Operation: Payback might reveal your IP address

If you’ve been a casual defender of Wikileaks and a soldier on the front lines of Operation: Payback until now, and you don’t have the savvy or resources to use an anonymizing service to hide your attacks on large financial sites while using Low Orbit Ion Cannon (LOIC), don’t be surprised if authorities become “interested” in you. In a paper published by researchers at the University of Twente, Netherlands, LOIC was found to reveal the IP address of the attacker to any website it was targeted at. 

The tool, which, according to threatpost, was originally developed as a website stress testing tool, is being used in a modified form by the denizens of Anonymous. The modified version allows for a mode that gives a third-party control over the targeting mechanism, effectively giving your network card unto the horde of hacktivists, letting them chose your targets for you. This added to the organization and coordination efforts that Anonymous used in taking down the websites of Visa and MasterCard (as well as many others before them).

Typically, if you know what an LOIC is, and you have the knowledge required to properly wield it, it’s somewhat assumed that you have the common sense to make like a ninja and use it stealthily, through proxies or any other kind of anonymizer. However, the recent surge of recruits into the army of Anonymous has proven, in many cases, to be uneducated in these matters, and aren’t aware (or just don’t care) that engaging in a DDoS (Distributed Denial of Service) attack is illegal pretty much all over the world. Since LOIC just sends simple TCP/UDP/HTTP traffic for maximum attack effectiveness, no attempt is made by the tool to hide the source of the traffic. Not only does the target now have an IP address of the attacker, but so does the ISP. The ISP keeps records of up to six months of traffic data, and those records can be subpoenaed for use in an investigation.

We already reported on two arrests, of a 16 and a 19 year old boy in Holland over Operation: Payback. You can bet that authorities are going to try and prosecute these attacks wherever possible, and those using LOIC unprotected are likely going to become prime suspects.

Report a problem with article
Previous Story

Apple and Google in a bidding war over Nortel's wireless patents

Next Story

Lead Gmail developer predicts Chrome OS' death

42 Comments

Commenting is disabled on this article.

It's interesting how authorities in the US are going after kids who punish a corporate slave website but have no intention to prosecute the secretary of state who orders spying and hacking of various accounts of UN officials. Talking about the real crime here, eh?

Julian Assange was so right in saying - Visa, MasterCard and PayPal are instruments of US foreign policy, we didn't know that before.

But we DO now.

For everyone trashing them DDOS people your all forgetting they forced paypal to give wikileaks its money and you support something fully or you dont.

Sylar2010 said,
For everyone trashing them DDOS people your all forgetting they forced paypal to give wikileaks its money and you support something fully or you dont.

Really? No, the law did. Paypal can not just keep large sums of money because they feel like it. If there is a dispute between parties they will freeze it etc.... but they can not just close accounts and keep the cash. Of course the DDOS turds will try and claim victory but while these "massive" attacks were ongoing I could still easily access my account. These turds are being bashed because they suck.

Hellacool said,

Really? No, the law did. Paypal can not just keep large sums of money because they feel like it. If there is a dispute between parties they will freeze it etc.... but they can not just close accounts and keep the cash. Of course the DDOS turds will try and claim victory but while these "massive" attacks were ongoing I could still easily access my account. These turds are being bashed because they suck.

They won't try and claim victory because they know they failed.

And the only modified versions of LOIC are mainly trojans and the ones that aren't originate from other chan sites.

Is there some regulation which says that ISPs must store traffic logs for 6 months? First time iv heard of it

rtire said,
Is there some regulation which says that ISPs must store traffic logs for 6 months? First time iv heard of it

In europe this is by law. iirc in holland they have to store it upto 12 months.

If you used LOIC on a proxy you'd take down the proxy's site, you need to tunnel or use VPN.

That aside, if you don't use protection don't go crying to mummy (or mommy ) when the baby arrives. You can however do that if its not yours.

Auzeras said,
If you used LOIC on a proxy you'd take down the proxy's site, you need to tunnel or use VPN.

That aside, if you don't use protection don't go crying to mummy (or mommy ) when the baby arrives. You can however do that if its not yours.


The big issue is when three buddies get together to be "cool" and participate in the DDOS attacks. Buddy 1 and 2 are smart and hide their tracks very well. Buddy 3 is not so bright and gets caught. Guess what, Buddy 1 and 2 are going down as well, these script kiddies have no clue and will cry like school girls as soon as the heat is turned up and sell out everyone they know.

Sorry, I really don't think this whole thing deserves ANY Neowin coverage - script kiddies and DDoS - Jesus weeps. Get your act together you are a serious site!

Breach said,
Sorry, I really don't think this whole thing deserves ANY Neowin coverage - script kiddies and DDoS - Jesus weeps. Get your act together you are a serious site!

+1

Breach said,
Sorry, I really don't think this whole thing deserves ANY Neowin coverage - script kiddies and DDoS - Jesus weeps. Get your act together you are a serious site!
+1

Northgrove said,
Haha, I hope they're all busted. While I support Wikileaks, I'm not stupid like these children.

The amount it would cost just to put the probable thousands of those under Anonymous in jail, would probably be more than the amount that was lost. I imagine it would take more than 100 people to take down such big websites so easily...

LaP said,
Still waiting for the wikileaks DDoS attackers to be brought to justice.

As much as I would like to see that happen, I don't think it will.

StevenNT said,

As much as I would like to see that happen, I don't think it will.


Ha, I could put money on that it won't even get looked at or thought of

hmm, lets see. So they're going after thousands of individuals? I doubt it. For one, they simply don't have the resources. Perhaps the servers yes, but not individuals. I'm not concerned

Flawed said,
hmm, lets see. So they're going after thousands of individuals? I doubt it. For one, they simply don't have the resources. Perhaps the servers yes, but not individuals. I'm not concerned

Ignorance is bliss I guess. Wikileaks threatens all countries with data leaks, cooperation will be very good between countries to get these clowns.

The two guys arrested were running the servers that coordinate the attacks. They will never go behind every single person that 'attacked' the site.

Ambroos said,
The two guys arrested were running the servers that coordinate the attacks. They will never go behind every single person that 'attacked' the site.

Judicially, probably not, but the companies such as Visa, Mastercard, and PayPal could go after them with a civil lawsuit. All they'd have to do is file a lawsuit against a John Doe, and then get subpoenas to force the ISPs to reveal who were using those particular IPs that day.

I can see this happening too - those companies (especially PayPal) use their websites to handle millions of dollars worth of transactions every hour. If PayPal lost its site for a few hours, that's a lot of money they lost out on, as well as having their reputation hurt due to unreliability.

Joey H said,

Judicially, probably not, but the companies such as Visa, Mastercard, and PayPal could go after them with a civil lawsuit. All they'd have to do is file a lawsuit against a John Doe, and then get subpoenas to force the ISPs to reveal who were using those particular IPs that day.

I can see this happening too - those companies (especially PayPal) use their websites to handle millions of dollars worth of transactions every hour. If PayPal lost its site for a few hours, that's a lot of money they lost out on, as well as having their reputation hurt due to unreliability.

I can see and would hope they go after people like that. I use paypal and have always believed it to be an untouchable site (not impossible). Unfortunately that reputation is now hurt. I don't feel as secure or feel that reliability as much as before and if just a little from everyone. That's a big loss for the company. As a business doing business with them, they've been hurt and need to do something about it.

Just my thoughts.

dogmai79 said,

I can see and would hope they go after people like that. I use paypal and have always believed it to be an untouchable site (not impossible). Unfortunately that reputation is now hurt. I don't feel as secure or feel that reliability as much as before and if just a little from everyone. That's a big loss for the company. As a business doing business with them, they've been hurt and need to do something about it.

Just my thoughts.


Only http://paypal.com was attacked. Add www or use https and you wouldn't have had one single issue. The API didn't go down and all payments worked as usual. The only reason for the attack was media attention and we got it. We didn't want anything else and didn't get anything else.

YounGMessiah said,
lol the government makes me laugh with spending their time on this, when there are real issues out there....

How is this not a real issue, these companies can lose massive amounts of money if their sites go down, please exlain to me how that is a non-issue.

reidtheweed01 said,

How is this not a real issue, these companies can lose massive amounts of money if their sites go down, please exlain to me how that is a non-issue.

hes probably one of the wikileaks tinfoilheads cluelessly typing what he sees others saying on other sites.

YounGMessiah said,
lol the government makes me laugh with spending their time on this, when there are real issues out there....

Wow, you clearly haven't got an ounce of a clue.

Edited by Shadrack, Dec 14 2010, 6:13pm :

YounGMessiah said,
lol the government makes me laugh with spending their time on this, when there are real issues out there....

No I got a clue and no I did not help with the attacks as I have a life.. I wasnt that detailed with my post, but I am meaning why spend all these resources when they can go towards other things. I really dont give a **** though what yall think of me or what you call me because you are showing how "clueless" you are.

If you think our government should be spending a lot of time and resources towards this then thats you; thats why I am proud to be American because I can say how I feel and I just think its waste to spend all this time looking for kids who most likely are a nobody and jack off to anime..

YounGMessiah said,

No I got a clue and no I did not help with the attacks as I have a life.. I wasnt that detailed with my post, but I am meaning why spend all these resources when they can go towards other things. I really dont give a **** though what yall think of me or what you call me because you are showing how "clueless" you are.

If you think our government should be spending a lot of time and resources towards this then thats you; thats why I am proud to be American because I can say how I feel and I just think its waste to spend all this time looking for kids who most likely are a nobody and jack off to anime..

I always love when people say dont spend time on that give it to "other things" when they dont even say what those other things are.... the fact of the mater is the people that are going after this are a specialized ground that goes after only stuff like this, those people arnt going to spend time feeding the hungry or chasing a murder (unless a computer crime was involved)

YounGMessiah said,

I really dont give a **** though what yall think of me

If you really didn't give a **** you wouldn't even need to say so.

reidtheweed01 said,

How is this not a real issue, these companies can lose massive amounts of money if their sites go down, please explain to me how that is a non-issue.

Go read up on what's actually being attacked. These companies can still operate just fine. I don't condone the attacks but misinformation is just misinformation no matter who's side you're on.

reidtheweed01 said,

How is this not a real issue, these companies can lose massive amounts of money if their sites go down, please exlain to me how that is a non-issue.

It's not so much as a non-issue as it is unsolvable. I mean there are thousands of people doing the attacks, how are they going to do anything? They can arrest a few people, but it won't stop the attacks. I think he means that they should be focusing on issues they can solve and not things they can't.

The ISP keeps records of up to six months of traffic data, and those records can be subpoenaed for use in an investigation.

"The ISP"? Is there only one now?
What drivel.

YaZoR said,

"The ISP"? Is there only one now?
What drivel.

If you see an error in a post, please use the "Report a problem" button to inform the editorial staff.

Tzvi Friedman said,

If you see an error in a post, please use the "Report a problem" button to inform the editorial staff.

What error? The wording you chose clearly implies the ISP of the person using the LOIC. Since when does the average person have more than one ISP? Don't mind that jackass.

YaZoR said,

"The ISP"? Is there only one now?
What drivel.

reading and trolling fail. A double whammy in such a small post. Congrats to you for being an overachiever

In a paper published by researchers at the University of Twente, Netherlands, LOIC was found to reveal the IP address of the attacker to any website it was targeted at.

No ****, I would never have guessed that sending floods of data to a server wouldn't make you "anonymous".

YaZoR said,

No ****, I would never have guessed that sending floods of data to a server wouldn't make you "anonymous".
No kidding....while there are ways of hiding your true IP, they are often slow and not 100% secure, while also being somewhat difficult (compared to running a program) to use for the average user.

Hmm. Thought about taking part in this but not if it's so easy to identify who you are. The people who just downloaded that tool without reading about it first are really stupid.