User:RaymondLiugq/sandbox

High Orbit Ion Cannon (HOIC) is an open source stress testing and denial-of-service attack application. It acts as a replacement to the Low Orbit Ion Cannon. HOIC tool was developed during the conclusion of Operation Payback.

The use of both Low Orbit Ion Cannon and HOIC for launching DDoS attacks was popularized in recent years by the hacktivist group Anonymous. Unlike its “low-orbiting” cousin, HOIC is able to cause DoS through the use of HTTP Flood. Additionally, HOIC has a built-in scripting system that accepts .hoic files called “boosters”, allowing a user to implement some anti-DDoS randomization countermeasures as well as to increase the magnitude of the attack. Inherently a DDoS program, it was suggested that HOIC requires a minimum of 50 users to successfully take down a website. When multiple people use the HOIC at once on the same target, the damage can grow exponentially higher.

While HOIC still has no significant obfuscation or anonymization techniques to protect the user, the use of .hoic “booster” scripts allows the user to specify a list of rotating target URLs, referrers, user agents, and headers in order to more effectively cause a DoS condition by attacking multiple pages on the same site, as well as make it seem like attacks are coming from a number of different users.

Origin of name
The HOIC application is adapted from its predecessor, the LOIC, named after the ion cannon, a fictional weapon from many sci-fi works, and in particular after its name sake from the Command & Conquer series of video games.

Use
HOIC is essentially a simple script for launching HTTP POST and GET requests at a targeted server, wrapped in a friendly graphical interface. . HOIC primarily performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by sending excessive traffic in an attempt to overload the site and bring it down. The HOIC uses “Boosters” (custom scripts) to target more than just a website’s home page. An unauthenticated, remote attacker using the HOIC could send traffic to a targeted URL in an attempt to overload the targeted website, resulting in a denial of service condition. In addition, the HOIC can target up to 256 web addresses simultaneously, making this tool a powerful resource for hackers who are attempting to conduct DDoS attacks.

The number and firepower of botnets grows dramatically each year as well as the sophistication of application attack toolsets. HOIC and succeeding generations of volunteer botnet controlled PCs may evolve to pose a significant Internet-wide threat. However, traditionally the DDoS threat has come more from increasingly professional criminal hackers than volunteer activists.

Limitations
HOIC requires a coordinated group of users to ensure that the attacks are successful. Without group participation, an attack is unlikely to result in the target’s downtime. Although HOIC attempts to evade detection through randomization, analysts were able to identify several static attributes that make mitigation of attacks from this tool a fairly simple process.

Freely available anonymizing networks generally aren’t up to the task of handling the bandwidth of attacks. Attempting to launch HOIC or other DDoS tools over Tor would amount to an attack on that network itself—and on the users who use it to protect themselves.

Legality
Using HOIC to mount a distributed denial of service attack on a website can result in a sentencing to a prison term. There have been many cases where individuals used similar tools like LOIC to launch attack on various websites that led to their arrest. After Operation Payback, criminal charges were brought against 13 members of Anonymous. They were charged with one count of "conspiracy to intentionally cause damage to a protected computer" for the event that happened on Sept. 16, 2010 to Jan. 2, 2011. Mere orchestration of an attack might also lead to a jail term. One example is Christopher Weatherhead known as "Nerdo" who was 20 years old when he was involved in the Mastercard DDoS attack. He was convicted of "conspiracy to impair the operation of computers" and faced the prospect of up to 10 years in jail. Eventually he was sentenced to 18 months in prison at January 2013 .The Computer Crime and Intellectual Property Section of the US Department of Justice handles cases of DDoS. However Anonymous have petitioned the Government of the United States by posting a petition on the whitehouse.gov site, demanding that DDoS attacks be recognized as a form of virtual protest similar to Occupy protests. Primarily, HOIC has been designed as a stress testing tool and can be used on a local network to stress test it as long as no other networks or URL's are disrupted. However it is perfectly fine to test locally-hosted or pretend web sites since it was originally a stress test tool. To ensure extra safety, remember to turn off your internet connection (router, cable modem or WiFi) before starting.

Countermeasures
There are several aspects of DDoS mitigation that administrators need to be aware of to be able effectively combat this potentially dangerous attack tool. A number of vendors are offering "DDoS resistant" hosting services, mostly based on techniques similar to content distribution networks. Distribution avoids single point of congestion and prevents the DDoS attack from concentrating on a single target. In addition to using a solid firewall strategy, administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent DDoS attacks.

Attack on the Justice Department
The HOIC was first utilized by the hacking group Anonymous, when they launched a cyber attack on the website of the US Department of Justice. It was done in retaliation to the crackdown by federal agents on the files sharing website, Megaupload. Over the course of a few hours, hacktivists involved with the loose knit group Anonymous waged attacks on site after site, and before long, the web presence for the Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), Broadcast Music, Inc., or BMI. Finally as the day drew to a close the website belonging to the FBI was hit repeatedly before finally succumbing to attacks and acquiring a “Tango Down” status. Anonymous claimed that it was "the single largest Internet attack in its history", while it was reported that as many as 27,000 user agents were taking part in the attack.