Virtual Protest Crosses Line into Cyber Crime?

This was written by Michael W. Cheek on Friday, April 9, 2010, 8:01.

A professor at the University of California San Diego who organized a virtual protest against the university’s president has been told he may face criminal charges for launching a distributed denial of service (DDoS) attack. The protest, organized by Professor Ricardo Dominguez, involved protesters submitting new page requests to the president’s university website every 1 to 6 seconds.

The protesters were able to open new browser windows to increase the number of requests.

A help guide for the protest stated, “Okay, now just sit back and relax, or open a new browser window and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN THE BACKGROUND, THE LONGER THE BETTER.”

Over the past decade, Dominguez has studied electronic civil disobedience and claims to have organized or participated in 16 other such protests. He says this is the first time he has faced criminal charges for his actions.

Following the protest, Senior Vice Chancellor Paul Drake sent an email to Dominguez saying that the university had decided to disconnect his server.

“On March 4, 2010, I received a report from Administrative Computing and Telecommunications (ACT) that you, using the computing resources of CALIT2, launched a denial of service attack against the computer servers at the Office of the President of the University of California,” Drake wrote. “I have instructed ACT not to reconnect the server pending a decision from the Office of the President as to whether they intend to initiate criminal or other charges related to this denial of service attack.”

At present, no criminal charges have been filed against Dominguez. It would also be relatively difficult to bring charges under U.S. hacking laws.

“In order for there to be a computer crime, there has to be either an intentional denial-of-service or some form of trespass, which would be an unauthorized access,” Mark Rasch, founder of SecureIT and a former prosecutor told The Register. “The problem you have here is if this is a public website, merely going to the website repeatedly is many, many authorized accesses, not an unauthorized access.”