Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain[2] and is currently available on several open-source platforms.[3][4]

Low Orbit Ion Cannon
Original author(s)Praetox Technologies
Final release
1.0.8 / 13 Dec 2014; 9 years ago (13 Dec 2014)[1]
Written inC#
Operating systemWindows, Linux, OS X, Android, iOS
Platform.NET, Mono
Size131 KB
Available inEnglish
TypeNetwork testing
LicensePublic domain
WebsiteSourceForge: LOIC

Use edit

LOIC performs a DoS attack (or, when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP, UDP, or HTTP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.[5]

The software inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.[6][7][8]

Countermeasures edit

Security experts quoted by the BBC indicated that well-written firewall rules can filter out most traffic from DDoS attacks by LOIC, thus preventing the attacks from being fully effective.[9] In at least one instance, filtering out all UDP and ICMP traffic blocked a LOIC attack.[10] Firewall rules of this sort are more likely to be effective when implemented at a point upstream of an application server's Internet uplink to avoid the uplink from exceeding its capacity.[10]

LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used.[11]

Notable uses edit

Project Chanology and Operation Payback edit

 
A screenshot of LOWC (Low Orbit Web Cannon) running in a web browser.

LOIC was used by Anonymous (a group that spawned from the /b/ board of 4chan) during Project Chanology to attack websites from the Church of Scientology, once more to (successfully) attack the Recording Industry Association of America's website in October 2010,[12] and it was again used by Anonymous during their Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks.[13][14]

Operation Megaupload edit

In retaliation for the shutdown of the file sharing service Megaupload and the arrest of four workers, members of Anonymous launched a DDoS attack upon the websites of Universal Music Group (the company responsible for the lawsuit against Megaupload), the United States Department of Justice, the United States Copyright Office, the Federal Bureau of Investigation, the MPAA, Warner Music Group and the RIAA, as well as the HADOPI, all on the afternoon of January 19, 2012, through LOIC.[15] In general, the attack hoped to retaliate against those who Anonymous members believed harmed their digital freedoms.[16]

Origin of name edit

The LOIC application is named after the ion cannon, a fictional weapon from many sci-fi works, video games,[17] and in particular after its namesake from the Command & Conquer series.[18] The artwork used in the application was a concept art for Command & Conquer 3: Tiberium Wars.

Legality edit

While downloading and using the LOIC on one's own personal servers as a means of stress-testing is perfectly legal, at least in the United States, using the program to perform a DDoS attack on other parties could be considered a felony under the Computer Fraud and Abuse Act of 1986. This charge could result in up to 20 years of imprisonment, a fine or both.[19]

See also edit

References edit

  1. ^ SourceForge: [1]
  2. ^ "Praetox Techlologies". Archived from the original on 2010-10-08.
  3. ^ "LOIC | Free Security & Utilities software downloads at". Sourceforge.net. Retrieved 2014-11-17.
  4. ^ "NewEraCracker/LOIC · GitHub". Github.com. Retrieved 2013-11-22.
  5. ^ "Pro-Wikileaks activists abandon Amazon cyber attack". BBC News. 9 December 2010.
  6. ^ Warren, Christina (December 9, 2010). "How Operation Payback Executes Its Attacks". Mashable.
  7. ^ "Command & Conquer FAQ/Walkthrough for Nintendo 64 by DTran - GameFAQs". www.gamefaqs.com. Retrieved 9 May 2017.
  8. ^ Chapple, Mike; Chapple, University of Notre Dame Mike; Seidl, David (1 August 2014). Cyberwarfare. Jones & Bartlett Publishers. ISBN 9781284058499. Retrieved 9 May 2017 – via Google Books.
  9. ^ "Anonymous Wikileaks supporters explain web attacks". BBC. 10 December 2010. Retrieved 12 December 2010.
  10. ^ a b "The attacks on GRC.COM" (PDF). GRC.com. 2001-02-06. Retrieved 2012-01-25.
  11. ^ Nardi, Tom (March 3, 2012). "Low Orbit Ion Cannon: Exposed". The Powerbase. Archived from the original on March 6, 2012. Retrieved March 4, 2012.
  12. ^ Hachman, Mark (October 29, 2010). "'Anonymous' DDoS Attack Takes Down RIAA Site". PC Magazine.
  13. ^ Moses, Asher (December 9, 2010). "The Aussie who blitzed Visa, MasterCard and PayPal with the Low Orbit Ion Cannon". The Age. Melbourne.
  14. ^ "Anonymous Wikileaks supporters mull change in tactics". BBC News. December 10, 2010.
  15. ^ "Anonymous Hackers Hit DOJ, FBI, Universal Music, MPAA And RIAA After MegaUpload Takedown". Forbes. Retrieved 2013-11-22.
  16. ^ "THE INFORMATION DEFENSE INDUSTRY AND THE CULTURE OF NETWORKS - Amodern". Amodern. Retrieved 2018-11-09.
  17. ^ Homeworld, Homeworld 2, Unreal Tournament 2004, Ogame, Ratchet & Clank: Up Your Arsenal, StarCraft
  18. ^ metatags generator (2012-09-27). "Low Orbit Ion Cannon". Archived from the original on September 27, 2012. Retrieved 2013-11-22.{{cite web}}: CS1 maint: unfit URL (link)
  19. ^ "18 U.S. Code § 1030 - Fraud and related activity in connection with computers". LII / Legal Information Institute. Retrieved 2018-10-07.

External links edit