Forgot your password?
typodupeerror
The Internet

CNN Says Chat Rooms Are a Haven for Hackers 543

Posted by CmdrTaco
from the well-duh dept.
MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd lock us all up for abusing Kurt the Pope.
This discussion has been archived. No new comments can be posted.

CNN Says Chat Rooms Are a Haven for Hackers

Comments Filter:
  • by Raedwald (567500) on Thursday April 11, 2002 @10:17AM (#3322692)
    And fresh reports say that 'hackers' also use e-mail, telephones and postal services. Shut them all down!
    • by Archie Steel (539670) on Thursday April 11, 2002 @10:46AM (#3322910)
      ...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

      This reminds me of two famous (and nearly identical) quotes:

      They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
      -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

      Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.
      -- President Thomas Jefferson.
      1743-1826
      • by -brazil- (111867) on Thursday April 11, 2002 @11:07AM (#3323046) Homepage
        The difference is that since IRC channels are basically public, monitoring them is both easier and no violation of civil rights.


        BTW, another quote:


        There is no freedom without security.

        -- Wilhelm von Humboldt


        Total freedom means survival of the strongest and least scrupulous and those valuable to them, i.e. mainly the freedom to be robbed, raped, murdered and suppressed. The ideal is to find a balance between freedom and security.
        • by Archie Steel (539670) on Thursday April 11, 2002 @01:13PM (#3323939)
          There is no freedom without security.
          -- Wilhelm von Humboldt


          To which I'll add: "There is on peace without justice."
          --Peter Tosh, Reggae Singer

          Total freedom means survival of the strongest and least scrupulous and those valuable to them,

          Actually, that is a logical fallacy, since total freedom also means freedom to live - "total" freedom, as in "optimal" freedom would mean that everybody shared the same freedom without infringing upon other people's freedom. The balance is delicate, I'll give you that - but it isn't between freedom and security. Rather it is between everyone's freedom. Of course we also need to discuss what types of freedom: obviously, no sane society will condone freedom to perpetrate crimes against other people (because then it would negate those people's own freedom). We can stick to the basic freedom that every human should have, amongst which are the classics (freedom to live, freedom of speech, freedom of movement), and everybody will be just fine. However, with that freedom comes some risk that people will use it to do bad things. That is just something we have to accept: limiting everyone's freedom because of inherent risks is not an acceptable solution.

          All right, that's enough typing of the word "freedom" for a single day!
      • by jedrek (79264)
        So basically they need to whip up some way of controlling IRC as well.

        To read *any* message on a typical IRC network you need access to this many servers:

        One.

        The way IRC is constructed each message goes to every server, so it's a no-brainer.
        • I'd like to disagree to this, referring to RFC1459:

          If there are multiple users on a server in the same
          channel, the message text is sent only once to that server and then
          sent to each client on the channel. This action is then repeated for
          each client-server combination until the original message has fanned
          out and reached each member of the channel.

          Same with PRIVMSG's, they only travel through the servers on the route from the orgin to the destination. It would be truely bandwidth waste to send all messages to all servers.
      • The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

        The sadder thing is, this war is purportedly being fought for our freedoms, and the government seems to think the best way to secure our (hard-won) civil liberties is to start by taking them away.

        Although they have been pretty clever about it: a war against an invisible, intangible, unmeasurable "enemy" (terrorism) is an invisible, intagible, unmeasurable war -- in other words, there is never a time when they have to/can declare victory and drop the pretext of fighting terrorism, and thus there is never a time when they have to give up the gradual rescinding of our liberties "in order to guarantee our security." How is this fighting for freedom?

        Of course, while it's clever, it's hardly original. Pretty reminiscent of the never-ending wars fought in 1984; Big Brother's rhetoric's not even far off from Bush's, and the declared purposes of the wars are likewise pretty similar.

        Oh well.

        • Of course, while it's clever, it's hardly original. Pretty reminiscent of the never-ending wars fought in 1984; Big Brother's rhetoric's not even far off from Bush's, and the declared purposes of the wars are likewise pretty similar.

          That's absolutely true. We've had some kind of "war" going on for a long time. I first remember it with the bombing of Libya in the 80's, but I'm sure it goes back farther. It's typically not an officially declared war, but rather some kind of foreign conflict with a purpose that is unclear. The "War on Terror" appears to be designed to last for a good long while yet. That ought to keep the minds of the masses from being occupied with Real Issues for the next decade.

      • by arnie_apesacrappin (200185) on Thursday April 11, 2002 @01:02PM (#3323856)
        Snip (Archie Steel):

        This reminds me of two famous (and nearly identical) quotes:

        They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

        Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

        Well, it seems that Attorney General John Ashcroft doesn't agree with two of America's great founding fathers. He was quoted as saying, "To those who scare peace-loving people with phantoms of lost liberty, my message is this: your tactics only aid terrorists."

        I'm sorry John, but here, you are the terrorist. Don't persuade me or anyone else to give up my freedoms to make your job easier under the guise of making the world a safer place. To calmly allow you to take my rights is the first step onto a slippery slope that I don't even want to know the results of. I won't quit using IRC, I won't give up my private keys, and I will continue to protect my right to say and hear what I'm constitutionally allowed to. If you want to take my rights, try to change the first amendment. Until then, in the spirit of Monty Python's The Life of Brian(I know they're not American, but it's the best quote I could think of), "piss off!"

      • by SAFH (65236) <safh AT mailinator DOT net> on Thursday April 11, 2002 @02:19PM (#3324348) Homepage
        Hrm... Burn Karma or post AC...

        Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.

        So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.

        OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.

        I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.

        The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:

        ...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of). This reminds me of two famous (and nearly identical) quotes: They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773. Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826
      • by jafac (1449)
        . . . preceeded by about 20 years by:

        "A man that would sacrifice his freedom for security deserves neither. The God who gave us life gave us liberty at the same time."
        -Montesquieu, The Rights of British America
  • by colindiz (162137)
    Why is this news? Of course hackers hang out in IRC. You know what, so do crackers. And so do other people.

    NEWSFLASH: The sky is blue.
    • by arnie_apesacrappin (200185) on Thursday April 11, 2002 @11:09AM (#3323064)
      To badly quote Norm MacDonald, "Breaking news from the scientific journal DUH!"

      Other places hackers hang out:

      • malls
      • coffee shops
      • schools
      CNN might want to investigate these places as well. Inside sources from CNN also tell me that these things called "newsgroups" exist. Appearantly, these "newsgroups" allow people to exchange "news", which according to CNN sources is a "code word" for "illegal activities", and is a new sweeping trend in the scary hacker underworld.

      Also, staring at the sun can cause blindness.

    • by richardbowers (143034) on Thursday April 11, 2002 @11:12AM (#3323102)
      I thought the only people on IRC were FBI agents pretending to be 14 year old girls. There are hackers there, too?
    • Re:This is news? (Score:4, Insightful)

      by llamalicious (448215) on Thursday April 11, 2002 @11:25AM (#3323193) Journal
      Pardon me. But my colorblind friend says the sky is a medium gray.
      He can't understand blue, or what possible uses that color has on a day to day basis.

      Likewise, the people out there coming up with these "notices" are technology blind.

      So if we couldn't trust a colorblind person to paint your house, how can we trust technology-blind legislators and other political reps to make the right decisions or statements on our behalf...?

      Time to get out the voting stick.
  • by timothy_m_smith (222047) on Thursday April 11, 2002 @10:18AM (#3322697)
    In this age of watered-down single source media, this article is about par for the course. It's hard to believe that the bulk of American's accept CNN as a reliable media outlet.
    • by hex1848 (182881)
      CNN == "Communist News Network"

  • by Rentar (168939) on Thursday April 11, 2002 @10:19AM (#3322708)
    Criminals that want to organize any criminal actions are known to use the telephone system to communicate!
    • No, they actually sit in cafes, bars, restaurants and other public places and ... TALK.

      Brought to you by citizens for a mute and honest society.
    • Criminals that want to organize any criminal actions are known to use the telephone system to communicate!

      Criminals wanting to conspire to commit criminal action are known to sit in corporate boardrooms in closed, secret conferences.
    • And yet another poster who needs to be beaten with a cluestick -- badly.

      Here's an analogy that you may, possibly, be able to understand.

      Phone system::IRC talk::Napster.

      Phones only help you when you know who exactly to call. IRC provides more of a forum, which will help when you don't precisely know who to contact -- and when you'd prefer that those who you contact won't know exactly who YOU are.

      So, frankly, your post is a bunch of hogwash in its "slippery slope" implications.
  • It seems hackers seeking to pass information use a convenient communication mechanism.

    Astonishing.

  • by cjpez (148000) on Thursday April 11, 2002 @10:20AM (#3322721) Homepage Journal
    I used to work for a company that actually used IRC. We had a bunch of geographically-diverse locations, and we needed to be in near-constant communication with them, so we just set up an IRC server and that was that.

    Ah, what fun we had with bots . . . We had a bot to talk to our phone list database, a bot to page people, etc . . . Grand fun.

  • Shocking! (Score:5, Funny)

    by TheLocustNMI (159898) on Thursday April 11, 2002 @10:21AM (#3322729) Homepage
    this just in -- dancefloors, bars, other public settings rumored to be HACKER FREE!
  • i suspect the quotes from Schnier (sp?) were eitehr taken out of context or he didnt know what they were going toward.

    i read the article yesterday (tried submiting it too, rejected) and the article was anti-IRC right from the start. Kinda like Phil Zimmerman's "guilt" over PGP [slashdot.org] dabacle with the Washington Post last September following the terror attacks.

    basic thing to remember: the media is always biased, no matter how much they say they arent.
    • It is taken out of context. I'm still not a big fan of what's being said, but it's not as bad as it was depicted above.

      "It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."

      He's saying that someone who is anti-big-corporation is more likely to use IRC which isn't controlled by a big company than AIM, Yahoo Messanger, or MSN. Not that anti-big-corporation people are more likely to use irc than pro-big-corporation people.
  • Retarded (Score:2, Insightful)

    by Anonymous Coward
    People who hang out in bars are more likely to be convicted of a DUI. Therefore we should close all bars.

    People who own a gun are more likely to shoot someone. Therefore we should ban all stores that sell guns, such as K-Mart.

    People who smoke are more likely to die of lung cancer. Therefore we should close down all 7-11s because that's where people sometimes buy cigarettes.

    While it may be true that "Many people who are hax0rs use IRC", that in no way indicates that the converse is true. I realize I dont' have to tell you all that, but who else is there. I am sick of so-called "experts" spouting ridiculous notions.

    Spend some time on irc.enterthegame.com. It's a server for people who play online games. Shocker, not too much hack talk going on here; just typical clan nonsense, all in good fun.
  • blah (Score:2, Interesting)

    by Vodak (119225)
    The Wild west of IRC... BANG BANG! do what does that make IRCops?

  • by Anonymous Coward
    once the hacker "has that information and wants to sell it, often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
    The Web is not the Internet...The Web is not the Internet...The Web is not the Internet...The Web is not the Internet...
  • Selective Reading (Score:5, Insightful)

    by ackthpt (218170) on Thursday April 11, 2002 @10:24AM (#3322768) Homepage Journal
    If you want to see something, you will. It's called 'predisposition'.

    Chatrooms, in the news over the past years, have also been a haven for:

    People sharing interest in pretty much everything you can find in alt.* and rec.*

    Pedophiles

    People meeting each other legitimately and socially

    Terrorist plots

    The future of Slashdot

    It's just another red herring for the media, the biggest news for the New Yahk media is a big drought in Delaware, so guess what they dig up to shock Mr. and Mrs. Average American. Big wh00p.

  • by famazza (398147) <fabio...mazzarino@@@gmail...com> on Thursday April 11, 2002 @10:25AM (#3322771) Homepage Journal

    One of the solutions for this problem is webchats. Webchat can be done using http and a web browser, all the functionality becomes controled by web frames inside the browser. No information can be retrieved besides the ones avaiable.

    Of course that there are plenty of disadvantages, the speed is one of them, but I think that is acceptable so we can increase security.

    Other option is modify IRC protocol to avoid these security flaws, this would avoid speed problems, and maybe is the more intelligent thing to do. But, will new IRC clients/servers implement the new protocol.

    IMHO the new protocol, whatever it would be, http or new irc, should not be compatible with the old one, so we enforce the change, and avoid further problems.

    What are the other options?

    • by imipak (254310)
      What are the other options?
      The other options include "don't try to fix something that isn't broken." This is pretty much the standard 'slow news day' Internet horror story which CNN|the BBC | Fox | Time |whoever comes out with once or twice a year. Identity thieves use IRC. Film at 11. The problem that needs to be fixed is the ease with which people's IDs can be stolen, thanks to lots of personal data being stored on various insecure systems. I mean, you know, there are people out there buying things over the web using Visa cards from IE, to webservers running IIS... sorry, folks, Billy was lying: Windows (well, Win 9x), and IE/Outlook/IIS are NOT safe at any speed.

      Incidentally, did every get a good laugh from today's announcement of no less than EIGHT new IIS holes? Lo,they are mostly present in the current version; and lo!(too), they were mostly(all?) discovered by OUTSIDE researchers, not Microsoft programmers on their month of 'intensive security auditing' their existing codebase (*giggle*)

    • Here's a solution for you, piss off. None of the people who USE IRC care about the security of the protocol. Snoop all you want, who cares if you know everything I ever said on IRC? The X bot probably has a log of 90% of everything that's been said on Undernet. We use IRC because it's fast and we can find lots of people quickly without any trouble. Anyone can start a new chan to talk to their friends in. It's simple, it works well, we like it. So stop trying to fuck with it. There's nothing wrong with IRC. It doesn't need to be changed. Piss off.

      Kintanon
  • Nice headline. (Score:5, Insightful)

    by reaper20 (23396) on Thursday April 11, 2002 @10:25AM (#3322775) Homepage
    Anonymously stealing, trading personal information

    Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.

    hmmmm..... maybe I need to check out #amazon and #brilliant.
  • by T1girl (213375) on Thursday April 11, 2002 @10:26AM (#3322779) Homepage
    the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat

    Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.
  • by Cinnibar CP (551376) on Thursday April 11, 2002 @10:26AM (#3322780)
    "A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

    You should ALSO assume that your wife is cheating on you. And you're about to be fired. And someone is monitoring you. Constantly. We even know what brand of socks you're wearing.

  • Look -- I don't much like IRC. Too broken and choppy for my taste, and not enough time to write anything meaningful [long].

    But it's just another Internet tool like email, USENET or WWW. It can be used for good or ill just like anthing else. I don't think it's any more secure from monitoring than any other protocol. Anon [mixmaster] email actually seems the least traceable.

    I think this is just a slander-by-association: someone doesn't find IRC participants "nice" [=like them] so choses to consider all IRC participants gulity by association. Might as well consider all email users evil, same logical fallacy.

  • Hackers also live in houses, which they use to store computers that are used to run various hacking projects. Obviously, something needs to be done about this housing problem. People should have to obtain a license or pass some kind of inspection, or else have their house taken away from them.
  • by Sase (311326) <sase@nOSpAm.5ecg.com> on Thursday April 11, 2002 @10:29AM (#3322799) Homepage
    That was a good laugh.. and my friends.. that's why it was posted to /. :)

    I've been IRC'ing since 1992. That's 10 years, and I'm still not a veteran.

    Some of the World's (Internet's) greatest heros and founders hang out on EFNet/IRC or some like service...

    Remember BBS? :) Surprised they didn't talk about that.

    It's so typical for people to lash out on things they do not understand. More or less, its all too typical that they never emphasize the best parts about it. I mean comon.. Let's think about it.

    IRC is a place to share knowledge, not just CC #'s (who are they kidding.. I have never been asked to trade a CC # or anything of the like.) Many of the World's 'hackers' (or techies that work for YOUR company) can acredit their knowledge (or at least the start) to IRC. I know I can.

    I knew nothing (well, not nothing, a tincy bitty bit) about the Internet, its structure, protocols, computers, other operating systems, etc. before I came to IRC.

    It all started with the 'need' to have an eggdrop bot in my channel.. How the hell was I to do this?

    *shrug* I didn't know what I was doing.. but I got my hands on a free WOPR.net shell, (if anyone knows who I'm talking about.. send a shout out.. I'm curious) and was forced to learn a bit of unix commands (heh) to opperate the bot...

    By and by I had shell after shell.. learning more about *nix as the opportunity came along. I eventually had the oppertunity to have root on a friends system (from IRC) and learned more and more about the system and how it worked.

    Fast forward a bunch of years :) I met both my partners of my company (Web Hosting/Web Development) on IRC, and they have been good friends ever since. It is quite the successful business, and I have learned much since then... all because of IRC (well, I guess not that much.. I'm still using /. ;)

    The news concentrates on the bad things always.. I've become a better person because of IRC, completely. Not only have I learned a tone of IT stuff.. I've also learned how to be a ;better person.. to react in the right mannor (not just to get +o.. or plus +O for that matter ;0)

    Much of the Internet success stories are because of IRC, and I feel this article fails to discuss this... That is a bad thing, and this is why us 'hackers' seem to get a bad rep.

    Oh yeah.. IRC didn't teach me how to spell, really :) afaik :)

  • by Nos. (179609) <andrew AT thekerrs DOT ca> on Thursday April 11, 2002 @10:30AM (#3322804) Homepage
    He says this:

    "A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

    To me this says, that I should assume, in my wallet is a stolen credit card. Well, there isn't, and I don't need to check. I have one credit card, and since I get a statement every month with my name on it, I obviously didn't steal it.

    Now if he's just a confusing person and is actually saying that I should assume that one of my credit card numbers has been stolen. Well, as long as everyone out there practices some basic security, they shouldn't worry about that either. The first thing is to make sure you have fraud protection on your credit card (most have a $50 limit now). Second, look at your statement! If you just pay your bill without examining the charges, well, send me your credit card number!

    • AMEN! Yeah I think this line is a load of you know what! If you just BE CAREFUL with about 90 percent of things you do (going to a restaurant, going to a hotel, walking on the street while chewing gum, multitasking with windows.....) you will be ok. This is the reason why if I see a sight that does not have SSL or anything protecting the page I am to enter my order in, the place does not get my business not matter how low the price. I used to order stuff of of one company (I did not and will not use their web page) who didn't have SSL on his order page! NUTS!
  • by oyenstikker (536040) <slashdot@@@sbyrne...org> on Thursday April 11, 2002 @10:31AM (#3322816) Homepage Journal
    "Hackers" getting personal information and selling it to other "hackers" is bad.
    Corporations getting personal information and selling it to other corporations is good.

    People with tightly held secrets are suspect.
    Corporations with tightly held secrets are to be trusted.

    A person trying to extort people is a thug and scam artist.
    A corporation trying to extort people is just protecting the artists.

    OK. I got it. Now can I incorporate myself? I think I'd be much better off as a corporation than as a citizen.
  • Duh (Score:3, Insightful)

    by dieMSdie (24109) on Thursday April 11, 2002 @10:31AM (#3322817)
    "It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."

    There's the only useful statement in the whole fscking article. What a loaf of fertilizer. Must have been a boring newsday for the CNN "tech" crew...

    • by Shelled (81123)
      I'm wondering how much Counterpane Technologies paid to have the article posted. It's nothing but a contentless paranoia raising exercise to generate hits for their web site.
  • by jonesvery (121897) on Thursday April 11, 2002 @10:31AM (#3322822) Homepage Journal

    There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC".

    It actually seems to me that Schneier did a pretty good job of preventing some editor from slapping an alarmist breaker along the lines of "IRC is a tool designed for smelly hackers" into the piece; take a look at the full quote:

    "It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC." [Emphasis added.]

    He goes out of his way to point out that there's nothing that makes IRC particularly "suited" to nefarious purposes, but rather that its non-corporate nature is likely to appeal to anti-corporate people. (That, of course, is an assertion that can be argued forever, but it doesn't strike me as too alarming.)

    • by uncadonna (85026) <mtobis@WELTYgmail.com minus author> on Thursday April 11, 2002 @10:54AM (#3322952) Homepage Journal
      Not as alarming as the /. blurb made out, but still revealing of the corporate mindset. Apparently AOL/TW/CNN still finds something dubious or alarming about the concept that people would have something to say to each other and use their technology to do it. In the mass media world, everyone who wasn't a member of a tiny content-production elite was expected to be a consumer and only a consumer. To the extent that everyone is now a publisher, this is threatened.

      AOL/TW/CNN obviously has risked much to become a major player in the content game. Their discomfort with a world in which anyone is a content producer leaks out here. You'd hope they would find ways to profit from this prospect of freedom, rather than trying to squelch it, but it's not surprising that some folks in that outfit don't get it.

      As for me, I'm not anti-big-corporation where big corporations matter. I like airlines and bridge builders and silicon foundries, but I'm not about to set one up in my basement. I don't like Starbucks, because their main value-added is de-localizing what ought to be a lot of small businesses.

      If information megacorps want to help me, they'll help me make the most of all the content out there, and they'll help me stay secure even though there's no sensible way to keep bad people out of chat rooms. I don't want to live in a world where people steal my credit card, but even more I don't want to live in a world where significant powers feel free to characterize online chat as subversive.

      • If information megacorps want to help me, they'll help me make the most of all the content out there, and they'll help me stay secure even though there's no sensible way to keep bad people out of chat rooms. I don't want to live in a world where people steal my credit card, but even more I don't want to live in a world where significant powers feel free to characterize online chat as subversive.

        Absolutely agreed (though I'm afraid that we already live in a world where significant powers feel free to characterize online chat as subversive).

        My concern was regarding the characterization of Schneier's quotes as "alarming." His quotes were far more reasonable than those made by Chad Harrington (the IRC is eBay for hackers statement); it seems to me that the story would have been far more skewed and alarmist without the input from Schneier, and I'm honestly glad that his input made it into the piece.

  • by LinuxHam (52232) on Thursday April 11, 2002 @10:32AM (#3322826) Homepage Journal
    I may have skimmed a little too lightly, but I didn't see anyone mention that CNN actually runs one of the best IRC servers used for interactive televsion! When Mir was returning to Earth, there were well over 800 people in the room.

    Then, with Talkback Live, they make excellent use of AIM and IRC. Very forward thinking.
  • by Stonehand (71085) on Thursday April 11, 2002 @10:34AM (#3322839) Homepage
    Any guesses as to how many posts on this thread will...

    - Call CNN a bunch of morons.
    - Suggest that we should therefore ban ::insert whatever:: using ridiculous slippery-slope logic.
    - Say "Duh".

    ...without showing ANY evidence of reading the article, or making any factual statements whatsoever?

    Really, now.

    Now, for those with actual central nervous systems and who actually care about facts rather than knee-jerk responses:

    IRC is a multiperson always-on real-time worldwide system, and is therefore more conducive to exchanges and marketing than phones, pagers and their ilk. There's no comparison, really, except for morons, because while a phone system at most might be a small-scale party line, messages on IRC can reach nigh-arbitrary amounts of people whom you DON'T need to have previous knowledge of. Even if you do NOT have any intended buyers in mind, calling random people and offering credit card numbers is stupid. Sending a CC list offer to an appropriate IRC channel is less stupid, in that you can reach more people at once, and they're voluntarily reading so they're more likely to be interested. Plus, there's no Caller ID, and if you're bright you may be using a compromised machine so that your own IP isn't shown. If the distribution of logs crosses national borders, it may be quite a hassle for anybody to ever find your identity -- assuming that you can maintain anonymity during an exchange, of course, by not screwing up by, say, using one of your own personal bank accounts.

    And, most people who read CNN have little experience with IRC. Therefore, it's fair to give them a "heads up", especially, say, if they've got a teen who's spending a lot of time online and ordering more stuff than you think he could afford, or similar situations... this merely provides a bit of awareness to the technologically naive.
  • since the dawning of time evil men have thwarted to abuse the societies they dwell in. ever since the original urge to evolve from single celled space snots into the form of the human being, this evil force has compelled a portion of our fair species to evolve one step beyond the main stream. as early as the 1800s humans have developed simplistic vocal patterns used to convery root directives between what we refer to as "nodes". these nodes, when in a collaberative setting, can communicate rapidly, and the use of technology has only spread this disturbing pattern. eventually is is conceivable that these evil nodes will dominate the world with their bloodthirsty lust for communication.. modern day usage of "internet" relay chats indicates what we shall call "Big Trouble Ahead". If given time to spread, we may find that evil nodes of human clusters will continue their ravaging in search of the ultimate form of communication. we as reasonable members of the species must do everything we can to thwart this insidious infestation. Indeed, our very futures depends on it.
  • by red_dragon (1761) on Thursday April 11, 2002 @10:35AM (#3322854) Homepage

    Some other media that the CNN article forgot to mention:

    • Smoke
    • Flash lights
    • Morse code
    • CB/Ham radio
    • Phones
    • Pen and paper
    • Station wagons full of magnetic tape/CDs/DVDs
  • Bayes Theorem (Score:5, Insightful)

    by Glorat (414139) on Thursday April 11, 2002 @10:37AM (#3322860)
    I dunno how many of you nerds know Bayes Theorem but it's one of the first rules and statisticians learn and, annoyingly, it is one of the more unintuitive arguments for the uninitiated

    <Offtopic>I can't stand the current Cannibis debate in the UK where people state something like that 95% of heroin addicts used Cannibis first as a gateway drug. Therefore Cannabis should be illegal. While I agree Cannabis should be illegal, that argument is a statistically false one because you cannot say that 99% of cannabis users go on to take heroin. That would be significant</offtopic>

    Here, just because I imagine 99% of script kiddies use IRC, does not mean we should be anti IRC. You cannot map it to the proper argument where I imagine only <1% of all IRC users have anything to do with hacking and scripting. If you, for example, kill IRC, you upset 99% of the populatoin and script kiddies go elsewhere

    Exploitation of people's misunderstanding of Bayes makes the easiest and most effective weapon in the world of FUD
    • Your offtopic comment is interesting to me. What percentage of pot heads in the UK do go on to use heroin? I have never seen such a statistic in the US, only how many heroin users have smoked pot.
    • Welcome to the world of PROPAGANDA. Psychologists know that people will subconsciously accept brazen lies if they are sufficiently tired, confused, or distracted before taking in the false causal statement. This is called "suggestability". They will subconsciously seek a (false if necessary) internal logic or even a leap-of-faith to understand the author. If they are too tired to question this understanding, they will keep it and use it as if it were fact, gleefully making false judgements baed upon the supposed "fact."

      AKA: sales pitch.

    • Re:Bayes Theorem (Score:3, Informative)

      by gorilla (36491)
      I agree Cannabis should be illegal

      Funny, cause the UK doesn't. It was downgraded from Class B to Class C last year, with a pilot program in one London borough with the only thing the police can do is confiscate it - a program that is exepected to be extended to the whole country soon, and the committe charged with making recommendations on drug policy have reported that it should be decriminalized, which is expected to be accepted by the Home Secretary. In fact, in the UK, the whole "War on Drugs" approach is widely seen as a failure, with the minor opposition party having decriminalization of all drugs (As happened in Portugal last year) as a platform, and many members of both major party agreeing with that policy. BTW, the drug most likely to be associated with crime is ... alcohol. "between 72% and 82%, depending on the area, testing positive for alcohol. " (http://www.druglibrary.org/schaffer/Library/studi es/runciman/pf7.htm)

      • Re:Bayes Theorem (Score:3, Insightful)

        by mpe (36238)
        In fact, in the UK, the whole "War on Drugs" approach is widely seen as a failure,

        Hardly a UK specific viewpoint, even in the US there is plenty of evidence that prohibition/war on drugs is an expensive farce.
        Maybe with the possibility of a ceasefire in the "war on drugs" politicans feel they need a "war on hackers" to compensate.
  • by DonWallace (119294) on Thursday April 11, 2002 @10:38AM (#3322868)
    The bottom line of this article appears to be that if someone uses *anything* called a 'chat room', they're implicitly engaged in illicit activities:

    "It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."

    This spokesperson is basically saying that chat outside the venue of a benevolent, all-watching big corporation is evidence of intent to cause harm to the capitalist system, by extension. (and don't forget all of the child molesters hanging out on ... er... AOL!!)

    While many are mocking the origin of the story, don't laugh.

    Civil liberties can easily be eroded by the F.U.D. and implied subversion that a large media company such as CNN can implant in the minds of readers over a perior of time. "Chat room" == "bad unsupervised people up to no good" can become implanted in reader's minds subtly by repetition... with the terrorism paranoia running rampant in our society, spin like this ain't positive.

  • Here's one of the offenders right here: chat.cnn.com [irc].

    This credit card theft, cracking, terrorism promoting menace of a protocol and its operational cells [cnn.com] must be stamped out immediately! Somebody call John Ashcroft!

    I'll take irony for 500, Alex.

  • The government ought to regulate and monitor this somehow!! *NOT!!!*
  • the picture (Score:2, Funny)

    by oyenstikker (536040)
    Article about IRC. Picture of Netscape on CNN.com
  • That criminals use the internet for 'identifty teheft' is not news Even the US government is on the case: [house.gov]

    The proliferation of identity theft crimes has been fueled in some measure by the Internet, where Social Security numbers and other personal identifying information are widely available for a fee.

    The original article seemed very alarmist. Is it really such a problem? My skimming of a US government report from some years ago [gpo.gov] revealled the following interesting information (emphasis added):

    Officials at VISA U.S.A., Inc., and MasterCard International, Inc., indicated that overall fraud losses from their member banks are in the hundreds of millions of dollars annually,
    but these losses constitute a small part (about 0.1 percent) of the banks' overall billing transactions processed. Nevertheless, an official from MasterCard told us that dollar losses relating to identity fraud represented about 96 percent of its member banks' overall fraud losses of $407 million in 1997.
  • But IRC is largely unregulated -- a Wild West of chat...

    YEEEHA!! I'm gonna rustle me up some trout to slap!
  • by MongooseCN (139203) on Thursday April 11, 2002 @10:48AM (#3322925) Homepage
    ...but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

    Opens up wallet.

    OMG! He's right! Someone stole a CC number off the Internet and put it in my wallet! These hackers are good!
  • by Beautyon (214567) on Thursday April 11, 2002 @10:48AM (#3322926) Homepage
    is unworthy of repetiton. It is poor journalism of the most illiterate kind, engineered to whip up hysteria over something as old as the hills.

    The author [cnn.com] "With more than 23 years of journalism experience to draw from, Renay San Miguel is a technology anchor and correspondent for CNN Headline News based in CNN's world headquarters in Atlanta....From 1997-2000 he was with CNBC, where he served as a correspondent specializing in technology and the Internet. "

    really needs to have 23 years of experience in how to research a story. And anyway, how on EARTH can someone from 1997, "..specializing in technology and the Internet.." not have ever used or seenIRC???

    If he knows what IRC is, and STILL wrote that, then he really is just a sh1t stirrer, first class.

    Nothing to see here: move along!
  • But with identity theft becoming a more popular form of fraud, according to the Federal Trade Commission (FTC), more attention is being paid to chat rooms that serve as flea markets for hackers.

    This is the real thrust of the article, although it's brevity and excessive misuse of the word "hacker" makes it easy to miss. The article isn't slamming IRC as an evil haven of credit card thieves, it's pointing out that there's an entire chunk of the Internet called IRC that most people aren't aware of, and that it's possible, if not likely, that your credit cards and other personal information are being bought and sold on it right now.
    • Right. But notice that it's the posts that make knee-jerk responses about the article that get moderated up, not the ones that analyze the article and consider its factual basis. Go fig.

      And yes, it's a real concern for those that aren't aware of identity theft, don't fully examine their bills, and so forth. It may be a surprise to people that their CC#s, once revealed -- which they do every time they use them -- might be posted somewhere and used 'round the globe until the issuer's fraud-detection algorithms flag the number, or the limit is hit. And some may not be aware that the Feds aren't completely oblivious to the situation...
  • Isn't it about time the media realized the difference
    between a hacker and a _cracker_? I've spent
    enough time on IRC to know 99% of the people they
    talk about in this article are just clueless
    12 year olds who try to impress eachother
    with their 'el33t' ./hacking abilities.
  • Uniformed Reporting (Score:3, Interesting)

    by Vodak (119225) on Thursday April 11, 2002 @10:58AM (#3322989)
    Yes IRC is a great tool and sometimes it can be a lot like ebay. I've gotten some good hardware that I can't find anywhere else just by talking to people on IRC.

    Of course these people will go to IRC chat rooms all the time, hell like every other type of computer geek on the internet they like to boost. It's natural for a geek to go somewhere and brag about their exploits.

    The claim that identity theft is running wild and it's the fault of the hackers is an amazing assumption. While I do believe things like this happen to people around on many occasions. I do not believe it's as large scale as some people would have us believe. I have seen many more cases where identity theft is caused by people in the real world either losing their wallets. or other malicious deeds in which a criminal gets information from a victim.

    You should automatically assume your credit card was stolen? Frankly if your not reviewing your credit card transactions you are a fool. But again. there are many more cases of this happening because of a store employee collecting the information some nameless computer hacker who is out to get you.

    Why would things like pirated software, child pornography, and stolen information be available on IRC? It's a quicker communication medium. It's easier and faster for people to exchange the information then web pages or e-mail.

    People use IRC networks like EFNET, DALNET, GAMESNET, etc. as opposed to AOL or Microsoft because the big business companies consider their users to be morons that don't need more advanced forms of software. When your network blocks out all types of profanity because it's "bad" many people are going to look to communicate where they can speak as they wish.

    As for the law enforcement issue it is up to all the irc networks in question to regulate the going on in their own set of servers. I'll use Gamesnet as an example. They are constantly attempting to stop the "warez trade" from happening on their network and have assisted law enforcement when they find out their users are committing crimes.

    The FBI gets lucky because like all criminals people who are involved in things like identify theft, child pornography sing like canaries. that's the only reason they get lucky. the boasting of hackers helps the FBI catch hackers
  • According to this guy, [adequacy.org] using AMD, Bonzai Buddy, Flash, and Quake makes you a hacker.

    Depending on how you read it, it's either hilarious parody or a woefully misinformed parent. I was in the hilarious parody camp until I saw the rest of his articles. [adequacy.org]
  • ...or today two of more or less famous among computer-using population people for, both named Bruce, and with last names starting with "S" (Bruce Sterling, a writer, and Bruce Schneier, a cryptographist, of "Applied Cryptography" fame) made absolutely inane statements, performing the acts of nearly the worst ass-kissing that ever was mentioned on Slashdot?

    Is someone going through the list (sorted first name first, like every ignorant person will do) and doing something to those people? Is there something in common? Or everyone and his dog suddenly became a patriot of the Corporate States of America, so those coincidences are merely a result of high density of this ?

    To be honest, I would be equally disgusted in both cases, so I'll rather stick with the hypothesis of my insanity.
  • They should check SILC [silcnet.org] - next generation distributed conferencing with strong cryptography used for authentication and privacy.
  • In other news, bars and clubs are coming under fire for being havens for drunks, deviants and criminals. Churches are coming under fire because we need to protect our kids from secual deviants using the lord's work to help them out. Universities and libraries are known hide outs for communists, terrorists and dangerous foreign nationals called "graduate students." Shopping malls and "high schools" are breeding grounds for gangs of teenagers associated through shocking dress, style and manors of speech that are anathem to the status quo; these kids want to shake things up in deadly new ways. Department stores are selling guns, cigarettes, alcohol and dangerous narcotics such as aspirin and caffeine. Oh, and private homes -- which are difficult to monitor due to laws designed to protect criminals and prevent beneficial government employees from knowing what's really going on -- are the worst of all. People are torturing kids, raising deadly animals and polishing guns, ready to start a revolution against your great american goverment.

    And I don't totally trust this "Applebees" restaurant chain, neither. John Birch says they're pinkos.
  • Cause she knows i am on IRC a lot, so now she will think i am a hacker!
    which i am ofcourse i hack some c every day, but never the less this could set my reputation in a wrong perspective, lets DDoS CNN again =D

    Quazion.
  • by Restil (31903) on Thursday April 11, 2002 @12:53PM (#3323782) Homepage
    Someone might utilize a USEFUL tool in such a way that might entail malace. Among other things, IRC is useful for the following things:

    Trading porn including child pornography (tm).
    Trading illegal mp3's.
    Trading illegal movies.
    Trading illegal books.
    Trading illegal software.
    Trading illegal TV shows.
    Stalking.
    Preying grounds for Child Molesters (tm).
    Learning BAD english "31337 anyone???"
    Discussing illegal activity.
    DOS zombie gathering points.
    Trojan access gathering points.

    Oh, and of course, its primary purpose, so that large groups of people can easily gather online in a user friendly way to discuss various topics of interest to them.

    People, its a tool, nothing more. You can use it legally or illegally. I can cut butter or stab someone with a knife. I can buy food or drugs with money. I can use a telephone to call my friends to say hi, or I can prank call someone and threaten to have them killed. And yes, if I really wanted to, I could use IRC illegally. As could I with AIM, or yahoo's chat/forums, or anywhere else that I wanted to.

    Yes CNN, Chat rooms are most likely havens for hackers (tm). Its not so much an issue of debate, but an issue of declaring the obvoius. I'll bet they use phones too. And Email. And websites. I mean, if there wasn't an internet, there would still be hackers even though all the reasons you think they're bad would be null and void. Hackers pre-date the internet, even those inflicted with malice. Although, script kiddies are a rather recent breed.

    -Restil

When you don't know what you are doing, do it neatly.

Working...