CNN Says Chat Rooms Are a Haven for Hackers

MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd lock us all up for abusing Kurt the Pope.

blah

[Vodak]

The Wild west of IRC... BANG BANG! do what does that make IRCops?

Web chat is a solution

[famazza]

One of the solutions for this problem is webchats. Webchat can be done using http and a web browser, all the functionality becomes controled by web frames inside the browser. No information can be retrieved besides the ones avaiable.

Of course that there are plenty of disadvantages, the speed is one of them, but I think that is acceptable so we can increase security.

Other option is modify IRC protocol to avoid these security flaws, this would avoid speed problems, and maybe is the more intelligent thing to do. But, will new IRC clients/servers implement the new protocol.

IMHO the new protocol, whatever it would be, http or new irc, should not be compatible with the old one, so we enforce the change, and avoid further problems.

What are the other options?

Re:Web chat is a solution

[imipak]

What are the other options?

The other options include "don't try to fix something that isn't broken." This is pretty much the standard 'slow news day' Internet horror story which CNN|the BBC | Fox | Time |whoever comes out with once or twice a year. Identity thieves use IRC. Film at 11. The problem that needs to be fixed is the ease with which people's IDs can be stolen, thanks to lots of personal data being stored on various insecure systems. I mean, you know, there are people out there buying things over the web using Visa cards from IE, to webservers running IIS... sorry, folks, Billy was lying: Windows (well, Win 9x), and IE/Outlook/IIS are NOT safe at any speed.

Incidentally, did every get a good laugh from today's announcement of no less than EIGHT new IIS holes? Lo,they are mostly present in the current version; and lo!(too), they were mostly(all?) discovered by OUTSIDE researchers, not Microsoft programmers on their month of 'intensive security auditing' their existing codebase (*giggle*)

Re:In other words...

[Michael_Jarvis]

In other words, just trust the big companies and none of this would ever happen???

I don't think that was either the Schneier's point. I think Schneier was just pointing out the obvious.

If I am not mistaken, AOL has always monitored and censored their chatroom conversations. As a corporation, AOL has the ways and means to control the whole process. With IRC there is not any centralized control--someone can be running an IRC server in their dorm room, specifically FOR illegal activity, and there's nobody for the Fed's to subpoena, since they probably won't even know about it.

All Schneier was saying is that it's a no-brainer for the criminal types to use IRC instead of some sort of proprietary corporate communication method.

Hehe, that's funny ;)

[Sase]

That was a good laugh.. and my friends.. that's why it was posted to /. :)

I've been IRC'ing since 1992. That's 10 years, and I'm still not a veteran.

Some of the World's (Internet's) greatest heros and founders hang out on EFNet/IRC or some like service...

Remember BBS? :) Surprised they didn't talk about that.

It's so typical for people to lash out on things they do not understand. More or less, its all too typical that they never emphasize the best parts about it. I mean comon.. Let's think about it.

IRC is a place to share knowledge, not just CC #'s (who are they kidding.. I have never been asked to trade a CC # or anything of the like.) Many of the World's 'hackers' (or techies that work for YOUR company) can acredit their knowledge (or at least the start) to IRC. I know I can.

I knew nothing (well, not nothing, a tincy bitty bit) about the Internet, its structure, protocols, computers, other operating systems, etc. before I came to IRC.

It all started with the 'need' to have an eggdrop bot in my channel.. How the hell was I to do this?

*shrug* I didn't know what I was doing.. but I got my hands on a free WOPR.net shell, (if anyone knows who I'm talking about.. send a shout out.. I'm curious) and was forced to learn a bit of unix commands (heh) to opperate the bot...

By and by I had shell after shell.. learning more about *nix as the opportunity came along. I eventually had the oppertunity to have root on a friends system (from IRC) and learned more and more about the system and how it worked.

Fast forward a bunch of years :) I met both my partners of my company (Web Hosting/Web Development) on IRC, and they have been good friends ever since. It is quite the successful business, and I have learned much since then... all because of IRC (well, I guess not that much.. I'm still using /. ;)

The news concentrates on the bad things always.. I've become a better person because of IRC, completely. Not only have I learned a tone of IT stuff.. I've also learned how to be a ;better person.. to react in the right mannor (not just to get +o.. or plus +O for that matter ;0)

Much of the Internet success stories are because of IRC, and I feel this article fails to discuss this... That is a bad thing, and this is why us 'hackers' seem to get a bad rep.

Oh yeah.. IRC didn't teach me how to spell, really :) afaik :)

CNN *runs* an IRC server!

[LinuxHam]

I may have skimmed a little too lightly, but I didn't see anyone mention that CNN actually runs one of the best IRC servers used for interactive televsion! When Mir was returning to Earth, there were well over 800 people in the room.

Then, with Talkback Live, they make excellent use of AIM and IRC. Very forward thinking.

Re:CNN *runs* an IRC server!

[mdwebster]

From the CNN website:

CNN.com has closed its open chat room, but will continue to offer hosted chats with international newsmakers.

Re:Not really so alarming...

[uncadonna]

Not as alarming as the /. blurb made out, but still revealing of the corporate mindset. Apparently AOL/TW/CNN still finds something dubious or alarming about the concept that people would have something to say to each other and use their technology to do it. In the mass media world, everyone who wasn't a member of a tiny content-production elite was expected to be a consumer and only a consumer. To the extent that everyone is now a publisher, this is threatened.

AOL/TW/CNN obviously has risked much to become a major player in the content game. Their discomfort with a world in which anyone is a content producer leaks out here. You'd hope they would find ways to profit from this prospect of freedom, rather than trying to squelch it, but it's not surprising that some folks in that outfit don't get it.

As for me, I'm not anti-big-corporation where big corporations matter. I like airlines and bridge builders and silicon foundries, but I'm not about to set one up in my basement. I don't like Starbucks, because their main value-added is de-localizing what ought to be a lot of small businesses.

If information megacorps want to help me, they'll help me make the most of all the content out there, and they'll help me stay secure even though there's no sensible way to keep bad people out of chat rooms. I don't want to live in a world where people steal my credit card, but even more I don't want to live in a world where significant powers feel free to characterize online chat as subversive.

Uniformed Reporting

[Vodak]

Yes IRC is a great tool and sometimes it can be a lot like ebay. I've gotten some good hardware that I can't find anywhere else just by talking to people on IRC.

Of course these people will go to IRC chat rooms all the time, hell like every other type of computer geek on the internet they like to boost. It's natural for a geek to go somewhere and brag about their exploits.

The claim that identity theft is running wild and it's the fault of the hackers is an amazing assumption. While I do believe things like this happen to people around on many occasions. I do not believe it's as large scale as some people would have us believe. I have seen many more cases where identity theft is caused by people in the real world either losing their wallets. or other malicious deeds in which a criminal gets information from a victim.

You should automatically assume your credit card was stolen? Frankly if your not reviewing your credit card transactions you are a fool. But again. there are many more cases of this happening because of a store employee collecting the information some nameless computer hacker who is out to get you.

Why would things like pirated software, child pornography, and stolen information be available on IRC? It's a quicker communication medium. It's easier and faster for people to exchange the information then web pages or e-mail.

People use IRC networks like EFNET, DALNET, GAMESNET, etc. as opposed to AOL or Microsoft because the big business companies consider their users to be morons that don't need more advanced forms of software. When your network blocks out all types of profanity because it's "bad" many people are going to look to communicate where they can speak as they wish.

As for the law enforcement issue it is up to all the irc networks in question to regulate the going on in their own set of servers. I'll use Gamesnet as an example. They are constantly attempting to stop the "warez trade" from happening on their network and have assisted law enforcement when they find out their users are committing crimes.

The FBI gets lucky because like all criminals people who are involved in things like identify theft, child pornography sing like canaries. that's the only reason they get lucky. the boasting of hackers helps the FBI catch hackers

if they think IRC is hacker heaven...

[Skorpion]

They should check SILC - next generation distributed conferencing with strong cryptography used for authentication and privacy.

Re:Also used by 'hackers'

[Eccles]

Total freedom means survival of the strongest and least scrupulous and those valuable to them, i.e. mainly the freedom to be robbed, raped, murdered and suppressed.

Au contraire.

We live in a world of absolute freedom. We just choose to use that freedom to form governments to prevent the unscrupulous from abusing others.

Re:Also used by 'hackers'

[Kafka_Canada]

The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

The sadder thing is, this war is purportedly being fought for our freedoms, and the government seems to think the best way to secure our (hard-won) civil liberties is to start by taking them away.

Although they have been pretty clever about it: a war against an invisible, intangible, unmeasurable "enemy" (terrorism) is an invisible, intagible, unmeasurable war -- in other words, there is never a time when they have to/can declare victory and drop the pretext of fighting terrorism, and thus there is never a time when they have to give up the gradual rescinding of our liberties "in order to guarantee our security." How is this fighting for freedom?

Of course, while it's clever, it's hardly original. Pretty reminiscent of the never-ending wars fought in 1984; Big Brother's rhetoric's not even far off from Bush's, and the declared purposes of the wars are likewise pretty similar.

Oh well.

Congratulations for discovering PROPAGANDA

[aphor]

Welcome to the world of PROPAGANDA. Psychologists know that people will subconsciously accept brazen lies if they are sufficiently tired, confused, or distracted before taking in the false causal statement. This is called "suggestability". They will subconsciously seek a (false if necessary) internal logic or even a leap-of-faith to understand the author. If they are too tired to question this understanding, they will keep it and use it as if it were fact, gleefully making false judgements baed upon the supposed "fact."

AKA: sales pitch.