Distributed denial-of-service (DDoS) attacks are not hypothetical possibilities. Indeed, they have been bringing down Web sites for quite some time.

Most recently, two men in Britain have been sent to prison for their DDoS attacks perpetrated on PayPal and other sites, according to InformationWeek.

The InformationWeek article notes that six people were arrested in connection with these DDoS attacks. Three of them ultimately were charged under the United Kingdom's Computer Misuse Act of 1990. Of these three, the head of the group received a prison sentence of 18 months, another was sentenced to seven months in jail, and the third was sentenced to six months in jail which was suspended for two years while he was ordered to serve 100 hours of community service.

This reportedly marks the first instance in which DDoS perpetrators actually have been sentenced to imprisonment in Britain. DDoS attacks can wreak havoc on commercial Web sites. Indeed, InformationWeek notes that PayPal had informed the court that it had suffered $5.5 million in damages for just these attacks. Likely, others will go to jail for such violations.

However, it is not always easy to track down the DDoS attackers. The attacks, which bombard Web sites with numerous packets of information to the point of shutting down the sites, can be launched directly; but they also can be routed through innocent "zombie" sites, making it more difficult to ferret out the originating sources of the attacks.

We no longer live in an era in which there is little knowledge about the possibility of DDoS attacks. Companies and other entities should take protective measures to do their best to secure their Web sites from DDoS attacks. They also should try to safeguard their sites from being used as "zombie" launching pads for attacks on other sites.

We live in a new world where the Internet reigns supreme, but where new risks have emerged that must be addressed.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod's columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

This article is for general information and does not include full legal analysis of the matters presented. It should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The description of the results of any specific case or transaction contained herein does not mean or suggest that similar results can or could be obtained in any other matter. Each legal matter should be considered to be unique and subject to varying results. The invitation to contact the authors or attorneys in our firm is not a solicitation to provide professional services and should not be construed as a statement as to any availability to perform legal services in any jurisdiction in which such attorney is not permitted to practice.

Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. The Duane Morris Institute provides training workshops for HR professionals, in-house counsel, benefits administrators and senior managers.