Visit us at it-sa 2024!

Low Orbit Ion Cannon

What is the Low Orbit Ion Cannon?

The Low Orbit Ion Cannon (LOIC) is an easy-to-use open-source network stress testing tool that is often misused for illegal denial-of-service (DoS) attacks.

At one look

01. Low Orbit Ion Cannon: Definition
02. How does Low Orbit Ion Cannon work?
03. Is the Low Orbit Ion Cannon legal?
04. Are there any known examples of attacks using Low Orbit Ion Cannon?
05. How can you defend against traffic overload attacks by Low Orbit Ion Cannon?
06. Low Orbit Ion Cannon: What do you need to know?

Low Orbit Ion Cannon: Definition

Written in the C# programming language, the Low Orbit Ion Cannon (LOIC) was originally developed by Praetox Technology as a tool for network stress testing. The name is derived from a fictional weapon of mass destruction from the computer game series “Command & Conquer”. Today, LOIC, which is now available as an open source program and web version, is mainly abused for illegal traffic overload attacks. Thanks to its user-friendly interface, even attackers with no technical know-how are able to use the tool to carry out coordinated DoS and DDoS attacks.

How does Low Orbit Ion Cannon work?

The operation of the LOIC is relatively simple: Attackers only need to configure a few settings to launch an attack. The Low Orbit Ion Cannon then “bombards” the target with masses of TCP packets, UDP packets or HTTP requests in order to overload the web server and thus paralyze the targeted service.

However, several attackers have to join forces to accomplish this, because one lone attacker cannot generate enough malicious traffic using LOIC. For a coordinated DDoS attack, the Low Orbit Ion Cannon can be operated in so-called “Hive Mind” mode. Several users connect their LOIC clients via an IRC server to form a voluntary botnet, which can then be controlled remotely from a central computer. The more LOIC instances that are interconnected in this way, the greater the impact of the coordinated attack.

Is the Low Orbit Ion Cannon legal?

The stress test tool itself is legal and freely available on the Internet. It should be noted, however, that it is only legal to perform load tests on your own IT infrastructures. Unauthorized use of the Low Orbit Ion Cannon against third-party targets violates the laws of most countries. In Germany, this is considered computer sabotage under § 303b StGB (German Criminal Code) and is subject to criminal prosecution. Attackers face fines and/or several years in prison.

Those who use LOIC for illegal overload attacks should expect to be quickly identified and prosecuted. Such attacks leave the IP addresses of the attackers visible to the target and they cannot be disguised via a proxy server, as the attack would otherwise hit the proxy instead of the actual target.

Are there any known examples of attacks using Low Orbit Ion Cannon?

The Low Orbit Ion Cannon was primarily used by the hacker collective Anonymous and members of the 4chan forum for several noteworthy DDoS attacks:

Project Chanology

In early 2008, Anonymous, together with supporters from the 4chan forum, used the LOIC for a series of DDoS attacks on Scientology websites. The hacker collective took this action in response to a copyright lawsuit filed against Youtube by the Church of Scientology. The Scientology organization had demanded that the video service and other websites delete a leaked video featuring actor Tom Cruise.

Operation Payback

Beginning in September 2010, Anonymous conducted multiple DDoS attacks against the websites of financial institutions, industry associations, and government agencies as part of “Operation Payback” using Low Orbit Ion Cannon. The hacker collective used these attacks to protest against the closure of the torrent site Pirate Bay and the blocking of Wikileaks’ donation account. The attacks were directed at the Motion Picture Association of America, the Recording Industry Association of America and the U.S. Copyright Office, among others. Later, Bank of America, Paypal and credit card companies such as Visa and Mastercard were also affected after they refused to forward donations to the whistleblower organization Wikileaks.

Operation Megaupload

In early 2012, Anonymous initiated DDoS attacks via LOIC in response to the closure of the file hosting company Megaupload. Targets included the websites of the FBI, the U.S. Department of Justice, U.S. film and music industry associations, and several record labels. According to the hacker collective, it was its largest attack campaign ever up to that point – a total of 5,635 people with their own LOIC instance are said to have participated.

How can you defend against traffic overload attacks by Low Orbit Ion Cannon?

Small LOIC attacks that attempt to overload a website with HTTP requests are still relatively easy to fend off. In such cases, it is sufficient to identify the IP addresses of the attackers and block or reject the attack traffic by means of a local firewall. In contrast, defending against TCP or UDP flood attacks, as well as larger HTTP flood attacks originating from hundreds or even thousands of LOIC clients simultaneously, requires a Web Application Firewall (WAF) or dedicated DDoS protection at the application level (Layer 7).

Protection systems for the network and transport layer (Layer 3 and 4), for example, do not recognize any difference between an HTTP flood attack and a valid download. Accordingly, to reliably detect attacks and secure a website or web application, companies need DDoS protection at all relevant layers. This is the only way operators can prevent attack-related disruptions and outages, which often result in lost revenue, image and trust.

Cybersecurity Solutions by Myra

DDoS Protection

Myra DDoS Protection provides you with fully automatic protection against malicious requests and overload attacks. Even in the event of an imminent attack, your web applications stay available at all times.

Learn more

Hyperscale WAF

The Myra Hyperscale WAF protects your web applications against malicious access and vulnerability exploits. Thanks to simple integration and configuration, it can be set up in no time at all.

Learn more

CDN

First-class user experience thanks to fast page loading and minimal latency: With the Myra High Performance CDN, all static and dynamic content on your website is delivered with high performance.

Learn more

Secure DNS

Myra Secure DNS offers you a reliable and powerful solution for securing your critical web applications. Manage your name resolution with ease and protect yourself against DNS hijacking.

Learn more

Deep Bot Management

Say goodbye to malicious bots forever. Myra Deep Bot Management creates unique fingerprints for each bot and thus enables an optimal response to every request.

Learn more

Certificate Management

No more problems with expired SSL/TLS certificates. Increase the security of your digital assets with Myra Certificate Management and encrypt all your domains automatically.

Learn more

Low Orbit Ion Cannon: What you need to know

Low Orbit Ion Cannon is a network stress testing tool that allows people without technical knowledge to perform illegal overload attacks on websites, web applications and APIs with just a few clicks. The tool enables coordinated HTTP, TCP and UDP flood attacks, the power of which increases with the number of LOIC instances inter-connected via the botnet. To effectively protect against such attacks, enterprises should deploy dedicated DDoS protection at the application level.

Want to learn more about our solutions, use cases and best practices for attack defense? In our download area you will find product sheets, fact sheets, white papers and case studies.

Go to download section

Responsible Disclosure Legal notice Privacy policy Privacy Settings Terms and Conditions