Distributed Denial of Service Attacks
The challenges to apprehending the suspects in distributed denial of service ("DDOS") attacks are substantial. In many cases, the attackers use "spoofed" IP addresses, so that the address that appears on the target's log is not the true address of the system that sent the messages.
In the United States, a hacker who engaged in a DDOS attack would be prosecuted under the federal Computer Fraud and Abuse Act. Even more worrying are attacks on critical infrastructure (often privately owned), aimed at causing physical and economic harm to people and the economy
One longstanding principle of criminal law is that criminal punishment should be reserved only for acts that are themselves harmful. Does the criminalization of Distributed Denial of Service attacks compromise this standard? Remember that a single request for a web page is, quite obviously, not criminal, while repeated requests to make a web page inaccessible are criminal.
DDOS Attack Questions:
What distinguishes criminal from non-criminal acts here?
Is intent relevant?'
Would an attempted (but failed) DDOS attack be considered criminal?