I'm highly doubtful that that's all that's happening. I simply can't see a 5600-strong botnet (voluntary or not) holding down 4 independent domains simultaneously.

On a separate note, I would have thought they had learned their lesson re: LOIC after OP:Payback. I guess we'll be seeing another string of arrests in the coming months.

They might manage to fill the connection limit for apache on each system (I think this is default to 256?).

It's not very likely that those sites are using Apache on the front lines.

They are.

mpaa.org is using nginx/1.0.5, but the other sites do indeed seem to be Apache servers.

Can't LOIC be operated through a VPN? (Assuming the VPN-operators allow it)

If you routed all your traffic through the VPN, LOIC would follow. That said, I know of no vpn that would allow it.

Basically, LOIC is a ticket to jail. The fact that it was used for so long without repercussions is that the Feds didn't care enough to do anything. That all changed with OP:Payback.

But how could an open source network stress testing utility become a ticket to jail?

Intentionally disabling someone else's computer system (even just their website) is a crime. And LOIC has no anonymity measures, so your IP shows up on every single packet that arrives at the target computer. If you participate in an attack, it will be very easy to find and prosecute you.

Richard Stallman used an analogy of voluntary DDoS with street protests.

Street protests make whole streets inaccessible, and may disable access to stores, businesses or what not.

In Europe this analogy has also been used by politicians (ones that are actually sitting in parliaments and not accused of crimes).

I'd also consider it a form of peaceful protest. Well, actually it's just data, nobody gets physically harmed so it's always peaceful. Anyways, you are not stealing data and you are not permanently harming the system. You basically do something the site is made for (serving requests). If you consider that a crime you could also consider telling a huge people to phone a company and complain about something a crime. I mean this certainly leads to a denial of service, because it makes it virtually impossible for others to use that service.

I for myself am a bit lazy for these kinds of protests. I actually prefer informing people so they draw their own conclusion, but I would never call something like that a crime. IMO it should be treated like a freedom. I know this can cause financial damage, but it's still not harming people. I mean every news article, every kind of information and just saying something like "Nike is child slavery" or "fast food from McDonalds is unhealthy" can make people not buy stuff there and therefore cause financial damage. In first place it's about an institution and we shouldn't consider an institution something that has human rights, because it devalues natural people.

The way I look at it is like having 100 of your friends all go to McDonalds and line up. One at a time you order a glass of water, and then go to the back of the line. Honest customers will enter and get in line. If they wait/keep trying for long enough they'll be able to fulfill a request but most will get fed up and quit trying.