KIIT LAW SCHOOL

DENIAL OF SERVICE ATTACK

SUBJECT: CYBER LAWS

NAME:
ROLL : 1283054
8TH SEMESTER

ACKNOWLEDGMENT
I am feeling highly elated to work on under the guidance of my Cyber Law Faculty . I am
very grateful to him for the exemplary guidance. I would like to enlighten my readers
regarding this topic and I hope I have tried my best to bring more luminosity to this topic.
I also want to thank all of my friends, without whose cooperation this project was not
possible. Apart from all these, I want to give special thanks to the librarian of my
university who made every relevant materials regarding to my topic available to me at the
time of my busy research work and gave me assistance.

RESEARCH METHODOLOGY
The method used for research is the doctrinal method and involves research in the library and on
the internet.

AIMS AND OBJECTIVES

The main aim here is to understand the concept of Denial-of-service attacks and the laws
currently in place for it.

HYPOTHESIS
The denial of service attacks are a threat to cyberspace security in whole.

Contents
DENIAL OF SERVICE ATTACK...................................................................................................1
INTRODUCTION...........................................................................................................................4
WHAT ARE CYBER CRIMES...................................................................................................4
DIFFERENT TYPES OF CYBER CRIMES..............................................................................5
DENIAL OF SERVICE ATTACKS.................................................................................................6
DISTRIBUTED DENIAL OF SERVICE ATTACKS.................................................................7
DENIAL-OF-SERVICE ATTACK:A WEAPON AGAINST PIRACY?.........................................8
LAWS REGARDING DENIAL OF SERVICE ATTACKS..........................................................11
INSTANCES OF DENIAL OF SERVICE ATTACKS..................................................................13
CONCLUSION..............................................................................................................................16
BIBLIOGRAHY............................................................................................................................17

INTRODUCTION
The advancement of technology has made man dependent on Internet for all his needs. Internet
has given man easy access to everything while sitting at one place. Social networking, online
shopping, storing data, gaming, online studying, online jobs, every possible thing that man can
think of can be done through the medium of internet. Internet is used in almost every sphere.
With the development of the internet and its related benefits also developed the concept of cyber
crimes. Cyber crimes are committed in different forms. A few years back, there was lack of
awareness about the crimes that could be committed through internet. In the matters of cyber
crimes, India is also not far behind the other countries where the rate of incidence of cyber
crimes is also increasing day by day.
In a report published by the National Crime Records Bureau report (NCRB 2011), the incidence
of cyber crimes under the IT Act has increased by 85.4% in the year 2011 as compared to 2010 in
India, whereas the increase in incidence of the crime under IPC is by 18.5% as compared to the
year 2010. Visakhapatnam records the maximum number of incidence of cases. Maharashtra has
emerged as the center of cyber crime with maximum number of incidence of registered cases
under cyber crimes. Hacking with computer systems and obscene publication were the main
cases under IT Act for cyber crimes. Maximum offenders arrested for cyber crimes were in the
age group 18-30 years. 563 people in the age group 18-30 years were arrested in the year 2010
which had increased to 883 in the year 2011.

WHAT ARE CYBER CRIMES

Cyber crimes can be defined as the unlawful acts where the computer is used either as a tool or a
target or both. The term is a general term that covers crimes like phishing, credit card frauds,
bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children
via chat rooms, scams, cyber terrorism, creation and/or distribution of viruses, Spam and so on.
Cyber crime is a broad term that is used to define criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and include everything

from electronic cracking to denial of service attacks. It also covers the traditional crimes in
which computers or networks are used to enable the illicit activity.

DIFFERENT TYPES OF CYBER CRIMES

Cyber Crimes can be categorized in two ways:
1) The crimes in which the computer is the target. Examples of such crimes are hacking, virus
attacks, DOS attack etc.
2) The crimes in which the computer is used as a weapon. These types of crimes include cyber
terrorism, IPR violations, credit card frauds, EFT frauds, pornography etc.
Denial of service Attack is an attack in which the criminal floods the bandwidth of the victims
network or fills his e-mail box with spam mail depriving him of the services he is entitled to
access or provide. This kind of attack is designed to bring the network to crash by flooding it
with useless traffic. Another variation to a typical denial of service attack is known as a
Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are
geographically widespread. Many DoS attacks, such as the Ping of Death and Teardrop attacks,
exploit limitations in the TCp/IP protocols. For all known DoS attacks, there are software fixes
that system administrators can install to limit the damage caused by the attacks. But, like Virus,
new DoS attacks are constantly being dreamed up by Hackers.

DENIAL OF SERVICE ATTACKS

Denial of Service attacks constitutes one of the major threats, which poses immense threats to the
Internet. In the present Internet has changed the way of traditional essential services such as
banking, transportation and defense being operated. These operations are being replaced by
cheaper, more efficient Internet-based applications. It is all because of rapid growth and success
of Internet in every sector. Unfortunately with the growth of Internet, count of attacks on Internet
has also increased incredibly fast.
Denial-Of-Service (DoS) is an attack targeted at depriving legitimate users from online services.
It is done by flooding the network or server with useless and invalid authentication requests
which eventually brings the whole network down, resulting in no connectivity. As a result of this,
users are prevented from using a service.
The main aim of the internet is to provide an inexpensive communication mechanism and it
accomplishing the successful goal. A Denial-of-Service (DoS) attack is not a traditional crack in
which the attacker is to gain unauthorized privileged access, but it can be just as malicious.1 The
target of DOS attack is inconvenience and these types of attacks are easy to launch. Denial of
service is about without permission of service knocking off service. DDOS attacks are difficult to
stop because they can be coming from anywhere in the world2.
A DoS attack is initiated by sending needless and superfluous messages to the server/network for
authentication of requests having invalid return addresses. The server/network, when unable to
locate the return address for sending authentication, waits for a long time and gets stuck before
the connection closes. Upon the closure of connection, the attacker once again starts sending
more messages with invalid return addresses for authentication to make the server/network
undergo the complete process again. The server/network gets stuck and remains busy, causing
the service interruption for other users.

1 J.Howard, and T. Longstaff,a common language for computer security incident

2 Jake Stein, DoS Attacks Trend Toward Politics

Unlike other security attacks, DoS attacks usually do not aim at breach of security. Rather, they
are focused on making websites and services unavailable to genuine users resulting in loss of
time and money. These attacks can last many days, jeopardizing the image of an organization and
causing revenue loss towards compensation to users for unavailability of services at the time of
an emergency.
DoS attacks can be of various types depending on the outcomes. Some examples are Smurf
attack, Ping flood, Ping of death, Teardrop attack, Email bomb, etc. Also, the motive of these
attacks could be many, including extortion, personal rivalry, cyber warfare, business competition,
etc.
Although there is not much that can be done to stop these attacks, some basic prevention steps
that can be taken include monitoring the traffic for abnormalities, keeping security definitions
up-to-date, and being aware of the latest threats via social platforms.3

DISTRIBUTED DENIAL OF SERVICE ATTACKS

Sometimes, a perpetrator may use a Trojan Horse to deliver a DoS program to various computers
that may initiate a DoS attack at a pre-defined date and time, on a predefined target. Thus, the
target computer may be simultaneously attacked by thousands of computers and none of the
owners of those attacking computer systems may have any inkling that they are participants in a
Dos attack. Such an attack is known as a distributed denial-of-service (DDoS) attack.
To evade detection, advanced bot herders route infected computers through rendezvous points,
rather than issuing marching orders to the network directly. Domain name generation algorithms
(DGAs) help conceal the address of the rendezvous point, essentially burying it under a tidal
wave of auto-generated domain names (as many as 50,000 per day). The volume can be so great
that websites have temporarily shut down as a result of the surge in traffic that occurred when a
DGA happened to spit out their domain name.
As authorities caught on to the scheme, hackers developed more complicated DGAs. For
example, INTERPOL recently came across one designed to churn out unintelligible domain
names based on the most recent foreign exchange rates from the European Central Bank.
3 http://economictimes.indiatimes.com/definition/denial-of-service-attack

INTERPOL has been working with the Internet Corporation for Assigned Names and Numbers
(ICANN), the non-profit responsible for overseeing the internets domain name structure, to
prevent these abuses.

DENIAL-OF-SERVICE ATTACK:A WEAPON

AGAINST PIRACY?
Along with all the legal maneuvers which were devised by record companies, its bete noir,
technology seemed to be its savior as well. Record companies had earlier used unsophisticated
ways such as mislabeling files to masquerade as songs on p2p networks. However, these
measures only proved partially successful and if people were persistent they would find what
they were looking for. With time the tactics have become more elaborate and sophisticated. The
latest in technological tactic which has been employed by content owners is a denial of service
attack (DOS). A DOS attack (to use Al Gores analogy) is the internet equivalent of bursting the
pipes. It is done by flooding the server with more data requests than it can handle.
This model was implemented by engaging content watchdogs which scanned the internet for
links to these torrented files. Then the watchdogs prepared and sent mass take down notices to
the websites hosting links to the torrented files. If the website owner failed to respond to them,
the watchdog would turn into a bloodhound launching a DOS attack against the website. This
model is not the monopoly of the MPAA and is being used extensively by Bollywood production
houses who have sub-contracted it to firms such as Aiplex Software and Anti Piracy LLC.
Recently DOS attacks have been used by, Aiplex alone securing over thirty releases, including
big-ticket ones like My Name is Khan, Ishqiya and Housefull.
Now it is important to remember that several of these websites did host links which facilitated
the mass piracy of copyrighted content. Let us presume that they received valid take down
notices and even failed to comply. However, did it entitle content owners to launch DOS attacks
on the websites knocking them off the grid? And was it even legally permissible? The point of
commencement for this discussion is the Indian system of intermediary liability which is
contained under Section 79 of the Information Technology Act, 2000 (as amended in 2008). The
amended section has been discussed threadbare on several posts on the Spicy IP blog (they even

have a take on the present topic which can be accessed here). However, the only point relevant to
our discussion is the existence of a notice and takes down regime. Section 79, does incorporate
facets of, a notice and take down regime since it expressly notes, in Section 79(3)(b) that the
protections will not apply if the intermediary fails to, on actual knowledge expeditiously
remove the link, or disable access. However, Section 79 misses out on the specifics, and they
are missing from the statute books. This is contrary to the approach which has been followed in
the DMCA, which expressly provides the appointment of a DMCA agent, a notice and take down
procedure with limits as to time (comes handy when you think how much time constitutes
expeditiously), counter-notification procedure, etc.. Zeroing on this the available legal
literature on Internet Intermediary liability in India is though being incredibly diverse, agrees on
one thing, the language in Section 79 is ambiguous and its effect is uncertain.
This ambiguity, the absence of definitions and procedures in part promotes a DOS attack. It is
unreasonable equally on content and link hosting websites who do not have a brightline rule as
well as content owners who are to wait on their enforcement till rules are enacted for a notice and
take down procedure. It promotes conflict and it promotes private enforcement through extrajudicial processes. Why file a court action based on ambiguous statute when you can handle
such matters more efficiently. Sample what Mr. Girish Kumar, MD, AIplex Software has to
say about the next step to a copyright infringement notice, How can we put the site down? The
only means that we can put the site down is by launching a denial-of-service attack. Basically we
have to flood the site with millions and millions of requests and put the site down.
This launch of a Denial of Service attack on a moral plane is certainly not proportional, as it goes
beyond disabling the infringing link to the entire website. Even if one reasons that this is the only
possible technical solution, it is clearly illegal. The violation of the copyright provides a content
owner a remedy under law and a DOS attack is not one of them. Of course an anton pillar order
cannot be enforced against a website hosted in Sweden by Russian nationals and the remedy is a
paper tiger, the failure of the remedy should not birth the right to a wrong. DOS as a cyberwrong
is clearly provided under Indian statute with Section 43(f) clearly prohibiting it by stating that,
any person who, denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means; shall be liable.

Society often does not the see the immediate effects of vigilante justice and it even often tacitly
approves them. Vigilante justice is seen as a quick and dirty way of taking care of business.
However, it does have serious effects as to promoting lawlessness itself. These are not
philosophical pronouncements but the analysis of the current controversy itself. Due to the
actions of Aiplex, a group of persons who usually congregate around message boards such as
4Chan and go by the meme of Anonymous have started launching coordinated DOS attacks on
media watchdogs themselves. Operation Payback as it is called, seems planned and well
coordinated. Its ideology and rationale appear compelling and it can be gathered from its
propaganda poster. This all looks like a destructive cycle which will be stuck on repeat. At the
end of the day it will invite more attention to the open architecture of the internet and there will
be a general crackdown on the protocols and technology which allows anonymity.
Evaluating the present situation if one if to allocate blame, one would easily allocate more to the
content owners than website owners. Content If you set the instance in Bhagalpur the content
owners would be the acid pouring policemen and the website owners would be the lawless
criminals. It is important to consider that content owners who have organized these DOS attacks,
though may be suffering a legal injury are large corporations claim to be model citizens. It does
not befit their stature, reputation and legal obligations to engage in DOS attacks. Finally, in a day
an age where copyright has become a more of a topic for debate than a provision of law, when it
is generally suffixed by reformer and enforcer and it is the subject of constant demands for
revision by any interest group the use of a DOS attack is not only legally but also morally
indefensible.

LAWS REGARDING DENIAL OF SERVICE

ATTACKS
Cyber Crime is not defined in Information Technology Act 2000 nor in the I.T. Amendment Act
2008 neither in any other legislation in India. In fact, it cannot be too. Offence or crime has been
dealt with elaborately listing various acts and the punishments for each, under the Indian Penal
Code, 1860 and quite a few other legislations too. Hence, to define cyber crime, we can say, it is
just a combination of crime and computer. To put it in simple terms any offence or crime in
which a computer is used is a cyber crime. Interestingly even a petty offence like stealing or
pick-pocket can be brought within the broader purview of cyber crime if the basic data or aid to
such an offence is a computer or an information stored in a computer used (or misused) by the
fraudster. The I.T. Act defines a computer, computer network, data, information and all other
necessary ingredients that form part of a cyber crime, about which we will now be discussing in
detail. In a cyber crime, computer or the data itself is the target or the object of offence or a tool
in committing some other offence, providing the necessary inputs for that offence. All such acts
of crime will come under the broader definition of cyber crime.
Chapter IX dealing with Penalties, Compensation and Adjudication is a major significant step in
the direction of combating data theft, claiming compensation, introduction of security practices
etc discussed in Section 43, and which deserve detailed description.
Section 43 deals with penalties and compensation for damage to computer, computer system etc.
This section is the first major and significant legislative step in India to combat the issue of data
theft. The IT industry has for long been clamoring for legislation in India to address the crime of
data theft, just like physical theft or larceny of goods and commodities. This Section addresses
the civil offence of theft of data. If any person without permission of the owner or any other

person who is in charge of a computer, accesses or downloads, copies or extracts any data or
introduces any computer contaminant like virus or damages or disrupts any computer or denies
access to a computer to an authorised user or tampers etc, he shall be liable to pay damages to the
person so affected. Earlier in the ITA -2000 the maximum damages under this head was Rs.1
crore, which (the ceiling) was since removed in the ITAA 2008.
The essence of this Section is civil liability. Criminality in the offence of data theft is being
separately dealt with later under Sections 65 and 66. Writing a virus program or spreading a virus
mail, a bot, a Trojan or any other malware in a computer network or causing a Denial of Service
Attack in a server will all come under this Section and attract civil liability by way of
compensation. Under this Section, words like Computer Virus, Compute Contaminant, Computer
database and Source Code are all described and defined.
The Indian Penal Code, 1860: Normally referred to as the IPC, this is a very powerful
legislation and probably the most widely used in criminal jurisprudence, serving as the main
criminal code of India.
Enacted originally in 1860 and amended many time since, it covers almost all substantive aspects
of criminal law and is supplemented by other criminal provisions. In independent India, many
special laws have been enacted with criminal and penal provisions which are often referred to
and relied upon, as an additional legal provision in cases which refer to the relevant provisions of
IPC as well.
ITA 2000 has amended the sections dealing with records and documents in the IPC by inserting
the word electronic thereby treating the electronic records and documents on a par with
physical records and documents. The Sections dealing with false entry in a record or false
document etc (eg 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have since been
amended as electronic record and electronic document thereby bringing within the ambit of IPC,
all crimes to an electronic record and electronic documents just like physical acts of forgery or
falsification of physical records.
In practice, however, the investigating agencies file the cases quoting the relevant sections from
IPC in addition to those corresponding in ITA like offences under IPC 463,464, 468 and 469 read

with the ITA/ITAA Sections 43 and 66, to ensure the evidence or punishment stated at least in
either of the legislations can be brought about easily.

INSTANCES OF DENIAL OF SERVICE ATTACKS

In 1990 the famous pop star Tina Turner had her world tour for her album Foreign Affair.
She had her show on Sunday, July 29, at Woburn Abbey, Woburn, United Kingdom. Pepsi
sponsored that show and offered free tickets for the same. To get a free ticket, people had to dial
a telephone number 02722M72?, in which two numbers were wildcards. These two wildcard
numbers were avail-able on Pepsi soft drink cans. One had to buy the Pepsi soft drink to find the
missing numbers. The telephone lines for getting the free ticket opened a few days before the
show at 6:00 Pd.1. There were many numbers to call; however, all numbers were of an operator
in Bristol in the United Kingdom. On that day, when the window opened, everything was normal
until 5:59 PM. Things started worsening as time progressed. At 6:15 PM the telecommunications
network in and around Bristol were clogged. At 6:15 PM, only 50 calls were successful and
200,000 calls were lost.
This is a case of DoS, where no one could make a telephone call to anyone around Bristol
city. A similar situation happened in India on Friday, September 6, 2002, when the first reality
TV show Kann Banega Crorepati was launched and viewers sitting at home could participate in
the show using SMS. Kaun Banega Crorepati was the Indian adaptation of the popular English
TV quiz show, Who Wants to Be a Millionaire? Within minutes of the start of the show at 9:00
PM, the GSM network in India was clogged and calls could not mature.
In a DoS attack the miscreant creates a situation such that a legitimate service is
unavailable or unusable. The service could be any service; however, we generally mean network
services such as telecommunications services or services over the Internet. It could be simply

that a bank ATM machine is unusable because someone has stuck chewing gum in it. For the
Internet, it means not being able to access an e-commerce site or a Web site. In case of a
telecommunications network, DoS happens when there is a flooding of the network. If an
application software or system breaks due to some security attack resulting in the application or
system being unavailable, it is also a DoS attack. Because adversaries are concerned only with
causing a jam by consuming bandwidth and resources so that a legitimate user cannot access the
system, the need not worry about properly completing handshakes and transactions. Rather, they
wish to flood the victim's computer with as many packets as possible in a short period of time. To
prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS be as difficult as possible
Some more cases of DoS attacks are.
(i) Nov 1988 - the Morris worm, written by Cornell CS grad student Robert Morris, was the
very first significant DoS attack. Morris put roughly 5000 machines out of commission
for several hours.
(ii) Mar 1998 - Attackers exploited a problem with Windows NT servers, and successfully
drove thousands of NT stations, including ones at NASA, MIT, the U.S. Navy, and UC
Berkeley, offline. This DoS attack led to the formation of the FBIs Infrastructure
Protection and Computer Intrusion Squad, better known as the Power Rangers.
(iii)

Feb 2000 - DDoS attack caused shutdown of Yahoo, eBay and Amazon for a few
hours.

(iv) Jan 2001 - First major attack involving DNS servers as reflectors. The target was
Register.com.
(v) Feb 2001 - The Irish Government's Department of Finance server was hit by a denial of
service attack carried out as part of a student campaign from NUI Maynooth.
(vi) May 2001 - Worm Code Red was supposed to attack White House website.

(vii)

Oct 2002 - Attackers performed DNS Backbone DDoS Attacks on the DNS root

servers and disrupted service at 9 of the 13 root servers. Aug 2003 - Worm Blaster
attacks Microsoft web pages.
(viii)

Jan 2004 - MyDoom attacked 1 million computers.

(ix) Feb 2007 - Attackers performed a second set of DNS Backbone DDoS Attacks on the
DNS root servers and caused disruptions at two of the root servers.
(x)

April-May 2007 - A spree of denial-of-service attacks against Estonia's prime

minister, banks, and less-trafficked sites run by small schools.4

(xi)

July 2008 A DDoS attack directed at Georgian government sites containing the
message: "win+love+in+Rusia" [sic] effectively overloaded and shut down multiple
Georgian servers. Websites targeted included the Web site of the Georgian president,
Mikhail Saakashvili, rendered inoperable for 24 hours, and the National Bank of
Georgia.

(xii)

Mar - Apr 1, 2009 - Cloud computing provider GoGrid is hit by a "large,

distributed DDoS attack," which disrupts service to about half of its 1,000 customers."
(xiii)

Mar 31, 2009 - A DDoS attack knocks UltraDNS offline for several hours.

(xiv)

April 2-5, 2009 - Domain registrar Register.com is hit with a DDoS that causes

several days of disruptions for its customers.

(xv)

Apr 6-7, 2009 - Customers of The Planet are hit by web site outages as a

result of a DDoS aimed at the huge hosting company.

(xvi)

June 2009 - The famous P2P site known as The Pirate Bay was rendered

inaccessible due to a DDoS attack.

4
http://www.computerworld.com/s/article/9019725/Estonia_recovers_from_massive_DDoS_attac
k

(xvii)

June 2009 - Iranian election protests, foreign activists seeking to help the

opposition engaged in DDoS attacks against Iran's government. The official website of
the Iranian government was rendered inaccessible on several occasions. Critics claimed
that the DDoS attacks also cut off Internet access for protesters inside Iran; activists
countered that, while this may have been true, the attacks still hindered President
Mahmud Ahmadinejad's government enough to aid the opposition.

CONCLUSION
The impact of DoS attacks can vary from minor inconvenience to use of a website, to serious
financial losses for companies that rely on their on-line availability to do business. DoS attacks
generally occur basically in improper system design, insufficient resource.
Cyberspace has emerged as a major new environment for political and military competition and
would necessitate political and military intervention to protect economic and informational
interest vital for national security. The challenges for military in the era of on-line connectivity
and information flow are unique and require a great amount of coordination among the nations.
The challenges get enhanced as cyberspace does not strictly confine itself in military domain and
encompasses civilian activities to a great extent. However, governments of many countries are
reacting typically to these challenges by expanding their cyber warfare capabilities, yet the
politico-military vision that would undermine these efforts are mostly vague and riddled with
definitional inconsistency. A joint civilian defence cooperation including public-private
partnership and consensus amongst all nations is required to defend the cyberspace in the
interests of national security and international stability. Cyberspace should be guided and
constrained by political norms and ethical values. Neither the military nor the technological

perspective can substitute the strategy for building-up trust and stability for safeguarding
international peace and harmony.5 To sum up, though a crime-free society is Utopian and exists
only in dreamland, it should be constant endeavour of rules to keep the crimes lowest. Especially
in a society that is dependent more and more on technology, crime based on electronic offences
are bound to increase and the law makers have to go the extra mile compared to the fraudsters, to
keep them at bay. Technology is always a double-edged sword and can be used for both the
purposes good or bad. Steganography, Trojan Horse, Scavenging (and even DoS or DDoS) are
all technologies and per se not crimes, but falling into the wrong hands with a criminal intent
who are out to capitalize them or misuse them, they come into the gamut of cyber crime and
become punishable offences. Hence, it should be the persistent efforts of rulers and law makers
to ensure that technology grows in a healthy manner and is used for legal and ethical business
growth and not for committing crimes.

BIBLIOGRAHY
1) "International Strategy for Cyberspace" (PDF). The White House. 2011
2) Damiano Bolzoni and Sandro Etalle. Boosting web intrusion detection system by inferring
positive signature. In OTM Conference (2), pages 938-955,2008.

5 Journal of the United Service Institution of India, Vol. CXLI, No. 586, October-December
2011.