Jump to content

High Orbit Ion Cannon: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
KolbertBot (talk | contribs)
Bots
1,166,042 edits
m Bot: HTTP→HTTPS (v485)
GreenC bot (talk | contribs)
Bots
2,364,129 edits
 
(30 intermediate revisions by 25 users not shown)
Line 1: Line 1:
{{Short description|Denial-of-service attack tool}}
{{Infobox software
{{Infobox software
| name = High Orbit Ion Cannon
| name = High Orbit Ion Cannon
Line 4: Line 5:
| caption = HOIC running on Windows 10
| caption = HOIC running on Windows 10
| programming language = [[Visual Basic]], [[C Sharp (programming language)|C#]]
| programming language = [[Visual Basic]], [[C Sharp (programming language)|C#]]
| operating system = [[Microsoft Windows|Windows]], [[OS X]], [[Linux]]
| operating system = [[Microsoft Windows|Windows]], [[OS X]], [[Linux]]{{source?|date=January 2019}}
| size = 1.8 MB
| size = 1.8 MB
| language = [[English language|English]]
| language = [[English language|English]]
Line 12: Line 13:
}}
}}


'''High Orbit Ion Cannon''' ('''HOIC'''), is an [[open-source]] network [[Stress testing (software)|stress testing]] and [[denial-of-service attack]] application written in [[BASIC]] designed to attack as many as 256 [[URL]]s at the same time. It has been designed to replace the [[Low Orbit Ion Cannon]] which was developed by Praetox Technologies and later released into the [[public domain]]. The security advisory for HOIC was released by Prolexic Technologies in February 2012.<ref>{{cite web|url=http://www.stateoftheinternet.com/resources-web-security-threat-advisories-2012-high-orbit-ion-cannon.html |title=High Orbit Ion Cannon (HOIC) Threat Advisory |publisher=stateoftheinternet.com |date=23 February 2012 |accessdate=18 April 2015}}</ref><ref>{{cite press release |publisher=[[Prolexic Technologies]] |via=[[PRWeb]] |title=Prolexic Issues Threat Advisory Outlining DDoS Protection Strategies for High Orbit Ion Cannon; Latest Stealth Attack Tool Targets Hundreds of URLs Simultaneously |url=http://www.prweb.com/releases/2012/2/prweb9221167.htm |date=23 February 2012 |accessdate=18 April 2015}}</ref>
'''High Orbit Ion Cannon''' ('''HOIC''') is an [[open-source software|open-source]] network [[Stress testing (software)|stress testing]] and [[denial-of-service attack]] application designed to attack as many as 256 [[URL]]s at the same time. It was designed to replace the [[Low Orbit Ion Cannon]] which was developed by Praetox Technologies and later released into the [[public domain]]. The security advisory for HOIC was released by Prolexic Technologies in February 2012.<ref>{{cite web|url=http://www.stateoftheinternet.com/resources-web-security-threat-advisories-2012-high-orbit-ion-cannon.html |title=High Orbit Ion Cannon (HOIC) Threat Advisory |publisher=stateoftheinternet.com |date=23 February 2012 |accessdate=18 April 2015}}</ref><ref>{{cite press release |publisher=[[Prolexic Technologies]] |via=[[PRWeb]] |title=Prolexic Issues Threat Advisory Outlining DDoS Protection Strategies for High Orbit Ion Cannon; Latest Stealth Attack Tool Targets Hundreds of URLs Simultaneously |url=http://www.prweb.com/releases/2012/2/prweb9221167.htm |date=23 February 2012 |accessdate=18 April 2015 |archive-date=24 September 2015 |archive-url=https://web.archive.org/web/20150924132916/http://www.prweb.com/releases/2012/2/prweb9221167.htm |url-status=dead }}</ref>


== Development ==
== Development ==
HOIC was developed during the conclusion of [[Operation Payback]] by the [[hacktivism|hacktivist]] collective [[Anonymous (Group)|Anonymous]].<ref>{{cite web|url=http://security.radware.com/knowledge-center/DDoSPedia/hoic-high-orbit-ion-cannon/|title=Definition of HOIC |publisher=radware.com |date=2012-09-27 |accessdate= 2015-04-18}}</ref> As [[Operation Payback]] concluded there was massive pressure on the group from law enforcement agencies, which captured and prosecuted more than 13 individuals connected with the group.<ref>{{cite news|last1=Curtis|first1=Sophie|title=Who are the most notorious hacking groups?|url=https://www.telegraph.co.uk/technology/internet-security/11371524/Who-are-the-most-notorious-hacking-groups.html |accessdate=18 April 2015 |date=27 January 2015}}</ref><ref>{{cite news|title=Anonymous busted: 13 hacktivists indicted over Operation Payback |url=http://rt.com/usa/anonymous-operation-payback-indictment-704/|accessdate= 2015-04-18|date= 3 October 2013}}</ref> This forced many members of the group to rethink their strategies and subsequently this part of the group launched [[Operation Leakspin]].<ref>{{cite web|first=Sean |last=Bonner |url=http://www.boingboing.net/2010/12/09/anonymous-stops-drop.html |title=Anonymous Stops Drop |work=[[Boing Boing]] |date=9 December 2010 |accessdate=18 April 2015}}</ref> However a large part of Anonymous remained focused on launching opt-in DDoS attacks. However the [[Low Orbit Ion Cannon]] was not powerful enough to launch attacks with such a limited number of users. Therefore, HOIC was designed to remedy this with the ability to cause [[HTTP Flood]] with a low number of user agents with as few as 50 users being required to successfully launch an attack, and co-ordination between multiple users leading to an exponential increase in the damage.<ref>{{cite web|url=https://gizmodo.com/5883146/what-is-hoic|title=What is HOIC |publisher=Sam Biddle |date=18 February 2012 |accessdate=18 April 2015}}</ref><ref>{{cite web|url=http://www.kotaku.com.au/2014/12/how-ddos-attacks-work-and-why-theyre-so-hard-to-stop/|title=How DDoS Attacks Work, And Why They're So Hard To Stop |work=[[Kotaku]] |publisher=[[Gawker Media]] |first=Jason |last=Schreier |date=31 December 2014 |accessdate=18 April 2015}}</ref> HOIC was the first tool of its kind to have support for the so-called "booster files", configurable VBscript modules that randomize the [[HTTP headers]] of attacking computers, allowing thousands upon thousands of highly randomized combinations for user agents.<ref name="prolex120216"/> Apart from allowing user agents to implement some form of randomization countermeasures the booster files can and have been used to increase the magnitude of the attack.<ref>{{cite web |url=https://www.rsaconference.com/writable/presentations/file_upload/sec-w04_final.pdf |title=DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION |publisher=[[RSA Conference]] |first=Stephen |last=Gates |date=15 May 2013 |accessdate=18 April 2015}}</ref>
HOIC was developed during the conclusion of [[Operation Payback]] by the [[hacktivism|hacktivist]] collective [[Anonymous (Group)|Anonymous]].<ref>{{cite web|url=http://security.radware.com/knowledge-center/DDoSPedia/hoic-high-orbit-ion-cannon/|title=Definition of HOIC |publisher=radware.com |date=2012-09-27 |accessdate= 2015-04-18}}</ref> As [[Operation Payback]] concluded there was massive pressure on the group from law enforcement agencies, which captured and prosecuted more than 13 individuals connected with the group.<ref>{{cite news|last1=Curtis|first1=Sophie|title=Who are the most notorious hacking groups?|url=https://www.telegraph.co.uk/technology/internet-security/11371524/Who-are-the-most-notorious-hacking-groups.html |accessdate=18 April 2015 |date=27 January 2015}}</ref> This forced many members of the group to rethink their strategies and subsequently this part of the group launched [[Operation Leakspin]].<ref>{{cite web|first=Sean |last=Bonner |url=http://www.boingboing.net/2010/12/09/anonymous-stops-drop.html |title=Anonymous Stops Drop |work=[[Boing Boing]] |date=9 December 2010 |accessdate=18 April 2015}}</ref> However a large part of Anonymous remained focused on launching opt-in DDoS attacks. However the [[Low Orbit Ion Cannon]] was not powerful enough to launch attacks with such a limited number of users. HOIC was designed to remedy this with the ability to cause an [[HTTP Flood]] with as few as 50 user agents being required to successfully launch an attack, and co-ordination between multiple users leading to an exponential increase in the damage.<ref>{{cite web|url=https://gizmodo.com/5883146/what-is-hoic|title=What is HOIC |publisher=Sam Biddle |date=18 February 2012 |accessdate=18 April 2015}}</ref><ref>{{cite web|url=http://www.kotaku.com.au/2014/12/how-ddos-attacks-work-and-why-theyre-so-hard-to-stop/|title=How DDoS Attacks Work, And Why They're So Hard To Stop |work=[[Kotaku]] |publisher=[[Gawker Media]] |first=Jason |last=Schreier |date=31 December 2014 |accessdate=18 April 2015}}</ref> HOIC was the first tool of its kind to have support for the so-called "booster files", configurable VBscript modules that randomize the [[HTTP headers]] of attacking computers, allowing thousands upon thousands of highly randomized combinations for user agents.<ref name="prolex120216"/> Apart from allowing user agents to implement some form of randomization countermeasures the booster files can and have been used to increase the magnitude of the attack.<ref>{{cite web |url=https://www.rsaconference.com/writable/presentations/file_upload/sec-w04_final.pdf |title=DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION |publisher=[[RSA Conference]] |first=Stephen |last=Gates |date=15 May 2013 |accessdate=18 April 2015}}</ref>


== Nomenclature ==
== Nomenclature ==
HOIC and its predecessor, the [[LOIC]], are named after an [[ion cannon]], a fictional [[directed-energy weapon]] described as firing beams of [[ion]]s from a space-based platform onto Earth-based targets. Although ion cannons appear in many movies, television shows, and video games that have a science fiction-based setting, the ones depicted in the ''[[Command & Conquer (series)|Command & Conquer]]'' series of video games are considered to be the inspiration for the graphics on the software's GUI and website.<ref>{{cite web|publisher=AirDemon.net |title=Low Orbit Ion Cannon |via=[[Archive.org]] |url=http://www.airdemon.net/loic.html |date=27 September 2012 |accessdate=18 April 2015 |deadurl=yes |archiveurl=https://web.archive.org/web/20120927082809/http://www.airdemon.net/loic.html |archivedate=September 27, 2012 }}</ref>
HOIC and its predecessor, the [[LOIC]], are named after an [[ion cannon]], a fictional [[directed-energy weapon]] described as firing beams of [[ion]]s from a space-based platform onto Earth-based targets. Although ion cannons appear in many movies, television shows, and video games that have a science fiction-based setting, the ones depicted in the ''[[Command & Conquer (series)|Command & Conquer]]'' series of video games are considered to be the inspiration for the graphics on the software's GUI and website.<ref>{{cite web|publisher=AirDemon.net |title=Low Orbit Ion Cannon |via=[[Archive.org]] |url=http://www.airdemon.net/loic.html |date=27 September 2012 |accessdate=18 April 2015 |url-status=dead |archiveurl=https://web.archive.org/web/20120927082809/http://www.airdemon.net/loic.html |archivedate=September 27, 2012 }}</ref>


== Use ==
== Use ==
Simply described, HOIC is a program for sending [[POST (HTTP)|HTTP POST]] and [[Hypertext Transfer Protocol#Request methods|GET]] requests at a computer under attack, that uses a [[lulz]]-inspired [[Graphical user interface|graphical interface]].<ref name="arstec120216"/> HOIC primarily performs a [[Denial-of-service attack|denial-of-service (DoS) attack]] and a [[Distributed denial-of-service attack|DDoS attack]] when co-ordinated by multiple individuals. The [[Denial-of-service attack|denial-of-service (DoS) attack]] on the target URL is accomplished by sending excessive traffic in an attempt to overload the site and bring it down. This basic version of the attack can be customized by using the booster files which follow the [[Visual Basic|VB 6]] mixed with [[Visual Basic .NET|VB .NET]] syntax. In addition, HOIC can simultaneously attack up to 256 domains, making it one of the most versatile tools for hackers who are attempting to co-ordinate DDoS attacks as a group.<ref>{{cite web|url=http://www.symantec.com/connect/blogs/high-orbit-vs-low-orbit-ion-cannonglimps-some-hacking-techniques |title=Glimpse into some hacking techniques|publisher=Avkash K |date=2012-03-15 |accessdate= 2015-04-18}}</ref>
Simply described, HOIC is a program for sending [[POST (HTTP)|HTTP POST]] and [[Hypertext Transfer Protocol#Request methods|GET]] requests at a computer under attack, that uses a [[lulz]]-inspired [[Graphical user interface|graphical interface]].<ref name="arstec120216"/> HOIC primarily performs a [[Denial-of-service attack|denial-of-service (DoS) attack]] and a [[Distributed denial-of-service attack|DDoS attack]] when co-ordinated by multiple individuals. The [[Denial-of-service attack|denial-of-service (DoS) attack]] on the target URL is accomplished by sending excessive traffic in an attempt to overload the site and bring it down. This basic version of the attack can be customized by using the booster files which follow the [[Visual Basic|VB 6]] mixed with [[Visual Basic .NET|VB .NET]] syntax. In addition, HOIC can simultaneously attack up to 256 domains, making it one of the most versatile tools for hackers who are attempting to co-ordinate DDoS attacks as a group.<ref>{{cite web|url=https://community.broadcom.com/groups/communities/community-home/librarydocuments/viewdocument?DocumentKey=1e75f78c-019b-4122-b079-df2b845e618c&CommunityKey=65b7b30d-9aa3-4af2-bdb0-079faac485a3&tab=librarydocuments |title=Glimpse into some hacking techniques|publisher=Avkash K |date=2012-03-15 |access-date= 2015-04-18}}</ref>


The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer".<ref>{{cite book|last1=Barnett|first1=Ryan C|title=Web Application Defender's Cookbook: Battling Hackers and Protecting Users|date= 4 January 2013|publisher=John Wiley & Sons|isbn=9781118417058|url=https://books.google.com/books?id=flC9dFFLWIsC&pg=PT346&dq=%22High+Orbit+Ion+Cannon%22&hl=en&sa=X&ei=wwUyVe3tB8vlaJCXgIAP&ved=0CC0Q6AEwAQ#v=onepage&q=%22High%20Orbit%20Ion%20Cannon%22&f=false|accessdate=18 April 2015}}</ref> [[File:HOIC TARGET.png|thumb|High Orbit Ion Cannon's interface for targeting a website for stressing]]
The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, and set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer".<ref>{{cite book|last1=Barnett|first1=Ryan C|title=Web Application Defender's Cookbook: Battling Hackers and Protecting Users|date= 4 January 2013|publisher=John Wiley & Sons|isbn=978-1-118-41705-8|page=346|url=https://books.google.com/books?id=flC9dFFLWIsC&pg=PT346}}</ref>
[[File:HOIC TARGET.png|thumb|High Orbit Ion Cannon's interface for targeting a website for stressing]]


== Limitations ==
== Limitations ==
The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.<ref name="prolex120216">{{cite press release |url=http://www.prolexic.com/kcresources/prolexic-threat-advisories/prolexic-threat-advisory-hoic-031212/Prolexic_Threat_Advisory_HOIC_A4_052612.pdf |title=Threat: High Orbit Ion Cannon v2.1.003 |publisher=[[Prolexic Technologies]] |date=16 February 2012 |accessdate=6 April 2015}}</ref> Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as TOR are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the TOR network will actually harm the network itself.<ref name="arstec120216">{{cite news |first=Sean |last=Gallagher |work=[[Ars Technica]] |publisher=[[Condé Nast]] |title=High Orbits and Slowlorises: understanding the Anonymous attack tools |url=https://arstechnica.com/business/2012/02/high-orbits-and-slowlorises-understanding-the-anonymous-attack-tools/2/ |date=16 February 2012 |accessdate=6 April 2015}}</ref> However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have stricter [[internet privacy]] laws than the rest of the world.<ref name="arstec120216"/><ref>{{cite web |title=Online Privacy Law: Sweden |url=https://www.loc.gov/law/help/online-privacy-law/sweden.php|website=Law Library of Congress |accessdate=18 April 2015}}</ref>
The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.<ref name="prolex120216">{{cite press release |url=http://www.prolexic.com/kcresources/prolexic-threat-advisories/prolexic-threat-advisory-hoic-031212/Prolexic_Threat_Advisory_HOIC_A4_052612.pdf |title=Threat: High Orbit Ion Cannon v2.1.003 |publisher=[[Prolexic Technologies]] |date=16 February 2012 |accessdate=6 April 2015}}</ref> Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as TOR are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the TOR network will actually harm the network itself.<ref name="arstec120216">{{cite news |first=Sean |last=Gallagher |work=[[Ars Technica]] |publisher=[[Condé Nast]] |title=High Orbits and Slowlorises: understanding the Anonymous attack tools |url=https://arstechnica.com/business/2012/02/high-orbits-and-slowlorises-understanding-the-anonymous-attack-tools/2/ |date=16 February 2012 |accessdate=6 April 2015}}</ref> However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have less [[internet privacy]] laws than the rest of the world.<ref name="arstec120216"/><ref>{{cite web |title=Online Privacy Law: Sweden |url=https://www.loc.gov/law/help/online-privacy-law/sweden.php|website=Law Library of Congress |accessdate=18 April 2015}}</ref>


== Legality ==
== Legality ==
Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted.<ref>{{cite web|url=http://www.pcauthority.com.au/Feature/401392,hackers-kit-bag-the-tools-that-terrorise-the-internet.aspx|title=Hackers' kit bag: the tools that terrorise the internet|publisher=James H. Hamlyn-Harris|date=2015-03-09 |accessdate=2015-04-18}}</ref>
Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted.<ref>{{cite web|url=http://www.pcauthority.com.au/Feature/401392,hackers-kit-bag-the-tools-that-terrorise-the-internet.aspx|title=Hackers' kit bag: the tools that terrorise the internet|publisher=James H. Hamlyn-Harris|date=2015-03-09 |accessdate=2015-04-18}}</ref>


HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The [[Police and Justice Act 2006]] of [[United Kingdom|the United Kingdom]] amended the [[Computer Misuse Act 1990]], and specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.<ref>Espiner, Tom (November 10, 2006). [http://news.cnet.com/U.K.-outlaws-denial-of-service-attacks/2100-7348_3-6134472.html "U.K. outlaws denial-of-service attacks"]. CNET News</ref>
HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The [[Police and Justice Act 2006]] of [[United Kingdom|the United Kingdom]] amended the [[Computer Misuse Act 1990]], and specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.<ref>Espiner, Tom (November 10, 2006). [http://news.cnet.com/U.K.-outlaws-denial-of-service-attacks/2100-7348_3-6134472.html "U.K. outlaws denial-of-service attacks"]. CNET News</ref> In the United States, denial-of-service attacks may be considered a federal crime under the [[Computer Fraud and Abuse Act]] with penalties that include up to ten years of imprisonment. In 2013 [[Criminal law|criminal charges]] were brought against 13 members of [[Anonymous (group)|Anonymous]] for participating in a DDoS attack against various websites of organizations including the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. They were charged with one count of "conspiracy to intentionally cause damage to a protected computer" for the events that occurred between September 16, 2010 and January 2, 2011.<ref>{{cite web|url=http://www.pcworld.com/article/2052360/us-indicts-13-anonymous-members-for-ddos-attacks.html|title=US charges 13 Anonymous members for DDoS attacks |publisher=PCWorld|date=2013-08-16 |accessdate=2016-02-29}}</ref> DDoS attacks are federal offenses in the United States and are prosecuted by the [[US Department of Justice|Department of Justice]] under [[United States Code|USC]] Title 18, Section 1030.<ref>{{cite web|url=http://www.gpo.gov/fdsys/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap47-sec1030.htm |title=United States Code: Title 18,1030. Fraud and related activity in connection with computers &#124; Government Printing Office |publisher=www.gpo.gov |date=2002-10-25|accessdate=2015-04-18}}</ref>
In the United States, denial-of-service attacks may be considered a federal crime under the [[Computer Fraud and Abuse Act]] with penalties that include up to ten years of imprisonment. In 2013 [[Criminal law|criminal charges]] were brought against 13 members of [[Anonymous (group)|Anonymous]] for participating in a DDoS attack against various websites of organizations including the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. They were charged with one count of "conspiracy to intentionally cause damage to a protected computer" for the events that occurred between September 16, 2010 and January 2, 2011.<ref>{{cite web|url=http://www.pcworld.com/article/2052360/us-indicts-13-anonymous-members-for-ddos-attacks.html|title=US charges 13 Anonymous members for DDoS attacks |publisher=PCWorld|date=2013-08-16 |accessdate=2016-02-29}}</ref> DDoS attacks are federal offenses in the United States and are prosecuted by the [[US Department of Justice|Department of Justice]] under [[United States Code|USC]] Title 18, Section 1030.<ref>{{cite web|url=http://www.gpo.gov/fdsys/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap47-sec1030.htm |title=United States Code: Title 18,1030. Fraud and related activity in connection with computers &#124; Government Printing Office |publisher=www.gpo.gov |date=2002-10-25|accessdate=2015-04-18}}</ref>


[[Anonymous (group)|Anonymous]] has petitioned the Government of the United States by [[We the People (petitioning system)|posting a petition]] on the [[whitehouse.gov]] site, demanding that DDoS attacks be recognized as a form of virtual protest similar to [[Occupy movement|Occupy protests]].<ref>{{cite web|url=http://www.huffingtonpost.com/2013/01/12/anonymous-ddos-petition-white-house_n_2463009.html |title=Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest |publisher=HuffingtonPost.com |date=2013-01-12}}</ref>
In 2013, [[Anonymous (group)|Anonymous]] petitioned the United States government via [[We the People (petitioning system)|We the People]], demanding that DDoS attacks be recognized as a form of virtual protest similar to [[Occupy movement|Occupy protests]].<ref>{{cite news|url=http://www.huffingtonpost.com/2013/01/12/anonymous-ddos-petition-white-house_n_2463009.html |title=Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest |date=2013-01-12|newspaper=Huffington Post |last1=Jauregui |first1=Andres }}</ref>


== Countermeasures ==
== Countermeasures ==
[[DDoS mitigation]] usually works on the principle of distribution, which is basically intelligent routing of traffic to avoid congestion and prevent overload at a single URL. Other methods to counter DDoS include installation of [[intrusion prevention system|intrusion prevention system (IPS)]] and [[intrusion detection system|intrusion detection system (IDS)]].<ref>{{cite web|url=http://tools.cisco.com/security/center/viewAlert.x?alertId=28879|title=High Orbit Ion Cannon Distributed Denial of Service Tools |publisher=Cisco|date=2012-02-16 |accessdate=2015-04-18}}</ref>
[[DDoS mitigation]] usually works on the principle of distribution, which is basically intelligent routing of traffic to avoid congestion and prevent overload at a single URL. Other methods to counter DDoS include installation of [[intrusion prevention system|intrusion prevention system (IPS)]] and [[intrusion detection system|intrusion detection system (IDS)]] devices and application software.<ref>{{cite web|url=http://tools.cisco.com/security/center/viewAlert.x?alertId=28879|title=High Orbit Ion Cannon Distributed Denial of Service Tools |publisher=Cisco|date=2012-02-16 |accessdate=2015-04-18}}</ref>


== First use in attacks ==
== First use in attacks ==
[[Anonymous (Group)|Anonymous]] were the first group to utilize High Orbit Ion Cannon publicly.{{when|date=September 2016}} When the file-sharing website, [[Megaupload]] was shut down after federal agents raided their premises, [[Anonymous (Group)|Anonymous]] launched an attack against the website of the [[United States Department of Justice|US Department of Justice]]. As the DOJ website went offline Anonymous claimed success via twitter saying "One thing is certain: EXPECT US! #Megaupload".<ref>{{cite news|last1=Segall|first1=Laurie|title=Anonymous strikes back after feds shut down piracy hub Megaupload|url=http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/|accessdate=18 April 2015|agency=CNN|date=January 20, 2012}}</ref> Over the course of the next few hours several other websites were knocked offline and kept offline. These included websites belonging to the [[RIAA|Recording Industry Association of America (RIAA)]], the [[MPAA|Motion Picture Association of America (MPAA)]] and the [[Broadcast Music, Inc.|BMI]].<ref>{{cite news|last1=Vaughan-Nichols|first1=Steven J.|title=How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites|url=http://www.zdnet.com/article/how-anonymous-took-down-the-doj-riaa-mpaa-and-universal-music-websites/|accessdate=18 April 2015|agency=zdnet.com|date=January 20, 2012}}</ref> Finally, as the day drew to a close, the website belonging to the [[FBI]] was hit repeatedly before it ultimately succumbed to attacks and acquired a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack.<ref>{{cite news|title=Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure|url=http://news.softpedia.com/news/Anonymous-Takes-Down-FBI-RIAA-DOJ-and-White-House-Following-MegaUpload-Closure-247641.shtml|accessdate=18 April 2015|agency=Sofpedia}}</ref><ref>{{cite news|last1=Kovacs|first1=Eduard|title=27,000 Computers Participating in OpMegaupload DDoS Attack (Exclusive)|url=http://news.softpedia.com/news/27-000-Computers-Participating-in-OpMegaupload-DDoS-Attack-Exclusive-247709.shtml|accessdate=18 April 2015|agency=Softpedia|date=January 20, 2012}}</ref>
[[Anonymous (Group)|Anonymous]] were the first group to utilize High Orbit Ion Cannon publicly on January 19, 2012. After [[Megaupload]], a file-sharing website, was shut down after federal agents raided their premises, [[Anonymous (Group)|Anonymous]] launched an attack against the website of the [[United States Department of Justice|US Department of Justice]]. As the DOJ website went offline Anonymous claimed success via twitter, saying "One thing is certain: EXPECT US! #Megaupload".<ref>{{cite news|last1=Segall|first1=Laurie|title=Anonymous strikes back after feds shut down piracy hub Megaupload|url=https://money.cnn.com/2012/01/19/technology/megaupload_shutdown/|accessdate=18 April 2015|agency=CNN|date=January 20, 2012|authorlink=Laurie Segall}}</ref> Over the course of the next few hours, several other websites were knocked offline and kept offline. These included websites belonging to the [[RIAA|Recording Industry Association of America (RIAA)]], the [[MPAA|Motion Picture Association of America (MPAA)]] and the [[Broadcast Music, Inc.|BMI]].<ref>{{cite news|last1=Vaughan-Nichols|first1=Steven J.|title=How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites|url=https://www.zdnet.com/article/how-anonymous-took-down-the-doj-riaa-mpaa-and-universal-music-websites/|access-date=18 April 2015|agency=zdnet.com|date=January 20, 2012}}</ref> Finally, as the day drew to a close, the website belonging to the [[FBI]] was hit repeatedly before it ultimately succumbed to attacks and acquired a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack.<ref>{{cite news|title=Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure|url=http://news.softpedia.com/news/Anonymous-Takes-Down-FBI-RIAA-DOJ-and-White-House-Following-MegaUpload-Closure-247641.shtml|accessdate=18 April 2015|agency=Sofpedia}}</ref><ref>{{cite news|last1=Kovacs|first1=Eduard|title=27,000 Computers Participating in OpMegaupload DDoS Attack (Exclusive)|url=http://news.softpedia.com/news/27-000-Computers-Participating-in-OpMegaupload-DDoS-Attack-Exclusive-247709.shtml|accessdate=18 April 2015|agency=Softpedia|date=January 20, 2012}}</ref>


== See also ==
== See also ==
{{columns-list|4|
{{columns-list|colwidth=18em|
* [[Low Orbit Ion Cannon]]
* [[Anonymous (group)]]
* [[Application layer DDoS attack]]
* [[Application layer DDoS attack]]
* [[DDoS mitigation]]
* [[DDoS mitigation]]
* [[Denial-of-service attack]]
* [[DoSnet]]
* [[DoSnet]]
* [[Fork bomb]]
* [[Hit-and-run DDoS]]
* [[Hit-and-run DDoS]]
* [[Anonymous (group)]]
* [[Infinite loop]]
* [[Low Orbit Ion Cannon]]
* [[Operation Leakspin]]
* [[Operation Leakspin]]
* [[Operation Payback]]
* [[Operation Payback]]
* [[Denial-of-service attack]]
* [[Fork bomb]]
* [[ReDoS]]
* [[ReDoS]]
* [[Infinite loop]]
}}
}}


Line 67: Line 69:


[[Category:Denial-of-service attacks]]
[[Category:Denial-of-service attacks]]
[[Category:Free software]]
[[Category:Public-domain software]]
[[Category:Public-domain software with source code]]
[[Category:Public-domain software with source code]]

Latest revision as of 15:58, 5 July 2024

High Orbit Ion Cannon
Written inVisual Basic, C#
Operating systemWindows, OS X, Linux[citation needed]
Size1.8 MB
Available inEnglisch
TypNetwork stress-testing
LicensePublic domain
Websitesourceforge.net/projects/high-orbit-ion-cannon/

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.[1][2]

Development

[edit]

HOIC was developed during the conclusion of Operation Payback by the hacktivist collective Anonymous.[3] As Operation Payback concluded there was massive pressure on the group from law enforcement agencies, which captured and prosecuted more than 13 individuals connected with the group.[4] This forced many members of the group to rethink their strategies and subsequently this part of the group launched Operation Leakspin.[5] However a large part of Anonymous remained focused on launching opt-in DDoS attacks. However the Low Orbit Ion Cannon was not powerful enough to launch attacks with such a limited number of users. HOIC was designed to remedy this with the ability to cause an HTTP Flood with as few as 50 user agents being required to successfully launch an attack, and co-ordination between multiple users leading to an exponential increase in the damage.[6][7] HOIC was the first tool of its kind to have support for the so-called "booster files", configurable VBscript modules that randomize the HTTP headers of attacking computers, allowing thousands upon thousands of highly randomized combinations for user agents.[8] Apart from allowing user agents to implement some form of randomization countermeasures the booster files can and have been used to increase the magnitude of the attack.[9]

Nomenclature

[edit]

HOIC and its predecessor, the LOIC, are named after an ion cannon, a fictional directed-energy weapon described as firing beams of ions from a space-based platform onto Earth-based targets. Although ion cannons appear in many movies, television shows, and video games that have a science fiction-based setting, the ones depicted in the Command & Conquer series of video games are considered to be the inspiration for the graphics on the software's GUI and website.[10]

Use

[edit]

Simply described, HOIC is a program for sending HTTP POST and GET requests at a computer under attack, that uses a lulz-inspired graphical interface.[11] HOIC primarily performs a denial-of-service (DoS) attack and a DDoS attack when co-ordinated by multiple individuals. The denial-of-service (DoS) attack on the target URL is accomplished by sending excessive traffic in an attempt to overload the site and bring it down. This basic version of the attack can be customized by using the booster files which follow the VB 6 mixed with VB .NET syntax. In addition, HOIC can simultaneously attack up to 256 domains, making it one of the most versatile tools for hackers who are attempting to co-ordinate DDoS attacks as a group.[12]

The minimalist GUI of the tool makes it user friendly and easy to control. The basic routine of an attack is to input the URL of the website which is to be attacked, and set the power option on low, medium or high. The power option sets the request velocity with low at two requests per second, medium at four and high at eight requests per second. Then a booster file is added which uses .hoic extension to define dynamic request attributes, launch attacks on multiple pages within the same website and help evade some defense filters. The attack is then launched by pressing the red button in the GUI labelled as "Fire Teh Lazer".[13]

High Orbit Ion Cannon's interface for targeting a website for stressing

Limitations

[edit]

The basic limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful. Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.[8] Another limiting factor is the lack of anonymizing and randomizing capability. Even though HOIC should, in theory, offer anonymizing through the use of booster files, the actual protection provided is not enough. Furthermore, anonymizing networks such as TOR are not capable of handling the bandwidth of attacks generated by HOIC. Any attempt to launch an attack using the TOR network will actually harm the network itself.[11] However, Anonymous members routinely use proxy servers based in Sweden to launch their attacks. It has been speculated that this is due to the notion that Sweden may have less internet privacy laws than the rest of the world.[11][14]

Legality

[edit]

Primarily, HOIC has been designed as a stress testing tool and can be lawfully used as such to stress test local networks and servers provided the person initiating the test has authorization to test and as long as no other networks, servers, clients, networking equipment or URLs are disrupted.[15]

HOIC can also be used to perform distributed denial-of-service attacks, which are illegal under various statutes. The Police and Justice Act 2006 of the United Kingdom amended the Computer Misuse Act 1990, and specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.[16] In the United States, denial-of-service attacks may be considered a federal crime under the Computer Fraud and Abuse Act with penalties that include up to ten years of imprisonment. In 2013 criminal charges were brought against 13 members of Anonymous for participating in a DDoS attack against various websites of organizations including the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. They were charged with one count of "conspiracy to intentionally cause damage to a protected computer" for the events that occurred between September 16, 2010 and January 2, 2011.[17] DDoS attacks are federal offenses in the United States and are prosecuted by the Department of Justice under USC Title 18, Section 1030.[18]

In 2013, Anonymous petitioned the United States government via We the People, demanding that DDoS attacks be recognized as a form of virtual protest similar to Occupy protests.[19]

Countermeasures

[edit]

DDoS mitigation usually works on the principle of distribution, which is basically intelligent routing of traffic to avoid congestion and prevent overload at a single URL. Other methods to counter DDoS include installation of intrusion prevention system (IPS) and intrusion detection system (IDS) devices and application software.[20]

First use in attacks

[edit]

Anonymous were the first group to utilize High Orbit Ion Cannon publicly on January 19, 2012. After Megaupload, a file-sharing website, was shut down after federal agents raided their premises, Anonymous launched an attack against the website of the US Department of Justice. As the DOJ website went offline Anonymous claimed success via twitter, saying "One thing is certain: EXPECT US! #Megaupload".[21] Over the course of the next few hours, several other websites were knocked offline and kept offline. These included websites belonging to the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA) and the BMI.[22] Finally, as the day drew to a close, the website belonging to the FBI was hit repeatedly before it ultimately succumbed to attacks and acquired a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack.[23][24]

See also

[edit]

References

[edit]
  1. ^ "High Orbit Ion Cannon (HOIC) Threat Advisory". stateoftheinternet.com. 23 February 2012. Retrieved 18 April 2015.
  2. ^ "Prolexic Issues Threat Advisory Outlining DDoS Protection Strategies for High Orbit Ion Cannon; Latest Stealth Attack Tool Targets Hundreds of URLs Simultaneously" (Press release). Prolexic Technologies. 23 February 2012. Archived from the original on 24 September 2015. Retrieved 18 April 2015 – via PRWeb.
  3. ^ "Definition of HOIC". radware.com. 2012-09-27. Retrieved 2015-04-18.
  4. ^ Curtis, Sophie (27 January 2015). "Who are the most notorious hacking groups?". Retrieved 18 April 2015.
  5. ^ Bonner, Sean (9 December 2010). "Anonymous Stops Drop". Boing Boing. Retrieved 18 April 2015.
  6. ^ "What is HOIC". Sam Biddle. 18 February 2012. Retrieved 18 April 2015.
  7. ^ Schreier, Jason (31 December 2014). "How DDoS Attacks Work, And Why They're So Hard To Stop". Kotaku. Gawker Media. Retrieved 18 April 2015.
  8. ^ a b "Threat: High Orbit Ion Cannon v2.1.003" (PDF) (Press release). Prolexic Technologies. 16 February 2012. Retrieved 6 April 2015.
  9. ^ Gates, Stephen (15 May 2013). "DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION" (PDF). RSA Conference. Retrieved 18 April 2015.
  10. ^ "Low Orbit Ion Cannon". AirDemon.net. 27 September 2012. Archived from the original on September 27, 2012. Retrieved 18 April 2015 – via Archive.org.
  11. ^ a b c Gallagher, Sean (16 February 2012). "High Orbits and Slowlorises: understanding the Anonymous attack tools". Ars Technica. Condé Nast. Retrieved 6 April 2015.
  12. ^ "Glimpse into some hacking techniques". Avkash K. 2012-03-15. Retrieved 2015-04-18.
  13. ^ Barnett, Ryan C (4 January 2013). Web Application Defender's Cookbook: Battling Hackers and Protecting Users. John Wiley & Sons. p. 346. ISBN 978-1-118-41705-8.
  14. ^ "Online Privacy Law: Sweden". Law Library of Congress. Retrieved 18 April 2015.
  15. ^ "Hackers' kit bag: the tools that terrorise the internet". James H. Hamlyn-Harris. 2015-03-09. Retrieved 2015-04-18.
  16. ^ Espiner, Tom (November 10, 2006). "U.K. outlaws denial-of-service attacks". CNET News
  17. ^ "US charges 13 Anonymous members for DDoS attacks". PCWorld. 2013-08-16. Retrieved 2016-02-29.
  18. ^ "United States Code: Title 18,1030. Fraud and related activity in connection with computers | Government Printing Office". www.gpo.gov. 2002-10-25. Retrieved 2015-04-18.
  19. ^ Jauregui, Andres (2013-01-12). "Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest". Huffington Post.
  20. ^ "High Orbit Ion Cannon Distributed Denial of Service Tools". Cisco. 2012-02-16. Retrieved 2015-04-18.
  21. ^ Segall, Laurie (January 20, 2012). "Anonymous strikes back after feds shut down piracy hub Megaupload". CNN. Retrieved 18 April 2015.
  22. ^ Vaughan-Nichols, Steven J. (January 20, 2012). "How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites". zdnet.com. Retrieved 18 April 2015.
  23. ^ "Anonymous Takes Down FBI, RIAA, DOJ and White House Following Megaupload Closure". Sofpedia. Retrieved 18 April 2015.
  24. ^ Kovacs, Eduard (January 20, 2012). "27,000 Computers Participating in OpMegaupload DDoS Attack (Exclusive)". Softpedia. Retrieved 18 April 2015.
[edit]
Wikimedia Commons has media related to High Orbit Ion Cannon.
Retrieved from "https://en.wikipedia.org/w/index.php?title=High_Orbit_Ion_Cannon&oldid=1232786705"