-----Original Message----- From: Marshall Eubanks [mailto:tme@multicasttech.com] Sent: Saturday, December 11, 2010 10:20 AM To: North American Network Operators Group Subject: LOIC tool used in the "Anonymous" attacks
Interesting analysis of the 3 "LOIC" tool variants used in the "Anonymous" Operation Payback attacks on Mastercard, Paypal, etc.
http://www.simpleweb.org/reports/loic-report.pdf
LOIC makes no attempt to hide the IP addresses of the attackers, making it easy to trace them if they are using their own computers.
IMO, LOIC is a very unsophisticated tool. There are methods the attackers could have used to obfuscate their IP (while still employing a complete TCP 3-way handshake) if they were a bit more knowledgeable. Although it's equivalent to a sophomore year CS project, it has benefit of being "easy to use" and so lowers the barrier to entry for would-be script kiddies looking for a fun afternoon. There is also evidence of its use in the wild outside of "the hive". I think the skill level of these guys is clearly evidenced by one of the members who forgot to remove the metadata from their most recent "press release". Stefan