High Orbit Ion Cannon (HOIC) [Medium Risk]

Published February 23, 2012

High Orbit Ion Cannon (HOIC) [Medium Risk]

The High Orbit Ion Cannon (HOIC) stealth DDoS attack tool targets up to 256 URLs simultaneously and randomizes attack signatures. This cybersecurity threat advisory analyzes the HOIC tool’s DDoS attack patterns and provides protection strategies and recommended mitigation.

What You Need to Know

  • HOIC is considered the next generation replacement for the Low Orbit Ion Cannon (LOIC) flood attack tool.
  • The HOIC DDoS tool also includes support for booster files, which are customizable scripts that randomize attack signatures and make attacks more difficult to differentiate from legitimate traffic.
  • On its own, the HOIC tool is limited because it still requires a coordinated group attack to bring a site down.
  • With the HOIC booster scripts, which are already circulating widely among hacker circles, a group attack gains the advantage of stealth.
  • A stealth DDoS attack enabled by the HOIC booster scripts becomes much more difficult to identify and mitigate, prolonging the outage caused by the attack.

Background

The High Orbit Ion Cannon (HOIC) is the follow-up to the opt-in DDoS tool Low Orbit Ion Cannon (LOIC) used by the AnonOps hacking collective.

  • The HOIC tool was developed during the conclusion of the AnonOps Operation Payback campaign.
  • In the campaign called Operation Leakspin, some factions of Anonymous decided to move their campaigns to methods of activism that did not involve DDoS attacks.
  • The Operation Leakspin campaign focused on syndicating Wikileaks cables on blogs and fliers in order to obtain more exposure for the campaign.
  • Some AnonOps hackers thought this shift in tactic would be ineffective and continued to mount opt-in DDoS campaigns.
  • Due to the limited effectiveness of the LOIC tool, the HOIC was developed as a more powerful replacement.
  • The HOIC DDoS tool is available on various file sharing services and underground blogs, including the AnonOps IRC network and PasteBin.com.

The DDoS underground has been urging participants to abandon the LOIC tool in favor of HOIC, making it likely that HOIC-based attacks will become increasingly common.

Contact Us