The Low Orbit Ion Cannon (LOIC) is a well known tool that has been used successfully to launch DDoS attacks. Before moving on, its imperative that we understand what DdoS attacks are. They stand for distributed denial of service, and is an attack whereby the normal traffic of a server will be disrupted by overwhelming it with malicious traffic.
These attacks have become quite common in recent days. They are mostly used by cyber criminals to extort businesses. A website can suffer losses due to downtime, so the criminals may for example threaten to attack the website and bring it down on a holiday. The business will lose a lot of potential sales because of this.
An overview of LOIC
Criminal usage of LOIC
However, when you use the tool like that your IP address remains visible to anyone who inspects the affected servers. This doesn’t stop criminals from using the tool though, as we have seen in two attacks launched around 10 years ago. The first attack in 2008 targeted the Church of Scientology and the second targeted anti-piracy organizations, debit/credit card/financial websites and some entertainment industry organizations.
In order to remain hidden the criminals utilise the tool in combination with HIVEMIND mode. This refers to how they used internet relay chat servers to steal junk traffic by users and send them to the victim. In doing so they effectively created a botnet and were able to launch attacks without a global cordination amongst users.
How to use the tool
It is very simple to use this tool. After launching the application a target URL/IP needs to be input and the attack mode needs to be selected. The supported attack modes are TCP, UDP or HTTP flood. HTTP flood will send a volley of GET requests while on the other hand the former modes will send message strings and packets to specified ports on the target.
How it works and its limitations
LOIC will open multiple connection requests to a target server and then it will send a continuous barrage of messages to overload server and prevent it from responding to legitmiate requests from users. This tool is very easy to find and install and as such it has been used quite a lot by people to launch Ddos attacks without having much knowledege or experince in the matter. However, as said before this tool is not able to send its traffic through a proxy and it means that the attackers IP address will be visible and noticable to the victims.