nanog mailing list archives

RE: LOIC tool used in the "Anonymous" attacks

From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Sat, 11 Dec 2010 12:34:20 -0500

-----Original Message-----
From: Marshall Eubanks [mailto:tme () multicasttech com]
Sent: Saturday, December 11, 2010 10:20 AM
To: North American Network Operators Group
Subject: LOIC tool used in the "Anonymous" attacks

Interesting analysis of the 3 "LOIC" tool variants used in the
"Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.

http://www.simpleweb.org/reports/loic-report.pdf

LOIC makes no attempt to hide the IP addresses of the attackers, making
it easy to trace them if they are using their own computers.


IMO, LOIC is a very unsophisticated tool.  There are methods the attackers
could have used to obfuscate their IP (while still employing a complete TCP
3-way handshake) if they were a bit more knowledgeable.  Although it's
equivalent to a sophomore year CS project, it has benefit of being "easy to
use" and so lowers the barrier to entry for would-be script kiddies looking
for a fun afternoon.  There is also evidence of its use in the wild outside
of "the hive".  

I think the skill level of these guys is clearly evidenced by one of the
members who forgot to remove the metadata from their most recent "press
release". 

Stefan

Current thread:

LOIC tool used in the "Anonymous" attacks Marshall Eubanks (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks Beavis (Dec 11)
- RE: LOIC tool used in the "Anonymous" attacks Stefan Fouant (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks John Adams (Dec 11)
- Re: LOIC tool used in the "Anonymous" attacks Leo Bicknell (Dec 11)
  - Re: LOIC tool used in the "Anonymous" attacks Marshall Eubanks (Dec 11)
- <Possible follow-ups>
- Re: LOIC tool used in the "Anonymous" attacks andrew.wallace (Dec 11)
  - Re: LOIC tool used in the "Anonymous" attacks mikea (Dec 13)
- Re: LOIC tool used in the "Anonymous" attacks andrew.wallace (Dec 11)