The question is how do these attacks work?

The answer is deceptively simple. Multiple requests for service from many, many users all at the same time subject the servers to a massive load that they just cannot handle. This requires a substantial effort and organisation to motivate a huge number of users to focus their collective efforts at a single server at a precise time.

To be specific what occurs is these sites are bombarded with multiple TCP or UDP packets or HTTP requests. This puts the server under stress as there are finite resources on the server to handle such requests, and when the server is overloaded it shuts down. If enough requests are received not only will the server slow right down, but it can also be taken down.

The hacktivists as they have become known, are not just dedicated hackers part of the Anonymous group, but also Joe Average. The technology used to power these DDoS attacks are very simple to source and use, so require no special high level skills to operate.

The group Anonymous distributed links to sites where you could download the bot programmes using Twitter as the campaign took flight, and then used Twitter again to synchronise users to direct their attention to specific sites at precise times.

This proved very effective even with Twitter and Facebook shutting down the Anonymous accounts - as quickly as they shut them down new ones appeared. This is the problem such social media sites face; the ability to instantly create accounts and connect with a global audience is both a blessing and a curse in this instance.

The powerful tool used to conduct these attacks is geekily named the Low Orbit Ion Cannon, a programme originally designed to stress test networks. It is written in the widely used windows C# and can be downloaded off open source code repositories like Github and Sourceforge. Using the C# means that it is primarily a Microsoft Windows driven tool although it can also be used on Mac and Linux systems with extra configuration and installation of additional libraries.

The LOIC programme can be easily used to target a website the user inputs into the field, or using an option called Hive Mind, to connect to IRC or even Twitter, and grab information for a specific, focused web attack.

This JS version (Java Script) is very simple to use, and very clever, as well as having a great super-geek interface. Click on the image to see it enlarged.

The group Anonymous used Twitter as a primary communication tool to focus the collective LOIC on specific targets, and gather in more willing participants in the DDoS. Downloading the tool is very simple, with users being directed to websites where a simple click did all of the work for you.

The trend of using Java Script to conduct these attacks is highly sophisticated but also a very alarming new trend.
It turns the average computer and computer user into a weapon capable of doing massive damage collectively to targets at will. It is almost impossible to stop this kind of event from happening as the source of the attacks is the internet in general rather than from specific servers.

The task of shutting down these kind of attacks is impossible, but it does take an anormous amount of trust on behalf of Joe Average to click on these links and buttons to download programmes such as these. You never know what lies beneath these sites, links or buttons, and what the long term effects are going to be on your own system. Not only that by participating in DDoS attacks is highly illegal in most countries so you run the risk of being tracked down and held accountable as these programmes require user interface to function. One thing to remember is that the company's being targetted have very deep pockets when the security of their online businesses is at stake.