What Is HOIC?

Sam Biddle February 9, 2012 10:30 AM

Anonymous is on a destruction spree lately — after Megaupload was killed, their reaction was swift and powerful. They made it look easy — and that’s because thanks to the HOIC (High Orbit Ion Cannon), it is. Here’s the newest hacker superweapon.

It’s the newest way Anonymous is attacking websites…

Anonymous relies on the mob, corralled by a vanguard of elites. It may have a serious brain trust at the top, but Anonymous’ power — like any other popular movement — lies in its ability to arm the unskilled. When Anon wants to knock down a website, it organises a heap of followers around one target, armed with software (HOIC) that overloads a server with fake visitors — a simulated flood of malicious traffic that pushes a site to its breaking point. And once a website is down, this software keeps it down.

…and is basically the old LOIC…

Last year it was all about the Low Orbit Ion Cannon — an easy to use tool preferred by 4chan and Anonymous miscreants who wanted to attack websites. The LOIC made hacking so easy, all you needed was fingers, eyeballs, and a basic understanding of some written language:

The idea behind LOIC is that it can allow you to participate in attacks even if you’ve no clue how to hack. Just download a copy of LOIC (available for Windows, Mac, and Linux!), punch in the target information like a URL or an IP address and zap.

It was the hacking equivalent of microwaving your dinner. Now, it’s evolved and pumped way the hell up.

…that is still just as easy to use…

A child could use the HOIC — and that’s what makes it so dangerous. Pretty much anyone with eyeballs and a bone to pick can find HOIC via Google, install it in a couple of minutes, and be ready to go. All you need to do is type in a target website and click fire.

…but blasts websites better than ever…

The HOIC has some diabolical tricks up its sleeve. First, it cranks out more dummy traffic — meant to overwhelm and crash a server with more fake “visitors” than it can handle — with a magnitude that outstrips anything the LOIC was capable of: one Anon told me he’s able to fire off as much as 2MB per second using HOIC. Part of the supercharging comes from the use of “boosters” — custom scripts that spread malicious traffic across a range of target sub-pages, rather than just one. For example: instead of hitting EvilSite.com, a booster will knock EvilSite.com/about.html, EvilSite.com/news.html, etc, all forged to look like the traffic is coming from a variety of spots. Think shotgun versus pistol.

…while keeping Anonymous safe(r).

“Most good firewalls have been written to block loic attacks,” another Anon tells me, owing to the fact that it’s been a 4chan standby for years. HOIC, on the other hand, is a newer weapon, and sites are less likely to be prepared for it. The use of boosters also confuses online defenses, turning a focused, easy to trace beam into an overwhelming scattershot. But HOIC can’t turn any Anon into a lone wolf — an operative who actively uses the newest cannon said at least 50 users are necessary to give their targeted site enough of a walloping to take it down and keep it down.

Discuss

(18 Comments)

[–]
wsDK_II
Thursday, February 9, 2012 at 10:58 AM
WTF??? this is NOT new, it has been around for YEARS!!!
i have been using this since 1st year uni, i loved it when the IRC patch came in, so easy to coordinate with other users :D
also not technicially illegal :)

[–]
X
Thursday, February 9, 2012 at 11:03 AM
So tell me again why you’re pretty much showing people how to take down websites?

[–]
Shane
Thursday, February 9, 2012 at 11:56 AM
Its a tech site – They could just as well be warning web administrators of a vulnerability they may be aware of. Open your mind a little, and stop looking at things so one sided.

[–]
Shane
Thursday, February 9, 2012 at 11:57 AM
*May be unaware of

[–]
X
Thursday, February 9, 2012 at 12:38 PM
Well if they were trying to warn them, then why not post links or have a paragraph in the article about ways to protect yourself from such attacks?

[–]
wsDK_II
Thursday, February 9, 2012 at 12:00 PM
So tell me again why you’re pretty much showing people how you dont understand what anon is about?

[–]
X
Thursday, February 9, 2012 at 12:15 PM
How is this showing people what they are about? It’s not a manifesto of any kind.

[–]
Cameron
Thursday, February 9, 2012 at 12:24 PM
What that they’re a bunch of immature little kids who follow the will of others like sheep (as proven with the operation of this software!) who do nothing to actually further the causes they are trying to promote?

[–]
Teal
Friday, February 10, 2012 at 10:49 AM
The whole point of Anonymous is it is anyone. Your neighbor, maybe a CEO, maybe a manager, maybe the tradesman who comes around to repair your stuff. It’s anyone. Kids are a little more involved yes, but they’re definitely _not_ the movement.

[–]
Michael
Thursday, February 9, 2012 at 11:57 AM
Sounds like a great load testing tool for web devs.

[–]
Ammusionist
Thursday, February 9, 2012 at 12:17 PM
Is it just me, or is Anonymous about putting Justice in the hands of those who cannot be held responsible for its use or misuse?

[–]
Kat
Thursday, February 9, 2012 at 10:18 PM
Well, wasn’t the original logo of Anonymous ‘do it for the lulz’?

[–]
jeremy
Thursday, February 9, 2012 at 12:51 PM
Easy to block by anybody with a clue, any website that lacks a reverse-proxy webfront or CDN is run by people who have no idea. Squid your inbound ports and log transport layer details. Block the f%$^ers at the transport layer in the front automatically if it supports it for an hour or so (NOT based on source IP, you might block a big NAT) per event , done. If you are feeling really nasty there are some active counter attacks, but only turn them on when the IDS scripts detect a sustained spike in mutiple wierdness (log anomoly detection) – Black ICE baby :-). Web admins of the world unite – we have a right to not get widdled on by faceless twerps. If you are lazy just use a public webfront like akamai – that is defeat these a-shlekers nicely, and akamai will block them for you with thier own funky anti-DOS CDN goodness. Enjoy you ride while you can anon, because we admins are onto your script-kiddy tricks ;-)

[–]
Hesh
Thursday, February 9, 2012 at 1:10 PM
lol ‘script-kiddy tricks’ took down some very important sites. clearly you are about the rest. maybe throw in an job application to the companies that had their sites take down you might get a job there… am i right??? yeah.. lol

[–]
Ozoneocean
Thursday, February 9, 2012 at 2:51 PM
Just because they’re important, doesn’t mean they have clever or diligent web admins.
It sounds like Jeremy knows his field better than you.

[–]
HSR
Thursday, February 9, 2012 at 1:25 PM
Jeremy, please provide details of your sites, if your so tuff. All talk I reckon.

[–]
X
Thursday, February 9, 2012 at 1:49 PM
Look out, internet tough guy in the house.

[–]
Jase
Thursday, February 9, 2012 at 3:25 PM
lol Watch me flex my interceps! :p

What Is HOIC?