CNN Says Chat Rooms Are a Haven for Hackers

MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd lock us all up for abusing Kurt the Pope.

Wow, what bullshit . . .

[cjpez]

I used to work for a company that actually used IRC. We had a bunch of geographically-diverse locations, and we needed to be in near-constant communication with them, so we just set up an IRC server and that was that.

Ah, what fun we had with bots . . . We had a bot to talk to our phone list database, a bot to page people, etc . . . Grand fun.

Wow, investigative reporting

[T1girl]

the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat

Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.

Re:paper tiger

[trickydisko]

About 6 months ago, around 1500UKP was deducted from my credit card account fraudulently. The withdrawals took place in Turkey - somewhere I've never been or bought from. My cards were never lost, and I've only ever made a couple of transactions using them over the phone, but I'd used them to buy many items online. It seems reasonable to guess that my details were probably stolen on the net.

These things do happen!

Government knows already

[Raedwald]

That criminals use the internet for 'identifty teheft' is not news Even the US government is on the case: [house.gov]

The proliferation of identity theft crimes has been fueled in some measure by the Internet, where Social Security numbers and other personal identifying information are widely available for a fee.

The original article seemed very alarmist. Is it really such a problem? My skimming of a US government report from some years ago [gpo.gov] revealled the following interesting information (emphasis added):

Officials at VISA U.S.A., Inc., and MasterCard International, Inc., indicated that overall fraud losses from their member banks are in the hundreds of millions of dollars annually,

but these losses constitute a small part (about 0.1 percent) of the banks' overall billing transactions processed. Nevertheless, an official from MasterCard told us that dollar losses relating to identity fraud represented about 96 percent of its member banks' overall fraud losses of $407 million in 1997.

Re:paper tiger

[Takeel]

Boy, oh, boy...you must be relatively new to the Internet.

Here's just one example of organized credit card fraud on the Internet. Some software piracy groups have *entire segments* dedicated to credit card fraud. They even have a name for these folks: "carders." They'll "card" a laptop, CD writer, etc. for you, and find a way to get it safely received. Many of these folks have huge lists of names, addresses, and credit card numbers that often come from compromised websites.

It's happened to me before. Luckily, I caught it, and I learned from my mistake. I've found a way to help defend against this kind of attack.

Everyone should think about using one-time-use credit card numbers when making purchases from anyone over the phone or Internet. Several credit card issuers offer this feature. Here's an example [mbnashopsafe.com] of one of them.

Re:In other words...

[jeffy124]

(note: i am a former AOLer. at the time, they were the only ISP with a dial number that was local)

AOL does indeed monitor chatroom conversations, but not all at once, and you know when they're being watched, as a screenname "Guide####" appears in the list of people there. In addition, if someone's causing a ruckus, a Guide can be "paged" or someone can submit a TOS violation report, and they'll investigate.

Likewise, for IM conversation (ie, one-to-one conversations), someone can send a TOSV report, and AOL will investigate. But that's only for their ISP users (people that pay for the service), not AIM users.

My guess is that either all conversations are logged and purged after like a day or so, or a snapshot of the conversation is made when a report is filed.

Re:Also used by 'hackers'

[Stskeeps]

I'd like to disagree to this, referring to RFC1459:

If there are multiple users on a server in the same
channel, the message text is sent only once to that server and then
sent to each client on the channel. This action is then repeated for
each client-server combination until the original message has fanned
out and reached each member of the channel.

Same with PRIVMSG's, they only travel through the servers on the route from the orgin to the destination. It would be truely bandwidth waste to send all messages to all servers.

Re:Also used by 'hackers'

[WowTIP]

And the channels they want to monitor are probably not that easy to join either, one might guess. Of course they could force some ircop or something like that to grant them access, but that would make the users of the channel very aware of their precense. And there are also ways to encrypt your irc chats, I don't really know how heavy the crypto is, but it would probably make their job a little bit tougher.

Re:CNN is quality media

[hex1848]

CNN == "Communist News Network"

Re:Bayes Theorem

[gorilla]

I agree Cannabis should be illegal

Funny, cause the UK doesn't. It was downgraded from Class B to Class C last year, with a pilot program in one London borough with the only thing the police can do is confiscate it - a program that is exepected to be extended to the whole country soon, and the committe charged with making recommendations on drug policy have reported that it should be decriminalized, which is expected to be accepted by the Home Secretary. In fact, in the UK, the whole "War on Drugs" approach is widely seen as a failure, with the minor opposition party having decriminalization of all drugs (As happened in Portugal last year) as a platform, and many members of both major party agreeing with that policy. BTW, the drug most likely to be associated with crime is ... alcohol. "between 72% and 82%, depending on the area, testing positive for alcohol. " (http://www.druglibrary.org/schaffer/Library/studi es/runciman/pf7.htm)

Re:Also used by 'hackers'

[SAFH]

Hrm... Burn Karma or post AC...

Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.

So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.

OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.

I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.

The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:

...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of). This reminds me of two famous (and nearly identical) quotes: They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773. Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

Re:Also used by 'hackers'

[SparafucileMan]

I doubt AOL has anything to do with it. If you remember, CNN regularly employs a small division (corporate, not military) of U.S. Army Psyops people, you know, the guys that are supposed to brainwash and mislead the BadGuys. They (CNN) regularly tows the U.S. Administration's line, all too happy to report or not report things as the military sees fit. The news in this country has been biased for quite a long time (say, 70 years at least), so this isn't anything new.

There are some reports here [greaterthings.com], here [current.org], and here [geocities.com]. A general thing from the military is here [army.mil]. I don't have time to find a more radical critique, as I'm in the middle of class.

My opinion though is that the executives are lying concering what they knew, it just isn't feasable that top corporate executives wouldn't at least gets a little wink wink from their secretaries or whoever. They may not have encouraged it, but they certainly acquised. The U.S. military has a long tradition, at least since the perpetual wars we've been fighting since Vietnam (read your history books, we've been in constant war since WWII), of actively manipulating the domestic press to suit its own purposes. In addition to active maniplation, they lie constantly in press briefings. Whether they have a good reason to do this, I have no idea, but they're certainly not acting like the Constitution decrees.

Re:Also used by 'hackers'

[Anonymous Coward]

I'm at work today, so I don't have access to my signon. You can verify this by asking me at lilo@openprojects.net via email.

OPN has never been approached to help some government agency monitor our content. I can't imagine a situation in which I would find that acceptable. Anyone who knows the ircd protocols knows we cannot prevent Carnivore boxes from sniffing them, but that's another issue.

We are currently running dancer-ircd-1.0.31+maint8, and you can find that source code at http://www.doc.ic.ac.uk/~aps100/dancer/dancer-ircd / .0/releases/ . What you see is what we run, and if we find out a sponsor has put in intrusive code, they'll be delinked. If we find that a sponsor is sniffing private traffic, they'll be delinked. We have and use the capability to tell what users are on our servers and what users are on our channels; we use the information to do our jobs and keep it as confidential as possible. And, if you're on a channel and we think the channel might be off-topic, you may see us there regardless of +i or channel key. You'll see us as a visible client presence, since our server code contains no provision for invisible presence on a channel.

We do not sniff private messages. Anything else you hear is a distortion of the facts, at the very least.

Thanks,

Rob Levin
Head of Operations, Open Projects Net
"Open Source, Open Technology, Open Information"

Re:Also used by 'hackers'

[Any_User]

FWIW I've talked to Rob and verified this as true.