This article stands for the proposition that a civilian who directly participates in hostilities in the cyber domain forfeits protection and becomes a lawful target. In support, this article first highlights the background and law applicable to direct participation in cyber hostilities in general. In particular, this article discusses the factors that render a civilian targetable by analyzing the traditional framework of direct participation in hostilities as applied through the Tallinn Manual. This discussion includes an understanding of what constitutes an "attack" and provides examples of which hostile roles render civilians targetable. Next, this article discusses some of the challenges that leaders will confront in responding to issues involving direct participation in cyber hostilities. These issues include sovereignty and "targeting law" under the law of armed conflict.