December 15, 2010, 2:31 PM — How was it that a loosely-coupled group of cyber-protestors could launch -- with varying degrees of success -- targeted distributed denial-of-service (DDoS) attacks against sites such as MasterCard, PayPal, PostFinance, and the website belonging to a Swedish prosecutor?
Turns out it's quite simple. All an attacker need do is download the open source network stress testing tool known as LOIC (the Low Orbit Ion Cannon) that is widely available. Launching an attack with LOIC is mind-numbingly easy: just point and shoot. LOIC will then flood the target with HTTP requests, UDP and TCP packets.
More about Wikileaks
- A Wikileaks timeline
- 12/8/2010 MasterCard, PayPal see Wikileaks revenge attacks
- 12/7/2010 Assange arrested in London
- 12/3/2010 Wikileaks downed by DDoS attack
Those participating in the pro-Wikileaks riots could operate on their own, or choose to connect their system to the "LOIC Hivemind" voluntary botnet that is centrally controlled by those behind Operation Payback.
Since the launch of the attacks, LOIC has been downloaded nearly 70,000 times.
Cyber protestors engaging in digital rioting such as web-site defacements, and denial-of-service attacks, and even inserting messages in malware have existed for some time. Such attacks being highly connected isn't new, either. They have been socializing on message boards and instantly communicating in Internet Relay Chat for many years.
What is new is the ease of which a tool such as LOIC can be put into action. "LOIC is extremely easy to use. It is designed so someone with little or no technical knowledge can quickly download and install it, and participate in DDoS activities," said Alex Cox, principal analyst at security firm NetWitness. "It also has the ability to be remotely controlled by a central IRC server, so that more technically competent operators can direct attacks en masse at targets, regardless of the participant's technical knowledge."
"There is a false belief that we are fending off casual attackers," said Joshua Corman, research director, enterprise security at the 451 Group. "However, I don't think the casual attacker exists any more. Just consider how powerful tools like Metasploit have become. There's also the malware kits that make obfuscating malware or building botnets trivial. You don't need to know anything to launch a successful attack anymore," said Corman.