Anonymous testing LOIC replacements - new tool uses server exploits

Anonymous is developing a new DDoS tool. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. But will the tool last, and will it make law enforcement’s job harder in the long run?

Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during protests against dictators in North Africa, and Operation: Payback. However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end.

The new tool, called #RefRef, is set to be released in September, according to an Anon promoting it on IRC this afternoon. Developed with JavaScript, the tool is said to use the target site’s own processing power against itself.

In the end, the server succumbs to resource exhaustion due to #RefRef’s usage. An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favor the brute force of a DDoS attack sourced from bots or tools such as LOIC.



As seen in the image above, the tool uses a simple GUI to operate. Yet, the JavaScript driving the tool is where the unusual power comes from. Testing the code, the Anon who explained its usage reported that a test of 17 seconds led to a 42 minute outage early Friday morning on Pastebin.com, an outage confirmed by Pastebin on Twitter.

“Imagine giving a large beast a simple carrot, [and then] watching the best choke itself to death,” explained the Anon promoting the tool.

Based on the screenshots presented of the tool, as well as passive comments by its promoter, we asked how it was different from a script that automates a person simply pressing F5 continuously.

We were told that the tool itself exploits server vulnerabilities, and will work as long as the target server supports JavaScript and some type of SQL. Based on the vague comments by the Anon who explained the tool, the vulnerabilities being exploited are somewhere within the SQL side of things.

As it turns out, the attack is launched client side, and will send a separate script in the connection request made to the target server. This request is actually the exploit itself, and once the server renders the code, it will continue to render it until crashing. In essence, the stronger the server, the faster it crashes.

Asked if the vulnerability being exploited could be patched, the Anon responded that it could, but added that administrators would have to “mass-patch” a file that actually affects many services.

So patching is unlikely to stop it because, “most SQL servers are pulling from a master SQL host” and the tool itself targets “one of the most common SQL services, but also one of the most widespread,” the Anon added, but would not get into further details.

Most of those calling for the replacement of LOIC do so because of how it cannot hide the person launching an attack, much to the amusement of federal law enforcement. However, #RefRef still relies on a person attempting to hide themselves before using it. So while there is a stronger impact for a given attack, it isn’t really hiding anyone.

Given that the tool leverages exploits to work, it is likely that its code will be reversed, and patches made available to the various SQL platforms. However, patches will need to be applied if the issues targeted by this new tool are to be properly addressed.

"This tool only makes you vulnerable if you don't keep your systems patched, perform the basic security, which is how Sony got caught with it's pants down. It axed huge swathes of it's IT security a little while before it got pwned," another Anon on IRC said, when asked his opinions on the tool.

“Basically, [Sony] decided that basic maintenance wasn't good ROI…It's companies like Sony - making idiotic decisions like that - which will be vulnerable to this tool. Proper companies staying on top of things won't be vulnerable after the fifth or sixth attack, at which point patches will be out.”

Another potential problem is that #RefRef can be used from any platform that supports JavaScript. This includes cell phones or gaming systems like a Nintendo Wii. There are plans to adopt the script so that it can be hosted anywhere, creating a large base of command points, as people head to local libraries or Internet cafés to launch attacks.

We’ll keep an eye on news related to this new tool and report information as we get it.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.