Low Orbit Ion Cannon DDoS Attacks and the Perils of Cooperation

By  USDR

From Sesame Street all the way up to grad school and beyond, the importance of being able to work as a team is impressed upon us all. As famed social psychologist Jonathan Haidt once said, “The most powerful force ever known on this planet is human  cooperation.”

However, there is a second half to that Haidt quote, and it quite rightly calls cooperation a force for both construction and destruction. Collaborative efforts like the DDoS attacks coming from the Low Orbit Ion Cannon (LOIC) probably aren’t what our kindergarten teachers had in mind when they sang all those songs about cooperation but, you know, maybe they should’ve been more  specific.

Paved with good  intentions

The LOIC is an open-source application that is tremendously easy to access. This is because it was originally designed to help web developers stress test their own servers against network traffic to ensure it can perform at the level it needs to, and to help diagnose any issues. The LOIC is still used for these purposes, flooding targets with junk requests to see how the system stands up to the crush of TCP, UDP and HTTP GET requests. All a user needs to do is enter a target URL and select the type of requests they’d like to let  fly.

When a single user is operating the cannon, it can’t generate enough requests to do any real damage to a target system so there’s no real risk for developers. As such, it’s a valuable tool. It isn’t until that dastardly cooperation enters the picture that things start to go  awry.

A force for distributed denial of service  destruction

The LOIC is designed to stress servers, but in order to stress a server to the point that it would be overwhelmed and knocked offline like in a distributed denial of service or DDoS attack, a large number of users would have to use it to direct junk requests at a single target. It’s entirely possible the creators of the LOIC never considered a scenario in which thousands of people get together to use the cannon and launch a DDoS attack, but nowadays it’s almost inconceivable that this wouldn’t be a natural outcome, and we are indeed living in the age of LOIC  DDoS.

Thanks to social media and discussion forums it’s evidently been easy for cyberattackers to find likeminded individuals willing to take down a website using the LOIC. The LOIC has notably been used in instances of hacktivism perpetrated by Anonymous as well as 4chan. Anonymous perhaps most famously used it to exact revenge on the US sentencing commission for the suicide of programmer and hacktivist Aaron Swartz, who was facing prison time in a federal penitentiary for computer-related crimes at the time of his death. Anonymous also used the cannon to attack organizations that worked in opposition of WikiLeaks, including MasterCard, Visa, Sony and PayPal, and both Anonymous and 4chan have taken aim at the Church of  Scientology.

Crime and  punishment

Use of the LOIC is very likely going to trend upwards as political unrest continues to grow and more and more people look for ways they can contribute to protests and help make their voices heard, in a manner of  speaking.

To the average person the LOIC may seem like an easy way to get involved politically, but while it may be simple to access and use the cannon, it isn’t risk-free. DDoS attacks are illegal under the Computer Fraud and Abuse Act in the United States and similar acts around the world, and if it seems unlikely that law enforcement is going to go after people participating in crowd-sourced DDoS attacks, then tell that to Christopher Weatherhead. After being convicted of conspiracy to impair the operation of computers in the attacks on WikiLeaks-opposing organizations he was sentenced to 18 months in  prison.

Malicious  momentum

Something being illegal isn’t going to stop it from happening, of course, and it’s all too easy for those thousands of users taking part in LOIC DDoS attacks to reason that even the best law enforcement agencies can’t catch ‘em all. Plus there’s all those other DDoS attacks being perpetrated across the internet by professional attackers, DDoS for hire service users, script kiddies, vengeful organizations, and people just looking to have a little fun by causing  chaos.

So no, DDoS attacks aren’t going to slow down anytime soon, and the LOIC will continue to be abused in this manner. If change is going to come, it’s going to have to come in the form of websites and organizations getting serious about their distributed denial of service attack  mitigation.

While small-scale attacks like the kind coming from cheap DDoS for hire services could very well be handled by network traffic monitors and basic firewalls designed to detect and then block malicious requests, group effort attacks from the LOIC or attacks coming from more expensive for-hire services or professional attackers require nothing short of a dedicated DDoS security solution. This means professional DDoS mitigation that uses deep packet inspection and granular traffic analysis to identify attack traffic and route it to a scrubbing server before it can reach the target network. This is the only way to keep malicious traffic or requests from impacting the website or  service.

It can be disheartening to grow up and realize that large groups of people are ready and willing to work together on endeavors with such unfortunate outcomes, but perhaps we can take solace in the idea of website owners and organizations cooperating with DDoS mitigation services to block the effects of cooperative DDoS attacks. Hey look, cooperation all over the  place.

All opinions expressed on USDR are those of the author and not necessarily those of US Daily Review.