Suppose I buy 1000 VMs and use them to DDoS something. Should the hosting provid...

malwarebytess · on Jan 12, 2021

Kind of an easy question. What do you do if you find out a tenant is cooking drugs on your property? Same kind of thing is going to apply here. I imagine liability in either case is going to be a concern. I'm not worried for the huge hosts.

joshuamorton · on Jan 12, 2021

For a tenant: You call the police and they maybe get arrested. They're still legally allowed to enter the property until you evict them, which takes 30 days or more in most jurisdictions. You might be able to start eviction proceedings. You eventually sue them for damage to the property.

For a webhost, you call the police and....well what they're doing isn't illegal so the police have no reason to care. If they were doing something illegal, ultimately the police might ask (or depending on the law, might need to get a court order) to ask you to shutdown the account. At this point, they'd no longer have access to the account.

In fact, if you imagine a person who does both on the same day, if they got out on bail, they would still be allowed into the house during the course of the eviction process. So they could continue using the house for a minimum of 30 days.

I don't find this comparison to a landlord at all compelling.

malwarebytess · on Jan 14, 2021

Seems compelling to me. The point is that both should operate in the same way, and can.

hnick · on Jan 13, 2021

Does action in such a case rely on accusation or conviction? This is a question, not bait, because I don't know but I assume it would require conviction which takes time.

offby37years · on Jan 12, 2021

DDoSing is already an illegal cybercrime in the US. A DDoS attack could be classified as a federal criminal offense under the Computer Fraud and Abuse Act (CFAA)[1].

Under Damaging a Computer, 1030(a)(5)

> The provision may also be used to prosecute the perpetrators of Distributed Denial of Service (DDoS) attacks, which occur, for example, when an attacker overwhelms a server’s ability to process legitimate requests by overloading the server with a flood of illegitimate traffic.

[1] https://fas.org/sgp/crs/misc/R46536.pdf

baobabKoodaa · on Jan 13, 2021

The question remains unanswered: should the cloud hosting company wait for a court judgement that deems the DDOSer guilty of a crime?

nytgop77 · on Jan 13, 2021

It should call the police.

baobabKoodaa · on Jan 13, 2021

Ok, sure, it should call the police, and then what? Should it wait for the police to investigate and the court to judge?

bananabreakfast · on Jan 13, 2021

Facilitating terrorism is also a crime and a far more serious one

nine_k · on Jan 13, 2021

There's the catch: it takes a court ruling to declare someone a criminal.

capableweb · on Jan 12, 2021

No, you're conflicting two different things. DDoS is obviously illegal as you're attacking someone else. The "forced to host a tenant that they object to" the other commentator is mentioning is regarding not liking their speech and ideas, not actions. Of course we should try to stop illegal activities that actively harm others. When it comes to Parler, it's unclear if Parler themselves were active in inciting the violence, just members who happened to be using Parler, or if they are related at all.

chillwaves · on Jan 13, 2021

So they are renters hosting a party on your property where people do illegal things.