Low Orbit Ion Cannon (LOIC) was originally developed by Praetox Technologies as an open-source network stress testing tool. It allowed developers to subject their servers to heavy network traffic loads for diagnostic purposes, but it has since been modified in the public domain through various updates and been widely used by
Anonymous
as a
DDoS
tool.
LOIC (which runs on both Microsoft Windows and Mac OS X) is a flooding tool used to generate a massive amount of network traffic in order to utilize network or application resources. Such a high rate of traffic results in performance degradation and potentially a loss of service. A user armed with this is can perform a denial-of-service (DoS) attack on a target site by flooding its server with illegitimate TCP, UDP, or HTTP packets. On its own, one computer running Low Orbit Ion Cannon cannot generate enough TCP, UDP, or HTTP requests at once to overwhelm the average web server. It takes thousands of computers all targeting a single server to have any real impact.
The IRC-based "Hive Mind" mode enables a LOIC user to connect his or her copy of LOIC to an IRC channel in order to receive a target and other attack parameters via an IRC topic message. Using many copies of Low Orbit Ion Cannon running in Hive Mind mode across many computers, a third party such as the "hacktivist" group Anonymous can take control of each copy of the tool simultaneously. With thousands of copies of LOIC attacking a single target, the effect on network performance can be much more significant than that of a "normal" coordinated Low Orbit Ion Cannon attack. Hive Mind mode effectively lets anyone with a computer participate in a distributed denial-of-service attack, as LOIC requires very little computer literacy to operate.
This tool has been used in several well-known attacks against large organizations including but not limited to Anonymous' Project Chanology, Operation Payback, and OpSony. Over 30,000 downloads of the tool were recorded between the 8th and 10th of December 2010 when Anonymous organized attacks on the websites of companies and organizations that opposed Wikileaks. Since the tool was utilized by a vast number of attackers in conjunction with a few advanced users employing their large botnets to launch additional DDoS attacks, many of the targeted sites suffered outages.
While LOIC is simple and effective, it does not make any attempt to spoof its users' IP addresses, and most volunteers running the tool are unaware of this lack of anonymity. If any form of non-anonymous attack is not routed through an anonymizer such as Tor, I2P, or some form of proxy server, the attacker's IP address can be logged by his or her target. An ISP can then use a list of logged attacking IP addresses to identify the individuals participating in an attack, allowing for the proper law enforcement actions to be taken against them.
Several countries including the United States have taken legal actions against Low Orbit Ion Cannon attackers based on the IP information. On January 27, 2011, five people were arrested in the UK in connection with the Operation Payback attacks, while in June 2011 another three users were arrested in Spain for their involvement in other attacks. On June 14 2011, Turkish police arrested 32 individuals who allegedly attacked government websites in protest against the introduction of state level web filtering; these individuals are thought to be members of Anonymous that used the LOIC tool as a means of protest. As a result of various arrests, the popularity of the tool began to decline towards the end of 2011.