Written in | Visual Basic, C# |
---|---|
Operating system | Windows, OS X, Linux [ citation needed ] |
Size | 1.8 MB |
Available in | English |
Type | Network stress-testing |
License | Public domain |
Website | sourceforge |
High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012. [1] [2]
HOIC was developed during the conclusion of Operation Payback by the hacktivist collective Anonymous. [3] As Operation Payback concluded there was massive pressure on the group from law enforcement agencies, which captured and prosecuted more than 13 individuals connected with the group. [4] This forced many members of the group to rethink their strategies and subsequently this part of the group launched Operation Leakspin. [5] However a large part of Anonymous remained focused on launching opt-in DDoS attacks. However the Low Orbit Ion Cannon was not powerful enough to launch attacks with such a limited number of users. HOIC was designed to remedy this with the ability to cause an HTTP Flood with as few as 50 user agents being required to successfully launch an attack, and co-ordination between multiple users leading to an exponential increase in the damage. [6] [7] HOIC was the first tool of its kind to have support for the so-called "booster files", configurable VBscript modules that randomize the HTTP headers of attacking computers, allowing thousands upon thousands of highly randomized combinations for user agents. [8] Apart from allowing user agents to implement some form of randomization countermeasures the booster files can and have been used to increase the magnitude of the attack. [9]
HOIC and its predecessor, the LOIC, are named after an ion cannon, a fictional directed-energy weapon described as firing beams of ions from a space-based platform onto Earth-based targets. Although ion cannons appear in many movies, television shows, and video games that have a science fiction-based setting, the ones depicted in the Command & Conquer series of video games are considered to be the inspiration for the graphics on the software's GUI and website. [10]
Simply described, HOIC is a program for sending HTTP POST and GET requests at a computer under attack, that uses a lulz-inspired graphical interface. [11] HOIC primarily performs a denial-of-service (DoS) attack and a DDoS attack when co-ordinated by multiple individuals. The denial-of-service (DoS) attack on the target URL is accomplished by sending excessive traffic in an attempt to overload the site and bring it down. This basic version of the attack can be customized by using the booster files which follow the VB 6 mixed with VB .NET syntax. In addition, HOIC can simultaneously attack up to 256 domains, making it one of the most versatile tools for hackers who are attempting to co-ordinate DDoS attacks as a group. [12]
The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, and set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer". [13]
The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection. [8] Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as Tor are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the Tor network will actually harm the network itself. [11] However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have less internet privacy laws than the rest of the world. [11] [14]
Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted. [15]
HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The Police and Justice Act 2006 of the United Kingdom amended the Computer Misuse Act 1990, and specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison. [16] In the United States, denial-of-service attacks may be considered a federal crime under the Computer Fraud and Abuse Act with penalties that include up to ten years of imprisonment. In 2013 criminal charges were brought against 13 members of Anonymous for participating in a DDoS attack against various websites of organizations including the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. They were charged with one count of "conspiracy to intentionally cause damage to a protected computer" for the events that occurred between September 16, 2010 and January 2, 2011. [17] DDoS attacks are federal offenses in the United States and are prosecuted by the Department of Justice under USC Title 18, Section 1030. [18]
In 2013, Anonymous petitioned the United States government via We the People, demanding that DDoS attacks be recognized as a form of virtual protest similar to Occupy protests. [19]
DDoS mitigation usually works on the principle of distribution, which is basically intelligent routing of traffic to avoid congestion and prevent overload at a single URL. Other methods to counter DDoS include installation of intrusion prevention system (IPS) and intrusion detection system (IDS) devices and application software. [20]
Anonymous were the first group to utilize High Orbit Ion Cannon publicly on January 19, 2012. After Megaupload, a file-sharing website, was shut down following federal agents raiding their premises, Anonymous launched an attack against the website of the US Department of Justice. As the DOJ website went offline Anonymous claimed success via twitter, saying "One thing is certain: EXPECT US! #Megaupload". [21] Over the course of the next few hours, several other websites were knocked offline and kept offline. These included websites belonging to the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA) and the BMI. [22] Finally, as the day drew to a close, the website belonging to the FBI was hit repeatedly before it ultimately succumbed to attacks and acquired a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack. [23] [24]
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.
In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.
Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.
Stacheldraht is malware which performs a distributed denial-of-service (DDoS) attack. It was written by "Thomas Stacheldraht", a member of the Austrian hacker group TESO. It was first released in 1999.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Megaupload Ltd was a Hong Kong–based online company established in 2005 that operated from 2005 to 2012 providing online services related to file storage and viewing.
The trinoo or trin00 is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits.
Prolexic Technologies was a US-based provider of security solutions for protecting websites, data centers, and enterprise IP applications from Distributed Denial of Service (DDoS) attacks at the network, transport, and application layers. It operated a DDoS mitigation platform and a global network of traffic scrubbing centers. Real-time monitoring and mitigation services were provided by a 24/7 security operations control center (SOCC). Prolexic indicated its DDoS mitigation services make websites, data centers and enterprise IP applications harder to take down via DDoS attacks.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain and is currently available on several open-source platforms.
Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.
Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.
We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.
Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.
SlowDroid is the first denial of service attack which allows a single mobile device to take down a network server requiring minimal bandwidth. The attack has been created for research purposes by Enrico Cambiaso and Maurizio Aiello for the IEIIT Institute of the National Research Council of Italy and released as an Android application.
Zemra is a DDoS Bot which was first discovered in underground forums in May 2012.
BASHLITE is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.
R.U.D.Y., short for R U Dead Yet, is an acronym used to describe a Denial of Service (DoS) tool used by hackers to perform slow-rate a.k.a. “Low and slow” attacks by directing long form fields to the targeted server. It is known to have an interactive console, thus making it a user-friendly tool. It opens fewer connections to the website being targeted for a long period and keeps the sessions open as long as it is feasible. The amount of open sessions overtires the server or website making it unavailable for the authentic visitors. The data is sent in small packs at an incredibly slow rate; normally there is a gap of ten seconds between each byte but these intervals are not definite and may vary to avert detection.
Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.