The push-button tool being used to shut down Visa, MasterCard, and other sites

Terrific piece by Joel Johnson on Gizmodo about the software tool being used to take down MasterCard, Visa, and Sarah Palin's websites.
LOIC ("Low Orbit Ion Cannon") is an application developed by 4Chan-affiliated hackers designed to--when used en masse by thousands of anonymous users--launch Distributed Denial of Service (DDoS) attacks on websites. Like and, for instance.

It's a pushbutton application...

The idea behind LOIC is that it can allow you to participate in attacks even if you've no clue how to hack. Just download a copy of LOIC (available for Windows, Mac, and Linux!), punch in the target information like a URL or an IP address and zap.

It's interesting to see the tweets from Operation Payback on Twitter. It looks like they've also gone after Joe Leiberman's site, as well. I'm sure he'll have some choice things to say about it. No doubt he is loving every second of the attention he's garnering from all this.

UPDATE: Operation Payback just published a huge list of credit card numbers with expiration dates. (I saw the list, but I'm not going to link to it.) I don't know if they just grabbed these numbers today, or if they are real credit card numbers. Things are going to get worse before they get better.

UPDATE 3:31PM est: The leaked MasterCard numbers might have been faked. (Can I have a T-shirt with that logo?)

What Is LOIC?


  1. Okay, I feel really stupid, but why would I want to take down Mastercard or Visa? Then I can’t buy the crap I’ve convinced myself I need.

    Sarah Palin’s site, yeah, I could understand that because I don’t agree with her politics, but then why would I want to shut down the main site that exposes her for the ding dong she already is?

    I’m totally missing the cool factor on this tool.

    1. I looked at the page they put up (cant find now) on how to install it and one of the directions was telling your antivirus program to ignore it.

  2. Yes they posted raw data on thousands of credit cards with this message:

    “People of the Industrial World throw away your Mastercard” (something like that) and then they linked to above mentionned site. Their account and that site was gone in ten seconds.

    1. To be fair, putting up a huge list of credit card details (real or not) is a pretty fracking dumb idea. Not surprised they got the account pulled.

  3. Also the account is gone now so linking to it won’t to anything… (should mention the message was SOMETHING like that, like I said just saw it and then updated the page and wham, gone)

  4. Man, I really can’t get behind this. Shutting down someones site, even a parasite like Sarah Palin’s is censorship of the worst kind. I’m a big fan of freedom of speech and denying it to people you disagree with is hypocritical. Frankly, it’s the sort of thing I’d expect Palin to do.
    As for Visa transactions, killing those is denying people’s right to spend their money where and how they choose.
    Orwellian manipulation can be practiced by groups of people, not just governments and this is a perfect example.

  5. This is things “getting better”. People so often complain that they have no power to decide their politics or social world. Operation Payback, the acts of people at 4chan, Wikileaks itself shows us what that power looks like when people take it back for themselves. Does it always do things we’d want it to, that we think are “best”? No. Is it always the most polite system? No. Compare it to any government in the world. Compare it to the US government and its actions in Afghanistan. Compare it to Halliburton, or Blackwater, or AT&T, or Sarah Palin. Which is worse?

    These are the first shots in a bloodless revolution. What’s scary is what’s going to happen if the government and similarly aligned members of industry and the press decide that it has to “get bloody,” (like Sarah Palin has already called for,) but understand that that will be their decision. What the rest of us want is access to the information we want, we NEED, to operate a democracy, and not to have a government that hides behind “secrecy” to give itself free range on corruption. Wikileaks is helping provide that. Everyone freaked out by it is freaked out because they do not like the idea of empowered citizens. As odd as it sounds, as crazy as it sounds, right now 4chan is in the trenches on the front lines defending the freedoms we all need.

      1. Oh and you gotta know that bringing down Mastercard, for even a few minutes, had to feel sssseeeeeexxxxxxyyyyyy

          1. For what? /b/ has never accomplished anything, even before the cancer killed it. This is exactly the same as some stoner who doesn’t even have the vaguest idea of what’s going on tossing a brick through a Starbuck’s window. “Look at me, aren’t I relevent?” /b/ will just get distracted by some – umm, it’s Wednesday – child porn, and the attacks will start to fizzle anyway.

            Oh, I forgot. The internet is serious business.

            This doesn’t even provide the lulz to keep itself going, not like the easily milkable lolcow that are the scientologists who can’t ignore anything. And that just ended up with a couple people getting arrested for getting naked and running through a scientology office of some sort coated in pubic hair and filming it.If you’re really trying to affect serious change, anonymous is the last person you want helping.

            O RLY? YA RLY.

    1. Melodramatic much?

      You can convince yourself of anything if you try hard enough.

      4chan isn’t defending anything. They’re not accomplishing anything of any use. They’re just using it as an excuse to screw over people who don’t have anything to do with it by posting credit card numbers.

      When they get bored in a little while and it stops nothing of value will have been lost.

      1. Right because, you know, nothing ever changes when things are brought to the public’s attention, often in ways that forces the public to pay attention!

        Oh,wait, no, you’re just wrong. Sorry.

    2. If people lose money or the ability to obtain it as a result of their credit card numbers being broadcast on Twitter then those first shots will not have been bloodless. I hope you’re okay with that.

    3. Operation Payback, the acts of people at 4chan, Wikileaks itself shows us what that power looks like when people take it back for themselves.

      This is a great argument in favor of dictatorship.

  6. So nice to confirm that the “guardians of free speech” and so on, are a bunch of moronic adolescents (I am not talking about chronological age) who thoughtlessly endanger the very economic system that allows them to have a computer and access to the Internet, as well as the lives of others.

    1. So nice to confirm that the “guardians of free speech” and so on, are a bunch of moronic adolescents

      If the responsible adults are too busy sitting in their barcaloungers watching Lawrence Welk reruns to notice that their governments have gone off mission, somebody has to do it.

      1. I was referring to attacks on businesses and individuals, not the release of information. I do, however, think that mass release of unedited ‘diplomatic’ emails is also a dangerous thing to do, potentially putting the lives of innocent individuals at risk.

        So far as I can tell no “responsible adults” hang out in barcaloungers watching Lawrence Welk. Most of them are out trying to do something constructive.

  7. I think the corporatists still think they are in control, how quaint. I don’t think the real fear will start to sink in until they realize this ill communication… is… NOT… going to stop. It’s sabotage, bitches.

  8. “Take any stories about hacked “lists” of credit card numbers with a large pinch of salt: they are almost certainly rubbish based on a quick analysis of the purported numbers circulating.”

    This is the Guardian’s (UK paper) take on the alleged posting of credit card numbers. Quick to judge of course, but they are a reputable source most of the time.

  9. If, as I’ve heard, one of the targets is the lawyer representing the women accusing Assange of a sex crime, then I see nothing to praise here. How is that a blow for democracy? It’s more of a tantrum. The Cult of Assange is at odds with the goal of open information.

  10. One of the parts of the attack on Mastercard is to spread a rumor that lots of mastercard accounts have been hacked, in order to discourage people from using mastercard. Now, it’s also possible that accounts have been hacked, and the rumor is a complex bit of disinformation. But it’s worth being skeptical about unverified reports of mastercard numbers being leaked right now.

  11. There are firefox extensions (tab mix plus) that let users reload pages automatically after a preset period of time – 5 seconds, 10 seconds, 15 seconds, etc. If you’re having trouble accessing the VISA website, try installing it and setting it to a five second reload. That way when the DDOS attack is over you’ll be the first to know about it.

    1. If you’re having trouble accessing the VISA website, try installing it and setting it to a five second reload. That way when the DDOS attack is over you’ll be the first to know about it.


  12. Really? You’re upset that people are informing you of what your government is doing? That’s … impossible for me to understand. But yeah I can see why someone who hated being informed would prefer a dictatorship.

    By the way, sorry for the triple post, everyone. Refresh mistake :(

    1. Most of the stuff wikileaks is doing is positive, some isn’t. (Collateral murder editing to pan away from weapons, for example, effectively changes what is going on and changes the information…) Nothing in the cables leaked so far tells us anything other than people have opinions and private conversations, and that we are getting more chances to go after actual dangerous people whan we otherwise thought, saying the government has been *more* effective in getting to real terrorists than we knew.

      That’s separate from what anonymous is doing.

      And information has nothing to do with dictatorship. More platitudes and fallacies.

      This won’t convince the unconvinced. It just looks like internet stupidity.

      1. “And information has nothing to do with dictatorship. More platitudes and fallacies.”

        Really? Is that why dictators invariably imprison reporters and curb access to knowledge? This is why you can get arrested for reporting on the government or breaking the “great firewall of China?”

        I’m not even kidding, did you actually say that information and dictatorships have nothing to do with “information”? The only question is whether you’re making that statement through ignorance or dishonesty. Because its inane.

        1. I’m going to elaborate a bit on this one. Something is so fabulously wrong in the world today that someone (kc0bbq) would, either through an incredible lack of education or a damneding amount of malicious dishonesty, claim that access to information and dictatorship have nothing to do with one another. Because, you know, the one thing all dictatorships love is letting their citizens have full access to all knowledge.

          I’m not entirely sure what this condemns, worldwide education or how willing people are to sell one another out for cheap lies, but it definitely illustrates how insane things have become.

  13. I guess these are the sorts of “attacks” our trusty Cyber Security Czar will point to (soon) when the administrations starts rolling out new security measures, kill switches, etc. It wouldn’t surprise me if the (wiki)leaks themselves are intentional, to provide evidence of “vulnerability” etc. etc.

  14. So is down, but can anyone confirm that such a move has actually harmed the transaction of MasterCard payments? I work at a company that processes hundreds of thousands of payments every day, many of which are MasterCard and we haven’t seen any issues at all. In fact, I doubt anyboday has. being down is not the same thing as MasterCard being down. It just doesn’t work like that.

      1. Ah yes, I see that now. Our 3D Secure vendor did confirm they have intermittent issues with MasterCard, but not with Visa.

        This still isn’t as disruptive as it seems. Even with MasterCard SecureCode being down, that’s more of a nuisance than anything. Certainly doesn’t stop payments from going through (they just won’t be “verified”).

        Now the “leaked” credit cards is potentially more disruptive, but what’s the point of punishing MasterCard customers again?

        High school shenanigans, ultimately.

        1. If you’re assuming revenge or destruction is the purpose, then you are correct.

          If you view it in terms of protest, then I think the operation has been quite successful. Whether or not that matches the intentions of Anonymous or not, I’m not so sure.

  15. Boing Boing should not be encouraging a gang of thugs (and yes, that is what they are by publishing innocent people’s CC#s online, by attacking a lawyer who is legitimately representing a client in a criminal charge, and attacking businesses).

    And anyone who downloads something from some black/4chan site is, frankly, pretty dumb.

    1. “Boing Boing should not be encouraging a gang of thugs.”

      That’s a foolish statement. If we are “encouraging” them by posting about them, then you are also “encouraging” them by posting about them, too.

      I’m going to change your username on Boing Boing to Terabyte_the_Thug_Encourager.

  16. Now that 4Chan are quite obviously going to be labeled as Cyber-terrorists, I wonder what will happen next. I think this will get REAL ugly.

  17. I’ve had a quick look at the LOIC code, and it’s pretty clear that the person who designed it doesn’t actually know how to launch a DDoS attack against a modern web site.

    In particular, he/she doesn’t understand the concepts of multihoming or edge caching.

    In short: it doesn’t do what the 4chan losers think it does. Neither Visa nor Mastercard were down. At best they took down a few caches for a while.

  18. Because a DDoS knocks everything offline—at least when it works as intended—the log files that would normally record each incoming connection typically just don’t work. And even if they do, many LOIC users claim that another user was on their network or that their machine was part of a bot net—a DDoS client delivered by virus that performs like a hivemind LOIC, minus the computer owner actually knowing they are participating.

  19. Assange/Leaks is just the shiny object/endangered kitten du jour for the /b/tards. Meme-outrage of the month. Pretty soon they will be taking their scriptkiddie vigilantism to the next target of their faux outrage. “We do not forgive, we do not forget…though we do have rather short attention spans”
    I mean… look how they charged their lasers and completed destroyed Scientology…right?
    oh… right… that was at least 2 Final Fantasy releases ago…
    they stand on principal, but they gotta have priorities.

    It’s fun to watch Anon’s get worked up, and sometimes I agree with their choice of target…sometimes I don’t… but the real outrage should be that major Credit Card company’s like MasterCard/Visa aren’t more prepared to handle a DDOS attack in the trailing days of 2000 and fucking 10.

  20. The favorite quote I’ve seen on twitter:

    “There are Some Things Money Can’t Buy. For Everything Else, there’s HTTP Error 408 Request Timeout”

  21. Brilliant, download malware or a rootkit on your computer from “anonymous” that is doing and logging who knows what in the background at all times – while supporting a noble cause. I bet the “uninstall” feature does not really uninstall.

    If you are smart enough to do this, you are a true but lazy martyr for Wikileaks.

  22. We are here to serve you…

    It is days like this when the tiny ember of hope that still burns on in my empty heart like a fucking cliche gets napalmed.

    1. Freedom is deeply ironic. It’s a fundamental property I suspect, but I won’t bore you with my theories.
      Sometimes when children misbehave they get put in time out. Our children, aka the kids who run .gov and .biz, they have been acting like spoiled little brats. We can only look the other way for so long. So now we have to send them to the corner for a little bit. They need to think about what they have done, when they are finished they can rejoin the class and perhaps share with the rest of us any valuable insights they have developed.

  23. This may have already been pointed out, but I’d like to take the time to say that it’s not officially affiliated with 4Chan, it is SOME ANONYMOUS USERS of 4Chan, and I would almost bet that Moot doesn’t approve his site being held to liability for this.

  24. Re faked credit card numbers: I remain absolutely shocked that the banking industry hasn’t started putting “honey trap” card numbers into circulation. Get enough of ’em out there and people are going to be a lot more nervous about trying to commit this fraud.

    1. “Fear of offending Anonymous smells like fear of offending Islam.”

      No, you can actually SURVIVE offending Islam.

  25. This government sells little boys to pederasts; it’s a matter of fucking record. THE US GOVERNMENT SELLS UNWILLING LITTLE BOYS TO PEDERASTS. That’s what wikileaks has revealed, among many other evil things.

    If the government weren’t fundamentally evil, the people wouldn’t run riot like this. Cry all you want, point all the fingers you want, that’s how reality works. I’m not the first to observe this.

    “The Master said, ‘When a prince’s personal conduct is correct, his government is effective without the issuing of orders. If his personal conduct is not correct, he may issue orders, but they will not be followed.’” –Confucius, The Analects

    “When the republic is at its most corrupt the laws are most numerous” -Tactitus

    “If the people are treated with benevolence, faithfulness, and justice, then they will be of one mind, and will be glad to serve. The I Ching says, ‘Joyful in difficulty, the people forget about their death.'” -Zhang Yu

    “The Way means humaneness and justice. In ancient times a famous minister of state asked a political philosopher about military matters. The philosopher said, ‘Humaneness and justice are the means by which to govern properly. When government is carried out properly, people feel close to the leadership and think little of dying for it.’” –Du Mu

    “If the leaders can be humane and just, sharing both gains and the troubles of the people, then the troops will be loyal and naturally identify with the interests of the leadership.” -Jia Ling

  26. It’s worth pointing out that the targets of these attacks initiated the wave of malice by denying service to Wikileaks in the first place.

    While one can argue that two wrongs don’t make a right, one shouldn’t turn up the TV when someone in the apartment next to you is being battered, either. Inaction in the face of adversity is still a form of action, one that contributes to the detriment of the public.

  27. There’s a Java version available to those who’d hunt for it.

    I suppose it could be remotely installed on something like a corporate printer – I know that there are Cannon Copier/Printer combos, with hard-disks, a java-bases application stack and ethernet. These are frequently set to default administrative access, and could be used by a sociopathic-type to run the LOIC client with only small difficulty.

    Why didn’t somebody ever develop a threat model, before shipping this technology into the Enterprise?

  28. The trolls may be idiots and annoying a lot of the time, but when they gather and put their talents (because some of them are so good it counts as talent) toward a worthy goal they are exercising their rights. Sure, it may be a bit hypocritical if you think about it and they are putting pressure on all the Mastercard owners, but they are not in charge- the people keeping secrets that Wikileaks are trying to expose and Mastercard- are. They can force certain things on those who are using their services, or those who work/use their services. The trolls in Operation: Payback and Operation: Bank-troll can only influence, not force. Thank you, trolls, hackers, and just normal people on the internet who support this.

    i may be opinionated, but i am free.
    are you?

Comments are closed.