December 09, 2010

Operation Payback: How it Works


Imperva's Application Defense Center (ADC) analyzed how Operation Payback has been conducted.

There are 3 versions of the Denial of Service tool that have been deployed:

  1. Manual
  2. Server controlled
  3. JavaScript version with no download

Below are graphics to show the rate of downloads for the Denial of Service (DoS) tool as well as geographic distribution and screenshots of how they work. 

Here is a screenshot of a conversation about directing people to attack PayPal:



The graphs below show how many downloads of the manual denial of service tool have occurred as well as where:


The manual version stats are here (you can change the date to get analysis on a different period).

For the server controlled version, there have been already 33K downloads at a rate of more than 1000 downloads per hour.

There also a javascript version of LOIC that requires no download at all:


Screenshot of Manual Denial of Service tool


Screen shot of instructions for the server controlled tool (our apologies for the language):


Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.