The Low Orbit Ion Cannon

The Low Orbit Ion Cannon (LOIC) is a well known tool that has been used successfully to launch DDoS attacks. Before moving on, its imperative that we understand what DdoS attacks are. They stand for distributed denial of service, and is an attack whereby the normal traffic of a server will be disrupted by overwhelming it with malicious traffic.

These attacks have become quite common in recent days. They are mostly used by cyber criminals to extort businesses. A website can suffer losses due to downtime, so the criminals may for example threaten to attack the website and bring it down on a holiday. The business will lose a lot of potential sales because of this.

An overview of LOIC

The LOIC is a tool that is open source. Although it can be used for malicious purposes, its also used by penetration testers to do network stress testing. More recently JS LOIC and a web based version of the same have been released. The former is a JavaScript remake of the tool. Generally, the attackers use this tool to generate tonnes of TCP, HTTP GET, and UDP requests and send them to the victim server. For this attack and tool to work it is necessary to have a huge number of users doing it at the same time.

Criminal usage of LOIC

However, when you use the tool like that your IP address remains visible to anyone who inspects the affected servers. This doesn’t stop criminals from using the tool though, as we have seen in two attacks launched around 10 years ago. The first attack in 2008 targeted the Church of Scientology and the second targeted anti-piracy organizations, debit/credit card/financial websites and some entertainment industry organizations.

In order to remain hidden the criminals utilise the tool in combination with HIVEMIND mode. This refers to how they used internet relay chat servers to steal junk traffic by users and send them to the victim. In doing so they effectively created a botnet and were able to launch attacks without a global cordination amongst users.

How to use the tool

It is very simple to use this tool. After launching the application a target URL/IP needs to be input and the attack mode needs to be selected. The supported attack modes are TCP, UDP or HTTP flood. HTTP flood will send a volley of GET requests while on the other hand the former modes will send message strings and packets to specified ports on the target.

How it works and its limitations

LOIC will open multiple connection requests to a target server and then it will send a continuous barrage of messages to overload server and prevent it from responding to legitmiate requests from users. This tool is very easy to find and install and as such it has been used quite a lot by people to launch Ddos attacks without having much knowledege or experince in the matter. However, as said before this tool is not able to send its traffic through a proxy and it means that the attackers IP address will be visible and noticable to the victims.

Leave a Reply