Forgot your password?
typodupeerror

U.K. Outlaws Denial of Service Attacks 239

Posted by Zonk
from the keep-it-in-your-toolbox dept.
gnaremooz writes "A U.K. law has been passed that makes it an offense to launch denial-of-service attacks. The penalties for violating the new statues are stiff, with sentences increased from 5 to 10 years. The five year penalty was from the 1990 "Computer Misuse Act", which was enacted before the Internet became widespread. The idea of stiffer penalties for DoS attacks are probably something we can all get behind, but the language of the law is frustratingly vague." From the article: "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer."
This discussion has been archived. No new comments can be posted.

U.K. Outlaws Denial of Service Attacks

Comments Filter:
  • Another law (Score:5, Insightful)

    by adpsimpson (956630) on Saturday November 11, 2006 @07:37AM (#16804180)

    Another law with good intent.

    Another set of wording so vague it's no use against those it's meant to stop.

    Another set of abuses waiting to happen.

    • Re: (Score:3, Insightful)

      by gweihir (88907)
      In short: Another law that was made without asking the domain experts. Are these people just incredibly arrogant or plain stupid?
      • Re:Another law (Score:4, Insightful)

        by Ksempac (934247) on Saturday November 11, 2006 @09:39AM (#16804752)
        Well you ve got 2 possibilities...

        One : You let a politician write the law with words and vague ideas everyone can understand, including politicians and judges. It doesn t satisfy experts, but at least politicians understand what are they voting for. Once the vague law is voted, judges can make their own decision by referring to the spirit of the law rather than the word of the law.

        Second : You let experts write the law, only people with a lot of knowledge in the field will understand what it means, but that will still be up to the politicians to vote them. How do you expect them to vote well if they have no idea what is this all about ? How do you expect judges to use a law they dont understand ?
        Moreover, how do you choose your expert for let's say... a law about DRM ? Do you ask a guy from the RIAA/the majors (i m sure they ve got a bunch of qualified engineers and scientists working on DRM) or Richard Stallman to write it ?
        • by lordkuri (514498)
          How do you expect them to vote well if they have no idea what is this all about ?

          The same way they always do, listen to what the lobbyist tells them it means, and vote the way the lobbyist tells them to vote after the bribes ... err... "donations" are made.
        • by HiThere (15173) *
          You've made a good case that the system is broken, but I didn't hear a proposal on how it should be patched.
        • by johansalk (818687)
          There's a fundamental fault with democracy in that it allows elected morons to set the laws of the land. This observation is as old as Plato.
        • Re: (Score:2, Insightful)

          Third: The politicians work with the experts to draft the law. The politicians write a first draft explaining to the experts what they want the law to do. The experts explain any technical problems they see with the draft. The politicians revise the law with the feedback from the experts, then the experts review the revised draft. Repeat until the politicians are satisfied with the proposed law. [Ideally the experts would be satisfied too, but the politicians are the ones whose job requires them to be
      • Re:Another law (Score:5, Insightful)

        by RexRhino (769423) on Saturday November 11, 2006 @11:26AM (#16805382)
        This law is really no worse than the laws that regulate health care, the economy, the enviornment, etc. You are simply a domain expert in this field, and thus you understand how stupid the law is. But when the government makes other stupid laws (for example, not allowing patients who are most certainly going to die to choose to try high-risk experimental treatments because the treatments are "too dangerous"... Or making "water saver" toilets manditory, that need two flushings to work properly, and thus use way more water that the old-school "wasteful" toilets... etc., etc.), you probably don't notice, or don't care. You probably say "Oh, a new drug safety law! I support drug safety!", or you say "A new water conservation law! I support protecting the enviornment!". Well, everyone else is saying "Wow, a new computer security law. I want computer security, so I support this!".

        Laws are very crude tools... it is like doing brain surgery with hammers. This law was probably make with plenty of input from domain experts. Laws can be tricky enough when you are dealing with crimes like murder, rape, mugging, etc. But when you want a single code of rules to be used to micromanage the legality of acts of a highly technical nature outside the understand of the general voting public, and that are constantly changing, this is going to be the best you do. You create laws that are so overly vauge that the police have huge leeway to go after whoever they want on their own discretion, because you know that there is no way you can have hearings, discussions, commiteee meetings, and create a sensible set of rules in the time frame that things will keep up with technology. I am not saying I agree, but the people who make the laws trust the discrection of police and government officials more than they trust the general public to do OK without regulation.

        Most people would rather deal with shitty laws, than leave things alone. I can't say I agree with that idea, but if YOU don't, then you are most certainly far outside the mainstream.
      • by SEMW (967629) on Saturday November 11, 2006 @11:48AM (#16805554)
        >Are these people just incredibly arrogant or plain stupid?

        Why does it have to be either-or?
      • by tyler_larson (558763) on Saturday November 11, 2006 @03:32PM (#16807110) Homepage
        FTA:
        "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system.

        No more unplugging the microwave.

    • by jonbryce (703250)
      I don't agree.

      There are lots of ways to bring down a computer system, and most of them haven't been discovered yet. The law needs to be flexible enough to stop all of them, which can't happen if it spells out in precise detail what a DOS attack is.
  • Hindering Access (Score:5, Insightful)

    by Anonymous Coward on Saturday November 11, 2006 @07:39AM (#16804184)
    preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer

    This is a pretty good description of DRM! So it's illegal now?

    • by sumday (888112) on Saturday November 11, 2006 @08:28AM (#16804404)
      You seem to be forgetting the magnificent powers of wordplay that lawyers posess. You see, DRM isn't restricting access to data... It's securing access to data.
    • by gweihir (88907)
      preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer

      What is ''operation of data''? I don't think we had that in CS.

      Apart from that, this applies also to personal firewalls (imparing access to a program, bad), spyware (good), MS windows (well... good ;-), any other OS (bad), any update with bugs (bad), failing hardware, DRM (good!), copy protection software (good),...., and a lot of other things.

      Basically worthless.
      • Re:Hindering Access (Score:5, Interesting)

        by jc42 (318812) on Saturday November 11, 2006 @08:55AM (#16804508) Homepage Journal
        preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer

        What is ''operation of data''? I don't think we had that in CS.


        Well, on a unix-like system, the meaning is pretty obvious: Any file permissions other than 777 are now illegal. So to comply, you should run the following commands:

        umask 0
        find / | xargs chmor ugo+rwx

        Also, in any programs that create files, you should change the permission arg to 0777.

        Lessee, what have I forgotten?

        (I suppose you should also turn off any firewall software you may have running, just to be on the safe side.)

        • by jc42 (318812)
          Damn! Even with preview, I didn't spot the obvious typo.

          s/chmor/chmod/

          Obviously.

          I wonder what typo is in this message.
        • Re: (Score:3, Insightful)

          by joe 155 (937621)
          "preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer"

          I wouldn't take this to be not allowing anyone access to the data, and I'm convinced that no judge in the world would interpret it this way. I think that it largely is talking about preventing access from someone who is authorised to access the data. If the FSF is clever here they will bring private prosecutions against the companies who ship DRM trying to get C
          • Re:Hindering Access (Score:4, Interesting)

            by russ1337 (938915) on Saturday November 11, 2006 @10:33AM (#16805036)
            ">>>I wouldn't take this to be not allowing anyone access to the data, and I'm convinced that no judge in the world would interpret it this way."

            Lets just hope you have a good lawyer who can put up a decent argument against a well versed set of 'anti-terror' lawyers, and prey that the judge you speak of owns an iPod. (you might want to hope you don't have the anarchists cookbook on your computer too).

            But riddle me this Batman - if you submit a story to Slashdot about a new technology bill making denial of service attacks illegal, and the Governments site referenced in the article gets Slashdotted.... are you, by the new law, responsible?
            • by jc42 (318812)
              [I]f you submit a story to Slashdot about a new technology bill making denial of service attacks illegal, and the Governments site referenced in the article gets Slashdotted.... are you, by the new law, responsible?

              I'll bet a lot of /. readers are wondering about this. If not, they should be. And it could be a problem for any kind of news site. One thing about online news is that it's possible to provide links to original documents. But a lot of readers clicking on a link could easily be interpreted as a
        • by dwater (72834)
          you also obvious don't have any files with spaces in their names. try :

          find / -print0 | xargs -0 chmod ugo+wrx

          or simply :

          find / -exec chmod ugo+wrx {} \;

          Max.
          • by truedfx (802492)
            find / -print0 | xargs -0 chmod ugo+wrx
            -print0 and -0 are non-standard find and xargs options. The standard way to get the exact same effect is: find / -exec chmod ugo+wrx {} +
            • by jc42 (318812)
              You're right, of course. I do routinely use xargs like this, to avoid spawning a process for every file. But this only works on my linux and *BSD machines, where people have generally had the sense to avoid blanks in file names. In particular, I use it with my own files, because I don't use blanks in file names.

              Then when I got a Mac, I had to teach myself to think before using xargs, because there's nothing I can do to sanitize the filenames generated by Mac apps, and getting file names quoted correctly
      • by jonbryce (703250)
        If you read the bill itself, http://www.publications.parliament.uk/pa/cm200506 / cmbills/119/06119.27-33.html#j383 [parliament.uk]
        it talks about an "unauthorised" act carried out with "intent", so if you put Zonealarm on your ex employer's server without their permission and configure it to block all requests from the LAN, then you are in trouble. However, if you put it on your own computer to help prevent attacks, then that is permitted.

        Of course, the former would be illegal anyway as an unauthorised modification to your
      • Apart from that, this applies also to personal firewalls (imparing access to a program, bad), spyware (good), MS windows (well... good ;-), any other OS (bad), any update with bugs (bad), failing hardware, DRM (good!), copy protection software (good),...., and a lot of other things.

        You forgot the doozy: Slashdotting.

        It is now illegal for /. to write about British computer system as the ensuing reduction of said systems to smoldering piles of rubble by the combined global power of /. constitutes "impair

    • by Instine (963303)
      I'd say installing Norton 'security' software on someone's machine could now be illegal too, by this...
      • I'd say installing Norton 'security' software on someone's machine could now be illegal too, by this...

        I challenge the claim that Norton Internet Security has ever prevented anybody's access to a computer or the data stored on it.

        Oh, you mean the legitimate user of the computer. Hum. You got a point there...

    • Re: (Score:3, Insightful)

      by glowworm (880177)

      This is a pretty good description of DRM! So it's illegal now?

      No, the law [parliament.uk] states "he does any unauthorised act in relation to a computer" (34.3.1.a).

      DRM and Encryption are both authorised act's. And... saying "you" don't authorise DRM on your PC isn't good enough, the UK laws allowing DRM override your own de-authorisation.

      With encryption in general though, if you had a falling out with your employer and you encrypted his drive, then you would be guilty. Encrypting your own drive though is certainly lega

      • by Smidge204 (605297)

        DRM and Encryption are both authorised act's. And... saying "you" don't authorise DRM on your PC isn't good enough, the UK laws allowing DRM override your own de-authorisation.

        So I, as the owner of the computer system, am not authorized to determine what can and can't operate on my hardware? I am not qualified to say what constitutes "proper operation" of my own equipment and determine if some software is detrimental to that operation?

        Sounds like a decent legal argument in the making.
        =Smidge= (Also not a la

        • by glowworm (880177)

          So I, as the owner of the computer system, am not authorized to determine what can and can't operate on my hardware?

          The law in general allows DRM, this overrides your personal desires. I believe that you, as an individual or a business cannot make up your own rules on what is and isn't authorised if it goes against commonly accepted practices.

          Scarily if you read the law you will see that *anyone* who knowingly attempts to subvert the lawful operation of any computer program (say DRM/WGA) is causing an of

  • by EnsilZah (575600) <EnsilZah@@@Gmail...com> on Saturday November 11, 2006 @07:40AM (#16804190)
    Only outlaws will be reading Slashdot?
  • Good intentions (Score:4, Insightful)

    by robinesque (977170) on Saturday November 11, 2006 @07:43AM (#16804200)
    Unfortunately merely meaning to do good isn't enough if you don't understand the root of the problem. This isn't going to deter people who are doing DoS attacks anyways. Usually they're using DDoS, through hijacked computers... This is pointless. But good for them for taking an interest.
    • by Hao Wu (652581)
      I truely believe that most peoples will refain from such mischief. Their pride and honor is at stake. No person wants to be thought of as criminal by community whether A.C. (anonymous coward) or highest reputable internet personality.
  • Very vague. (Score:5, Funny)

    by massivefoot (922746) on Saturday November 11, 2006 @07:43AM (#16804204)
    a clause that makes it an offense to impair the operation of any computer system


    That really is rather vague. My family are able to "impair the operation of any computer system" just by being left alone with it for 10 minutes.
  • Jail Microsoft? (Score:4, Interesting)

    by newandyh-r (724533) on Saturday November 11, 2006 @07:58AM (#16804276)
    So, when MS switch-off a copy of XP (or Vista) remotely FOR WHATEVER REASON they are breaking the letter of this law - and have "the necessary intent". So will we extradite Bill and bang him up for lots of 5-year sentences?
    • by @madeus (24818)
      I think Microsoft manage to to fall foul of "preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer" even when Windows is behaving normaly.
    • by nurb432 (527695)
      That would be steve that would have to be jailed, not bill. Remember bill stepped down from the CEO position.

      And that is part of why you have a corporation, to sheild you from things like that. THe corp gets fined, you dont have to goto jail .
  • So Laura Ingraham [mediamatters.org] could be arrested and tried for DOS, if this law had been passed in America before election day?

    Excellent...

  • by KKlaus (1012919) on Saturday November 11, 2006 @08:16AM (#16804358)
    So let's see... DDOS takes down a site for a period of time (maybe more if its a shared server). And so we respond with 10 years in jail?

    First of all, economically that's a moronic decision. Jail costs the state between 20-30 thousand dollars a year depending on where it is. Unless someone is DDosing Amazon, and here's where the vague wording of the law is an important shortfall, we're spending hundreds of thousands of dollars punishing someone who did perhaps a few thousand dollars worth of damage. That's bad economics, and I'm sure that money could be better used say, feeding the starving or allowing someone to go to college who otherwise wouldn't be able to.

    Second of all, the kind of person you're going to be able to catch is not the person you want to throw in jail. We already have laws to punish people who run large botnets, and moreover by and large experienced blackhats won't be caught because they administrate their nets from countries ending in -stan. So the people who this legislation will put in jail will by and large be stupid college kids and people making a bad, poorly thought out decision as evidenced by the fact that they're using their home computer. These people need to be slapped with a big fine to they smarten them up, and then allowed to contribute to society.

    This should be a poster case of a crime that should not carry criminal penalty.
    • by joe 155 (937621)
      Well, I partly agree, but this doesn't mean that someone will get 5-10 years in prison for the crime, the judge has discresion over exactly what the sentence that is given is (I don't know how it works in the US, so this might be the same).

      Also note that people are automatically released half way through a sentence on licence anyway. So assume that some kid gets caught for this and its his first time and he was just messing about with little mallice involved he'd probably a suspended sentence tops (whi
    • Re: (Score:2, Insightful)

      by Placido (209939)
      1. 10 years will be the maximum jail sentance and the actual penalty will be subject to the discretion of the judge
      >> we're spending hundreds of thousands of dollars punishing someone who did perhaps a few thousand dollars worth of damage
      2. Your argument is completely nonsensical. Catching and punishing criminals is always more expensive than the simple monetary value of their potential damage. However if we used that argument we wouldn't bother to lock up murderers for life. The value in locking up c
    • I just had the same discussion with my girlfriend. The sentencing is ridiculously thought out, although I can see the idea of a longer (one or two years)jail sentence for a repeat or premeditated offender. Someone doing a DOS as part of a business strategy for example.

      I'm probably a bit stiffer about it than you though. I don't think it's a bad idea to make it a criminal offense. I think ranging from a stiff fine to maybe a few days or weeks in jail might be a good idea, to make the activity something k

  • Access Denied (Score:2, Interesting)

    by karlssberg (1025898)
    Does this mean that usernames/passwords are illegal??
  • by Anonymous Coward
    Damn! So now its illegal to use a script to flood a phishing site with dummy credit card info.
    Or to load the ladvampire [aa419.org] to use up the daily file transfer allowances on 419er's fraudulent "banks"....
  • Full text of the act (Score:5, Interesting)

    by user24 (854467) on Saturday November 11, 2006 @08:37AM (#16804440) Homepage
    http://www.publications.parliament.uk/pa/cm200506/ cmbills/119/2006119.htm [parliament.uk]

    "Making, supplying or obtaining articles for use in offence under section 1 or 3
    (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article--
    (a) knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3; or
    (b) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3."

    I'm now a criminal. Joe Blackhat won't care; he'll still get hold of the 'articles', but now my website which tries to teach people about responsible use of such 'articles' now makes me liable for up to 2 years in jail, plus a fine. I hate the law.
    Now I don't have to know what the tools will be used for, just that they can be used for wrongdoing.
    • by Cederic (9623)

      I had to go and read the text of the act. You're right. We're all fucked.

      I have in my pocket right now about a bootable linux distribution on a USB key. Lets hope to hell a lawyer can convince the jury that the Infosec tools on it are designed for authorised detection of vulnerabilities and not for illicit use.

    • by awol (98751)
      Actually the question of whether or not you are a criminal is a question of "fact" according to the text of the act. That is, these clauses are designed to defeat the "solicitation" and "conspiracy" defences where an actually guilty person would say "but I didn't know what it was for" or "I just [wrote|modified|acquired] the software" and allow such a person to be found guilty on a question of whether they were _to the sufficient burden of proof_ a knowing contributor to the specific offence.

      So if you don't
      • by user24 (854467)
        no, that's not it at all; section (b) covers the "if you don't go helping people" situation you're describing, but section (a) means that I will commit an offence merely by supplying articles that can be used to commit an offence.

        The articles have to be -designed- for the purpose of "any unauthorised act in relation to a computer", not -supplied- for that purpose. There's a massive difference.
    • by Minwee (522556)
      I guess that means that people like Larry Wall will be going away for centuries.
    • I didn't read the full item (RTFI...), but section 1a looks like it could be a problem for legitimate security professionals or network systems developers producing tools to mimic DOS attacks to test legitimate tools for defense or resistance to attack (such as routers or firewalls), or traffic-load/generation tools - for example, tools to exercise web sites to determine the traffic they can withstand before being put online...

  • "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system."
    Cool. Impair is a failrly broad term though. Does this mean people can be prosecuted for installing Windows onto a computer system?
    • by jc42 (318812) on Saturday November 11, 2006 @09:09AM (#16804586) Homepage Journal
      Does this mean people can be prosecuted for installing Windows onto a computer system?

      Maybe. But more likely it means you can be prosecuted for installing a browser. The only purpose of a browser is to use the bandwidth and cpu time of some other computer. That obviously interferes with anything running on that computer, impairing it for all other users.

  • First Germany outlaws denial of the Holocaust, then France outlaws denial of the Armenian Genocide, and now the UK is outlawing the denial of "Service Attacks". Sure, we all know these horrible things happened, and that service attacks occur frequently, but anyone should still be free to deny... oh wait.
  • by rHBa (976986)
    The penalties for violating the new statues are stiff, with sentences increased from 5 to 10 years.


    5-10 years for violating statues!

    I'll never be-cone a statue ever again.

    http://news.bbc.co.uk/1/hi/scotland/4264683.stm [bbc.co.uk]
  • >>Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer."

    Well - DRM restricts or impairs access to data held on a computer... especially when it's added to a file that wasn't previously encrypted (aka Zune file sharing). Hmmm....

    MadCow
  • UK DMCA? (Score:3, Informative)

    by glowworm (880177) on Saturday November 11, 2006 @08:52AM (#16804490) Journal
    I think the news.com.com summary, or the submitter's words make a poor summary.

    Here is the amended law [parliament.uk] which certainly mentions not accessing a computer you don't have rights to touch (33) and the D.O.S. clause (34).

    Specifically stated (and both need to be true) is "he does any unauthorised act in relation to a computer" and "he has the requisite intent and the requisite knowledge."

    Requisite intent as far as 34.3.2.b would be D.O.S. or hacking and Requisite knowledge is defined at 34.3.4 as doing something you know is not allowed, that is, it's not an accidental D.O.S..

    But.... Section 34.3.2.c could very well be taken as the UK's version of the DMCA. "If you attempt to defeat the lawful operation of a (DRM/WGA/SerialNumberCheck) program or provide tools (35.3a) to do such an act you face 10 years in goal".

    IANAL
    • "If you attempt to defeat the lawful operation of a (DRM/WGA/SerialNumberCheck) program or provide tools (35.3a) to do such an act you face 10 years in goal".

      I know playing in goal isn't as exciting as playing outfield, but that's certainly an unusual punishment.

  • by norfolkboy (235999) on Saturday November 11, 2006 @08:54AM (#16804500)
    When one of my websites (with over 130,000 active members) was being attacked, South Wales Police told me they couldn't do much to investigate the perpetrator because all the funds were tied up in fighting online paediaphilia.

    What's the point in making the term of sentance tougher, if there aren't any resources to investigate online crime in many UK forces?
  • by ubercam (1025540)
    Say I have an encrypted drive on my computer and its seized by the authorities? Is that not impeding access to a computer system?

    Also I totally agree with the earlier statement on REAL damage. Say a company's website is down and they sell things online. Someone who was really intent on buying something from that website will wait until its back up. Someone who was just shopping around will likely continue to do so, and the casual websurfer would pass it by, perhaps trying again later. They're really not LO
    • by glowworm (880177)

      Say I have an encrypted drive on my computer and its seized by the authorities? Is that not impeding access to a computer system?

      In the UK, Australia and New Zealand at least you are required under law to hand over your keys of you are directed to. Not doing so carries a very stiff penalty, many time more than you would get by releasing the terrorist plot in the encrypted store.

      Steganography (such as truecrypt) used with care can help you get past this law, but most people are just not qualified to run s

  • It's so vague that many misdeeds can result from its application word-for-word. For instance it may be illegal now to remove spyware from one's computer.
  • If you outlaw DoS attacks, then only outlaws will have DoS attacks.

    Won't somebody PLEASE think of the children!?
  • "Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer."

    Two words: Windows XP.
  • Sounds like it could be useful for fighting spyware too. After all, most spyware causes computers to malfunction and programs or data to become inaccessible. 10 years for CoolWebSearch and NewDotNet seems about right.
  • being a mail system admin i know all too well how much of a problem it can be when we get dvd images sent via email to the workers... they do lots of media things so they often receive marketing materials on dvd/cd...

    but sometimes when these images sit in the queue because an upstream system cannot receive them yet, the /var partition might run out of space, is that then a denial of service attack as we can no longer receive mail?

    so vague.. also the same with web servers... if people are getting images off
  • As usual with legislation from the British government (and many others), this is a dumb, badly-written law. The main problem is not so much that the authors didn't understand the technology (although they probably didn't); it is that they failed to think the alleged offense through properly. They had no doubt heard of some DOS events, which struck them as outrageous; and, as our noble lawmakers so often do, they reacted knee-jerk fashion by demanding that "something must be done!"

    When these laws bring about
  • I for one welcome our new Computer based overlords who are now by law immune to being disabled or hindered in any way....

    The stage is being set... our laws will be used against us by the machines!
  • by Opportunist (166417) on Saturday November 11, 2006 @03:46PM (#16807208)
    DOS (or rather DDOS) attacks are rarely something you do from your computer at home. You have a herd of sheep doing that for you: Computers that you infected with a trojan which are under your control, waiting for the "drop da bomb" command.

    Who's gonna feel those 5-10 years? As much as I'd love it, it won't be the people dumb enough to not even notice that their connection is at crawling speed because they're infected. That would indeed be the end of the 'net, because people would be scared to go online.

    So we're after the guy controling the botnet? HA! Good effing luck! Europol backed and "encouraged" by banks is trying to get a hand on the guys doing phishing trojans. I.e. European persecution organisations with some rather "encouraging" businesses behind them are in vain trying to crack down on some people doing essentially the same a DDOS controller would do.

    So why do you think a DDOS blackmailer who's most likely targeting "smaller" companies (read: Normal companies that don't have the executive forces of states at their fingertips) would ever be found out?

    In a nutshell, the law is pointless. Unenforceable. Yes, it's forbidden. Yes, it's against the law. Yes, people won't give a fu.., knowing that it's impossible to get caught.

    Whether a law is broken does not primarily depend on the sentence tacked to it. It mainly depends on your chances of being caught. If that chance is zero, the sentence could be worse than death and people wouldn't care.
  • Since Labour came to power in 1997, they have passed over 32,000 new statutory instruments [wikipedia.org] with over 114,000 pages of text (=205 copies of war and peace) with the resulting outcome of "creating" over 3,000 new crimes (which works out at about one a day).

    Maybe someday we'll get a government who thinks of something other than "Something wrong? Pass a new law." but somehow I doubt it

Numeric stability is probably not all that important when you're guessing.

Working...