Hopefully that sets the scene as to the significance of this kind of attack, let’s take a look at the mechanics of LOIC, DDoS and the possible ramifications for those who want to get involved. Prosecutors described Chris as “a cyber-criminal who waged a sophisticated and orchestrated campaign of online attacks on the computer systems of several major companies" and alleged the actions he was a part of caused damages of £3.5 million. Last week he was sentenced to 18 months imprisonment.
Last month (two years after the attack) he was convicted of conspiracy to impair the operation of computers and faced the prospect of up to 10 years in jail. This is Christopher “Nerdo” Weatherhead:Ĭhris was 20 years old when he was involved in the MasterCard attack. There have been countless DDoS attacks by hacktivists since, the latest newsworthy event being the takedown of the US sentencing commission website just this weekend in retaliation for the legal action against Aaron Swartz, undoubtedly a contributing factor to his recent tragic suicide.īut the results can also be devastating for those involved in orchestrating these attacks. The result can be devastating for the target MasterCard suffered major outages on at least two different occasions as a result of this a couple of years back. Here’s how it often begins, with a call to action for hacktivists to join in an organised DDoS:
The names or how active they presently are isn’t really the point though, I’m interested in looking at the nature of DDoS as this is where I see a lot of misunderstanding. They’ll usually be anonymous (that’s with a little “a”) and may associate themselves with groups such as Anonymous (with a big “A”) or others such as LulzSec and UGNazi. LOIC has shot to fame in recent years as the tool of choice for what we colloquially refer to as hacktivists, or in other words, folks with an axe to grind – usually for political purposes – who use the web to express their displeasure. But let’s not get ahead of ourselves, there are a few things to understand first. "In the past you had to have a certain amount of technical skill to participate, but now anyone can."įor security practitioners the big story within the pro-Wikileak and LOIC attacks may not have much to do about Wikileaks and the legalities or the politics of it all - and everything to do about how swiftly, and easily, online attackers can be called into action against any target they wish.It’s the Low Orbit Ion Cannon and yes, you can be arrested and sentenced to a prison term for using it to mount a distributed denial of service attack on a website. This is reflected in the many crimeware systems available in the underground, which includes DDOS, do-it-yourself botnet kits (Zeus, Spyeye, and many others) as well as exploit kits," he said. You don't need to know anything to launch a successful attack anymore," said Corman.Īnyone on the receiving end of a LOIC packet burst would be sure to agree, and how technically savvy the attacker happens to be is made mute by the ease and power of the attack.Ĭox agrees: "The attacker landscape is moving more toward "point-and-click" attack and exploitation tools. There's also the malware kits that make obfuscating malware or building botnets trivial. Just consider how powerful tools like Metasploit have become. "However, I don't think the casual attacker exists any more. "There is a false belief that we are fending off casual attackers," said Joshua Corman, research director, enterprise security at the 451 Group. "It also has the ability to be remotely controlled by a central IRC server, so that more technically competent operators can direct attacks en masse at targets, regardless of the participant's technical knowledge."
#LOW ORBIT ION CANNON INSTALL#
It is designed so someone with little or no technical knowledge can quickly download and install it, and participate in DDoS activities," said Alex Cox, principal analyst at security firm NetWitness. What is new is the ease of which a tool such as LOIC can be put into action. They have been socializing on message boards and instantly communicating in Internet Relay Chat for many years. Such attacks being highly connected isn't new, either. Since the launch of the attacks, LOIC has been downloaded nearly 70,000 times.Ĭyber protestors engaging in digital rioting such as web-site defacements, and denial-of-service attacks, and even inserting messages in malware have existed for some time. Those participating in the pro-Wikileaks riots could operate on their own, or choose to connect their system to the "LOIC Hivemind" voluntary botnet that is centrally controlled by those behind Operation Payback.
0 kommentar(er)
