Governance of Cyber Security Research Proposal

Cybercrime Governance Challenge: DDoS For-Hire Services

The aim of this paper is to explore the rise of Distributed Denial of Service attacks for-hire as an
organized form of cybercrime and the current legal mechanisms of combatting them with the aim
of answering the question: “Can DDoS for-hire services be curtailed with governance based
solutions, and if so, what form should these measures take?”
The ubiquity of DDoS for-hire services marks the evolution of this method of cyber-attack into a
lucrative criminal enterprise. Oft presented as a legitimate website “stress” testing service due to
the functional equivalence of the techniques involved the number of purveyors has risen to the
point that an attack can be purchased for as low as five US dollars. Internet security firms tracking
DDoS attacks have noted a consistent intensification of the phenomenon both in frequency and in
the effectiveness of the attacks themselves. As a challenge that can only become more prominent
in the future research into the intricacies of the trade may help formulate more effective ways in
combating it and reduce costs for both private and public actors.
The structure of this paper would be approximately as follows:

 Introduction
 Chapter 1: Workings of Distributed Denial of Service Attacks – A short explanation of
the mechanisms behind DDoS attacks.
 Chapter 2: DDoS For-Hire as a Business – This chapter utilizes a case study of “vDOS”,
a prominent for-hire service to explain how the trade works in detail.
 Chapter 3: Impact of DDoS for-hire: Trends and Projections – This chapter explores
the economic impact of DDoS attacks and the rising frequency of attacks in general along
with future projections. The rationale for an economic focused analysis is that DDoS for-
hire eschew government and other “high-profile” public targets so as to avoid drawing
attention to themselves, therefore limiting the impact mostly to the private sector.
 Chapter 4: An Overview of Legal Instruments for Prosecuting DDoS Attackers – A
look into the relevant legal documents (such as the US “Computer Fraud and Abuse Act”
and the “Budapest Convention on Cybercrime”) with a comment on their effectiveness and
the challenges police and prosecution face.
 Chapter 5: Avenues for Improvement – An exploration of possible methods and
improvements in combating DDoS for-hire services. Focus will be on non-technical,
governance solutions. May be split into further chapters/expanded upon depending on the
results of the research.
 Conclusion