In December alone, LOIC was downloaded over 30,000 times by people who bought into the idea of being part of an “Internet Protest.”[/one_fourth]
The United States Department of Justice, the Recording Industry Association of America, the Motion Picture Association of America, Amazon, PayPal, MasterCard, Visa. If you’ve heard of the attacks on any of these organizations, then you’ve heard about the results of the Low Orbit Ion Cannon (LOIC). LOIC is the weapon of choice of Anonymous and other “hacktivist” groups, enabling them to command a voluntary botnet.
What is the LOIC? How does it work? What good does it do? In this article, The Powerbase is going to examine the LOIC, and give our readers the information they need to interpret these current events.[/three_fourth]
What is the LOIC?
HIVEMIND completely changes what we think of as a botnet; for the first time, users can voluntarily give up the control of their machine to a centrally controlled server.
The LOIC started it’s life as an open source network testing tool by Praetox Technologies, designed to allow developers to stress test their servers and applications to see how well they will perform under heavy load. Praetox eventually released LOIC into the public domain, and it was picked up by Anonymous for use in Project Chanology in January 2008. Through various revisions and updates, LOIC has gotten some new features. The most widely used version, developed by NewEraCracker, introduced the biggest addition from the original version: HIVEMIND, the ability to be remotely controlled via an IRC server. The user simply inputs the IRC server, and the LOIC tool does all the rest.
HIVEMIND completely changes what we think of as a botnet; for the first time, users can voluntarily give up the control of their machine to a centrally controlled server. By using LOIC’s HIVEMIND mode, you allow your computer to be a pawn in a game you have no control over, while the individuals pulling the strings remain safely hidden behind the scenes.
As for how the LOIC works, it uses concepts as old as the Internet itself. There’s nothing special going on here, the tool simply floods the target will malformed requests designed to slow down the server. If enough of instances of the LOIC are run on enough different computers, it’s possible to bring the entire website down as the system struggles to answer all of the requests. It’s important to realize that no permanent damage is done during such an attack, and in fact the effect of this attack is very similar to what would happen if a site suddenly got linked to from a very popular website like Slashdot. Such an attack is known as a “Denial of Service” (DoS) attack, and when it’s effects are amplified by running it on hundreds or thousands of systems at once, it is referred to as a “Distributed Denial of Service” (DDoS).
The Anonymous Puppet-master
One of the biggest misconceptions about the LOIC software is that the individual users are somehow “untraceable”, which gives would-be users a false sense of security. If anyone is protected by this software, it’s the groups who are commanding the botnet. The attacks leave no sign of their commanders on the targeted servers, but plenty of evidence to incriminate those who run LOIC. Others claim that, since LOIC is not considered a Trojan or virus by popular antivirus applications, that the software must be safe. This shows a grotesque misunderstanding of the topic, and is rather worrying in it’s own right.
This misinformation is an integral part of the plan. If the users of LOIC realized how easily they could be tracked while using the software, they simply wouldn’t get involved. By leading these people on, they can get large numbers of users to commit their computers and Internet connections to the whims of Anonymous (or whoever decides to leverage LOIC). Preying on Internet users who may not have a strong grasp of these concepts, putting them directly in harm’s way just to further your own goals, is despicable. In December alone, LOIC was downloaded over 30,000 times by people who bought into the idea of being part of an “Internet Protest.”