Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Book Reviews

Recent reviews from Slashdot readers:

Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus

Comments: 108 +-   Sweden to Make Denial of Service Attacks Illegal on Monday February 19 2007, @05:30PM

Posted by ScuttleMonkey on Monday February 19 2007, @05:30PM
from the play-nicer dept.
court
government
internet
news
paulraps writes "Sweden is to pass legislation making Denial of Service attacks illegal. The offense will carry a maximum jail term of two years, and is thought to be a direct response to the attack which crashed the Swedish police's web site last summer. Nobody was charged for that, but the fact that it came shortly after a raid on the Pirate Bay's servers was thought by many to be not entirely coincidental. Sweden's move follows the UK, which is even tougher on web attackers — there the sentence can be over five years in prison."
story

Related Stories

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sweden to Make Denial of Service Attacks Illegal 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • So does this mean that they're gonna arrest Taco, Zonk and Co.?
    • So does this mean that they're gonna arrest Taco, Zonk and Co.?

      It's worth a try!

      *cough* [sweden.gov.se] :)
      • The difference between Slashdot and digg is that there have been surveys showing that most people digg stories without even reading them. Also, considering that digg has hundreds of stories per day and Slashdot has about three to five, there are a LOT more stories on digg to distribute all that traffic. I'm willing to wager that the Slashdot effect is still worse than the digg effect, and will be until digg is a large factor larger than Slashdot.
          • Probably the news was on Digg earlier, resulting in a massive influx of visitors. You say that Slashdot was responsible for less visitors, but maybe that was because some Slashdot readers had already seen the story (hours) earlier via Digg?

            It would be interesting to see how many people regularly visit both sites. I think that people who often check Digg, will RTFA even less often than regular /. users, because Digg often has stories faster (or so I am told, I myself only visit Slashdot).
            • Your surely not trying to claim that people read digg for the comments..? The mind boggles!

              I would have thought you'd have a higher percentage of people RTFAing on Digg, simply because there isn't really anything else they'd want to do there Certianly applies to all (five or so) people I know who visit Digg.
  • As most of the time DOS attacks are performed from outside the country, and therefor outside its juridiction, I doubt they'll even invoke it in court.

    • Re:Mostly pointless... (Score:5, Interesting)

      by Xemu (50595) on Monday February 19 2007, @05:45PM (#18073996) Homepage
      As most of the time DOS attacks are performed from outside the country, and therefor outside its juridiction, I doubt they'll even invoke it in court.

      This law will allow the police to obtain the identity of the person using the IP address that is used for the DOS attack, even if this DOS attack is directed from Sweden to the outside world. I am sure there is a large amount of political pressure from the US in this matter and Swedish politicians are easy to intimidate.

      It is important to note that the sentence term of 2 years was not chosen at random. When a crime carries this sentence as a possiblity, the Swedish police gets greater powers to use surveillance, wiretapping and raids to secure evidence such as the identity of person using a specific IP address.

      In fact, this is also why thePiratebay.org exists and is so successful - since file sharing carries a sentence which is usually much less than 2 years, the police are not allowed to raid or subpoena the ISPs for the identity of the person that is using a specific IP address. (The Swedish MPAA aka APB have treid hard to get a criminal conviction for file sharing for this reason.)

      • Re:Mostly pointless... (Score:5, Informative)

        by sr180 (700526) on Monday February 19 2007, @08:01PM (#18075708) Journal

        In fact, this is also why thePiratebay.org exists and is so successful - since file sharing carries a sentence which is usually much less than 2 years, the police are not allowed to raid or subpoena the ISPs for the identity of the person that is using a specific IP address. (The Swedish MPAA aka APB have treid hard to get a criminal conviction for file sharing for this reason.)

        No. The pirate bay exists because its not illegal to link to illegal copyrighted material in Sweeden. The pirate bay doesnt share illegal material, just torrent files, which are essentially a link to where the material actually is.

        • If you link to copyrighted material but do not host it, you're an accessory to the crime of illegally distributing the material. Story (in swedish) [www.svt.se], the actual document (pdf, swedish) [svt.se].

          The problem with prosecuting the Pirate bay is that someone must be found guilty of a crime for another to be guilty of being an accessory to thet crime. The users of Piratebay are not suspected of a crime carrying a sentence of two years or more, meaning the police can't get their IP numbers, meaning they can't be charged wi

      • A very common form of DDoS attack is a SYN flood where the source IP in the packets is NOT the IP of the bot being used.

        Last time someone had a go at our servers, the forged IPs traced back to well known locations which obviously weren't the real source (mostly US government labs like LLNL and Sandia).

        I see a risk here where DDoS is used specifically to frame the real owner of an IP.

        In any event, a moderately competent hacker will use a botnet which is managed using wardriving sessions, or from a server in
      • When a crime carries this sentence as a possiblity, the Swedish police gets greater powers to use surveillance...

        So, wait. The _objective measurement_ of the severity of the crime (i.e. the level of police response required) is tied to the _possible sentence_ it can carry? While in theory this shouldn't be a problem, since the sentence should reflect the harm done by the criminal, that kind of stipulation has _ludicrous_ potential for abuse.
        • Please explain.

          I honestly think the system is pretty sane. They can not search my house, even if I'm suspected of shop lifting. They can, however, search the house of the drug dealer living down the road. Somewhere the line has to be drawn, and if it has to be drawn, there has to be some way of figuring out which side any particular case should end up on. They've chosen the penalty of the crime the suspect is suspected of. Care to come up with a better measurement?

          And by the way, I live in Sweden, if that's
          • Man, I just gotta say, I'm impressed with the overall sanity of your legal system compared to ours (U.S.). 2 years is a perfectly reasonable sentence. I can't find the links, but I seem to recall seeing many bills announced on slashdot with completely disproportionate sentences. Hell, Kevin Mitnick comes to mind...
      • It is important to note that the sentence term of 2 years was not chosen at random. When a crime carries this sentence as a possiblity, the Swedish police gets greater powers to use surveillance, wiretapping and raids to secure evidence such as the identity of person using a specific IP address.

        Also, if you catch someone in the act of committing, or appearantly fleeing from the scene of crime of, a crime that carries a maximum penalty of more than two years, you may make a "citizen's arrest", that is grab a
  • Oh, that will solve it. Just make it illegal, and end of problem. Yeah, right. Until you can track, smash their computer toys in front of their eyes, empty their bank accounts, and lock them away for a good number of years, passing all the laws in the world is simply feel-good do nothing crap. And two years max isn't nearly enough!

    Breaking their fingers is a good thought as well.

    • How do you suppose they'll handle compromised systems, proxies, or VPNs? If I root someone else's system and am knowledgeable enough to cover my tracks how do they propose to track me down? The FP also mentioned the Slashdot effect. How do you think they could handle a network of web pages which, when visited, all make requests from the targetted server (similar to pay-per-click scamming)?

      • Re: (Score:3, Insightful)

        by suffe (72090)
        They are politicians, why should this bother them? They'll just leave the problem solving to someone else. And as everyone knows, the legal system will only use the new powers to do good when it is evident that the found person is in fact the culprit. No one ever interpreted a law by its words rather then by its intention, did they?
        • "They'll just leave the problem solving to someone else."

          Uhmmm...No.

          Sen. Ted "The Tubes" Stevenson is all over the 'internets' with his trucks.
          And he STILL is not getting his internets on a timely basis, but he'll keep those trucks humpin' up the tubes!
      • Same situation as just about any crime. Just because some people will be smart enough to carry out tax fraud, doesn't mean there's no need for laws against it.

        At least making it illegal will hopefully catch the sloppy operations and make the angry geek at home think twice about attacking a site.

        The pay-per-click scamming is an interesting point. My old site was getting forum spammed in to oblivion by the old UMAXPPC search sites. Would have been nice at the time if there was legal recourse since the sites w
        • What percentage of denial of service attacks on Swedish computers do you suppose actually occur within Sweden?
          It's a political feel-good law. The Swedish government can say "We're getting tough on this" without much worry that they'll have to bother prosecuting anyone.
          • What percentage of denial of service attacks on Swedish computers do you suppose actually occur within Sweden?

            No idea in all honesty. At least if someone decides to carry out a major DoS attack on a Swedish server, there is the possibility of extradition.
    • Alot of people still see DOSing, cracking etc as being not "real crimes" because they happen in cyberspace.

      As the internet continues to be extended to provide vital services (including access to emergency services etc), making denial of service illegal makes sense.

  • Good luck enforcing it and finding the C2 to punish the right person. I know my clan's site has had to move hosts a few times due to DDoS attacks, especially when the last one was pushing 10 Gb/s
  • It damn well SHOULD be illegal, but unfortunately making it illegal isn't going to accomplish anything. Look at marijuana, it's illegal but everyone does it anyways. It will be unenforceable.
    • If you wander in to a bar or take a walk in to town, how many smokers do you see wandering around smoking Marijuana? Sure, you'll find some but the fact that there aren't that many around would suggest one of two possibilities.

      1) The vast majority of smokers don't like marijuana, they prefer tobacco.

      or

      2) The vast majority of smokers don't smoke habitually marijuana because it's illegal. This could be because they don't want legal hassle or perhaps they can't easily buy it.

      Even if you can't eliminate a crime
        • It's true that DoS techniques could go further underground but a stand has to be taken somewhere. The alternative is to allow state-sanctioned vandalism and blackmail.

          Virus writing is a relatively underground past-time but we can still examine the techniques used and improve our defences. My main hope with the law is that it'll deter the "me to" script kiddies who are looking for a few minutes of notoriety.

          You're right that this won't stop all of them. The big boys who have real gains to make from these att
        • People tend to avoid smoking marijuana in bars and on the street because it's illegal. It's the same reason why I carry out all my murders at home. There are fewer witnesses around.

  • Pointless (Score:4, Insightful)

    by forgoil (104808) on Monday February 19 2007, @05:39PM (#18073874) Homepage
    Take a quick look at everything that is illegal in Sweden, take a look at all the laws (seriously, do), and I can tell you that this doesn't really make a difference. Just because you make something illegal doesn't mean it will go away, something they refuse to realize in this country of mine...

    • Re: (Score:3, Insightful)

      by susano_otter (123650)
      I don't think laws are about preventing crime, so much as they are about setting up a "payback" system for crime.

      I think of it this way: You take something from society, you should give up something of your own in exchange. Ideally, you should give up something that pays society back in exchange for what you took, but in practice this is difficult to manage. (However, in America at least, we do have civil courts for people who want to try to get paid back in this way.) Instead, societies over the years ha

  • Too bad (Score:4, Insightful)

    by cdrguru (88047) on Monday February 19 2007, @05:44PM (#18073968) Homepage
    Too bad they don't understand that the Internet is a consequences-free zone.

    You can do just about anything on the Internet and are safe from prosecution. Why? Because the Internet crosses international borders and we all know that international law enforcement is just about impossible. No two countries have the same laws, the same penalties or even agree that the same things are criminal acts.

    So, Sweden can pass all the laws they want to, but it will have no effect unless every country on the planet agrees that DDOS attacks are a criminal act with at least two years in jail being an appropriate penalty this will have no effect.

    What is likely to happen is they will track some stupid show-off bragging script kiddie to Canada where it will be declared that they aren't going to extradite because it would bruise the delinquents ego. Or, the perp will be tracked to Romania where the response will be "So?"

    Under the right circumstances, the US would probably even shield a perpetrator.

    No, unfortunately for many people the Internet is destined to remain consequences-free for a long time to come.

  • My rights online! (Score:5, Funny)

    by anthony_dipierro (543308) on Monday February 19 2007, @05:44PM (#18073974) Journal
    Geez, so now it's illegal in Sweeden to crash people's websites! What's gonna be next, a law against blowing up mailboxes?

  • So... (Score:3, Interesting)

    by TCM (130219) on Monday February 19 2007, @05:46PM (#18074010)
    ...does that mean it wasn't illegal up until now? That's actually more surprising to me.

    • It has been illegal, just not in the same sense as it now will be, as now it will be covered by the law regarding computer intrusion. The DDoS attacks against the police's website last year were filed under "taking the law into one's own hands" (egenmäktigt förfarande). Which is a bit nebulous of a category for it.

      I am very sceptical that this law will have any real effect. Just some sable rattling to give an illusion that the government is in control of these things.

  • seems reasonable (Score:4, Interesting)

    by DM9290 (797337) on Monday February 19 2007, @06:02PM (#18074264) Journal
    This seems like a very reasonable maximum sentence. I am sure I can get 2 years for interferring with someones lawnmower or hairdrier in most jurisdictions. So I'm not sure this is even newsworthy. In fact.. I'm quite suprised this isn't already included in some kind of mischeif law thats already on the books and has been on the books for the past 500 years.

    Its basically always been illegal to screw around with someone elses machinery.

  • Punishment... (Score:4, Interesting)

    by xaoslaad (590527) on Monday February 19 2007, @06:10PM (#18074356)
    People who get charged with DUI's and other more grievous crimes don't even necessarilly end up in prison for the first offense. Sending people to prison for over 5 years for taking down a website is absurd. It's something that should probably be dealt with via stiff fines. In most cases it's just a frikkan' website. In most cases no ones life or well-being rely on it... perhaps a separate more severe punishment like prison time could be reserved for those public service type sites that might exist with a greater purpose...

    At least the 'maximum punishment' of 2 years they are seeking does not seem too severe. If that maximum sentence isn't abused, and used only for those repeat offenders who just don't learn it seems alright...
    • Mod parent up. You can beat someone senseless and get a year or less in jail, but send to many requests to a computer and you get two years. It's senseless and probably has roots in the same hysteria that drove the Salem witch trials (something unknown/arcange/magical from the perspective of the law makers).
  • I think they mean they're making DDOS attacks more illegal. I can't believe that such destructive behavior was previously legal, nor do I believe that merely passing a law will have the slightest effect on reality. I mean, I'm frequently amazed at how stupidly U.S.-centric our Congress is when it passes laws regarding Internet crime, but I guess such thinking isn't limited to just our government. Practically speaking, such a law is likely to encourage more and more damaging attacks, just to show how ineffe
  • ... we can no longer use the term "the server is borked".

  • More importantly (Score:3, Informative)

    by denoir (960304) on Monday February 19 2007, @07:33PM (#18075452)
    What is just briefly mentioned in the article is that conspiracy to make a DOS attack will be punishable. It seems like a very vaguely defined crime and because the tough sentences it would give the police search warrants way too easily. Technically to be a suspect all you need to have is a computer - what else kind of evidence could there be before an attack is actually committed?
  • How about a MINIMUM of two years in prison?
  • Aren't DoS attacks already illegal by way of tort law?
  • They're not illegal already ?
    Don't they fall under some sort of Don't be an asshole common-law ?
  • The attack on the police homepage was nothing but a very simple javascript function on a HTML page, constantly reloading a large JPEG on www.polisen.se. The URL was then spread on a large discussion forum (namely flashback), which made everyone upset with the piratebay raid contribute to bringing down the site. Good luck charging thousands of people with broadband connections for visiting a webpage.
  • Make it illegal, so people stop doing it. Why didn't anyone ever come up with the idea of making Terrorism illegal, then we'd have saved a TON of money and quite a few people would've saved their lives, for example by not going to Iraq?

    What do you mean, it doesn't work? It has to, or they wouldn't pass a law making a DDoS illegal. Or do you mean they would pass an unenforceable law, because

    a) DDoSs are by their very definition international
    b) Drones are used that don't even know they participate
    c) Finding a
      • So you think I should no laugh about that law that some county in California (I think) has which makes it illegal (and can get you fined for up to 500 bucks) to detonate a nuclear device within city limits?

        Personally, I find this law ridiculous. But when you put it that way, it suddenly becomes very sensible and sane.
    • IKEA is an abbrevation for Ingvar Kamprad Eltmaryd Agunnarryd (the first two are the names of the founder and the two second are the name of the farm he grew up at and the parish of said farm). IKEA is not a word in Swedish.
Search
The man who raises a fist has run out of ideas. -- H.G. Wells, "Time After Time"

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.