Slashdot Mirror
CNN Says Chat Rooms Are a Haven for Hackers
MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd
lock us all up for abusing Kurt the Pope.
the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat
Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.
Boy, oh, boy...you must be relatively new to the Internet.
Here's just one example of organized credit card fraud on the Internet. Some software piracy groups have *entire segments* dedicated to credit card fraud. They even have a name for these folks: "carders." They'll "card" a laptop, CD writer, etc. for you, and find a way to get it safely received. Many of these folks have huge lists of names, addresses, and credit card numbers that often come from compromised websites.
It's happened to me before. Luckily, I caught it, and I learned from my mistake. I've found a way to help defend against this kind of attack.
Everyone should think about using one-time-use credit card numbers when making purchases from anyone over the phone or Internet. Several credit card issuers offer this feature. Here's an example of one of them.
Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.
So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.
OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.
I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.
The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:
I cannot confirm nor deny the allegation or allegations you may or may not have just made