A disproportionate number of people downloading the open source DIY tool being used to launch DDoS attacks on companies deemed hostile to Wikileaks appear to be based in the UK, new figures have suggested.
According to security company Impreva, the total download for the ‘manual’ version of the Low Orbit Ion Canon (LOIC) tool is still modest by Internet standards at around 33,000 and growing. Not surprisingly, a third or almost 10,000 of those are from users based in the US, but despite its much smaller population the UK comes in second place with 3,200 downloads.
Other European countries, including Germany, France, Russia, Spain and The Netherlands are all between 1,000 and 2,000 downloads each. Eighty-five percent of downloaders are Windows users.
What is perhaps more alarming is the rate of increase in downloads, which is accelerating. Of the nearly 50,000 people who have now downloaded the tool as of 10 December, roughly 60 percent have happened in two days.
Anyone in the UK thinking of looking at LOIC should be warned that even downloading it could be illegal under the Computer Misuse Act if that download is discovered and evidence of intent is proved. Demonstrating intent would be incredibly hard but the warning still stands.
“The 'voluntary' botnet is illegal. These attackers are downloading code which is performing an attack. Although they did not write the code, and although they are hiding behind the mask of so-called ideology, they are engaging in activity to disrupt a service,” cautioned Imperva’s CTO, Amichai Shulman.
Realistically, LOIC is a still more of a marketing tool for the Anonymous cause more than a serious botnet tool that can scale. The group is likely using involuntary botnets to do most of its DDoS, that is launching attacks using hijacked PCs without their owners being aware that this is happening.