Low Orbit Ion Cannon

Last updated
Low Orbit Ion Cannon
Original author(s) Praetox Technologies
Final release
1.0.8 / 13 Dec 2014;9 years ago (13 Dec 2014) [1]
Written in C#
Operating system Windows, Linux, OS X, Android, iOS
Platform .NET, Mono
Size 131 KB
Available in English
Type Network testing
License Public domain
Website SourceForge: LOIC

Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain [2] and is currently available on several open-source platforms. [3] [4]

Contents

Use

LOIC performs a DoS attack (or, when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP, UDP, or HTTP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets. [5]

The software inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser. [6] [7] [8]

Countermeasures

Security experts quoted by the BBC indicated that well-written firewall rules can filter out most traffic from DDoS attacks by LOIC, thus preventing the attacks from being fully effective. [9] In at least one instance, filtering out all UDP and ICMP traffic blocked a LOIC attack. [10] Firewall rules of this sort are more likely to be effective when implemented at a point upstream of an application server's Internet uplink to avoid the uplink from exceeding its capacity. [10]

LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used. [11]

Notable uses

Project Chanology and Operation Payback

A screenshot of LOWC (Low Orbit Web Cannon) running in a web browser. LOWC v.1.png
A screenshot of LOWC (Low Orbit Web Cannon) running in a web browser.

LOIC was used by Anonymous (a group that spawned from the /b/ board of 4chan) during Project Chanology to attack websites from the Church of Scientology, once more to (successfully) attack the Recording Industry Association of America's website in October 2010, [12] and it was again used by Anonymous during their Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks. [13] [14]

Operation Megaupload

In retaliation for the shutdown of the file sharing service Megaupload and the arrest of four workers, members of Anonymous launched a DDoS attack upon the websites of Universal Music Group (the company responsible for the lawsuit against Megaupload), the United States Department of Justice, the United States Copyright Office, the Federal Bureau of Investigation, the MPAA, Warner Music Group and the RIAA, as well as the HADOPI, all on the afternoon of January 19, 2012, through LOIC. [15] In general, the attack hoped to retaliate against those who Anonymous members believed harmed their digital freedoms. [16]

Origin of name

The LOIC application is named after the ion cannon, a fictional weapon from many sci-fi works, video games, [17] and in particular after its namesake from the Command & Conquer series. [18] The artwork used in the application was a concept art for Command & Conquer 3: Tiberium Wars .

Legality

While downloading and using the LOIC on one's own personal servers as a means of stress-testing is perfectly legal, at least in the United States, using the program to perform a DDoS attack on other parties could be considered a felony under the Computer Fraud and Abuse Act of 1986. This charge could result in up to 20 years of imprisonment, a fine or both. [19]

See also

Related Research Articles

<span class="mw-page-title-main">DALnet</span>

DALnet is an Internet Relay Chat (IRC) network made up of 39 servers, with a stable population of approximately 10,000 users in about 4,000 channels.
DALnet is accessible by connecting with an IRC client to an active DALnet server on ports 6660 through 6669, and 7000. SSL users can connect on port 6697 as well. The generic round-robin address is irc.dal.net.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

<span class="mw-page-title-main">Zombie (computing)</span> Compromised computer used for malicious tasks on a network

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Rizon is a large Internet Relay Chat (IRC) network with an average of around 20,000 users. The IRC network itself ranks number 5 among the largest IRC networks. Rizon is popular with many anime fansubbing groups who work online, many of whom provide their content through XDCC via IRC bots in their distribution channels. It is also used by many users of eRepublik as a means of communication. File sharing of other copyrighted material such as Warez is also common in some channels on the network.

A UDP flood attack is a volumetric denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.

<span class="mw-page-title-main">Stacheldraht</span> Malware for performing distributed denial of service attacks

Stacheldraht is malware which performs a distributed denial-of-service (DDoS) attack. It was written by "Thomas Stacheldraht", a member of the Austrian hacker group TESO. It was first released in 1999.

Megaupload Ltd was a Hong Kong–based online company established in 2005 that operated from 2005 to 2012 providing online services related to file storage and viewing.

The Tribe Flood Network or TFN is a set of computer programs to conduct various DDoS attacks such as ICMP flood, SYN flood, UDP flood and Smurf attack.

The trinoo or trin00 is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Slowloris (computer security)</span> Software for executing a denial-of-service attack

Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.

w3af Open-source web application security scanner

w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

<span class="mw-page-title-main">Megaupload legal case</span>

Multiple criminal indictments and enforcement actions were taken against Megaupload owner Kim Dotcom in various jurisdictions. On 19 January 2012 the United States Department of Justice seized and shut down the file-hosting site Megaupload.com and commenced criminal cases against its owners and others. On 20 January 2012 Hong Kong Customs froze more than 300 million Hong Kong dollars in assets belonging to the company.

<span class="mw-page-title-main">Slowdroid</span> Experimental denial of service attack

SlowDroid is the first denial of service attack which allows a single mobile device to take down a network server requiring minimal bandwidth. The attack has been created for research purposes by Enrico Cambiaso and Maurizio Aiello for the IEIIT Institute of the National Research Council of Italy and released as an Android application.

<span class="mw-page-title-main">High Orbit Ion Cannon</span> Denial-of-service attack tool

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.

Zemra is a DDoS Bot which was first discovered in underground forums in May 2012.

BASHLITE is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

<span class="mw-page-title-main">2020 Miami-Dade Public Schools DDoS attack</span>

On 3 September 2020, at 2:53 am EDT, a 16-year-old male from South Miami, Florida was arrested in connection with distributed denial-of-service (DDoS) attacks on the Miami-Dade County Public Schools's computer network, the fourth largest in the US, causing the system to crash during the first three days of the school year. It occurred as the school system was attempting to conduct internet-based instruction during the COVID-19 pandemic of 2020. After monitoring the IP addresses using the network, investigators concluded the teenager and several foreign actors had hacked the system. At the time, the school district had contracted Stride, Inc. to provide the software necessary for the internet-based instruction. Despite its price tag of $15.3 million, Stride was surprisingly susceptible to the attacks. Consequently, the school district sought the help of the FBI and U.S. Secret Service to investigate.

References

  1. SourceForge:
  2. "Praetox Techlologies". Archived from the original on 2010-10-08.
  3. "LOIC | Free Security & Utilities software downloads at". Sourceforge.net. Retrieved 2014-11-17.
  4. "NewEraCracker/LOIC · GitHub". Github.com. Retrieved 2013-11-22.
  5. "Pro-Wikileaks activists abandon Amazon cyber attack". BBC News. 9 December 2010.
  6. Warren, Christina (December 9, 2010). "How Operation Payback Executes Its Attacks". Mashable.
  7. "Command & Conquer FAQ/Walkthrough for Nintendo 64 by DTran - GameFAQs". www.gamefaqs.com. Retrieved 9 May 2017.
  8. Chapple, Mike; Chapple, University of Notre Dame Mike; Seidl, David (1 August 2014). Cyberwarfare. Jones & Bartlett Publishers. ISBN   9781284058499 . Retrieved 9 May 2017 via Google Books.
  9. "Anonymous Wikileaks supporters explain web attacks". BBC. 10 December 2010. Retrieved 12 December 2010.
  10. 1 2 "The attacks on GRC.COM" (PDF). GRC.com. 2001-02-06. Retrieved 2012-01-25.
  11. Nardi, Tom (March 3, 2012). "Low Orbit Ion Cannon: Exposed". The Powerbase. Archived from the original on March 6, 2012. Retrieved March 4, 2012.
  12. Hachman, Mark (October 29, 2010). "'Anonymous' DDoS Attack Takes Down RIAA Site". PC Magazine .
  13. Moses, Asher (December 9, 2010). "The Aussie who blitzed Visa, MasterCard and PayPal with the Low Orbit Ion Cannon". The Age . Melbourne.
  14. "Anonymous Wikileaks supporters mull change in tactics". BBC News . December 10, 2010.
  15. "Anonymous Hackers Hit DOJ, FBI, Universal Music, MPAA And RIAA After MegaUpload Takedown". Forbes. Retrieved 2013-11-22.
  16. "THE INFORMATION DEFENSE INDUSTRY AND THE CULTURE OF NETWORKS - Amodern". Amodern. Retrieved 2018-11-09.
  17. Homeworld, Homeworld 2, Unreal Tournament 2004, Ogame, Ratchet & Clank: Up Your Arsenal, StarCraft
  18. metatags generator (2012-09-27). "Low Orbit Ion Cannon". Archived from the original on September 27, 2012. Retrieved 2013-11-22.{{cite web}}: CS1 maint: unfit URL (link)
  19. "18 U.S. Code § 1030 - Fraud and related activity in connection with computers". LII / Legal Information Institute. Retrieved 2018-10-07.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.