Low Orbit Ion Cannon, my ass


blog From the Sydney Morning Herald comes news of a new weapon which the angry hordes (including one Sydneysider) are deploying to make war on the infidel websites of PayPal, Visa and Mastercard for dumping support for rogue internet agent WikiLeaks:

A Sydney man, whose identity is known to this website but spoke on condition of anonymity, said the group used an application called Low Orbit Ion Cannon (LOIC) to carry out the attacks. Each user of the program voluntarily signs up to be part of a “botnet” of computers and their collective power is used to take down websites.

For those who are curious, the application is downloadable from Sourceforge and is basically a glorified ping flood shell script, weighing in at 130kb and appearing to be based on Visual C#. It appears to use technical terms such as “IMMA CHARGIN MAH LAZER” to direct a flood of packets at any given destination.

l33t. Well … *cough* … maybe not. This is more or less the equivalent of throwing a brick at a full-back in a Melbourne pub. Sure, you’ll make your point, but your target will know where to find you afterwards. Oh, wait — that already happened last time.

Image credit: Cropped Delimiter screenshot of the Low Orbit Ion Cannon application


  1. This whole DDoS thing is kinda lame if you ask me. First of all, from what I understand all they “attacked” was http://www.visa.com and http://www.mastercard.com – that is, the corporate home page, not anything that has anything to do with actual financial transactions. Who cares if the home page is not available for a few hours? “Sorry for the inconvenience, we’ll be back online shortly.”

    Secondly, all they’ve actually achieved is cementing in the “corporate mind” of Visa and Mastercard the idea that wikileaks is an “illegal” organisation and that they made the right decision in shutting them down. What do they think was going to happen?

  2. Yeah, it’s a ping flood script. What were you expecting it to be?

    A for being traceable, I’m not sure. I certainly haven’t heard of people being traced for using it, but I suspect if they were, they’d just say “well I didn’t do it, and my computer had a virus at the time” – they’d just be another DDoS zombie.

    Also I believe the idea is that a large group hit the same target at once with their LOICs. I’m not sure how many are left in OP now, I suspect it’s a lot less than originally, but the WikiLeaks action might have got them some new recruits.

    Also your “what happened last time” example probably isn’t a good one – I’m not sure Slayo used LOIC, by the sound of it he used an exploit to get root and install Poison Ivy. A different action and one that’s a lot more easy to trace.

    Also I’d say that the decision to attack Mastercard and Visa’s public faces (websites) rather than anything business-orientated was so they could make a statement without damaging transactions. I don’t think OP really want to cause actual malicious damage, they just want to draw attention to themselves and their protests.

    • Well, I did expect that it would just be a ping flood script, but I found it quite amusing that something so simple could be described as a “Low Orbit Ion Cannon” and have such sensationalist graphics associated with it :) Most of the app’s 130kb in size would have to be the graphics :)

      I would say this sort of thing is definitely traceable. Ultimately, everything on the internet is traceable if you have enough resources, and the financial companies targeted here definitely do. I have really not seen a lot of stuff at this level that could not be traced. It’s really only when you start to get to the level of a Black Hat hacker that you start to have a few problems; I’m sure for a Visa or a Mastercard, tracking down a few script kiddies on the other side of the globe is not going to be much of an issue.

      As for the intent … of course it’s just a stunt — any attack on a website is. However, I’m sure there are some transactional elements to all of those websites — definitely so with Paypal — and so any downtime would cause customer disruption, and ultimately, business. That’s why I think Anonymous; and the script kiddies concerned; are playing with fire here. What normally happens in these cases is that things go quiet for a few months while the police and the companies concerned muster their resources; then prosecutions start to happen.

      • The name an graphics are merely for amusement, to keep with the theme of “firing” at a website. Participating in the attack is voluntary, therefore it is important to keep the spirit up.

        Yes, it may be a simple tool, but it’s just that… a tool of protest.

      • Actually LOIC is a little more sophisticated than a mere ping flood which is something anyone can do from a DOS prompt. It can send a string of HTTP and TCP requests which can’t be ignored by the server unlike pings which can be easily filtered. I’ve actually used it to stress test some web servers at work, and it’s quite effective.

  3. visa.com still down. who said loic was crap. By the way, after having a server I manage at the brunt of a ddos attack, there is no tracing. the server is down and cannot respond to the flood of requests let alone log and trace anything. It has taken 5000+ users to take down visa.com – good luck if you can prosecute to be able to do that – and the claims that “my pc was infected”. Also plenty of free proxies to hide behind as well to also further limit tracing.

  4. loic is way more then a flood of ping requests. Most home routers can be configured to ignore ping requests and if ping requests is all it took then you can just do that straight from the command prompt – who would need an app to do that!

  5. DDOS is a tech version of organizing a protest in a way to disrupt as many innocent bystanders as possible.

    It is a bit lame, but whats more lame is stupid laws that can put ddos’ers in jail for YEARS.

    The legal system will always persecutes techies because its based on _historical_ precedents, it will never be upto date with cases that are pushing new boundaries.

    Same deal with the G-man going after wikileaks and not the newspapers, its just lame.

    Government fails at being modern ! (stop press)

  6. It’s not the same as throwing a brick at somebody in a bar. Tens of thousands of them are out there and a tiny fraction has been caught. And that just makes them that much better. How long has there been an internet? Have they stopped viruses?

Comments are closed.