"Anonymous": Anti-terrorism paragraph takes effect

Those involved in DDoS attacks face up to three years in prison

Anyone who is involved in DDoS attacks (Distributed Denial of Service) by the activist group "Anonymous" against targets such as the film industry or PayPal risks severe penalties. "Computer sabotage is now a relevant criminal offense in Germany," explains Benedikt Klas, IT legal expert at the law firm Küster, Klas & Kollegen http://kkk-law.de, in conversation with pressetext. Followers who only take part in an action with the "Low Orbit Ion Cannon" (LOIC) tool face three years in prison. For organizers, the letter of the law even includes the anti-terrorism paragraph.

In his opinion, prosecution is not necessarily the greatest risk. "In Germany the victim has a claim for damages against the attacker under civil law", explains the IT lawyer. According to the principle of joint and several debt, compensation can be charged to an individual identified participant. "That can ruin an individual," warns Klas.

{jumi [plugins/content/jumi/newsgrafik.php]}
Europe creates clarity
In Germany it has long been disputed whether DDoS attacks are a criminal offense. The question was whether it was coercion. "One could argue that Mastercard and PayPal should be forced to approve donations," explains Klas, referring to the Wikileaks war. However, the Frankfurt Higher Regional Court ruled against such an interpretation in one case in 2006. In the meantime, however, the implementation of the Council of Europe's "Convention on Cybercrime" has provided clarity in other ways. This convention should be reflected in national law similarly in other countries.
In this country, Paragraph 2007b of the Criminal Code (StGB) has been in force for computer sabotage since 303. "This is expressly also intended for DDoS attacks," says Klas. Attempting an attack is in principle also a criminal offense. Basically, there is a risk of up to three years in prison or a fine. "This sentence is comparable to negligent bodily harm," says the IT lawyer. In practice, however, it is likely that a simple LOIC user would get away with a monetary requirement or a penalty order.


escalation
On the other hand, the allegations and thus the penalty can be harder. If an attacked system is "of essential importance" for a foreign company, company or authority, even five years in prison are conceivable. That could be argued in the case of PayPal, for example. If a perpetrator "acts on a commercial basis or as a member of a gang that has joined forces to continue to commit computer sabotage", there is even a ten-year prison sentence. "That doesn't apply to normal users," emphasizes Klas.
The gang allegation could potentially be raised against Anonymous organizers, although the lawyer believes that the group is not necessarily structured enough. In addition, the German law on the formation of terrorist organizations (Section 129a StGB) explicitly includes groups with the purpose of computer sabotage. "I would hope that the state would not go that far. It would be like shooting sparrows with cannons," says Klas. But it cannot be ruled out. A look at Austria shows that animal rights activists have already been charged according to the anti-terrorism paragraph there.

(ck)

.

paste