[133533] in North American Network Operators' Group
RE: LOIC tool used in the "Anonymous" attacks
daemon@ATHENA.MIT.EDU (Stefan Fouant)
Sat Dec 11 12:34:33 2010
From: "Stefan Fouant" <sfouant@shortestpathfirst.net>
To: "'Marshall Eubanks'" <tme@multicasttech.com>,
"'North American Network Operators Group'" <nanog@nanog.org>
In-Reply-To: <552A8A0C-1F5B-44EB-A75E-A028D5D31C26@multicasttech.com>
Date: Sat, 11 Dec 2010 12:34:20 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Marshall Eubanks [mailto:tme@multicasttech.com]
> Sent: Saturday, December 11, 2010 10:20 AM
> To: North American Network Operators Group
> Subject: LOIC tool used in the "Anonymous" attacks
>
> Interesting analysis of the 3 "LOIC" tool variants used in the
> "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
>
> http://www.simpleweb.org/reports/loic-report.pdf
>
> LOIC makes no attempt to hide the IP addresses of the attackers, making
> it easy to trace them if they are using their own computers.
IMO, LOIC is a very unsophisticated tool. There are methods the attackers
could have used to obfuscate their IP (while still employing a complete TCP
3-way handshake) if they were a bit more knowledgeable. Although it's
equivalent to a sophomore year CS project, it has benefit of being "easy to
use" and so lowers the barrier to entry for would-be script kiddies looking
for a fun afternoon. There is also evidence of its use in the wild outside
of "the hive".
I think the skill level of these guys is clearly evidenced by one of the
members who forgot to remove the metadata from their most recent "press
release".
Stefan
