Anonymous' infamous Low Orbit Ion Cannon served its masters well over the years, aiding the collective in several high-profile operations against disparate targets ranging from Sony to Mastercard. And when a hacking tool can silence KISS frontman Gene Simmons, you know it's something special. However, good things can't last forever. By the end of the year Anonymous plans to retire the LOIC and wield a new implement of cyber warfare.
News of what's been dubbed RefRef was broke by AnonOps Communications (think: CNN if it only reported on hackers) after a member of the secretive cabal had spoken about it in IRC. The replacement tool will allegedly require more finesse. The site opined that while the "brute force" of LOIC was effective, it also helped law enforcement track down those who fired it.
Indeed, senior technology expert Graham Cluley of Sophos previously said that "LOIC doesn't do a very good job of covering your tracks - making it potentially easy for computer crime authorities to track those behind the attacks." Considering the rash of Anonymous-related arrests this year and the news that #RefRef will launch in September, Cluley's appraisal seems sound.
AnonOps didn't provide too many details on the project, but announced the tool is being developed in JavaScript and will focus primarily on SQL vulnerabilities to bring down the targeted site. The twist is that RefRef relies on resource exhaustion: "a simple denial of service condition which occurs when the resources necessary to perform an action are entirely consumed, therefore preventing that action from taking place."
According to one of the people working on it, RefRef will "use the target site’s own processing power against itself" - a far cry from the bot-fueled LOIC. The end result, however, is the same: a denial-of-service for site users.
Anti-hacker rhetoric has escalated over the past few months thanks in large part not to Anonymous, but LulzSec - an upstart collective that came out swinging against myriad targets with little in the way of reasoning. They were ostensibly "doing it for the lulz." The group's hacking was masked not by Guy Fawkes' grinning mug, but a snooty, mustachioed socialite with a monocle, toasting. Following spokesperson Jake Davis' arrest last week, it's unknown what will become of LulzSec. For now, all is quiet on the group's typically active Twitter feed.
With Anonymous' new cyber WMD in the works, maybe one rogue hacker group running roughshod on the web is enough.
