The answer to the question "Is DDOS illegal?" is an emphatic "yes."The US government has placed more emphasis on identifying and prosecuting DDOS attackers in recent years. The US considers DDOS illegal under a number of statutes -- some of which can make engaging in a DDOS attack a felony potentially punished by years in prison -- including: Conspiracy, in violation of 18 USC 1030(b)(Felony), Intentional Damage to a Protected Computer, in violation of 18 USC 1030(a)(5)(A)(Misd.), and Reckless Damage to a Protected Computer, in violation of 18 USC 1030(a)(5)(A)(Misd.).
In 2013, more than a dozen people pleaded guilty to involvement in the "Anonymous" DDOS attacks. The defendants had used DDOS software available for free download on the Internet. The US government did not accept the argument that the DDOS attacks were legal as a form of political protest.
In 2013 the FBI told Congress about other DDOS mitigation efforts: "Another area in which we’ve had success recently is in targeting infrastructure we believe has been used in distributed denial of service (DDoS) attacks, and preventing it from being used for future attacks.
Since October [note: from 10/12-3/13], the FBI and the Department of Homeland Security have released nearly 130,000 IP addresses that were believed to be infected with DDoS malware. We have released this information through joint intelligence bulletins (JIBs) to 129 countries. These JIBs are released by both the Department of Homeland Security’s Computer Emergency Readiness Team mechanisms as well as by our legal attachés to our foreign partners.
These actions have enabled our foreign partners to take action and reduced the effectiveness of the botnets and the DDoS attacks."