Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksPhishing

5 Questions About Anonymous’ New DDoS Techniques

January 24, 2012 — by Carl Herberger3

In case anyone missed this news, Group Anonymous has put up code at (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks.

Here’s a quick synopsis from the Computerworld report:

“According to Cluley, members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC and attacked predefined victims. The links pointed to a page on which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets.”

This can of course be used on Facebook/Twitter and other sites to lure unsuspecting users into joining the DDoS attacks.

Given these new and ingenious techniques to ‘automate’ a DDoS attack with end-users essentially ignorant to the fact that they might have unintentionally launched a DDoS attack from a ‘rused’ link they clicked, escalates the “Hacktivists” war and adds yet another effective technical technique to their basket of tricks.

Given this new ‘tactical attack technique’ – what are the questions a security professional should be asking themselves right now? I’ve pondered this and have come up with the following and would appreciate your inputs as well:

  1. What other tools can be easily combined with this java script technique? E.g. besides LOIC, can malware be distributed this way as well? How about application layer attack tools such as refref?
  2. What does this mean for managed service providers who, no doubt will host a tremendous amount of unintentional DDoS attacks and whom will be left with the burden of contacting their customers of their initiated DDoS attacks?
  3. What does this mean for the victims of such attacks? Do they have any recourse if the ‘perpetrators’ didn’t really know that they were initiating the attacks?
  4. How does an attack like this scale? It seems to me that this technique effectively scales logarithmically which, if true, has ominous consequences.
  5. Because this technique will look like normal users, how effective will cloud and ISP scrubbers be going forward against this type of technique? Also, doesn’t it seem like DNS are a natural attack venue for something like this?

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.


  • Harley

    January 29, 2012 at 7:46 am

    Remarkable article, I will be viewing back again on a regular to discover posts.


  • john smith

    November 24, 2014 at 4:32 pm

    great article people need to spread awareness about the pastehtml and simple mobile HTML code that hackers can embed on any website and set it to auto fire so that any visitor with javascript enabled automatically and immediately starts sending DOS traffic to their target image if they defaced a website like fox news or CNN etc with millions of hits and embeded this code in the background of the site without telling anyone.millions of people joining a DDOS unknowingly and for long periods of time given their reading the news..


  • Carl Herberger

    November 25, 2014 at 6:35 pm

    Yes – – the notion of ‘weaponizing’ websites is becoming more and more maintstream! Look for my colleague David Hobbs on this blog who writes extensively about the topic!


Leave a Reply

Your email address will not be published. Required fields are marked *