A new study finds that a tool used to carry out distributed denial of service (DDoS) attacks on behalf of whistle blower Web site Wikileaks may, itself, leak the identity of those running the software.

Researchers from the University of Twente, Netherlands, looked at the Low Orbit Ion Cannon (LOIC), a DDoS tool being used by the umbrella group Anonymous and found that the tool fails to shield the Internet Protocol (IP) address of computers running the tool, according to a published research paper. That could allow authorities to round up DDoS participants merely by analyzing the source of the junk traffic their computers sent to target Web pages, including those of Paypal, Mastercard and Visa.

The LOIC was initially developed as a stress testing application. The program works by sending a series Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Hyper-Text Transfer Protocol (HTTP) requests to a target host. The tool allows the user to select a target, a method of attack as listed above, and ways to customize the specific request. Most anti malware firms categorize LOIC as a hacking tool and will warn of its presence on systems they protect.

Anonymous, a loose affiliation of hackers and online libertarian activists has engaged in a spirited online defense of Wikileaks since payments vendors and others began taking steps to isolate the organization. Denial of service attacks were Anonymous’s weapon of choice, with LOIC providing a way for non-technical users to take part in the attacks.

Anonymous uses a modified version of the tool with two modes of operation. The tool can be controlled manually, where the target and method of attack are determined by the user and launched from their personal computer. However, the tool may also be used automatically, where a user runs the program on their computer, but allows third parties to control it, utilizing their computing resources to launch DDoS attacks remotely. In essence, the automatic option allows users to voluntarily join a botnet.

Savvy Internet users may  avoid detection by running the LOIC tool through an anonymization service that conceals their IP address, such as Tor. But researchers found that the LOIC tool itself has no built in mechanism for obscuring a user’s IP address. That means users who decided to weigh in on behalf of Anonymous were doing so without enjoying anonymity, themselves. And that could make them targets of prosecution now or in the future.

International data retention laws require that commercial Internet providers store Internet usage data for at least six months. So even for those who are no longer actively participating in an attack, there is still a record of them having done so in the past. To date, there has only been one arrest directly linked to the DDoS attacks in defense of WIkileaks. On December 9, Dutch officials arrested a 16 year old boy in The Hague and charged him with taking part in the attacks. It is not known whether the boy, who confessed to participating in the DDoS attack organized by Anonymous, was using the LOIC program.

Categories: Compliance, Data Breaches, Malware, Social Engineering, Vulnerabilities

Comments (5)

  1. Anonymous
    2

    Hacking is generally the action of manipulating data or view /  operation of a 3rd party against their will. It can be retrieving and accessing data too. Overloading a server like DDoS can’t erally be seen as hacking though some governments may have laws that could interperet this as malicious, in which case, the recipient of such”attack” may or may not have the political swing to generate action. 

    Banking institutions generally have a bit of swing. I didn’t participate due to lack of awareness. But if others are wiling to take the sword in the name of true justice and accountability.  . then i’d put my two balls on the line too.

    We should all be sick of being told that we are lied to for our own benefit. We are lied to so we stay quiet and sleep at night in blissfull ignorance of the blood on our hands.

    Communists, Dictators and the likes, are simply more upfront than our politicians, they are all doing the same thing.

  2. Anonymous
    3

    Test 1

    3 computers, 1000mb/s lan

    each computer 1.9ghz dual core 64bit with 4gb ram.

    Comp1 floods Comp2 and Comp3 idles.

    Comp2 is lagged.

    Test 2

    Same as before, all 3 have been rebooted.

    Comp1 and Comp3 flood Comp2.

    Comp2’s network interface shuts down, fixed by a reboot.

    What have we learned today? LOIC is useful and cool, but dangerous if used for evil.

  3. computers from warehouse
    4

    It’s always amazing reading or commenting on a blog from which we get a full knowledge. Same as here I have found some really interesting information which is simply a great boost to my knowledge.

  4. Brian
    5

    I think that is debatable, but I will look into it and make the change if necessary.

     

    Thanks for the comment. 

Comments are closed.