Proposed legislation: Will dDoS be legal in Russia in the future?
The overload attacks are currently punishable by law – but there are to be exceptions in future. Many western companies would be affected.
(Image: Shutterstock.com / Gorodenkoff)
The Russian Ministry of Digital Development is hiding a legalization of certain dDoS attacks in a package of measures to combat cybercrime. The draft law is currently being coordinated with authorities and industry representatives and contains several dozen new measures.
Distributed denial-of-service attacks (dDoS) have been one of the biggest problems for internet providers and website operators for decades. In these attacks, which have now swelled to terabits of data, cyber criminals or activists disable web servers, apps, or other services by flooding them with packets. Criminals use dDoS for blackmail, while Russian groups such as Noname057(16) also use it to express their support for the war of aggression against Ukraine.
Target forbidden? dDoS allowed!
In the future, they may be able to do this with the blessing of the Russian judicial system if they choose their targets accordingly. In the “Fraud Prevention 2.0” package (Russian: “Антифрод 2.0”), dDoS is to be subject to severe penalties of up to two million roubles in fines, eight years' imprisonment and between one and three years' disbarment. Article 272.2 is to be added to the Russian Criminal Code for this purpose, reports the Russian daily Kommersant.
Videos by heise
However, the draft provides for an exception if attackers have chosen targets “whose access is prohibited or restricted by law”. If they are caught carrying out a dDoS against such resources, they will go unpunished. The list of these restricted resources in Russia is long. It includes major social networks such as Instagram, X, Discord and YouTube, almost all Ukrainian media sites, as well as Amnesty International and even a website for chess enthusiasts.
This means that Russian online vandals can take unhindered action against companies and services as long as they are on the blocklist of Roskomnadzor, the Russian supervisory authority. Interested parties can check this list online, but it was inaccessible from several test points in Germany early on Friday afternoon. Possibly due to a network block or even a dDoS attack? This would probably also be punishable under the new Russian legal interpretation.
(cku)
