Hard to believe but not long ago it was perfectly legal in most countries in the world to bombard a company's Internet gateway and email server until they fell over.

A decade ago I gained personal experience of working at a UK company that was on the receiving end of such an attack, carried out by a named individual who had threatened this particular publishing company with retribution over the trivial matter of a magazine subscription.

All of a sudden, out of the blue, the Internet became inaccessible for most of a day leaving admins to sit there and take it. It was so brazen, and the legal defence against such attacks was so primitive if it existed at all, that the attacker didn't even need to hide his identity to any degree.

That was a decade ago, and few people working at that company even knew what to call such an electronic assault nor that such a thing had even been possible. But it was pretty clear then that ours was not going to be the last company to feel the unpleasant force of what anyone who works in an office now knows to be a ‘distributed denial of service' attack.

In recent days, the UK's ever-expanding Computer Misuse Act 1990 came into force over such attacks, fully outlawing such acts in pretty clear terms in England and Wales (Scotland, a separate legal jurisdiction, has had such laws since October 2007).

Good news on one level, then, but pretty depressing on another. That's a decade or more it's taken since these attacks started hitting ordinary businesses to put in place the sort of laws attackers can't argue with, which goes to show the extent to which the legal system has been lagging behind electronic criminality.

Nowadays, DDoS is much more sophisticated business as are the technologies to defend against it. Admins can detect an attack very quickly, and have some electronic defences against being overwhelmed. Routers now expect not just to pass packets but to be bombarded by them and can drop connections more rapidly.

Incredible to say it having lived through the carnage it can cause, but DDoS is probably routine at large enterprises.