Downloads of DoS Attack Tool LOIC Spike

wiredmikey writes "As Anonymous initiated what it said will be the 'largest attack ever on government and music industry sites' in response to actions taken by the Justice Department against operators of file sharing site Megaupload.com, downloads of a popular DoS attack tool have spiked. While the Denial of Service tool known as the 'Low Orbit Ion Cannon' (LOIC) was developed by the 'good guys' to stress test websites, it has been a favorite tool of Anonymous to take its targets offline via denial of service attacks. Interactions seen on Twitter and IRC, made it clear that the action against MegaUpload has sparked many more individuals to get involved in the online protests and download the LOIC to take part in the attacks and has resulted in a massive spike in downloads according Slashdot sister site Sourceforge."

Re:I took a LOIC in the ass

[Osgeld]

"Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#."

God the AC's round here are getting fucking dumber

Those downloading LOIC...

[wbr1]

Those now downloading LOIC are not Anonymous.

Seriously.. their IP has been logged!

They're fools if they're not behind 7 proxies

[DanTheManMS]

After Operation Payback (the widespread use of LOIC against Bank of America, PayPal, and other entities that refused to process payments to Wikileaks), the FBI got involved. Raids were made. A freshman student at my own college was raided and had all his electronics taken away, and that was just for passively being an operator in an IRC channel that coordinated the attacks, not even running the tool himself.

As an above poster said, LOIC is not anonymous. I hope these script kiddies aren't so foolish as to make the same mistakes twice.

Re:And now script kiddies everywhere

[Anonymous Coward]

Yes, that's what we've called script kiddies since at least 1993.

Script Kiddie = Someone who calls themselves a hacker, but doesn't actually know what they are doing, just using tools made by others.

Back in the day, you could knock windows machines offline, steal the DUN passwords and then jack their accounts and do more mayhem using programs written by others. The peak was around the time of the Back Oriface utility... some dumb ISP's installed this scriptkiddieware onto their servers, and lolz were had.

Windows has never been particularly secure operating system, but back in the Windows 3.1 and Windows 95 era, (before PPP was standard in the DUN) the security was non-existant. To this day I never save passwords when prompted to. Likewise ICS(NAT) was a new thing in Windows 98, which allowed for sharing internet connections with networked devices. It was also possible to reverse this and dial-in to machines that had two lines (or a backup dialout line,) and share the internet connections.

Even as late as Windows XP SP1, there were still tools out there that can crash windows machines by simply connecting them to the internet without a firewall.

Overall, that was the "fun years", when you could claim ignorance. As of Windows Vista, Windows is actually secure enough to not become infected the second you plug it in. Nowadays, most "hacking" to take down sites consists of just DDoS, and someone with a single connection can't overload someone else willy nilly. You have to get an army to do it. You want to see a potential SOPA solution? Anyone caught downloading infringing material must have their internet connection degraded to 512K down/up, (some ISP's have 1Mbit plans) upon warning sent via email. Clicking on a link in the email to acknowledge reading it, then restores the connection, and then leaves a 24 hour window in which no more emails will be sent. This way if an IP address is found "participating in malicious or illegal activity" it can just be crippled once to get the attention of the subscriber. If they continue past that point, they are not guaranteed to keep their internet access.

I can assure you, especially with children, that all it takes is a warning every few months to get them to stop. But you have to add an embarrassing component to it, like DPI'ing the filename being transferred.

Re:They're fools if they're not behind 7 proxies

[andydread]

according to an episode of Mythbusters sugar does not work. Bleach on the other hand....

Re:Those downloading LOIC...

[symbolset]

LOIC has a javascript implementation where you can load a seemingly innocent page and then go to bed. Your browser will then hammer the affected sites 100,000 times an hour - and it's not your fault - because you can't be expected to know that a simple page can do that.

Re:initiating first post blast

[sjames]

Nor has this.

Re:And now script kiddies everywhere

[SuricouRaven]

You might be surprised how weak some servers are. There are tools known as Slowloris and Anoctopus (They function in exactly the same way) that will disable a lot of servers with ease from even a low-bandwidth connection.

Re:Fight the power, Anon!

[dissy]

We just got done with a well-constructed, well-reasoned, well-executed protest against SOPA and PIPA, and we killed those bills dead as a *direct result*.

That simply has not happened.

The sponsor of SOPA has recently also pushed new anti-childpornography [loc.gov] laws through the house and congress, in preparation for attaching SOPA as a rider.

He has already admitted the ONLY problem with the last SOPA was that he let the public know about it [theverge.com], giving them time to express their dislike, and has stated he learned from that mistake.

As in, the damaging effects, the destruction it will cause, and the fact people are against it, he doesn't see any of that as a problem. Only that the public had time to counter it.

This time next year, SOPA *WILL* be law.

* Note I am not arguing in favor of DDoS either. You are quite right in that such attacks have not helped anything one bit, and are not part of any functioning solution.