Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the

public domain The public domain (PD) consists of all the creative work to which no exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly waived, or may be inapplicable. Because those rights have expired, ...

and is currently available on several open-source platforms.

Use

LOIC performs a DoS attack (or, when used by multiple individuals, a

DDoS attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...

) on a target site by flooding the server with TCP, UDP, or HTTP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets. The software inspired the creation of an independent

JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...

version called ''JS LOIC'', as well as LOIC-derived web version called ''Low Orbit Web Cannon''. These enable a DoS from a

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...

Countermeasures

Security experts quoted by the BBC indicated that well-written

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...

rules can filter out most traffic from DDoS attacks by LOIC, thus preventing the attacks from being fully effective. In at least one instance, filtering out all UDP and ICMP traffic blocked a LOIC attack. Firewall rules of this sort are more likely to be effective when implemented at a point upstream of an application server's Internet uplink to avoid the uplink from exceeding its capacity. LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used.

Notable uses

Project Chanology and Operation Payback

LOIC was used by Anonymous (a group that spawned from the /b/ board of 4chan) during

Project Chanology Project Chanology (also called Operation Chanology) was a protest movement against the practices of the Church of Scientology by members of Anonymous, a leaderless Internet-based group. "Chanology" is a combination of "4chan" and "Scientology". ...

to attack websites from the Church of

Scientology Scientology is a set of beliefs and practices invented by American author L. Ron Hubbard, and an associated movement. It has been variously defined as a cult, a Scientology as a business, business, or a new religious movement. The most recent ...

, once more to (successfully) attack the Recording Industry Association of America's website in October 2010, and it was again used by Anonymous during their Operation Payback in December 2010 to attack the websites of companies and organizations that opposed

WikiLeaks WikiLeaks () is an international non-profit organisation that published news leaks and classified media provided by anonymous sources. Julian Assange, an Australian Internet activist, is generally described as its founder and director and ...

Operation Megaupload

In retaliation for the shutdown of the file sharing service

Megaupload Megaupload Ltd was a Hong Kong-based online company established in 2005 that operated from 2005 to 2012 providing online services related to file storage and viewing. On 19 January 2012, the United States Department of Justice seized the do ...

and the arrest of four workers, members of Anonymous launched a DDoS attack upon the websites of

Universal Music Group Universal Music Group N.V. (often abbreviated as UMG and referred to as just Universal Music) is a Dutch– American multinational music corporation under Dutch law. UMG's corporate headquarters are located in Hilversum, Netherlands and its ...

(the company responsible for the lawsuit against Megaupload), the

United States Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United Stat ...

, the United States Copyright Office, the

Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...

, the

MPAA The Motion Picture Association (MPA) is an American trade association representing the five major film studios of the United States, as well as the video streaming service Netflix. Founded in 1922 as the Motion Picture Producers and Distribu ...

Warner Music Group Warner Music Group Corp. ( d.b.a. Warner Music Group, commonly abbreviated as WMG) is an American multinational entertainment and record label conglomerate headquartered in New York City. It is one of the " big three" recording companies and t ...

and the RIAA, as well as the

HADOPI The French HADOPI law or Creation and Internet law (french: Haute Autorité pour la Diffusion des Œuvres et la Protection des droits d'auteur sur Internet, ; or, loosely in English, "Supreme Authority for the Distribution of Works and Protection o ...

, all on the afternoon of January 19, 2012, through LOIC. In general, the attack hoped to retaliate against those who Anonymous members believed harmed their digital freedoms.

Origin of name

The LOIC application is named after the ion cannon, a fictional weapon from many sci-fi works, video games, and in particular after its namesake from the ''

Command & Conquer ''Command & Conquer'' (''C&C'') is a real-time strategy (RTS) video game franchise, first developed by Westwood Studios. The first game was one of the earliest of the RTS genre, itself based on Westwood Studios' influential strategy game '' Dune ...

'' series. The artwork used in the application was a concept art for '' Command & Conquer 3: Tiberium Wars''.

Legality

While downloading and using the LOIC on one's own personal servers as a means of stress-testing is perfectly legal, at least in the United States, using the program to perform a DDoS attack on other parties could be considered a felony under the Computer Fraud and Abuse Act of 1986. This charge could result in up to 20 years of imprisonment, a fine or both.

References

External links

{{Commons category
Original LOIC with professional GUI

LOIC Special Lowbandwidth Operating Weapon

An improved version of LOWC forked from GoogleCode

LOIC IRC-0 IRC controlled version of LOIC-0

LOIC SLOW Now With IRC and Webpage as C&C

project development and downloads at SourceForge

LOIC project development and downloads at GitHub

Web version of LOIC at Google Code
Internet-based activism Denial-of-service attacks Free software programmed in C Sharp Public-domain software Public-domain software with source code Anonymous (hacker group) Botnets

Use