Cybercriminals have begun targeting vulnerable communities, including individuals with epilepsy and other photosensitive conditions. These malicious attacks, designed to trigger seizures through flashing images or strobe lights, have sparked global concern.

The United States and the United Kingdom are taking steps to address this issue, but the impact on individuals with epilepsy remains significant, particularly in the U.S. where law enforcement and regulatory frameworks lag behind.

 

Cybercriminals Targeting Epileptics

The deliberate targeting of epileptics by cybercriminals is not a new phenomenon, but it has gained recent attention as attacks become more sophisticated. One of the earliest known instances occurred in 2008 when hackers flooded an epilepsy support forum with seizure-inducing images, triggering severe migraines and seizures in some users. The perpetrators used JavaScript to direct users to a page filled with flashing images, specifically designed to harm people with photosensitivity.

A victim of the attack, RyAnne Fultz, described how her screen was taken over by flashing patterns, which caused her to "lock up" and be unable to move or speak until her son intervened to close the browser. Fultz, like many victims, had never experienced such an intense seizure from an online source before, illustrating the dangers of this emerging form of cyber harm Wired reports.

More recently, in 2019, the Epilepsy Foundation was similarly attacked during National Epilepsy Awareness Month. Hackers infiltrated the foundation’s Twitter account and posted flashing images and GIFs designed to induce seizures in its followers. The timing of the attack—during a period when individuals with epilepsy are more likely to be engaged online—was no coincidence, as the attackers sought to maximize harm.

Jacqueline French, chief medical officer at the Epilepsy Foundation, told Time, that while only about 3% of people with epilepsy are photosensitive, the impact of such attacks can be devastating. Many people do not even realize they have photosensitivity until they experience a seizure. The foundation has filed criminal complaints and is working with law enforcement to bring the attackers to justice.

 

UK Steps Forward With Zach’s Law

The United Kingdom has taken significant steps toward addressing the threat posed by these malicious attacks. In December 2021, after sustained advocacy from the Epilepsy Society and families of victims, the UK government moved closer to enacting a new piece of legislation known as "Zach's Law." Named after Zach Eagling, a young boy with epilepsy who was deliberately targeted with seizure-inducing images, the law aims to criminalize the act of sending flashing images with the intent to cause harm to individuals with photosensitivity.

The Epilepsy Society’s Chief Executive, Clare Pelham, praised the proposed law, calling it a “world-leading” initiative that addresses the dangers of the internet. She emphasized the importance of holding anonymous attackers accountable, stating that these actions amount to premeditated assault. The UK’s legislative efforts have garnered widespread attention, and many are hopeful that other countries will follow suit.

Zach's Law is part of a broader movement in the UK to protect vulnerable populations from online harm. The Online Safety Bill, which includes provisions for Zach's Law, seeks to modernize the country’s legal framework around online communication, which currently pre-dates social media platforms. This legislative update aims to give police and courts the tools necessary to tackle both existing illegal content and new offenses, including the malicious use of flashing images.

 

Impact on U.S. Victims

In the U.S., the impact of these attacks is equally severe, but progress toward a similar legislative framework has been slow. Victims are often left feeling helpless as they navigate an internet filled with unseen dangers.

Sophie Harries, a young woman from Somerset, shared her struggles with BBC News after being diagnosed with photosensitive epilepsy at 15. While she was initially able to avoid triggers like strobe lights at clubs, social media has introduced new, unpredictable dangers.

"Videos with strobe lights tend to play automatically," she said, explaining that such content puts her at constant risk of seizures.

The U.S. lacks a centralized regulatory mechanism to address this issue, and social media platforms do not have to provide warnings when flashing images appear, unlike traditional television programs. This gap has allowed cybercriminals to operate with relative impunity. Although companies like Facebook and Instagram have strict policies in place regarding abusive behavior, these platforms are still struggling to adequately protect users from targeted attacks, BBC News reports.

 

Looking Forward

As cyberattacks on epileptics and other vulnerable groups continue, the urgency for comprehensive legal and technological solutions grows. The United Kingdom's legislative efforts offer a glimpse of hope for victims, but the U.S. has yet to follow suit with similar protections. For now, people with epilepsy in the U.S. must rely on personal vigilance and the goodwill of platforms to mitigate risks.

The battle against cybercriminals is far from over, and until more countries adopt laws like Zach's Law, individuals with photosensitive conditions will remain at the mercy of an often unpredictable and dangerous digital world.

Click below to take action and protect people with photosensitivity.