I used to go on a site called blockchain.info For storing bitcoins but today when I entered the URL I was redirected to a phishing page. I have entered all my information and it was obviously sent to the phiser well Then I have realised it was a phishing page I directly reported it to block chain and changed my password my question is. Is it illegal to ddos their site?
I live in KSA if that helps. Here is the phising page:
http://lblockclhain.info/us/login.htm
If you do a DDoS by sending large amounts of traffic to that site, you're very likely creating a lot of collateral damage since other services in (parts of) the network will suffer as well if the network is saturated.
Also, very often phishers use hacked websites (for example poorly managed and outdaged Wordpress installs) to host their phishing sites, so you're not just attacking the phisher, but also a (mostly) innocent victim of that phisher.
And as others pointed out, just as in 'the real world' (which this is just as much a part of), you shouldn't take matters into your own hands.
The right thing to do, is either complain to the owner of the site or the network hosting it, or report it to the website being phished. Especially banks often have dedicated teams (or hire companies) which are specialised in taking down phishing sites.
In addition: you must consider that, when you are DDoS'ing a website, you're not attacking the web "per se" but the whole server, so you're causing the damage to the webhosting server (that may propagate among other websites hosted in the same server).
Finally: Most laws in most countries consider illegal to send any cyber-attack, it does not matter if it is against a legal or illegal target.
Report the phishing site so browsers can warn the users and show red pages. It's much more efficient and it's completely legal: https://www.google.com/safebrowsing/report_phish/
As everyone else says, It's a bad idea. But something else to consider. Even if you could pinpoint your attack at just that server with absolutely no other collateral damage... Many of these wordpress sites are up on cheap shared hosting. A lot of these hosting packages are cheap because they put tens of thousands of sites on the same server. So taking down that one server will still shut down a lot of other sites that don't deserve to be.
The legality of this will vary due to the laws in your respective country. That said, in this day and age, DDoS'ing anyone is generally not looked at favorably.
You also should look at it this way: Is this course of action an ethical way to deal with the situation?
Reporting the webpage to the hosting company would be a completely legal and ethical way to go.
Also, think of potential consequences to DDoS'ing the site. The person or group running the page is an unknown quantity when it comes to being able to figure out the origination of an attack......I'll just leave it at that as I am going WAY off the original question lol
Edit on Oct 23rd 2016: I found this Article on KSA Cyber Crime Law.
There is one section, where it states "Creating websites or programs that violate any of the Kingdom’s general laws, Islamic values or public ethics."
I would assume that public ethics, would be against DDoS'ing someone who is running a phishing site......even though phishing is unethical as well.
Running a phishing site is typically against the TOS of the ISP. The first action would be to contact the ISP serving the site.
Then contacting local law enforcement (less effective). Local this case, being local to the ISP of the site, not necessarily your local law enforcement. Whether DDOS'ing is illegal in Saudi Arabia is outside my knowledge, but it's not the most effective answer.
