.

Overall, DDOS attacks impair your processes and network’s service. Legislations around the world are tough on such crimes, with punishments ranging from life imprisonment to hefty fines.

These laws are meant to deter attackers, but you can also take a proactive hand in defending against DDOS crimes. Strengthen your security posture and make sure that you know what laws govern the IT and cybersecurity fields in your country.

Check out some of our similar articles in our Internet Law category.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts