If you’ve been a casual defender of Wikileaks and a soldier on the front lines of Operation: Payback until now, and you don’t have the savvy or resources to use an anonymizing service to hide your attacks on large financial sites while using Low Orbit Ion Cannon (LOIC), don’t be surprised if authorities become “interested” in you. In a paper published by researchers at the University of Twente, Netherlands, LOIC was found to reveal the IP address of the attacker to any website it was targeted at.
The tool, which, according to threatpost, was originally developed as a website stress testing tool, is being used in a modified form by the denizens of Anonymous. The modified version allows for a mode that gives a third-party control over the targeting mechanism, effectively giving your network card unto the horde of hacktivists, letting them chose your targets for you. This added to the organization and coordination efforts that Anonymous used in taking down the websites of Visa and MasterCard (as well as many others before them).
Typically, if you know what an LOIC is, and you have the knowledge required to properly wield it, it’s somewhat assumed that you have the common sense to make like a ninja and use it stealthily, through proxies or any other kind of anonymizer. However, the recent surge of recruits into the army of Anonymous has proven, in many cases, to be uneducated in these matters, and aren’t aware (or just don’t care) that engaging in a DDoS (Distributed Denial of Service) attack is illegal pretty much all over the world. Since LOIC just sends simple TCP/UDP/HTTP traffic for maximum attack effectiveness, no attempt is made by the tool to hide the source of the traffic. Not only does the target now have an IP address of the attacker, but so does the ISP. The ISP keeps records of up to six months of traffic data, and those records can be subpoenaed for use in an investigation.
We already reported on two arrests, of a 16 and a 19 year old boy in Holland over Operation: Payback. You can bet that authorities are going to try and prosecute these attacks wherever possible, and those using LOIC unprotected are likely going to become prime suspects.