As someone in the gaming market, I experience DDoS attacks on a regular basis. While there are numerous “solutions” this problem is still far from solved.
Legal problems
A person that was attacking us on a almost daily basis was really getting on our nerves. We had many clients complain and also lost out on a good amount of profit due to our services being inaccessible for even short periods of time.
Luckily for us, most of these criminals are often young and not the smartest people around. He regularly posted photos of our website being offline in the discord group where he was selling his services and also leaked out his personal information online at numerous places due to previous endeavors. I decided it was enough and filed a police report. Our government is modern enough to have a page to say cybercrime and DDoS are illegal, but have no official way of reporting them without talking to someone who has no idea what you are talking about.
*cue long wait*
After multiple months, I finally got a call back from the central police station asking for more information which I happily submitted.
Then I got another call, “Since we are highly understaffed we have dropped your report, please let us know if you need anything else”.
Is this what i pay my taxes for (spoiler: no)?
I have lost hundreds if not in the thousand of euros due to these attacks, but they don’t think that’s enough value to start a valid case even though the attacker gave in to them that he did indeed attack us and numerous others.
The person on the phone offered to go and talk to the attacker (for which we had a phone number and address) which i reluctantly agreed to.
Fun fact: A lot of cyber criminals get offered a job at the government after they get caught.
Fun fact: A lot of cyber criminals get offered a job at the government after they get caught. One might say executing ddos attacks is a easier way to get a well-paying job than just applying. To be completely fair i wasn’t expecting much of our legal system. We had the minesearch case a while back where a very active booting site was taken down and the owners arrested after their personal information was online for years. The owners of this site were allowed out of police custody within days of being caught.
Luckily most of the ddos activities from that person seemed to have stopped there, but he was just one of many and the fight is far from over.
Tldr; Our legal system is not built to tackle cybercrime. Cybercrime is an ongoing issue that will only grow with time and will be immensely disruptive to future businesses and governments in any sector and will definitely need solving on a technical and legal level.
Please share your thoughts below. I love hearing other people’s experiences with this problem. Please note that this post is talking about my experience in the Netherlands. I have heard that a small amount of other countries are doing a better job at keeping up with the modern world.