Anonymous Fallacies: To LOIC or Not To LOIC

Wednesday, January 05, 2011

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

I found this on pastebin today and after reading through it, I have to re-consider some of the idea that there is a core group of competent hacker types running the show at Anonymous:

BY ANONYMOUS ON THE 9TH OF DEC 2010 08:01:14 PM

What really caught my eye is the section in red, the admonition about “if you get caught” This is the most egregious set of instructions that I have ever seen and will only serve to land those of the “hive mind” in courts across the globe with a fair chance at getting truly buggered.

Let me take it point by point here:

1)      DO NOT PROXY. It will affect the proxy, not the target. That’s why you use VPN.

VPN? VPN? WTF? What VPN are you talking about there skippy? If you use a VPN, then you are concentrating the traffic to a single IP exit node as well as making it just as easy to track. Which brings me back to “what VPN?” You have a service somewhere? Usually you only see VPN’s used in companies or personal use for secure access to systems behind firewalls.

Now, on the other side of this, umm yeah, proxy-ing the traffic for the LOIC makes sense and should have been used. As far as I have seen, the LOIC is just a glorified F5 key script. If you proxy then you will just be polling a site via proxy (hopefully without logging) to port 80 http. So, there may be more traffic on nodes of whatever proxy you use, but, the traffic should get there if the proxy is robust enough.

2)      DO NOT attack on a school, work, or company owned network; your traffic is heavily monitored. You will get caught.

Ehhhhh depends on the company or school doesn’t it? I mean many colleges are still lacking in controls over their Internet traffic. However, I would say that they would be right.. Unless the traffic were VPN’d to a proxy outside. Then you would have something.

3)      DO NOT attack by yourself or in small numbers, you will get caught. While in larger numbers, it’s minimal if non-existant, and if server goes down it’s impossible to recover corrupt data on who attacked.

Say what? No matter the volume of users, if the systems at the receiving end are configured properly and able to log the traffic, then ALL of your IP’s will be logged! As I suspect you will all soon find out after the Feds have audited those seized servers and logs from those who got DDoS’d

4)      DO NOT “bot net” it is illegal. DDoS with LOIC is legal, however.

BAAAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHHA! Ok kids, Law 101 here. If you PARTICIPATE in a DDoS no matter if you use LOIC or a Botnet, you ARE in fact COMPLICIT in an act that is against the law. You don’t get any extra points for carrying out said attack for motives nor method of attack. This is especially true when you use a tool that does NOT obfuscate your IP addresses as you perform it. Whoever collaboratively wrote these do’s and don’t is culpable in your crimes too… As well as for the crime of stupidity.

5)      CHANGE your MAC IP after destroying the internets, or risk having your e-mail MAC IP traced back.

WTF? Your MAC IP? Would you perhaps be meaning your MAC address as well as your IP address? Ya know, the IP address that you are not masking at all when you use LOIC to “destroy the internets” ?? OMFG, Here’s the “internets” manual RTFM please! This is even below skiddie level.

6)      If you are v& (vanned) declare you had no participation in this event. Note you are using a dynamic IP address and that many different people use it, because it’s dynamic. If they prove that it was yours, then tell them you are a victim of a “botnet virus” that you had no control or knowledge of. Additionally if you set your wireless to unsecured or WAP prior to LOIC you can claim someone hacked your wireless. Case closed.

Once again, you have no real grasp of how the Internet works do you? Let me break it down for you…

A) Dynamic IP addresses do change, but, tend to remain the same for users a long time. Depending on the lease time set by the ISP you could have it for days. So trying to say that you are on a dynamic IP is pointless.

B) Any dynamic IP is going to be logged as to what account holds the IP address during that session in the logs!

C) Yeah, claiming there was a botnet malware package installed on your PC will do no good, unless you actually do that yourself before you do all of this.. and even THEN forensically it is easy to tell that you installed it and LOIC. Any way you slice it, unless you physically smash your machine or fully encrypt it with something like TrueCrypt AND shut it off before the feds knock your door down… You are fraked.

D) The un-secured wifi argument can work, but, I will go back to the forensics argument again.. We can see you. You lose.

In the end, this whole thing has been run like a train wreck. Anonymous has failed to think this all through and certainly has no idea about the legalities here to be telling anyone of these kids out there using LOIC that they are going to be ok. It may be all about the lulz, but soon it’s going to be all about CYA and lots of lawyers fees kids.

Cross-posted from Crabbyolbastard Ruminates

Possibly Related Articles:
18792
Network->General
Denial of Service DoS DDoS Anonymous LOIC Script-Kiddies
Post Rating I Like this!
99edc1997453f90eb5ac1430fd9a7c61
Javvad Malik Great post. It's ironic that you don't have to be a security expert to make these observations. Anyone with half a brain and an hour on the internet could figure these things out for themselves. But points well made.
1294266957
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee I'm at least glad that I'm not the only one recommending to my clients to change their MAC IP after destroying the Internets....LOL....funny, funny stuff....thanks for the laugh Scot!

"stupid Anon, LOIC is for kids..."
1294278258
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee oh and re: the Dynamic IP point, I've been given the same IP Address from TWC for the past 6 years...guess If I wanted to pull off a cloaked attack every 7 years, I'd be ok
1294278943
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.