Hacktivism has become very popular in recent years; one of its leading agents is the online community Anonymous. Hacktivist groups use digital tools to perform denial of service (DoS) attacks for pursue political ends or to protest against controversial laws in countries around the world. One of the most common tools they use Low Orbit Ion Cannon (LOIC), an open-source computer program written in C# that can run different types of DoS attacks. LOIC can send a large amount of TCP/UDP packets to a specific URL/IP address in a short amount of time. The same tool has been ported to JavaScript to perform a DoS directly from a browser. The existence of Web LOIC, along with anonymous web hosting services such as pastehtml, has made it possible for any user on the Internet to participate in those attacks with just one click.
Recently the same attack has been easily ported to one of the most popular mobile platforms: Android. Anonymous social network accounts promote the new attack in Latin America as “LOIC para Android by Alfred”:
By “easily” ported I mean that it is not necessary to have any programming skills to create the Android application because it was generated with a free online service that creates Android apps with just a URL, HTML code, or a document (DOC or PDF). In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government. The attack is part of the operation #opargentina, run by an Anonymous cell in South America. Once the tool is downloaded and installed, the following icon appears in the applications menu:
When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters. (The web page does not fit in the Android screen, probably because the tool that creates the application does not adjust the size of the web page inside WebView.)
Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools. Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS.