LOIC (“Low Orbit Ion Cannon”) is an application developed by 4Chan-affiliated hackers designed to—when used en masse by thousands of anonymous users—launch Distributed Denial of Service (DDoS) attacks on websites. Like Visa.com and Mastercard.com, for instance.
It’s a pushbutton application…
The idea behind LOIC is that it can allow you to participate in attacks even if you’ve no clue how to hack. Just download a copy of LOIC (available for Windows, Mac, and Linux!), punch in the target information like a URL or an IP address and zap.
…that can be controlled by a central user…
The Windows version of LOIC has a “Hivemind” feature that lets you point your copy at an Internet Relay Chat server, allowing someone else—say, the Anon Admins behind Operation Payback, the campaign that is currently striking out against Visa, Mastercard, and other financial organisations in retaliation for their decision to stop doing business with Wikileaks—to control at what site all connected LOIC clients are aimed. And because it takes thousands of LOICs all pointed at a single site to make a real impact, letting a central administrator press the big button of website destruction makes the whole network more effective.
Giving hackers control of your computer by choice? Sounds dangerous. But because the LOIC client is open source, the chances that a virus or backdoor into a user’s own system could be a hidden payload is minimal.
…to launch a flood of killer internet packets…
LOIC basically turns your computer’s network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal.
But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered.
…with little risk to the user.
Because a DDoS knocks everything offline—at least when it works as intended—the log files that would normally record each incoming connection typically just don’t work. And even if they do, many LOIC users claim that another user was on their network or that their machine was part of a bot net—a DDoS client delivered by virus that performs like a hivemind LOIC, minus the computer owner actually knowing they are participating.