Thousands are expected to take to the streets of Washington, D.C., over the next few day in protest of President-elect Donald Trump’s inauguration, but one software engineer is encouraging mass participation in a digital protest designed take down the White House website.
The organizer, Juan Soberanis, has appealed for people to “occupy” the whitehouse.gov site in a kind of digital sit-in that would overwhelm the website’s application resources with requests. The resulting crash from such an action is known technically as a distributed denial-of-service (DDoS)—and under federal U.S. law, it’s a kind of cyberattack that carries heavy consequences.
“It’s simple. By overloading the site with visitors, we will be able to demonstrate the will of the American people,” Soberanis wrote in an online pledge, which has since been taken down, according to the International Business Times. Soberanis described it as “a show of solidarity for the lives impacted by Trump’s policy agenda.”
Soberanis appears to run Protester.io, a San Francisco-based website designed to people organize. It was here that he’d first posted about his DDoS campaign idea.
Security researchers, however, are warning the public against exhibiting their discontent in this way by citing the enormous risk of being caught and the likelihood of heavy retribution.
“Participating in a DDoS attack is a crime; regardless if you use a tool, a script, a botnet for hire, or a finger and a keyboard,” explained Stephen Gates, who is Chief Research Intelligence Analyst at NSFOCUS. “If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed; meaning, law enforcement can easily track those who participate.”
While there is a growing movement for the government to recognize DDoS as a form of legitimate protest and an expression of free speech, it remains an illegal cyberattack as far as law enforcement is concerned.
Individuals who have carried out DDoS attacks in the past have usually been prosecuted under the Computer Fraud and Abuse Act (CFAA). The nature of the law means that the defendant is charged based on the number of website visitors “defrauded” by the website’s unavailability—a number often estimated by the organization or company that suffered the DDoS attack. This lost traffic caused by the targeted website being unavailable is considered when the sentence—which can amount to decades in prison—and hefty restitution fines are calculated.
Many Americans are planning to demonstrate against Trump’s inauguration, and according to Wired, Google searches indicate more people searching for local protests than parties. Until DDoS is recognized as a legal form of protest, however, it remains a dangerous and costly way to express outrage—no matter how justified it feels.