Low Orbit Ion Cannon (LOIC) is an
open-source network
stress testing and
denial-of-service attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
application written in
C#. LOIC was initially developed by Praetox Technologies, however it was later released into the
public domain
The public domain (PD) consists of all the creative work to which no exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly waived, or may be inapplicable. Because those rights have expired, ...
and is currently available on several open-source platforms.
Use
LOIC performs a
DoS attack (or, when used by multiple individuals, a
DDoS attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...
) on a target site by flooding the server with
TCP,
UDP, or HTTP packets with the intention of disrupting the service of a particular host. People have used LOIC to join
voluntary botnets.
The software inspired the creation of an independent
JavaScript
JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
version called ''JS LOIC'', as well as LOIC-derived web version called ''Low Orbit Web Cannon''. These enable a DoS from a
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
.
Countermeasures
Security experts quoted by the BBC indicated that well-written
firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spr ...
rules can filter out most traffic from DDoS attacks by LOIC, thus preventing the attacks from being fully effective.
In at least one instance, filtering out all
UDP and
ICMP traffic blocked a LOIC attack.
Firewall rules of this sort are more likely to be effective when implemented at a point upstream of an application server's Internet uplink to avoid the uplink from exceeding its capacity.
LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used.
Notable uses
Project Chanology and Operation Payback
LOIC was used by
Anonymous (a group that spawned from the
/b/ board of 4chan) during
Project Chanology
Project Chanology (also called Operation Chanology) was a protest movement against the practices of the Church of Scientology by members of Anonymous, a leaderless Internet-based group. "Chanology" is a combination of "4chan" and "Scientology". ...
to attack websites from the Church of
Scientology
Scientology is a set of beliefs and practices invented by American author L. Ron Hubbard, and an associated movement. It has been variously defined as a cult, a Scientology as a business, business, or a new religious movement. The most recent ...
, once more to (successfully) attack the
Recording Industry Association of America's website in October 2010, and it was again used by
Anonymous during their
Operation Payback in December 2010 to attack the websites of companies and organizations that opposed
WikiLeaks
WikiLeaks () is an international non-profit organisation that published news leaks and classified media provided by anonymous sources. Julian Assange, an Australian Internet activist, is generally described as its founder and director and ...
.
Operation Megaupload
In retaliation for the shutdown of the file sharing service
Megaupload
Megaupload Ltd was a Hong Kong-based online company established in 2005 that operated from 2005 to 2012 providing online services related to file storage and viewing.
On 19 January 2012, the United States Department of Justice seized the do ...
and the arrest of four workers, members of Anonymous launched a DDoS attack upon the websites of
Universal Music Group
Universal Music Group N.V. (often abbreviated as UMG and referred to as just Universal Music) is a Dutch– American multinational music corporation under Dutch law. UMG's corporate headquarters are located in Hilversum, Netherlands and its ...
(the company responsible for the lawsuit against Megaupload), the
United States Department of Justice
The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United Stat ...
, the
United States Copyright Office, the
Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
, the
MPAA
The Motion Picture Association (MPA) is an American trade association representing the five major film studios of the United States, as well as the video streaming service Netflix. Founded in 1922 as the Motion Picture Producers and Distribu ...
,
Warner Music Group
Warner Music Group Corp. ( d.b.a. Warner Music Group, commonly abbreviated as WMG) is an American multinational entertainment and record label conglomerate headquartered in New York City. It is one of the " big three" recording companies and t ...
and the
RIAA, as well as the
HADOPI
The French HADOPI law or Creation and Internet law (french: Haute Autorité pour la Diffusion des Œuvres et la Protection des droits d'auteur sur Internet, ; or, loosely in English, "Supreme Authority for the Distribution of Works and Protection o ...
, all on the afternoon of January 19, 2012, through LOIC. In general, the attack hoped to retaliate against those who Anonymous members believed harmed their digital freedoms.
Origin of name
The LOIC application is named after the
ion cannon, a fictional weapon from many sci-fi works, video games, and in particular after its namesake from the ''
Command & Conquer
''Command & Conquer'' (''C&C'') is a real-time strategy (RTS) video game franchise, first developed by Westwood Studios. The first game was one of the earliest of the RTS genre, itself based on Westwood Studios' influential strategy game '' Dune ...
'' series. The artwork used in the application was a concept art for ''
Command & Conquer 3: Tiberium Wars''.
Legality
While downloading and using the LOIC on one's own personal servers as a means of stress-testing is perfectly legal, at least in the United States, using the program to perform a DDoS attack on other parties could be considered a felony under the
Computer Fraud and Abuse Act of 1986. This charge could result in up to 20 years of imprisonment, a fine or both.
See also
*
Fork bomb
In computing, a fork bomb (also called rabbit virus or wabbit) is a denial-of-service attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unav ...
*
High Orbit Ion Cannon
High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by ...
*
LAND
Land, also known as dry land, ground, or earth, is the solid terrestrial surface of the planet Earth that is not submerged by the ocean or other bodies of water. It makes up 29% of Earth's surface and includes the continents and various isla ...
*
Ping of death
A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer.
A correctly formed ping packet is typically 56 bytes in size, or 64 bytes when the Internet Control ...
*
ReDoS A regular expression denial of service (ReDoS)
is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate. The attack exploits the fact that many reg ...
*
Zemra
*
White Hat (computer security)
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabili ...
References
External links
{{Commons category
Original LOIC with professional GUI LOIC Special Lowbandwidth Operating WeaponAn improved version of LOWC forked from GoogleCode LOIC IRC-0 IRC controlled version of LOIC-0LOIC SLOW Now With IRC and Webpage as C&Cproject development and downloads at SourceForgeLOIC project development and downloads at GitHubWeb version of LOIC at Google Code
Internet-based activism
Denial-of-service attacks
Free software programmed in C Sharp
Public-domain software
Public-domain software with source code
Anonymous (hacker group)
Botnets