Preetkiran Dhoot

DDoS: A New Legal Pathway

In recent years, a surge of online activism and physical protest supported by online means, such as
the Occupy movement, has posed a number of interesting issues such as defining the boundaries of
freedom of expression.1 Moreover, the online protest movement foreshadows a method of
demonstration that may become the norm in an increasingly digital world. With digital services
outnumbering their physical world counterparts 2, it is little wonder that protesters take to the web
to demonstrate, especially given the accessibility of this method of protesting. However, as many
legal and non-legal commentators have already suggested, legislation has been slow to change. 3
The literature so far on the legal arguments surrounding the use of Ddos actions and 'hactivism' is
currently in its infancy. An understanding of internet culture and terminology is key to
understanding developments in the sphere of online activism. It is, therefore, a relatively young
demographic that typically examines this issue. Consequently there has not been as much attention
given to this sphere when compared to other traditional areas of law.
This paper seeks to add a new argument for the legalisation of DdoS actions on top of existing
arguments by moving away from the analogy with physical sit-in protests. It takes into account the
reality of the online situation.

A) Terminology
 
Before the main arguments are presented, there will be an explanation for the uninitiated of certain
terminology.
This article focuses on the activities of 'Anonymous'. Anonymous is an online 'hactivist' group that
does not have a structure or hierarchy. 4 Members communicate via 'Internet Relay Chat Channels' to
organise movements. Its history as a group can be tracked to 4chan which is an anonymous
messaging board with no archive. There is no recorded history per se. Therefore, exciting topics
remain constant through people talking about them. Consequently movements are spontaneous and
can generate massive momentum, but still remains without a recognisable hierarchy.

The next piece of terminology is 'DdoS action'. 'DdoS' is an acronym for 'Distributed Denial-of-
Service' action. This is the main tool of the 'hactivist' in the modern era. It involves no hacking as
defined by the Computer Misuse Act 1990, but rather overloads a website's server with so many
requests for information, it is unable to respond to legitimate requests for information. It is
analogous to stuffing a mailbox full of spam letters so that legitimate mail cannot be put into the
box. DdoS actions can be performed by anyone who has downloaded a legitimate piece of software
such as 'LOIC' which was originally a tool to test the load of data a server can process.
In an online demonstration, hundreds and thousands of users are encouraged to download these
pieces of software to target a particular server in order to generate sufficient traffic to overload the
server. This is how such protest groups operate.

1
See protests such as Occupy http://occupylondon.org.uk/ which gained significant media attention from
Occupy Wall Street in 2011.
2
‘Retail In Crisis: These Are The Changes Brick-And-Mortar Stores Must Make’, Forbes,
http://www.forbes.com/sites/jeremybogaisky/2014/02/12/retail-in-crisis-these-are-the-changes-brick-and-
mortar-stores-must-make/ accessed 16:06 29/08/2014
3
See Rizal Rahman 'The legal measure against Denial of  Service (DoS)  attacks  adopted  by
the United  Kingdom  legislature: should Malaysia follow suit?' (2012) 20(2) IJLIT 85-101, amongst others in the
bibliography
4
There are many documented histories of Anonymous, but do not differ significantly. A History of Anonymous’
Infosec Institute http://resources.infosecinstitute.com/a-history-of-anonymous/ accessed 16:26 29/08/2014
'Botnets' can be used to force computers to launch a DdoS action without the owners' knowledge or
permission. They can only force computers infected with the relevant malware (malicious software).
Botnets can command hundreds of thousands of computers infected by the relevant malware. These
can be used to launch large scale Ddos actions without the permission of computer owners.
This concludes this brief explanation section. Further terminology can readily be found online. 5

B) A brief history of the DDoS action relative to the state of online protest.
 
The legal quality of a DdoS action had been a difficult subject until the Computer Misuse Act 1990
(CMA) was amended in 2006 by the Police and Justice Act (PJA). The legal ambiguity came to a head
in DPP v Lennon6. In this case, a former employee of Domestic & General Group PLC decided to use a
piece of software called 'Avalanche' to overload their email servers. The actus reus of s.2 CMA was
that the act that impaired the operation of a computer had to be 'unauthorised'. Counsel for the
defence submitted that the purpose of an email server is to receive emails, and consequently was
technically authorised to receive the avalanche of emails. But Keene LJ did not find this argument
compelling, finding that there could not be implied consent to all mail, including overwhelming
volumes of malicious mail, simply because the server was not configured to be selective about which
mail to receive.7 In the eyes of the All Parliamentary Internet Group, DdoS ought to be outlawed
unequivocally8, spurring Parliament into accepting an amendment of the CMA via the PJA 2006 9. A
compelling argument submitted by the group was that the commercial interests of not only online
retailers, but also service providers, were not suitably protected by the ambiguous CMA 1990 from
this new breed of 'attack'.
At this time, Anonymous was still in its infancy, and did not become prominent until 2008 when its
first major campaign started.10 DdoS was not seen as a tool of political protest in 2004. Rather it was
seen as a purely disruptive action by pranksters, resulting with sites down for a few minutes or hours
with no permanent damage done. However the economic loss to online companies during downtime
was sufficient reason to outlaw the action. 11
However, upon recent investigation the use of DdoS has been gained huge favour amongst the
online community as a primary means of protest. 12 There are other main types including defacement
and SQL injections which are far more destructive in their nature, but the Ddos is far more
accessible.13 Anonymous has its own internal code of ethics, for example, not attacking the press.
Typical targets tend to include those who have offended the public, such as the Church of
Scientology, public bodies with corrupt officials and bodies that attack sites that, in the eyes of
Anonymous, promote freedom of expression such as Wikileaks. 14

5‘
A Handy Glossary for the Hacker Family Tree’, The Wire,
http://www.thewire.com/technology/2011/07/hacker-family-tree-anonymous-lulzsec-history/39751/
accessed 29/08/2014
6
DPP v Lennon [2006] EWHC 1201
7
Ibid. [14]
8
‘Revision of the Computer Misuse Act: Report of an Inquiry by the All Party Internet Group’ All Party
Parliamentary Internet Group, (June 2004)
9
s.36
10
‘Project Chanology’ was the first major campaign of Anonymous, signalled by the millions of views given to
the campaign video https://www.youtube.com/watch?v=JCbKv9yiLiQ
11
The cost to companies have always remained high, but an exceptionally significant DDoS action on Paypal for
cutting off funding to Wikileaks by Anonymous allegedly caused $3.5 million;
http://www.pcpro.co.uk/news/security/378304/anonymous-operation-payback-attack-cost-paypal-3-5m
accessed 18:21 29/08/2014
12
Interview with Mercedes Haefer, Defendant in the ‘Paypal 14’ case and member of Anonymous 2 nd July 2014
13
A simple google search for ‘LOIC’ immediately allows the user to download LOIC to launch a DDoS action as
evidenced by this site http://sourceforge.net/projects/loic/ accessed 19:21 30/08/2014
14
Interview with Mercedes Haefer
 C) The distinction between the physical world and the online world

Literature so far has proposed numerous arguments for and against the DdoS action becoming legal.
A majority of arguments, adopted even by Anonymous 15, rely on the analogy to physical world ‘sit
ins’. Commentators suggest that the use of DdoS is essentially a digital peaceful sit in. 16 Trespass in
the physical world is not a criminal offence. Consequently, if a sufficient link can be established
between the use of DDoS and the sit in, then it could undermine the basis for outlawing it in the
2006 amendment.
However, this line of reasoning has been fraught with difficulties due to the use of physical world
values imposed on digital actions. Karanasiou argues that DDoS is a form of censorship on the site
that it is aimed at, undermining its legitimacy as a principled protest. 17Moreover he argues that it
would be seen as too aggressive an online action to allow a legitimate comparison to a peaceful sit
in.
Members of Anonymous have responded by arguing that the censorship of a DDoS action is a matter
of degree.18 For example, the cutting of funding to WikiLeaks by PayPal in the eyes of Anonymous is a
method that would lead to the permanent censorship of whistle-blowers, unable to readily publish
their information elsewhere without subjecting themselves to considerable risk. By contrast, the
DDoS only censors the targeted site for a few hours in the process of demonstrating. 19
Whilst the discussion is beyond the scope of this paper, the creation of this debate highlights a
fundamental issue with comparing online protest with physical world protest.
In the physical world, there are numerous ways to protest without defacing or damaging targets; not
only sit ins, but marches, congregations with placards outside target buildings. By contrast, online
targets do not have a way to spread the same message in front of any given target. When a person
walks up to a shop with protesters outside, they can clearly see the issues associated with that place
of business. Conversely when a person clicks on a website that has not been defaced, or has not had
a piece of code that redirects that site to a protest site inserted, the internet user cannot see the
protest associated with that site. As a result, without resorting to acts that fundamentally change
the code of the targeted site, it is incredibly difficult to create a visual presence to the key
demographic, namely the ordinary users of the target site. As a result an analogy between the
physical world and the online world is not satisfactory enough to create a sufficient link to support
the legalisation of the DDoS action.

Indeed, the complexity of applying physical world values to a digital action is evidenced by the
solutions provided by O’Malley to the same issue this paper seeks to address. His paper identifies no
less than 5 ways in which DDoS must qualify itself as a legitimate protest according to values of
physical protest including: expressiveness, a lack of anonymity, accountability, having a legitimate
aim, being proportionate and being non-violent in nature. 20 Indeed, such values are characteristic of
what is seen as an acceptable real world protest such as the Occupy movement enforcing a non-
violence agreement with participants. Such values are reinforced when seen with the condemnation

15
‘Petition Seeks to Legalize DDoS Activities’ Security Week, http://www.securityweek.com/petition-seeks-
legalize-ddos-activities accessed 18:42 29/08/2014
16
George O'Malley, 'Hacktivism: cyber activism or cyber crime?' (2013) 16 TCLR 159; John Worthy and Martin
Fanning, 'Computer Misuse Act: new tools to tackle DoS attacks' (2007) 9(1) E.C.L &P p.7
17
Argyro P. Karanasiou, 'The changing face of protests in the digital age: on occupying cyberspace and
distributed-denial-of-services (DDoS) attacks' (2014) 28(1) I.R.L.C.T 109
18
Interview with Mercedes Haefer, Defendant in the ‘Paypal 14’ case and member of Anonymous 2 nd July 2014
19
Ibid.
20
George O'Malley, 'Hacktivism: cyber activism or cyber crime?' (2013) 16 TCLR 158
of the violent London riots which had no real legitimate aim despite starting as a peaceful protest
against police behaviour.21
Yet with online behaviour, it is hard to define what is unacceptably violent and what standard of
violence is acceptable for a particular type of target. For example, digitally based companies, such as
PayPal who were subject to a DDoS action 22 arguably have ‘no bodies to kick, nor souls to damn’ 23.
However, they do have business to sabotage. Consequently the violence must be against their trade.
As a result, the issue becomes a balance between commercial interest and the freedom of
expression24. Arguably this is the same balance that the physical world sit in relies upon. However
the use of DDoS must strike its own balance to gain a strong grounding as a form of legitimate digital
protest.
By moving away from the analogy to sit-ins, the argument to support DDoS becomes novel in nature
and relies upon reference to values not in the physical world, but values in the online realm.
Consequently, DDoS must be viewed in light of other methods of protest online to put it into context
rather than forcing it to fit a prescribed model of protest adopted in the physical world.
Anonymous campaigns, along with a number of splinter groups such as ‘Lulzsec’ have used
numerous techniques to gain attention in order to spread a message in the online sphere. Such
methods are detailed below.25

D) Popular methods available for online activists

The tamest of protest techniques is an online petition. Awareness of the petition is usually raised
through social media (Facebook, Twitter amongst other forums). Indeed, even Anonymous has used
this method, despite being associated with more extreme vigilante means to attempt to encourage
political change.26 However, due to the perceived lack of effect generated by this method, some
large branches of internet culture denounce those who protest via petitions as ‘slacktivists’. 27
Conversely at the other end of the spectrum of digital acts lie the ‘SQL injection’ and the digital
defacement and the publishing of confidential information.
Briefly, by gaining unauthorised access into its server to publish private and confidential information,
usually to embarrass a company. Such a move was used against security analyst Aaron Barr in 2011
who believed his cyber security firm, HBGary, had penetrated Anonymous. 28 Such a move is highly
destructive to a firm’s reputation. Indeed, as a direct result of this hack, HBGary immediately
withdrew from a security conference damaging customers confidence in the firm, though it has
somewhat recovered at the time of writing.
The digital defacement is simply when the content of a website is altered, usually with an offensive
message, or a message to the targeted organisation. Anonymous notoriously defaced the website of
Scientology as a part of ‘Project Chanology’ in 2008. 29

21 ‘
England riots one year on: Culprits jailed for 1,800 years’, BBC News, http://www.bbc.co.uk/news/uk-
england-london-19111720 accessed 20:56 30/08/2014
22
In 2010, Anonymous launched a mass DDoS action against PayPal for not allowing payments to be made to
23
Poynder Literary Extracts c.1820 J. (1844) I. 268 ‘Why, you never expected justice from a company, did you?
They have neither a soul to lose, nor a body to kick’. Paraphrased to make the same point.
24
As protected by Human Rights Act 1998 s12
25
These methods have many variations. Consequently is it more useful to examine their base forms. These
methods have been explained through interviews and research of the activities of Anonymous and ‘Lulzsec’, a
splinter group of Anonymous. A convenient summary of methods may be found in the glossary of Olson P, 'We
Are Anonymous' (UK edn, William Heinemann, 2013) and is adequate for the purposes of this paper.
26
‘Petition Seeks to Legalize DDoS Activities’ Security Week, http://www.securityweek.com/petition-seeks-
legalize-ddos-activities accessed 18:42 29/08/2014
27
Definition: http://www.oxforddictionaries.com/definition/english/slacktivism accessed 22:19 30/08/2014
28
‘With arrests, HBGary hack saga finally ends’, arstechnica, http://arstechnica.com/tech-policy/2012/03/the-
hbgary-saga-nears-its-end/ accessed 22:46 30/08/2014
The SQL injection is a hacking attack that in simple terms is a hack into a database to input a new set
of instructions on how to process data. It can be used to record sensitive information.

Crucially, all of these methods fall very easily into the actus reus of section 1 of the CMA 1990:

1Unauthorised access to computer material.

(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to
any program or data held in any computer or to enable any such access to be secured;
(b)the access he intends to secure, or to enable to be secured, is unauthorised;
and
(c)he knows at the time when he causes the computer to perform the function
that that is the case.

The aforementioned methods were envisaged as the type of acts to prohibit for the preservation of
data security when this piece of legislation. 30 By removing the need to refer to abstract arguments of
data manipulation being a manipulation of electrical current, legislation was able to
comprehensively outlaw the main threats to cyber security with reference to computing
terminology. A clear and comprehensive ban on hacking was the result; a shining example of when
the law starts dealing with reference to computing terms. Bearing this in mind the DDoS cannot be
said to be a means of hacking. No data whatsoever is altered in the process. 31 It leaves no damage to
the supressed system, materially distinguishing it from the other more aggressive tools of
‘hactivism’. When it is considered that a lack of permanent intrusion and damage, the dramatic
effect and accessibility are all desirable features for a legitimate online protest action, it may be
readily seen that the most promising candidate for an online protest is the DDoS action. In light of
the prohibition of altering data via traditional methods of hacking, and the frustration involved with
the slow method of petitioning, it is little wonder online activists are drawn to the DDoS action.
In light of this argument, it makes more sense to create a hierarchy of offences, not dissimilar to the
criminal law offence of murder. Currently if a defendant charged under the CMA for executing a
DDoS action, they are liable to be sentenced up to ten years. 32 However, if a defendant defaced a
website or caused damage to the code, then they would only be liable for 2 years. 33 Such a
sentencing tariff is out of touch with the reality of the situation and does not correspond to the
quality of the act, arguably violating the principle of proportionality, as put forwards by Herring, as a
staple of the criminal law.34 Consequently it becomes much more difficult for a potential activist to
use the DDoS action, whilst simultaneously removing the incentive to actually hack into a system and
alter the code, fundamentally changing the operation of that system as a means of protest.

It is suggested that the harsh sentencing is to deter serious cyber criminals who also use DDoS as a
threat to hold websites to ransom.35 However, this justification alone taints genuine activists with
29
Project Chanology, encyclopaediadramatica, https://encyclopediadramatica.es/PROJECT_CHANOLOGY
accessed 23:01 30/08/2014. Please note, that this particular citation requires some knowledge of internet
terminology beyond what has been explained in the introduction. It has been compiled by members of
Anonymous. A reliable overview may be found on the standard internet site of Wikipedia;
http://en.wikipedia.org/wiki/Project_Chanology
30
Stefan Fafinski, 'Access denied: computer misuse in an era of technological change' (2006) 70(5) J. Crim. L
425
31
Muhammad Aamir and Mustafa Ali Zaidi, ‘DDoS Attack and Defense: Review of Some Traditional and
Current Techniques’, (2013) 19 Interdisciplinary Information Sciences no.2, 173-200, available at
http://cryptome.org/2014/01/ddos-defense.pdf
32
Computer Misuse Act 1990 ss3(6)(c)
33
Computer Misuse Act 1990 ss1(3)(c)
34
J Herring, Criminal Law, Text, Cases and Materials (5th edition, Oxford University Press 2012) p.13
35
Muhammad Aamir and Mustafa Ali Zaidi, ‘DDoS Attack and Defense: Review of Some Traditional and
Current Techniques’ p177
the same brush. When an activist takes part in a DDoS action, individuals log onto a computer and
commit its resources to fuelling the action to have a greater effect on target. Conversely, cyber
criminals employ ‘botnets’ to force a network of infected computers to launch DDoS attacks against
the victims. It is submitted that the use of botnets be made illegal, but not necessarily the DDoS
action itself. There are a number of ways around this broad prohibition on the DDoS that allows
activists to make a point. One example is that the government could simply license pieces of
software that may be used to launch DDoS actions. 36Out of this licensing method, a defence to the
CMA for activists can be created. Another method would be to simply make the use of DDoS a civil
offence as is the case in the USA. The evaluation of individual methods is beyond the scope of this
paper, but the point stands that there are ways to differentiate serious cyber criminals from activists,
that the CMA obscures.

To conclude, the following points have been made. Firstly, despite its superficial attractiveness, the
link between the DDoS and the digital sit in is unlikely to work due to the imposition of physical
world values on online actions. It follows that an alternative route to defend the DDoS is to protect is
in its own right, with reference to values in the online world. By looking at viable methods that
protesters have access to, the DDoS may be placed in its correct context. It is submitted that when
comparing the relatively docile nature of the DDoS to other ‘hactivist’ methods, the sentence tariffs
do not fit the severity of effect. It is suggested that a distinction ought to be drawn between cyber
criminals who hold sites to ransom by the use of botnets which remove computers from their
owner’s control, and activists who individually commit their computing resources voluntarily to start
a DDoS action campaign. Moreover, it is hard for online activists to have a useful presence on target
sites the same way that it is possible for physical world demonstrators can. As a result, to allow
effective protest that does not resort to damaging or altering computer code a DDoS action, not
perpetrated by a malicious botnet, ought to be considered legal. A defence created by legislation
may be a solution, as could maybe a license for software starting a DDoS action, however, these are
beyond the immediate scope of this paper. It is acknowledged that this is a novel argument, but in
light of this new method of protest, it is useful to examine new legal arguments that could be
persuasive for the development for future legislation. This line of argument also provides grounds
for the reduction of sentencing on defendants who have used a DDoS action as part of a protest
campaign. This is potentially a more suitable application of this line of reasoning in the short term
whilst EU initiatives prevent the outright legalisation of the DDoS action. 37

However, as technology progresses and the internet becomes more sophisticated the law cannot
afford to ignore arguments from the perspectives of protesters. The balance between free speech,
commercial interests and national security amongst other factors, is one Parliament has attempted
to maintain throughout the 20th and 21st century in one form or another. The movement into the
digital age requires a re-examination of the situation. The line between cyber criminals and cyber
protesters needs to be firmly drawn to avoid dangerous conflation in the future as the online protest
scene expands exponentially. This is especially important given the long sentencing tariffs associated
with the use of a DDoS action. Whilst in the short term this argument has a limited impact, it is an
argument that carries weight when considering the accessibility of online means of activism in a
world becoming increasingly digitally based.

36
Rizal Rahman 'The legal measure against Denial of Service (DoS) attacks adopted by
the United Kingdom legislature: should Malaysia follow suit?' (2012) 20(2) IJLIT 101
37
European Convention on Cybercrime 2001 ETS No.185. 
Bibliography

BOOKS
Herring J, Criminal Law, Text, Cases and Materials (5th edition, Oxford University Press 2012)

Mcleod I, Palgrave Macmillan Law Masters Legal Theory (6th edition, Palgrave Macmillan 2012)

Olson P, 'We Are Anonymous' (UK edn, William Heinemann, 2013)

LEGISLATION
Computer Misuse Act 1990

European Convention on Cybercrime 2001

Human Rights Act 1998

Police and Justice Act 2006  

US Constitution, Amendment I, Freedom of Speech 1791

CASES
Cox v Riley [1986] 83 Cr. App. R. 54

DPP v Lennon [2006] EWHC 1201

Mitchell v Reynolds (1711) 1 P Wms 181

R v Lewys Martin [2014] 1 Cr. App. R. (S.) 63

JOURNAL ARTICLES
Argyro P. Karanasiou, 'The changing face of protests in the digital age: on occupying cyberspace and
distributed-denial-of-services (DDoS) attacks' (2014) 28(1) I.R.L.C.T 98-113

Brian O'Shea, ‘Capitalism Versus a New Economic Model: Implicit and Explicit Attitudes of Protesters
and Bankers’ (2014) Journal of Social, Cultural and Political Protest,
DOI:10.1080/14742837.2014.938732

Callum Beamish, 'Denial of Service Attacks: Ineffective U.K. legislative overkill, how the Americans
‘do it’ and the recurring issue of regulation' (2012) 2(2) S.S.L.R. 1-25

Findlay Stark, 'Rethinking Criminal Law Theory: New Canadian Perspectives in the Philosophy of
Domestic, Transnational, and International Criminal Law' (2012) 16(3) Edin. L.R 464-466

Gary Blasi and John T. Jost, ‘System Justification Theory and Research: Implications for Law, Legal
Advocacy, and Social Justice’, (2006). 94 Cal. L. Rev. 1119

George O'Malley, 'Hacktivism: cyber activism or cyber crime?' (2013) 16 TCLR 137-60
John Worthy and Martin Fanning, 'Computer Misuse Act: new tools to tackle DoS attacks' (2007) 9(1)
E.C.L &P 5-7

Muhammad Aamir and Mustafa Ali Zaidi, ‘DDoS Attack and Defense: Review of Some Traditional
and Current Techniques’, (2013) 19 Interdisciplinary Information Sciences no.2, 173-200, available at
http://cryptome.org/2014/01/ddos-defense.pdf

Neil MacEwan, 'The Computer Misuse Act 1990: lessons from its past and predictions for its future'
(2008) 12, Crim.L.R. 955-967

Rizal Rahman 'The legal measure against Denial of Service (DoS) attacks adopted by

the United Kingdom legislature: should Malaysia follow suit?' (2012) 20(2) IJLIT 85-101

Stefan Fafinski, 'Access denied: computer misuse in an era of technological change' (2006) 70(5) J.
Crim. L 424-442

Stefan Fafinski, 'Computer misuse: denial-of-service attacks' (2006) 70(6) J. Crim. L 474-478

OTHER
‘A Handy Glossary for the Hacker Family Tree’, The Wire,
http://www.thewire.com/technology/2011/07/hacker-family-tree-anonymous-lulzsec-
history/39751/ accessed 29/08/2014

Anatomy of a DNS DDoS Amplification Attack, WatchGuard,

http://www.watchguard.com/infocenter/editorial/41649.asp accessed 17:38 01/09/2014

‘Anonymous, hacktivism and the rise of the cyber protester’, BBC,

http://www.bbc.co.uk/news/technology-20446048 accessed 17:13 01/09/2014
‘Anonymous' Operation Payback attack cost PayPal £3.5m’, PC Pro,
http://www.pcpro.co.uk/news/security/378304/anonymous-operation-payback-attack-cost-paypal-
3-5m accessed 18:21 29/08/2014

Denial of Service Attack, Wikipedia, http://en.wikipedia.org/wiki/Denial-of-service_attack accessed

13:08 15/08/2014 GMT

‘Download LOIC’, Source forge, http://sourceforge.net/projects/loic/ accessed 19:21 30/08/2014

‘England riots one year on: Culprits jailed for 1,800 years’, BBC News,
http://www.bbc.co.uk/news/uk-england-london-19111720 accessed 20:56 30/08/2014

How to Protest On the Right Side of the Law, Friends of the Earth,
http://www.foe.co.uk/sites/default/files/downloads/cyw_59_protest_law.pdf accessed 18:58
15/08/2014 GMT

In Flawed, Epic Anonymous Book, the Abyss Gazes Back, Wired,

http://www.wired.com/2012/06/anonymous-parmy-olson-review/all/ accessed 17:50 15/08/2014
GMT

Parliament hears 10 minutes on Denial of Service law, Out-Law.com, http://www.out-law.com/page-

5508 accessed 18:33 15/08/2014

‘Petition Seeks to Legalize DDoS Activities’ Security Week, http://www.securityweek.com/petition-

seeks-legalize-ddos-activities accessed 18:42 29/08/2014

Point DNS blitzed by mystery DDoS assault, The Channel,

http://www.channelregister.co.uk/2014/05/09/point_dns_ddos/ accessed 18:12 15/08/2014 GMT

Poynder Literary Extracts c.1820 J. (1844) I. 268

Project Chanology, encyclopaediadramatica,

https://encyclopediadramatica.es/PROJECT_CHANOLOGY accessed 23:01 30/08/2014

Retail In Crisis: These Are The Changes Brick-And-Mortar Stores Must Make, Forbes,
http://www.forbes.com/sites/jeremybogaisky/2014/02/12/retail-in-crisis-these-are-the-changes-
brick-and-mortar-stores-must-make/ accessed 16:06 29/08/2014

‘Revision of the Computer Misuse Act: Report of an Inquiry by the All Party Internet Group’ All Party
Parliamentary Internet Group, (June 2004)

‘With arrests, HBGary hack saga finally ends’, arstechnica, http://arstechnica.com/tech-

policy/2012/03/the-hbgary-saga-nears-its-end/ accessed 22:46 30/08/2014