← Previous Post
Next Post →

Low Orbit Ion Cannon: Exposed

Tom Nardi March 4, 2012 6
Low Orbit Ion Cannon: Exposed

In December alone, LOIC was downloaded over 30,000 times by people who bought into the idea of being part of an “Internet Protest.”

The United States Department of Justice, the Recording Industry Association of America, the Motion Picture Association of America, Amazon, PayPal, MasterCard, Visa. If you’ve heard of the attacks on any of these organizations, then you’ve heard about the results of the Low Orbit Ion Cannon (LOIC). LOIC is the weapon of choice of Anonymous and other “hacktivist” groups, enabling them to command a voluntary botnet.

What is the LOIC? How does it work? What good does it do? In this article, The Powerbase is going to examine the LOIC, and give our readers the information they need to interpret these current events.

What is the LOIC?

HIVEMIND completely changes what we think of as a botnet; for the first time, users can voluntarily give up the control of their machine to a centrally controlled server.

The LOIC started it’s life as an open source network testing tool by Praetox Technologies, designed to allow developers to stress test their servers and applications to see how well they will perform under heavy load. Praetox eventually released LOIC into the public domain, and it was picked up by Anonymous for use in Project Chanology in January 2008. Through various revisions and updates, LOIC has gotten some new features. The most widely used version, developed by NewEraCracker, introduced the biggest addition from the original version: HIVEMIND, the ability to be remotely controlled via an IRC server. The user simply inputs the IRC server, and the LOIC tool does all the rest.

HIVEMIND completely changes what we think of as a botnet; for the first time, users can voluntarily give up the control of their machine to a centrally controlled server. By using LOIC’s HIVEMIND mode, you allow your computer to be a pawn in a game you have no control over, while the individuals pulling the strings remain safely hidden behind the scenes.

As for how the LOIC works, it uses concepts as old as the Internet itself. There’s nothing special going on here, the tool simply floods the target will malformed requests designed to slow down the server. If enough of instances of the LOIC are run on enough different computers, it’s possible to bring the entire website down as the system struggles to answer all of the requests. It’s important to realize that no permanent damage is done during such an attack, and in fact the effect of this attack is very similar to what would happen if a site suddenly got linked to from a very popular website like Slashdot. Such an attack is known as a “Denial of Service” (DoS) attack, and when it’s effects are amplified by running it on hundreds or thousands of systems at once, it is referred to as a “Distributed Denial of Service” (DDoS).

The Anonymous Puppet-master

LOIC Instructions

Misinformation is the name of the game.

One of the biggest misconceptions about the LOIC software is that the individual users are somehow “untraceable”, which gives would-be users a false sense of security. If anyone is protected by this software, it’s the groups who are commanding the botnet. The attacks leave no sign of their commanders on the targeted servers, but plenty of evidence to incriminate those who run LOIC. Others claim that, since LOIC is not considered a Trojan or virus by popular antivirus applications, that the software must be safe. This shows a grotesque misunderstanding of the topic, and is rather worrying in it’s own right.

This misinformation is an integral part of the plan. If the users of LOIC realized how easily they could be tracked while using the software, they simply wouldn’t get involved. By leading these people on, they can get large numbers of users to commit their computers and Internet connections to the whims of Anonymous (or whoever decides to leverage LOIC). Preying on Internet users who may not have a strong grasp of these concepts, putting them directly in harm’s way just to further your own goals, is despicable. In December alone, LOIC was downloaded over 30,000 times by people who bought into the idea of being part of an “Internet Protest.”

Pages: 1 2

TAGS » , , , , , ,
POSTED IN » Editorials, Internet, Security
About the author: Tom Nardi View all posts by
Tom is a Network Engineer with focus on GNU/Linux and open source software. He is a frequent submitter to "2600", and maintains a personal site of his projects and areas of research at: www.digifail.com .
  • Jonas Kulla

    Soo, how about you write your next article about how to distinguish between LOIC users and the million other malware-infested PCs, which are already part of a real botnet?

    Are you saying we should be able to arrest anyone without proper anti-virus?

    • Artimus

      Why would it matter? If your site/server is under DoS attack, you should be collecting data from the logs and sending it to the ISP’s abuse contact so they can start an investigation. A botnet is a botnet, the goal is to shut them down. Doesn’t matter who is pulling the strings.

      Are you saying we should only shut down botnets controlled by Anonymous?

      • Jonas Kulla

        No, what I’m saying is that their way of assuring wasn’t “LOIC isn’t traceable”, it was “if you ever get caught just pretend you didn’t know about anything, so they will just have to assume you’re another botnet victim, and will probably just tell you to install an anti-virus or something”.

  • Nick

    Well, although I don’t think the revolving seats behind anonymous have thought through the potential unwanted side effects of their actions. They are at least TRYING to stop the stupidity of censorship legislation.

    Exactly what are you doing? Are you only complaining about the methods of others whom are getting off their asses to stop censorship that you too would not like?

    Here’s the thing. When those who implement laws do things of detriment to the people they supposedly represent, fighting those laws puts you in direct conflict with them and thus there is risk. It cannot be any other way!

    Those who want censorship for whatever reason, are in positions that they can implement it via legislation. If we all do nothing because it is too risky, censorship will be implemented because there is nothing to stop it.

    So Tom please, as a network engineer who realises the benefits of free access to infinite amounts of information BEFORE you lose it completely, perhaps you could spend your time trying to work out a better way to stop censorship yourself rather then post scare pieces which can only do the opposite.

    This is a game, but a very serious game with very serious consequences should we not provide an opposing force to this madness.

    • Bates

      Is this a joke? What has Anon ever accomplished by DDoS’ing sites other than get their members arrested? And censorship? Really? They attack whoever they want for whatever random reason they have, it’s never been about censorship.

      Things like the Internet Blackout worked because it was a willing statement. This is just childish behavior that helps nobody.

  • Pingback: Low Orbit Ion Cannon Exposed | Linux | Syngu