LOIC and d0z.me: The things kids teach us

Some of you didn’t like a story my pal George V. Hulme wrote for CSO on a tool called LOIC (the Low Orbit Ion Cannon) and how it goes to show the simplicity with which anyone can launch a DDoS these days.

The biggest criticism was that LOIC is overblown as a security threat.Here are a couple such comments that were posted after the story went live:

“LOIC has been around for quite some time, this is nothing new and in fact there are more powerful tools to use than this. Go ask The Jester. (The)article is behind the times.”

“(The) previous comment is correct. Plus a large part of DDoS was from botnets brought into the fray. Look at Arbornet’s analysis. LOIC is responsible for very little.”

[The Arbor Networks analysis was pretty striking. Read about it here.]

Fair points from our readers. But the larger point of the story was that it’s getting ridiculously easy for novices to find free tools to hurt their cyber neighbors with.

Here’s another example, which I found this morning on the Softpedia site:

Ben Schmidt (@supernothing307 on Twitter), a computer science major at the University of Tulsa and self-described security enthusiast, has cooked up a new toy he calls d0z.me.

This service makes shortened links that take you to your desired website but hijacks your browser for DDoS duty in the process.

Ben said in his blog that he wants to shine a light on the insidious, dangerous nature behind many of the URL shorteners available to us.

He also described how the whole thing works:

“The concept is quite simple, really. Attackers go to d0z.me and enter a link they think could be popular/want to share, but also enter the address of a server that they would like to attack as well. Then, they share this text with as many people as possible, in as many places as possible. Extensive use of social media sites is probably a must achieve the best results.

“When users click on the link, they appear to be redirected to the requested content, but they are in fact looking at the page in an embedded iframe. This is identical to how those rather annoying Digg and Stumbleupon toolbars work, except the embedding is invisible to the user (minus the location URL in the toolbar). While the users are busy viewing the page, a malicious Javascript DoS runs in the background, hammering the targeted server with an deluge of requests from these unsuspecting clients. If these clients continue browsing from that page, we can maintain our DoS in the background the entire time.”

I think Ben’s endeavor illustrates George’s point pretty well. I also think he and other hackers are right to try raising awareness to the dangers everyone now faces online.

What stinks is that these tools always end up in the wrong hands.

Chalk it up as just another chapter in the never-ending battle between good and evil, and be careful out there.

–Bill Brenner