The stress test tool itself is legal and freely available on the Internet. It should be noted, however, that it is only legal to perform load tests on your own IT infrastructures. Unauthorized use of the Low Orbit Ion Cannon against third-party targets violates the laws of most countries. In Germany, this is considered computer sabotage under § 303b StGB (German Criminal Code) and is subject to criminal prosecution. Attackers face fines and/or several years in prison.
Those who use LOIC for illegal overload attacks should expect to be quickly identified and prosecuted. Such attacks leave the IP addresses of the attackers visible to the target and they cannot be disguised via a proxy server, as the attack would otherwise hit the proxy instead of the actual target.
The Low Orbit Ion Cannon was primarily used by the hacker collective Anonymous and members of the 4chan forum for several noteworthy DDoS attacks:
In early 2008, Anonymous, together with supporters from the 4chan forum, used the LOIC for a series of DDoS attacks on Scientology websites. The hacker collective took this action in response to a copyright lawsuit filed against Youtube by the Church of Scientology. The Scientology organization had demanded that the video service and other websites delete a leaked video featuring actor Tom Cruise.
Beginning in September 2010, Anonymous conducted multiple DDoS attacks against the websites of financial institutions, industry associations, and government agencies as part of “Operation Payback” using Low Orbit Ion Cannon. The hacker collective used these attacks to protest against the closure of the torrent site Pirate Bay and the blocking of Wikileaks’ donation account. The attacks were directed at the Motion Picture Association of America, the Recording Industry Association of America and the U.S. Copyright Office, among others. Later, Bank of America, Paypal and credit card companies such as Visa and Mastercard were also affected after they refused to forward donations to the whistleblower organization Wikileaks.
In early 2012, Anonymous initiated DDoS attacks via LOIC in response to the closure of the file hosting company Megaupload. Targets included the websites of the FBI, the U.S. Department of Justice, U.S. film and music industry associations, and several record labels. According to the hacker collective, it was its largest attack campaign ever up to that point – a total of 5,635 people with their own LOIC instance are said to have participated.