The push-button tool being used to shut down Visa, MasterCard, and other sites

Terrific piece by Joel Johnson on Gizmodo about the software tool being used to take down MasterCard, Visa, and Sarah Palin's websites.

LOIC ("Low Orbit Ion Cannon") is an application developed by 4Chan-affiliated hackers designed to--when used en masse by thousands of anonymous users--launch Distributed Denial of Service (DDoS) attacks on websites. Like Visa.com and Mastercard.com, for instance.
It's a pushbutton application...
The idea behind LOIC is that it can allow you to participate in attacks even if you've no clue how to hack. Just download a copy of LOIC (available for Windows, Mac, and Linux!), punch in the target information like a URL or an IP address and zap.

It's interesting to see the tweets from Operation Payback on Twitter. It looks like they've also gone after Joe Leiberman's site, as well. I'm sure he'll have some choice things to say about it. No doubt he is loving every second of the attention he's garnering from all this.

UPDATE: Operation Payback just published a huge list of credit card numbers with expiration dates. (I saw the list, but I'm not going to link to it.) I don't know if they just grabbed these numbers today, or if they are real credit card numbers. Things are going to get worse before they get better.

UPDATE 3:31PM est: The leaked MasterCard numbers might have been faked. (Can I have a T-shirt with that logo?)

What Is LOIC?

Mark Frauenfelder is the founder of Boing Boing and the editor-in-chief of MAKE and Cool Tools. Twitter: @frauenfelder. Come and hear Mark speak at the ALA conference in Chicago on July 1.

MORE: Action • ZOMGWEREALLGONNADIERUNHIDE

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

Anonymous

Because a DDoS knocks everything offlineâ€”at least when it works as intendedâ€”the log files that would normally record each incoming connection typically just don’t work. And even if they do, many LOIC users claim that another user was on their network or that their machine was part of a bot netâ€”a DDoS client delivered by virus that performs like a hivemind LOIC, minus the computer owner actually knowing they are participating.
Anonymous

Assange/Leaks is just the shiny object/endangered kitten du jour for the /b/tards. Meme-outrage of the month. Pretty soon they will be taking their scriptkiddie vigilantism to the next target of their faux outrage. “We do not forgive, we do not forget…though we do have rather short attention spans”
I mean… look how they charged their lasers and completed destroyed Scientology…right?
oh… right… that was at least 2 Final Fantasy releases ago…
they stand on principal, but they gotta have priorities.

It’s fun to watch Anon’s get worked up, and sometimes I agree with their choice of target…sometimes I don’t… but the real outrage should be that major Credit Card company’s like MasterCard/Visa aren’t more prepared to handle a DDOS attack in the trailing days of 2000 and fucking 10.
badmonkey0001

The favorite quote I’ve seen on twitter:

“There are Some Things Money Can’t Buy. For Everything Else, there’s HTTP Error 408 Request Timeout”
Anonymous

It’s fun to read NANOG right now.

http://mailman.nanog.org/pipermail/nanog/2010-December/thread.html
ericmartinex1

Brilliant, download malware or a rootkit on your computer from “anonymous” that is doing and logging who knows what in the background at all times – while supporting a noble cause. I bet the “uninstall” feature does not really uninstall.

If you are smart enough to do this, you are a true but lazy martyr for Wikileaks.
ultranaut

We are here to serve you…

It is days like this when the tiny ember of hope that still burns on in my empty heart like a fucking cliche gets napalmed.
malek

This operation is just a new hoax going viral. Looks similar to the old time Craig list adult service game.
http://wp.me/pQ1Eg-1km
Anonymous

if only concern trolls had fancy ion cannons instead of their weak, sanctimony bombs.
Mike K

So they’re “defending” free speech, by shutting people up?
- ultranaut
  
  Freedom is deeply ironic. It’s a fundamental property I suspect, but I won’t bore you with my theories.
  Sometimes when children misbehave they get put in time out. Our children, aka the kids who run .gov and .biz, they have been acting like spoiled little brats. We can only look the other way for so long. So now we have to send them to the corner for a little bit. They need to think about what they have done, when they are finished they can rejoin the class and perhaps share with the rest of us any valuable insights they have developed.
- Ugly Canuck
  
  Quiet, you!
- travtastic
  
  I know you are, but what am I?
Anonymous

This may have already been pointed out, but I’d like to take the time to say that it’s not officially affiliated with 4Chan, it is SOME ANONYMOUS USERS of 4Chan, and I would almost bet that Moot doesn’t approve his site being held to liability for this.
technogeek

Re faked credit card numbers: I remain absolutely shocked that the banking industry hasn’t started putting “honey trap” card numbers into circulation. Get enough of ‘em out there and people are going to be a lot more nervous about trying to commit this fraud.
opinionated&free

The trolls may be idiots and annoying a lot of the time, but when they gather and put their talents (because some of them are so good it counts as talent) toward a worthy goal they are exercising their rights. Sure, it may be a bit hypocritical if you think about it and they are putting pressure on all the Mastercard owners, but they are not in charge- the people keeping secrets that Wikileaks are trying to expose and Mastercard- are. They can force certain things on those who are using their services, or those who work/use their services. The trolls in Operation: Payback and Operation: Bank-troll can only influence, not force. Thank you, trolls, hackers, and just normal people on the internet who support this.

i may be opinionated, but i am free.
are you?
recoiled

With my feet in the air, and my head on the ground.
recoiled

Seriously, this is better than fight club.
Jack

Facepalm. Script kiddies donâ€™t add to the legitimacy or validity of any of this.
Anonymous

Why would they steal, and the post, credit card numbers?

Fishy.
Jeremiah Cornelius

There’s a Java version available to those who’d hunt for it.

I suppose it could be remotely installed on something like a corporate printer – I know that there are Cannon Copier/Printer combos, with hard-disks, a java-bases application stack and ethernet. These are frequently set to default administrative access, and could be used by a sociopathic-type to run the LOIC client with only small difficulty.

Why didn’t somebody ever develop a threat model, before shipping this technology into the Enterprise?
g0d5m15t4k3

Hackers for Slackers?
Anonymous

It’s “Point, Click, Protest”
Heisenberg

Fair warning: It also makes you an accessory to a crime. Probably.
- mdh
  
  pfft. Fairer Warning: you are putting an executable from 4chan on your hard drive.
bklynchris

Don’t you mean 4chan’s parents? Joe Lieberman?
Teller

Fear of offending Anonymous smells like fear of offending Islam.
- Anonymous
  
  “Fear of offending Anonymous smells like fear of offending Islam.”
  
  No, you can actually SURVIVE offending Islam.
- mdh
  
  Fear of offending Islam smells like Cheetos?
  - Teller
    
    and Barq’s.
MrJM

What could go wrong?
Anonymous

Okay, I feel really stupid, but why would I want to take down Mastercard or Visa? Then I can’t buy the crap I’ve convinced myself I need.

Sarah Palin’s site, yeah, I could understand that because I don’t agree with her politics, but then why would I want to shut down the main site that exposes her for the ding dong she already is?

I’m totally missing the cool factor on this tool.
Anonymous

I wonder if this will be classified as malware and targetted by anti-virus companies.
- ptolemy
  
  I looked at the page they put up (cant find now) on how to install it and one of the directions was telling your antivirus program to ignore it.
MattB

Twitter has suspended anon’s account?
- Chong
  
  Twitter is about to suffer the wrath of Anonymous?
- Chong
  
  Twitter is about to suffer the wrath of Anonymous?
Anonymous

This government sells little boys to pederasts; it’s a matter of fucking record. THE US GOVERNMENT SELLS UNWILLING LITTLE BOYS TO PEDERASTS. That’s what wikileaks has revealed, among many other evil things.

If the government weren’t fundamentally evil, the people wouldn’t run riot like this. Cry all you want, point all the fingers you want, that’s how reality works. I’m not the first to observe this.

â€œThe Master said, â€˜When a prince’s personal conduct is correct, his government is effective without the issuing of orders. If his personal conduct is not correct, he may issue orders, but they will not be followed.â€™” â€“Confucius, The Analects

“When the republic is at its most corrupt the laws are most numerous” -Tactitus

“If the people are treated with benevolence, faithfulness, and justice, then they will be of one mind, and will be glad to serve. The I Ching says, ‘Joyful in difficulty, the people forget about their death.’” -Zhang Yu

â€œThe Way means humaneness and justice. In ancient times a famous minister of state asked a political philosopher about military matters. The philosopher said, â€˜Humaneness and justice are the means by which to govern properly. When government is carried out properly, people feel close to the leadership and think little of dying for it.â€™â€ â€“Du Mu

“If the leaders can be humane and just, sharing both gains and the troubles of the people, then the troops will be loyal and naturally identify with the interests of the leadership.” -Jia Ling
osmo

Yes they posted raw data on thousands of credit cards with this message:

“People of the Industrial World throw away your Mastercard” (something like that) and then they linked to above mentionned site. Their account and that site was gone in ten seconds.
- Chong
  
  To be fair, putting up a huge list of credit card details (real or not) is a pretty fracking dumb idea. Not surprised they got the account pulled.
Blue

Uh oh.
osmo

Also the account is gone now so linking to it won’t to anything… (should mention the message was SOMETHING like that, like I said just saw it and then updated the page and wham, gone)
Anonymous

OH SMACK

the #anon_operation twitter just got suspended

kiss your ass goodbye, birdie
Anonymous

Man, I really can’t get behind this. Shutting down someones site, even a parasite like Sarah Palin’s is censorship of the worst kind. I’m a big fan of freedom of speech and denying it to people you disagree with is hypocritical. Frankly, it’s the sort of thing I’d expect Palin to do.
As for Visa transactions, killing those is denying people’s right to spend their money where and how they choose.
Orwellian manipulation can be practiced by groups of people, not just governments and this is a perfect example.
vendorx

This is things “getting better”. People so often complain that they have no power to decide their politics or social world. Operation Payback, the acts of people at 4chan, Wikileaks itself shows us what that power looks like when people take it back for themselves. Does it always do things we’d want it to, that we think are “best”? No. Is it always the most polite system? No. Compare it to any government in the world. Compare it to the US government and its actions in Afghanistan. Compare it to Halliburton, or Blackwater, or AT&T, or Sarah Palin. Which is worse?

These are the first shots in a bloodless revolution. What’s scary is what’s going to happen if the government and similarly aligned members of industry and the press decide that it has to “get bloody,” (like Sarah Palin has already called for,) but understand that that will be their decision. What the rest of us want is access to the information we want, we NEED, to operate a democracy, and not to have a government that hides behind “secrecy” to give itself free range on corruption. Wikileaks is helping provide that. Everyone freaked out by it is freaked out because they do not like the idea of empowered citizens. As odd as it sounds, as crazy as it sounds, right now 4chan is in the trenches on the front lines defending the freedoms we all need.
- osmo
  
  Well said. Rebellion isn’t supposed to be pretty. Just a bit sexy
  - vendorx
    
    Oh and you gotta know that bringing down Mastercard, for even a few minutes, had to feel sssseeeeeexxxxxxyyyyyy
    - osmo
      
      Sure thing :)
      
      Also the new twitter account is @anon_operationn
      
      kc0bbq: oh relax a little for gods sake
      - kc0bbq
        
        For what? /b/ has never accomplished anything, even before the cancer killed it. This is exactly the same as some stoner who doesn’t even have the vaguest idea of what’s going on tossing a brick through a Starbuck’s window. “Look at me, aren’t I relevent?” /b/ will just get distracted by some – umm, it’s Wednesday – child porn, and the attacks will start to fizzle anyway.
        
        Oh, I forgot. The internet is serious business.
        
        This doesn’t even provide the lulz to keep itself going, not like the easily milkable lolcow that are the scientologists who can’t ignore anything. And that just ended up with a couple people getting arrested for getting naked and running through a scientology office of some sort coated in pubic hair and filming it.If you’re really trying to affect serious change, anonymous is the last person you want helping.
        
        O RLY? YA RLY.
- kc0bbq
  
  Melodramatic much?
  
  You can convince yourself of anything if you try hard enough.
  
  4chan isn’t defending anything. They’re not accomplishing anything of any use. They’re just using it as an excuse to screw over people who don’t have anything to do with it by posting credit card numbers.
  
  When they get bored in a little while and it stops nothing of value will have been lost.
  - vendorx
    
    Right because, you know, nothing ever changes when things are brought to the public’s attention, often in ways that forces the public to pay attention!
    
    Oh,wait, no, you’re just wrong. Sorry.
- Anonymous
  
  If people lose money or the ability to obtain it as a result of their credit card numbers being broadcast on Twitter then those first shots will not have been bloodless. I hope you’re okay with that.
- jere7my
  
  Operation Payback, the acts of people at 4chan, Wikileaks itself shows us what that power looks like when people take it back for themselves.
  
  This is a great argument in favor of dictatorship.
Anonymous

Oh Dear. This could be messy.
Anonymous

So nice to confirm that the “guardians of free speech” and so on, are a bunch of moronic adolescents (I am not talking about chronological age) who thoughtlessly endanger the very economic system that allows them to have a computer and access to the Internet, as well as the lives of others.
- Antinous / Moderator
  
  So nice to confirm that the “guardians of free speech” and so on, are a bunch of moronic adolescents
  
  If the responsible adults are too busy sitting in their barcaloungers watching Lawrence Welk reruns to notice that their governments have gone off mission, somebody has to do it.
  - Anonymous
    
    I was referring to attacks on businesses and individuals, not the release of information. I do, however, think that mass release of unedited ‘diplomatic’ emails is also a dangerous thing to do, potentially putting the lives of innocent individuals at risk.
    
    So far as I can tell no “responsible adults” hang out in barcaloungers watching Lawrence Welk. Most of them are out trying to do something constructive.
  - Anonymous
    
    Antinous, we both know I seldom agree with you, but in this case:
    
    /signed
- mdh
  
  “allows”.
  
  yep, I can see it from here, you’re one of the more equal.
murrayhenson

I love the idea of DDOS as a defensive tactic, much like how a gun can be used in self-defence.
osmo

I agree. Fully. But on the other hand, its taking trolling to a completely new level
CatherineCC

Sorry, the profile you are trying to view has been suspended.
Cowicide

I think the corporatists still think they are in control, how quaint. I don’t think the real fear will start to sink in until they realize this ill communication… is… NOT… going to stop. It’s sabotage, bitches.
Patrick Dodds

“Take any stories about hacked “lists” of credit card numbers with a large pinch of salt: they are almost certainly rubbish based on a quick analysis of the purported numbers circulating.”

This is the Guardian’s (UK paper) take on the alleged posting of credit card numbers. Quick to judge of course, but they are a reputable source most of the time.
max

wow, the first serious guerilla infowar. this is gonna be in history textbooks in the future. how fun!
BethNOLA

If, as I’ve heard, one of the targets is the lawyer representing the women accusing Assange of a sex crime, then I see nothing to praise here. How is that a blow for democracy? It’s more of a tantrum. The Cult of Assange is at odds with the goal of open information.
arbitraryaardvark

One of the parts of the attack on Mastercard is to spread a rumor that lots of mastercard accounts have been hacked, in order to discourage people from using mastercard. Now, it’s also possible that accounts have been hacked, and the rumor is a complex bit of disinformation. But it’s worth being skeptical about unverified reports of mastercard numbers being leaked right now.
joeposts

There are firefox extensions (tab mix plus) that let users reload pages automatically after a preset period of time – 5 seconds, 10 seconds, 15 seconds, etc. If you’re having trouble accessing the VISA website, try installing it and setting it to a five second reload. That way when the DDOS attack is over you’ll be the first to know about it.
- bersl2
  
  If you’re having trouble accessing the VISA website, try installing it and setting it to a five second reload. That way when the DDOS attack is over you’ll be the first to know about it.
  
  trololololololol
  - thebelgianpanda
    
    oh dear, that made me lol >:D
awjtawjt

So now it’ll be illegal to ping -t visa.com and go grab dinner?
awjtawjt

72.52.5.101: visa doesn’t respond
but
67.215.66.132: mastercard does
(~18:30 EST)
Anonymous

hahaha I like it!
vendorx

Really? You’re upset that people are informing you of what your government is doing? That’s … impossible for me to understand. But yeah I can see why someone who hated being informed would prefer a dictatorship.

By the way, sorry for the triple post, everyone. Refresh mistake :(
- kc0bbq
  
  Most of the stuff wikileaks is doing is positive, some isn’t. (Collateral murder editing to pan away from weapons, for example, effectively changes what is going on and changes the information…) Nothing in the cables leaked so far tells us anything other than people have opinions and private conversations, and that we are getting more chances to go after actual dangerous people whan we otherwise thought, saying the government has been *more* effective in getting to real terrorists than we knew.
  
  That’s separate from what anonymous is doing.
  
  And information has nothing to do with dictatorship. More platitudes and fallacies.
  
  This won’t convince the unconvinced. It just looks like internet stupidity.
  - vendorx
    
    “And information has nothing to do with dictatorship. More platitudes and fallacies.”
    
    Really? Is that why dictators invariably imprison reporters and curb access to knowledge? This is why you can get arrested for reporting on the government or breaking the “great firewall of China?”
    
    I’m not even kidding, did you actually say that information and dictatorships have nothing to do with “information”? The only question is whether you’re making that statement through ignorance or dishonesty. Because its inane.
    - vendorx
      
      I’m going to elaborate a bit on this one. Something is so fabulously wrong in the world today that someone (kc0bbq) would, either through an incredible lack of education or a damneding amount of malicious dishonesty, claim that access to information and dictatorship have nothing to do with one another. Because, you know, the one thing all dictatorships love is letting their citizens have full access to all knowledge.
      
      I’m not entirely sure what this condemns, worldwide education or how willing people are to sell one another out for cheap lies, but it definitely illustrates how insane things have become.
      - teapot
        
        I’m going for possibility 1.
        
        Here are some prime examples from the book of kc0bbq:
        http://www.boingboing.net/2010/12/06/sarah-palin-moose-hu.html#comment-958928
        http://www.boingboing.net/2010/11/30/interpol-issues-red.html#comment-952613
        http://www.boingboing.net/2010/11/23/north-korean-attack.html#comment-946311
Shawn Wolfe

I guess these are the sorts of “attacks” our trusty Cyber Security Czar will point to (soon) when the administrations starts rolling out new security measures, kill switches, etc. It wouldn’t surprise me if the (wiki)leaks themselves are intentional, to provide evidence of “vulnerability” etc. etc.
- travtastic
  
  It’s going to happen sooner or later. Let’s get it over with.
ubernym

So mastercard.com is down, but can anyone confirm that such a move has actually harmed the transaction of MasterCard payments? I work at a company that processes hundreds of thousands of payments every day, many of which are MasterCard and we haven’t seen any issues at all. In fact, I doubt anyboday has.

mastercard.com being down is not the same thing as MasterCard being down. It just doesn’t work like that.
- Chong
  
  The MasterCard Secure code was ‘disrupted’, according to several news sources http://www.bbc.co.uk/news/technology-11935539
  
  Kinda related, I saw somewhere on twitter, some guy saying verified.visa.com had been taken out. Has this been confirmed?
  - ubernym
    
    Ah yes, I see that now. Our 3D Secure vendor did confirm they have intermittent issues with MasterCard, but not with Visa.
    
    This still isn’t as disruptive as it seems. Even with MasterCard SecureCode being down, that’s more of a nuisance than anything. Certainly doesn’t stop payments from going through (they just won’t be “verified”).
    
    Now the “leaked” credit cards is potentially more disruptive, but what’s the point of punishing MasterCard customers again?
    
    High school shenanigans, ultimately.
    - Anonymous
      
      If you’re assuming revenge or destruction is the purpose, then you are correct.
      
      If you view it in terms of protest, then I think the operation has been quite successful. Whether or not that matches the intentions of Anonymous or not, I’m not so sure.
Terabyte

Boing Boing should not be encouraging a gang of thugs (and yes, that is what they are by publishing innocent people’s CC#s online, by attacking a lawyer who is legitimately representing a client in a criminal charge, and attacking businesses).

And anyone who downloads something from some black/4chan site is, frankly, pretty dumb.
- Mark Frauenfelder
  
  “Boing Boing should not be encouraging a gang of thugs.”
  
  That’s a foolish statement. If we are “encouraging” them by posting about them, then you are also “encouraging” them by posting about them, too.
  
  I’m going to change your username on Boing Boing to Terabyte_the_Thug_Encourager.
Anonymous

we should all put a picture of Julian on our Facebook page
Anonymous

Now that 4Chan are quite obviously going to be labeled as Cyber-terrorists, I wonder what will happen next. I think this will get REAL ugly.
Anonymous

It’s worth pointing out that the targets of these attacks initiated the wave of malice by denying service to Wikileaks in the first place.

While one can argue that two wrongs don’t make a right, one shouldn’t turn up the TV when someone in the apartment next to you is being battered, either. Inaction in the face of adversity is still a form of action, one that contributes to the detriment of the public.
Anonymous

http://twitter.com/AnonOperation
retchdog

“If there is hope, it lies in the trolls.”
- ScavengerCat
  
  Winston Smith says two tickets for the roflcopter.
teapot

There is a mirror of the LOIC Operation Payback Setup Guide here which doesn’t feature the ugly-ass malware warning (which may result in scaring off potential noob netizens participants).

http://www.reposter.net/operation-payback-setup-guide-mirror/
Anonymous

I’ve had a quick look at the LOIC code, and it’s pretty clear that the person who designed it doesn’t actually know how to launch a DDoS attack against a modern web site.

In particular, he/she doesn’t understand the concepts of multihoming or edge caching.

In short: it doesn’t do what the 4chan losers think it does. Neither Visa nor Mastercard were down. At best they took down a few caches for a while.