Slashdot Mirror
CNN Says Chat Rooms Are a Haven for Hackers
MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd
lock us all up for abusing Kurt the Pope.
And fresh reports say that 'hackers' also use e-mail, telephones and postal services. Shut them all down!
Ne mæg werig mod wyrde wiðstondan, ne se hreo hyge helpe gefremman.
Why is this news? Of course hackers hang out in IRC. You know what, so do crackers. And so do other people.
NEWSFLASH: The sky is blue.
In this age of watered-down single source media, this article is about par for the course. It's hard to believe that the bulk of American's accept CNN as a reliable media outlet.
ahem (dons flame proof suit)...
in other news...
water wet
microsoft bad
moox. for a new generation.
Criminals that want to organize any criminal actions are known to use the telephone system to communicate!
The Internet is a haven for hackers, Terrorists, and pedofiles... Tom Ridge, Chief of Home land security says we must destroy it NOW. In other news Alcolism is directly reatled to computer use.
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
It seems like the credit card thing is a paper tiger bandied about by corporate news sites to inspire fear in people about the internet. I don't know of anyone who has had credit card numbers stolen or traded on the internet. Usually card theft happens when people simply lose their cards(in meatspace).
love is just extroverted narcissism
Well, in the same sense, penises aid rapists, so let's make a law forcing everyone to get castrated!! That makes as much sense as dissing IRC!
Repeal the DMCA!
You know, sometimes, reporters just have to get a grip.
"Einstein argued that [...] God is not capricious or arbitrary. No such faith comforts the software engineer." ~ Brooks
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."
In other words, just trust the big companies and none of this would ever happen???
This guy has got to be joking!
Astonishing.
Ah, what fun we had with bots . . . We had a bot to talk to our phone list database, a bot to page people, etc . . . Grand fun.
Al Qaeda has ninjas!
IRC! And the telephone! And email! And public meeting places! And printers! And the postal system! They all help those nefarious "hackers" do their evil work!
Jesus Christ on a bicycle. Communication is communication. They talk about IRC being hard to track, but I'm sure that at a cursory glance, most other forms of communication can be, too.
Sensationalism at its best. Take a subject that the common person may not be very familiar with, like IRC, and you can spin it into any kind of world you want.
this just in -- dancefloors, bars, other public settings rumored to be HACKER FREE!
thelocust[dot]org
I guess if you consider Hackers 13+ teenage boys looking for Internet girlfriends hackers...
That comment does make sence. You don't have to pay for it. There are no advertisements like with AIM. You don't get random crap sent to you like with ICQ. But I wasn't aware that not liking unsolicited solicitations made me even more l3et0 than before.
i suspect the quotes from Schnier (sp?) were eitehr taken out of context or he didnt know what they were going toward.
i read the article yesterday (tried submiting it too, rejected) and the article was anti-IRC right from the start. Kinda like Phil Zimmerman's "guilt" over PGP dabacle with the Washington Post last September following the terror attacks.
basic thing to remember: the media is always biased, no matter how much they say they arent.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
...and remember, any time someone says anything, it's a haven for radical ideas. Perhaps we should just cut fingers and vocal cords at birth so nobody can do anything illegal.
Computer security expert Chad Harrington regularly surfs Internet Relay Chat (IRC),
So Mr. Harrington is a hacker himself since he regularly surfs IRC? And who "surfs" IRC anyway?
IRC is a good forum for any groups. Just as mailing lists and newsgroups.
These people that come up with these theories have too much time on their hands.
People who hang out in bars are more likely to be convicted of a DUI. Therefore we should close all bars.
People who own a gun are more likely to shoot someone. Therefore we should ban all stores that sell guns, such as K-Mart.
People who smoke are more likely to die of lung cancer. Therefore we should close down all 7-11s because that's where people sometimes buy cigarettes.
While it may be true that "Many people who are hax0rs use IRC", that in no way indicates that the converse is true. I realize I dont' have to tell you all that, but who else is there. I am sick of so-called "experts" spouting ridiculous notions.
Spend some time on irc.enterthegame.com. It's a server for people who play online games. Shocker, not too much hack talk going on here; just typical clan nonsense, all in good fun.
In my opinion this CNN article is merely FUD material--Fear, Uncertainty, and Doubt. It's just gloom and doom about those "wild hackers" on that "crazy unregulated Internet".
Even if IRC went away, the net-criminals would find some other way to trade information. Just because some people are trading unlicensed software and credit card information on IRC doesn't mean that EVERYONE on IRC is doing that.
Regardless, I wouldn't be surprised if the Feds were working on a bot that would look for suspicious activity in a particular channel. If I were given their task, that's what I would do.
The Wild west of IRC... BANG BANG! do what does that make IRCops?
erm, I think that's rather pathetic, IRC is just a convieniant communication medium. You don't get people complaining that mobile phones or pagers are aiding criminals?
It's looking like Taco's found a new way to harrass Kurt...
pants
That is what I need for IRC to be shut down! What's next Napster? OH CRAP!! Napster is already gone. What the heck? I have to get a life now or wait any ideas where else I can get a whole bunch of junk for free and be able to hang out, play trivia, and chat with fellas that are just like me?
If they try to shut down IRC, I am gonna have to write a letter to someone, cause I ain'y gonna be happy!
"Entertain the Brutes"
As platform for Spoofs, exploit, originating attacks.
Also, one "Exchange" software has been now and then used to commit major DoS and virii propagation.
As long as we are at this, lets observe the IIS case, for this "software" (sorry for the hacker term) disseminated worldwide by an obscure corporation, is indeed the major host platform for all hackers in the world.
Now we know the way to the first step in eradication Computers security problems !!!
LETS BAN IIS AND ECXHANGE !!!
Yours faithfully
Joe Knobblehead
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
AOL is for Idiots... I love Generalizations
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
Chatrooms, in the news over the past years, have also been a haven for:
People sharing interest in pretty much everything you can find in alt.* and rec.*
Pedophiles
People meeting each other legitimately and socially
Terrorist plots
The future of Slashdot
It's just another red herring for the media, the biggest news for the New Yahk media is a big drought in Delaware, so guess what they dig up to shock Mr. and Mrs. Average American. Big wh00p.
A feeling of having made the same mistake before: Deja Foobar
That "journalist" deserves a +5 "funny" or a -1 "watched too many h@x0r m0vi3s"
Do you even lift?
These aren't the 'roids you're looking for.
One of the solutions for this problem is webchats. Webchat can be done using http and a web browser, all the functionality becomes controled by web frames inside the browser. No information can be retrieved besides the ones avaiable.
Of course that there are plenty of disadvantages, the speed is one of them, but I think that is acceptable so we can increase security.
Other option is modify IRC protocol to avoid these security flaws, this would avoid speed problems, and maybe is the more intelligent thing to do. But, will new IRC clients/servers implement the new protocol.
IMHO the new protocol, whatever it would be, http or new irc, should not be compatible with the old one, so we enforce the change, and avoid further problems.
What are the other options?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
It has been determined that schools are a haven for anarchists. We believe this is due to the fact that an unusually large percentage of high school students are anarchists. If we want any safety from these anarchists we must somehow eliminate schools.
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
Anonymously stealing, trading personal information
Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.
hmmmm..... maybe I need to check out #amazon and #brilliant.
the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat
Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."
You should ALSO assume that your wife is cheating on you. And you're about to be fired. And someone is monitoring you. Constantly. We even know what brand of socks you're wearing.
Computer security expert Chad Harrington regularly surfs Internet Relay Chat (IRC), one of the oldest chat technologies on the Web. Now, anyone who thinks this is going to be a smartly written tech story after that sentence needs to be lined up against the wall.
"You're never ready, just less unprepared."
...this whole topic is going to be irrelivent once the entire internet is shut down because it's a haven for terrorists.
----- sXe
But it's just another Internet tool like email, USENET or WWW. It can be used for good or ill just like anthing else. I don't think it's any more secure from monitoring than any other protocol. Anon [mixmaster] email actually seems the least traceable.
I think this is just a slander-by-association: someone doesn't find IRC participants "nice" [=like them] so choses to consider all IRC participants gulity by association. Might as well consider all email users evil, same logical fallacy.
wow this guy is uniformed. anyone who doesn't know the difference between hacker and cracker shouldn't be writing an article about either in the first place.
I'm too lame for sigs
Hackers also live in houses, which they use to store computers that are used to run various hacking projects. Obviously, something needs to be done about this housing problem. People should have to obtain a license or pass some kind of inspection, or else have their house taken away from them.
You see? You see? Your stupid minds! Stupid! Stupid!
"I chat, therefore I am... a hacker"
Riiiiight.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
That was a good laugh.. and my friends.. that's why it was posted to /. :)
:) Surprised they didn't talk about that.
:) I met both my partners of my company (Web Hosting/Web Development) on IRC, and they have been good friends ever since. It is quite the successful business, and I have learned much since then... all because of IRC (well, I guess not that much.. I'm still using /. ;)
;better person.. to react in the right mannor (not just to get +o.. or plus +O for that matter ;0)
:) afaik :)
I've been IRC'ing since 1992. That's 10 years, and I'm still not a veteran.
Some of the World's (Internet's) greatest heros and founders hang out on EFNet/IRC or some like service...
Remember BBS?
It's so typical for people to lash out on things they do not understand. More or less, its all too typical that they never emphasize the best parts about it. I mean comon.. Let's think about it.
IRC is a place to share knowledge, not just CC #'s (who are they kidding.. I have never been asked to trade a CC # or anything of the like.) Many of the World's 'hackers' (or techies that work for YOUR company) can acredit their knowledge (or at least the start) to IRC. I know I can.
I knew nothing (well, not nothing, a tincy bitty bit) about the Internet, its structure, protocols, computers, other operating systems, etc. before I came to IRC.
It all started with the 'need' to have an eggdrop bot in my channel.. How the hell was I to do this?
*shrug* I didn't know what I was doing.. but I got my hands on a free WOPR.net shell, (if anyone knows who I'm talking about.. send a shout out.. I'm curious) and was forced to learn a bit of unix commands (heh) to opperate the bot...
By and by I had shell after shell.. learning more about *nix as the opportunity came along. I eventually had the oppertunity to have root on a friends system (from IRC) and learned more and more about the system and how it worked.
Fast forward a bunch of years
The news concentrates on the bad things always.. I've become a better person because of IRC, completely. Not only have I learned a tone of IT stuff.. I've also learned how to be a
Much of the Internet success stories are because of IRC, and I feel this article fails to discuss this... That is a bad thing, and this is why us 'hackers' seem to get a bad rep.
Oh yeah.. IRC didn't teach me how to spell, really
------------
Sase
"It's the opposite of that."
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."
To me this says, that I should assume, in my wallet is a stolen credit card. Well, there isn't, and I don't need to check. I have one credit card, and since I get a statement every month with my name on it, I obviously didn't steal it.
Now if he's just a confusing person and is actually saying that I should assume that one of my credit card numbers has been stolen. Well, as long as everyone out there practices some basic security, they shouldn't worry about that either. The first thing is to make sure you have fraud protection on your credit card (most have a $50 limit now). Second, look at your statement! If you just pay your bill without examining the charges, well, send me your credit card number!
Nothing stops people from having such an opinion or media (short of threatening their own ad revenue stream) from exploring such ideas. When we as private citizens speculate, or even assert, we're now hearing that corporate america and cretins with a lack of moral and/or ethical fibre (lowercase 'a' used intentionally) sue people to shut them up.
Imagine a beowulf cluster of subpoenas...
A feeling of having made the same mistake before: Deja Foobar
from http://www.tuxedo.org/~esr/jargon/html/entry/hacke r.html
hacker n.
[originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
Seems to me if "hackers" are using IRC could be to the advantage of all those who want advances in technology...
-- ribbit
"Hackers" getting personal information and selling it to other "hackers" is bad.
Corporations getting personal information and selling it to other corporations is good.
People with tightly held secrets are suspect.
Corporations with tightly held secrets are to be trusted.
A person trying to extort people is a thug and scam artist.
A corporation trying to extort people is just protecting the artists.
OK. I got it. Now can I incorporate myself? I think I'd be much better off as a corporation than as a citizen.
The masses are the crack whores of religion.
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."
There's the only useful statement in the whole fscking article. What a loaf of fertilizer. Must have been a boring newsday for the CNN "tech" crew...
Don't throw your computer out the window, throw the Windows out of your computer!
There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC".
It actually seems to me that Schneier did a pretty good job of preventing some editor from slapping an alarmist breaker along the lines of "IRC is a tool designed for smelly hackers" into the piece; take a look at the full quote:
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC." [Emphasis added.]
He goes out of his way to point out that there's nothing that makes IRC particularly "suited" to nefarious purposes, but rather that its non-corporate nature is likely to appeal to anti-corporate people. (That, of course, is an assertion that can be argued forever, but it doesn't strike me as too alarming.)
* * *
It is a dada story -- it has no moral.
I may have skimmed a little too lightly, but I didn't see anyone mention that CNN actually runs one of the best IRC servers used for interactive televsion! When Mir was returning to Earth, there were well over 800 people in the room.
Then, with Talkback Live, they make excellent use of AIM and IRC. Very forward thinking.
Intelligent Life on Earth
Running shoes allow thieves and armed robbers to flee the scene from their victims. We must take away everyone's shoes. Won't anyone please think of the victims?
Any guesses as to how many posts on this thread will...
::insert whatever:: using ridiculous slippery-slope logic.
- Call CNN a bunch of morons.
- Suggest that we should therefore ban
- Say "Duh".
...without showing ANY evidence of reading the article, or making any factual statements whatsoever?
Really, now.
Now, for those with actual central nervous systems and who actually care about facts rather than knee-jerk responses:
IRC is a multiperson always-on real-time worldwide system, and is therefore more conducive to exchanges and marketing than phones, pagers and their ilk. There's no comparison, really, except for morons, because while a phone system at most might be a small-scale party line, messages on IRC can reach nigh-arbitrary amounts of people whom you DON'T need to have previous knowledge of. Even if you do NOT have any intended buyers in mind, calling random people and offering credit card numbers is stupid. Sending a CC list offer to an appropriate IRC channel is less stupid, in that you can reach more people at once, and they're voluntarily reading so they're more likely to be interested. Plus, there's no Caller ID, and if you're bright you may be using a compromised machine so that your own IP isn't shown. If the distribution of logs crosses national borders, it may be quite a hassle for anybody to ever find your identity -- assuming that you can maintain anonymity during an exchange, of course, by not screwing up by, say, using one of your own personal bank accounts.
And, most people who read CNN have little experience with IRC. Therefore, it's fair to give them a "heads up", especially, say, if they've got a teen who's spending a lot of time online and ordering more stuff than you think he could afford, or similar situations... this merely provides a bit of awareness to the technologically naive.
Only the dead have seen the end of war.
The thing about things we don't know is we often don't know we don't know them.
God forbid that something on the internet should be unfettered.
FUD at it's finest. Too bad CNN can't bring themselves to report this eagerly on something, say, like corruption in politics.
I've noticed that a lot of the 2600 meetings take place in malls and bookstores. I'm sure people would be loathe to shut down a shopping mall, because that would be bad for the economy, and therefore un-American. But the bookstores? Burn 'em to the ground! That way, hackers won't come together, and you can prevent people from getting access to any sort of subversive materials. You might have to pin red "H"s on the hackers and post security at the doors of the mall.
blog |
I don't know if it's just me but when I read about some CEO saying something against something or someone else I see the words "vested interests" in the background, or has anyone forgotten MS' Mundie vs. Linux , MS vs. Unix, Brilliant's Chief thief vs. everyone's PC?
What worries me more in these times of security paranoia is this: The underlying motives of said CEO's comments are often not as transparent as those of MS's Bosses and what is worse is that there are enough other braindead people who do not think for themselves who will take said CEO's words as gospel.
since the dawning of time evil men have thwarted to abuse the societies they dwell in. ever since the original urge to evolve from single celled space snots into the form of the human being, this evil force has compelled a portion of our fair species to evolve one step beyond the main stream. as early as the 1800s humans have developed simplistic vocal patterns used to convery root directives between what we refer to as "nodes". these nodes, when in a collaberative setting, can communicate rapidly, and the use of technology has only spread this disturbing pattern. eventually is is conceivable that these evil nodes will dominate the world with their bloodthirsty lust for communication.. modern day usage of "internet" relay chats indicates what we shall call "Big Trouble Ahead". If given time to spread, we may find that evil nodes of human clusters will continue their ravaging in search of the ultimate form of communication. we as reasonable members of the species must do everything we can to thwart this insidious infestation. Indeed, our very futures depends on it.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Some other media that the CNN article forgot to mention:
In Soviet Russia, Jesus asks: "What Would You Do?"
Is it just me, or does this guy sound like the extend of his knowledge about "hackers" is limited to what he learned from the movie of the same title?
I dunno how many of you nerds know Bayes Theorem but it's one of the first rules and statisticians learn and, annoyingly, it is one of the more unintuitive arguments for the uninitiated
<Offtopic>I can't stand the current Cannibis debate in the UK where people state something like that 95% of heroin addicts used Cannibis first as a gateway drug. Therefore Cannabis should be illegal. While I agree Cannabis should be illegal, that argument is a statistically false one because you cannot say that 99% of cannabis users go on to take heroin. That would be significant</offtopic>
Here, just because I imagine 99% of script kiddies use IRC, does not mean we should be anti IRC. You cannot map it to the proper argument where I imagine only <1% of all IRC users have anything to do with hacking and scripting. If you, for example, kill IRC, you upset 99% of the populatoin and script kiddies go elsewhere
Exploitation of people's misunderstanding of Bayes makes the easiest and most effective weapon in the world of FUD
Just showing that to 'prove' he's an 'expert'
"Once the hacker or someone in the underworld has personal information, credit card numbers, social security numbers, address, whatever it may be," says Harrington, once the hacker "has that information and wants to sell it, often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat (emphasis mine) which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
Does this remind anyone of the warez article that was out a while ago? I'm embarassed that people like this are considered experts.
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."
This spokesperson is basically saying that chat outside the venue of a benevolent, all-watching big corporation is evidence of intent to cause harm to the capitalist system, by extension. (and don't forget all of the child molesters hanging out on ... er... AOL!!)
While many are mocking the origin of the story, don't laugh.
Civil liberties can easily be eroded by the F.U.D. and implied subversion that a large media company such as CNN can implant in the minds of readers over a perior of time. "Chat room" == "bad unsupervised people up to no good" can become implanted in reader's minds subtly by repetition... with the terrorism paranoia running rampant in our society, spin like this ain't positive.
"people who are anti-big-corporation are going to be more likely to use something like IRC"
should say
"We are very disturbed that people have an avenue to express their First amendment rights. We as a corporation want the right to swindle, steal and lie without other people expressing their concerns about it to others"
I've been on irc for 4 years now... It wasnt until recently that I discovered that I too had turned into a criminal... Its obvious that meerly joining a chatroom slowly turns you into a l33t h4>0rz" warning messages Oh how ashamed am I :/
Aids hackers? To do what? Talk! Jesus, do I have a fucking mouth and what does it do?
I don't see them printing: "MSN Messenger 'Group Chat' feature aids hackers!" Has greater implications. Also, noone 'owns' IRC. Distributed, free, run by volunteers. Excellent for millions.
This credit card theft, cracking, terrorism promoting menace of a protocol and its operational cells must be stamped out immediately! Somebody call John Ashcroft!
I'll take irony for 500, Alex.
The government ought to regulate and monitor this somehow!! *NOT!!!*
And most people (and journalists) do not understand IRC and when investigating 'chat rooms' they usually end up in Java chats somewhere. ( I will laugh if they try to ban Java because of this. It would be a double edged sword because IBM and Sun would oppose it with the force of $Billions and actual IRC would never be addressed.)
This article is an example of the blind leading the blind (i.e. journalists leading readers) and is a perfect example of how the 'war against terrorism' is becoming outrageously off-topic in how it is applied.
Article about IRC. Picture of Netscape on CNN.com
The masses are the crack whores of religion.
That criminals use the internet for 'identifty teheft' is not news Even the US government is on the case:
The original article seemed very alarmist. Is it really such a problem? My skimming of a US government report from some years ago revealled the following interesting information (emphasis added):
Ne mæg werig mod wyrde wiðstondan, ne se hreo hyge helpe gefremman.
But IRC is largely unregulated -- a Wild West of chat...
YEEEHA!! I'm gonna rustle me up some trout to slap!
Outdoor digital photography, mostly in New Engl
I wonder who's laughing the loudest at this: Us or the FBI.
I can already see it now...
In other words, just more FUD to get Joe Blow to bend over a little further. Plus, it wouldn't hurt AIM, now would it?
Any sufficiently advanced influence is indistinguishable from control.
I really wish they would at least mention that IRC for the most part is just ppl getting together online like they would in real life, doing completely legit things and yes even helping people out in some places. The slant on the article is way to anti-IRC, it's like saying "clubs aid pedophiles in trading kiddie pr0n." I can see how some techno-n00b parents could start restricting their childrens IRC access purely because of this article. :(
Reminds me of this article.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
...but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."
Opens up wallet.
OMG! He's right! Someone stole a CC number off the Internet and put it in my wallet! These hackers are good!
Outdoor digital photography, mostly in New Engl
is unworthy of repetiton. It is poor journalism of the most illiterate kind, engineered to whip up hysteria over something as old as the hills.
The author "With more than 23 years of journalism experience to draw from, Renay San Miguel is a technology anchor and correspondent for CNN Headline News based in CNN's world headquarters in Atlanta....From 1997-2000 he was with CNBC, where he served as a correspondent specializing in technology and the Internet. "
really needs to have 23 years of experience in how to research a story. And anyway, how on EARTH can someone from 1997, "..specializing in technology and the Internet.." not have ever used or seenIRC???
If he knows what IRC is, and STILL wrote that, then he really is just a sh1t stirrer, first class.
Nothing to see here: move along!
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
But with identity theft becoming a more popular form of fraud, according to the Federal Trade Commission (FTC), more attention is being paid to chat rooms that serve as flea markets for hackers.
This is the real thrust of the article, although it's brevity and excessive misuse of the word "hacker" makes it easy to miss. The article isn't slamming IRC as an evil haven of credit card thieves, it's pointing out that there's an entire chunk of the Internet called IRC that most people aren't aware of, and that it's possible, if not likely, that your credit cards and other personal information are being bought and sold on it right now.
Isn't it about time the media realized the difference ./hacking abilities.
between a hacker and a _cracker_? I've spent
enough time on IRC to know 99% of the people they
talk about in this article are just clueless
12 year olds who try to impress eachother
with their 'el33t'
A study yet to be done finds qualified programmers who are denied employment by all major corporations seem to be anti corporation.
God spoke to me
We are the informed few. 99.9% of people that frequent this site are very aware of IRC and the possible dangers therein. I use IRC daily. I have been for years and in this time, i have noticed the amount of 'newbs' that show up on a daily basis. These people are NOT informed of the openess of IRC and should be warned.
CNN, I applaud you.
Also, if they don't know what theyre doing, then they should go to AOL chat...
thelikesofwhich.com
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net." WHAT IS THIS FUD??! Can we get a statistic to back any of this up? Why doesn't CNN fact-check tech stories? ..
"I do not fear computers. I fear lack of them." -Isaac Asimov
In Other News:
Prepaid Calling Cards can be used for bad.
Disposable Cell Phones can be used for bad.
Pretty much anything can be used for bad.
Ok ... time to get back to surfing for pr0n ...
Karma? Karma? I don't need no stinkin' karma.
Yes IRC is a great tool and sometimes it can be a lot like ebay. I've gotten some good hardware that I can't find anywhere else just by talking to people on IRC.
Of course these people will go to IRC chat rooms all the time, hell like every other type of computer geek on the internet they like to boost. It's natural for a geek to go somewhere and brag about their exploits.
The claim that identity theft is running wild and it's the fault of the hackers is an amazing assumption. While I do believe things like this happen to people around on many occasions. I do not believe it's as large scale as some people would have us believe. I have seen many more cases where identity theft is caused by people in the real world either losing their wallets. or other malicious deeds in which a criminal gets information from a victim.
You should automatically assume your credit card was stolen? Frankly if your not reviewing your credit card transactions you are a fool. But again. there are many more cases of this happening because of a store employee collecting the information some nameless computer hacker who is out to get you.
Why would things like pirated software, child pornography, and stolen information be available on IRC? It's a quicker communication medium. It's easier and faster for people to exchange the information then web pages or e-mail.
People use IRC networks like EFNET, DALNET, GAMESNET, etc. as opposed to AOL or Microsoft because the big business companies consider their users to be morons that don't need more advanced forms of software. When your network blocks out all types of profanity because it's "bad" many people are going to look to communicate where they can speak as they wish.
As for the law enforcement issue it is up to all the irc networks in question to regulate the going on in their own set of servers. I'll use Gamesnet as an example. They are constantly attempting to stop the "warez trade" from happening on their network and have assisted law enforcement when they find out their users are committing crimes.
The FBI gets lucky because like all criminals people who are involved in things like identify theft, child pornography sing like canaries. that's the only reason they get lucky. the boasting of hackers helps the FBI catch hackers
Its also haven for kiddie pr0n, movie traders, child mollestors, terrorists, horny teenagers, and 15 year olds that think they are hackers. Oh yeah, and my mom sits in #40something =P She goes in the category of 'CNN forgot that part'.
Can all fish swim?
I'd really like to see some information to back this up. It seems kinda of like a manipulation of numbers to scare people. It seems very unlikely to me that EVERYONE has a number floating around the 'net....
Buses stop at a bus station
Trains stop at a train station
On my desk there's a workstation....
Why is it that AOL's proprietory terminology dominates the technology that predates it? It's not a "Chat Room". It's a channel. Read the god damn rfc!
Section 1.3:
A channel is a named group of one or more clients which will all
receive messages addressed to that channel. The channel is created
implicitly when the first client joins it, and the channel ceases to
exist when the last client leaves it. While channel exists, any
client can reference the channel using the name of the channel.
In fact, search the rfc for the word "room" and you wont find it! You're in the real world now people, drag yourself away from the smothering bossom of AOL and grow the hell up.
How we know is more important than what we know.
It's depressing that a big "news" company like CNN (OK, I know it's an entertainment business, but they still call themselves a news channel) can't even hire a decent geek to sit in a broom closet and proofread their drivel.
On the plus side, you do have to give them credit for not trying to make their point about the evils of IRC by saying that terrorists use it to coordinate activities. These days you use the T-word to push any cause (carnivore, &c.)
According to this guy, using AMD, Bonzai Buddy, Flash, and Quake makes you a hacker.
Depending on how you read it, it's either hilarious parody or a woefully misinformed parent. I was in the hilarious parody camp until I saw the rest of his articles.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
...or today two of more or less famous among computer-using population people for, both named Bruce, and with last names starting with "S" (Bruce Sterling, a writer, and Bruce Schneier, a cryptographist, of "Applied Cryptography" fame) made absolutely inane statements, performing the acts of nearly the worst ass-kissing that ever was mentioned on Slashdot?
Is someone going through the list (sorted first name first, like every ignorant person will do) and doing something to those people? Is there something in common? Or everyone and his dog suddenly became a patriot of the Corporate States of America, so those coincidences are merely a result of high density of this ?
To be honest, I would be equally disgusted in both cases, so I'll rather stick with the hypothesis of my insanity.
Contrary to the popular belief, there indeed is no God.
They should check SILC - next generation distributed conferencing with strong cryptography used for authentication and privacy.
In other news, bars and clubs are coming under fire for being havens for drunks, deviants and criminals. Churches are coming under fire because we need to protect our kids from secual deviants using the lord's work to help them out. Universities and libraries are known hide outs for communists, terrorists and dangerous foreign nationals called "graduate students." Shopping malls and "high schools" are breeding grounds for gangs of teenagers associated through shocking dress, style and manors of speech that are anathem to the status quo; these kids want to shake things up in deadly new ways. Department stores are selling guns, cigarettes, alcohol and dangerous narcotics such as aspirin and caffeine. Oh, and private homes -- which are difficult to monitor due to laws designed to protect criminals and prevent beneficial government employees from knowing what's really going on -- are the worst of all. People are torturing kids, raising deadly animals and polishing guns, ready to start a revolution against your great american goverment.
And I don't totally trust this "Applebees" restaurant chain, neither. John Birch says they're pinkos.
Hey freaks: now you're ju
Damn hackers, all they do is sit around and don't pay big corporations money!
This is all a big conspiracy (on purpose or not) to erode our individual freedoms of speech, privacy, and the right to not spend our hard earned money.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
From Harrington: ...often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat...
Sounds like my grandpa.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
It took CNN just over a decade to realize the protocol IRC uses for chatting, is habitated by hackers.
WWW.WHATTHEF#$K.COM! NO SH** people. It would seem reasonable to me that since hackers are basically accredited for having built up the protocol, that it's userbase would also, therefore, be hackers.
Talk about Investigative reporting. Thanks CNN, for wasting America's time.
Mindset here seems to be that everything happening in the universe has to be somebody's fault.
Not limited to online interaction, the implication seems to be that we (or this guy anyway) live in a society not so much competitive as predatory, where everything said and done is motivated by the need to chalk up another victim. Completely alien to this is the concept that an IRC conversation or any other exchange between two people is innocuous - with no winner or loser, and perhaps no significant meaning at all.
Maybe the dude is right in the context he's thinking of: If he had the (good?) fortune to have his credit card lifted somehow with a major and well funded corporation to blame, and took care to select a jury of credulous nitwits, which is how that game is usually played, he could end up with a large enough $$$$$$ettlement that he could piddle off from journalism and never have to work another day in his life.
With an attitude like that though, wow. No wonder the sonofabitch doesn't like IRC.
give me a
Looks like somebody just discovered "NEW HAVEN OF HACKERS" over at CNN. Yeah, yeah I know we are all making fun of CNN here for being such doofuses but hold on a sec.
,and unless you are a total geek and all of your friends happen to be geeks as well, they will have no clue what the IRC is. None at all. Yes the IRC is one of the last "Wild West" parts of the web. Its one of the last few places you can actually go to and not be censored because you said the f-word off-hand.
Ask 99% of the people you know (parents/relatives/friends)
Well at least, tho the article is slanted, I won't have to explain what the IRC is to my friends quite as much, I'll just have to explain to them that I'm not a criminal, thanks for that CNN.
This article sadly is true. I remember an online friend said his ident kept changing, so I had him do a netstat and send me the results. It turned out his computer was connected to a server on port 6667. I connected and found he was one of about 30 computers on this homemade IRC server. Every 10 minutes or so the computers would report their status, and the owner of this IRC network was sending them commands. It was really interesting, but consequently they kick-banned me off the server and tried to ping flood me :)
There is no way to shut "IRC" down. IRC is not a single entity.
Anyone can download an ircd and start their own {server,network}. It's much like gnutella or other P2P variants.
RFC 1459 defines an open standard for the IRC protocol. Anyone can implement this, much like anyone can implement their own DHCP or S/KEY implementation.
There is no central IRC authority. Operators have the scope of the network on which they reside (if even that).
*sighs*
This was so last week...
-Mark
Dovie'andi se tovya sagain.
"CNN's startling revelation came as a shock to world community as it was revealed for the first time that cars are used by Hackers world wide. Also revealed was their use of spoons, sidewalks and paper."
"This has gone on long enough!" one senator was reported as saying. "These Hacker-related items must be federally controlled or they will be abused!" When it was pointed out that cars were used by normal, law-biding citizens as well, the senator launched into an Anti-Hacker tirade before driving off to his next appointment."
You need a FREE iPod Nano
Cause she knows i am on IRC a lot, so now she will think i am a hacker!
which i am ofcourse i hack some c every day, but never the less this could set my reputation in a wrong perspective, lets DDoS CNN again =D
Quazion.
Yah.. Too bad you can't create channels, or talk in any channels. It only has 4 channels, and only bots reside on the server.
:)
Nice eh?
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."
How is a statement like this helpful in any way? Are people supposed to stop using credit cards period? These paranoid 'experts' need to realize that while this sort of thing may happen, it doesn't mean that it has already happened to you. Scaring people does nothing to help them.
Perhaps a little off topic.. but this got me thinking, is there any kind of 'secure IRC' client/server, or does the IRC protocol have encyption options in-built?
I'm not talking about anything major, but just an SSH/SSL type thing to stop your boss sniffing packets for text etc. I'v seen people use SSL for connection to talkers/MUDs/MUSHes in the past, but IRC has always seemed rather open.
I saw the light at the end of the tunnel... But it was just someone with a flashlight bringing more work.
From the CNN article (reprinted without permission):
"Once the hacker or someone in the underworld has personal information, credit card numbers, social security numbers, address, whatever it may be...has that information and wants to sell it, often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
Right -- IRC is a special place on the Web. I can think of a special place where this guy belongs.
What does it take for CNN to call someone an expert? Usually an expert in medicine has to be an MD. An expert in computers (or in this case, computer security, has to be self-described as such).
Lastly, is IRC really the "wild-west" of the internet? Its certianly monitored by federal law enforcement. See this article (actually, the link to the real article is here) about the FBI monitoring IRC as a tool to bust suspected crackers.
-Turkey
-Turkey
I know that CNN is supposed to be "for the masses" as some have said here when applauding the story. I don't see that gives them a right to mis-inform. There are a number of not just technically inaccurate (which almost any CNN story would be to this crowd), but odd illogical statements. To wit:
... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols
So, let's see:
* Anti-big-corporation (ABC) people are more likely to be hackers and thieves (see: 'Enron').
* Software that is multi-platform is ABC (as is multi-platform in general I imagine).
* Software that is simple (basic) is ABC.
* ABC people are more likely to use Unix and Mac. I guess they meant "for their personal use", rather than as the target of their "hacking" (cracking).
Sheesh, quite a lot of rubbish packed into one small paragraph.
So, let's see. To avoid "hackers" and be a "good guy", I should use a complex, single-platform software suite backed by a major corporation. Then I'd be safe, and wouldn't be a "bad guy". I guess I can see where this is heading.
I got IRC because I needed a straight-forward chat arrangement for a specific (intranet) reason. It was cheap (or free) and I had control within my network. I use it on the internet (I chat very little, but when I do) for many of the same reasons. That, and no bloody adverts.
I have worked for big corporations. They use many platforms (including Unix and Macs and MS), like multi-platform software, and prefer something straight-forward and simple (although they don't achieve it as much as they'd like). They even used IRC when they needed to. They are definitely NOT anti-big-corporation.
So, worse rubbish than usual for CNN. Considering their association with AOL, and their competing chat technology, I DON'T consider this informing the great un-techie unwashed masses. It's just bad, and to the point of questionable news-ethics-wise.
Smilodon
V V
jt.
I'm spent.
CNN CLOSED thier chat server.
CNN CLOSED thier message boards.
CNN CHARGES for video now.
http://www.cnn.com/COMMUNITY/
CNN IS ENTERTAINMENT WITH ZERO RESPONSIBILITY.
http://en.wikipedia.org/wiki/2004_U.S._Election_c
No
IRC is a centralized system
There can be many servers - just like there can be many ICQ servers (and indeed there are)
these servers can be linked (indeed, they are)
you can have stand alone servers (I believe there was an ICQ server downloadable?)
anyone can download and start up their own ICQ network
gnutella is based on the principle that the client is the server for other clients
IRC is based on the principle that clients connect to a server which relays information
the IRC servers network can be considered to be a peer to peer operation, but irc chat by normal clients cant...
By a centralized system, its not exclusive to situations where there is one and only one server that EVERYONE has to use, but centralized systems are ones that can be shut off thus preventing clients from connecting
if the clients are the servers (as in gnutella) then its decentralized
otherwise its still centralized
Just because its centralized, doesnt mean there is a realistic way of shutting it down
DNS is centralized but its been designed to be difficult to shut down (by unauthorised parties that is)
Hot Damn, they do...it's pretty empty tho...
Everyone is idle! :)
idle : 116 hours 35 mins 1 secs (signon: Tue Apr 2 19:47:05 2002)
"C'mon, I thought hackers talked here!"
"Turns out it's just a vanity thing!"
proton != antielectron
"In the electronic world of the Internet, it's such a vast landscape and there's no way that the FBI and CIA or any law enforcement agency can be involved in watching over the shoulder of every Internet user," says Harrington. "Unfortunately, that's probably what it would have to take to prevent this sort of fraud."
I wonder if Chad Harrington has ever heard of Carnivore.
www.timcoleman.com is a total waste of your time. Never go there.
I didn't know that you "surf IRC" or that it is "one of the oldest chat technologies on the Web".
You have to give credit to good old news centrals that spread enlightment among the people. Now I know better than before.
--
"I'm surfin the dead zone
In the twilight, unknown"
Friend of a friend is a cop on cyber-patrol (no, really) in MI. He spends a lot of his time on IRC setting up stings. Mainly they persue child porn offenders, but just FYI, the cops ARE active in IRC and other IM clients, and could persue this if they wanted to.
Imagine if Cannabis did not exist. (well hard to imagine since it is responsible for the very thing we call civilization - via cultivation).
Imagine how many heroin uses there would be if cannabis did not exist.
I think there would be a lot more heroin users.....
I think the real gateway drug are flintstones vitamins. Or those 'Bubble Blow' toys shaped like pipes.
http://en.wikipedia.org/wiki/2004_U.S._Election_c
Any news source or any so-called "expert" that labels any and every very different subset of internet-bound network protocols as "The Web" oughta be shot before having their balls severed.
"The Web" refers to HTTP.
IRC is not the web.
The internet is not the web.
CNN already never bore much credibility in my book. Such shallow and poorly-researched article, clearly begging for "public's attention", filled with buzz-words, and offering such a one-sided vision of issues at hand, clearly proves what I have believed all along.
Here's a free clue to CNN editors: when hackers *need* a way, they find it. If it's not IRC, then they'll gather on bulletin board systems. That'll be their big come-back. Because that's where they used to gather before that. And if that still doesn't do it, they'll gather on public web forums. And if that doesn't work, they'll come up with a peer-to-peer chat protocols with emphasis on communities. Most Instant Messaging systems already offer you that. It'll just get expanded. And if that still doesn't work, trust me, the demand *will* be there, and new network protocols will be created. To accomodate grass-roots communities. It is amazing the things you can do with TCP/IP. If the more popular IRC networks get snooped or shut-down, then many more little irc servers will rise. Anyone with a DSL connection a shitty old PC can download many free, open-source flavors of the popular "IRC Daemon" software, "ircd", and set-up a very reliable and fairly scalable IRC server. Get two people together on different connections and you have a network. Each server can have thousands of simultaneously connected users.
The point i'm trying to bring home here, is that there will *never* be a shortage of venues for hackers to go about their illicit business. It clearly is sad, as such practices and articles like this one tend to focus the public's opinion on restricting our own liberties to *absolutely NO CONCLUSIVE END*.
That article clearly mingles without any distinction the "underground" aspect of IRC with "anti-corporation" stance and "identity-theft hackers".
Lemme make this clear:
it is NOT OKAY to steal identity and be a hacker. it's lame too.
it IS OKAY to be against corporation-hosted chat networks and for grass-roots communities such as IRC.
it IS OKAY to prefer "less-popular" communities to find like-minded geeks, such as ones we'll find on IRC.
If CNN had any clue, any journalistic integrity, they would at least try to bring some of those points home in their article. But they keep quoting that same guy, over and over, with scary buzz-phrases and words your average american will just eat-up.
Next thing you know, parents will only allow their children to "hang out" on AOL chat-rooms. "No more IRC for you son, it's evil, CNN sez so, mm-MMM".
Can we see a corporate agenda here?
fuckingshit.
Extraordinary Vacations. Exceptional Prices
I'm pretty sure it's an IRC *channel*, AOL has "rooms" to chat in. ;)
Moderation: Put your hand inside the puppet head!
CNN are owned by AOL/Time Warner. AOL/Time Warner control two of the four major instant messaging systems (AOL, ICQ, the other two being MSN and IRC). CNN and other AOL/Time Warner owned news corps start bad-mouthing IRC, making it less socially acceptable. Many IRC servers are run from Universities, and with IRC becoming less socially acceptable justifying the related costs becomes more and more difficult. IRC dwindles in market share, with AOL taking up the slack. AOL's network now has a massive number of subscribers, and can even compete with Microsoft, who bundle their chat client with their operating systems.
Does this really sound so far-fetched?
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
At any rate, anyone that has a clue knows that any communication passing through an IRC server (whether its a public message, and /msg, with the exception of a DCC p2p connection) can be monitored.
What makes you think the FBI/CIA/NSA/{insert your favourite intelligence agency here} isn't already peered to all the IRC networks and patiently sifting through all the conversation logs? This is not rocket science.
why are people surprised? this is what I don't get
ceci n'est pas une signature
Pope-abuse is a serious issue these days. As is nun-beating. And don't even get me started on the topic of penguin lust.
pooptruck
... sorry, it's a Philly joke and i could not resist.
anyway, back to topic... i think the term hacker is way too loaded right now in the mainstream media. just wait till someone "proves" that there are terrorists hacking away at the very foundations of e-business in america (MS hacking? ha!). then all hackers will be blasted with some charge of treason. it wouldn't be the first time a hacker was declared "a risk to national security", but in these paranoid times it could get dangerous.
I used to monitor president debates via their webcast, and that webcast also had a chatroom, that used Java IRC client.
:)
I looked in source of page and was able to connect to their chat server and rooms using mIRC.
Oh the irony
Haven't you seen Goodfellas recently?
If you, for example, kill IRC, you upset 99% of the populatoin and script kiddies go elsewhere
Reminds me of the copy protection stuff... "If you kill 'Fair Use', you upset 99% of the population and pirates get their music elsewhere"
Two Worlds - One Sun [Spirit]
- Read more about chat-room hackers and identity theft in a chat with Entercept's Chad Harrington
Stone him! Grab your beards lads, erm, ladies!Someone might utilize a USEFUL tool in such a way that might entail malace. Among other things, IRC is useful for the following things:
Trading porn including child pornography (tm).
Trading illegal mp3's.
Trading illegal movies.
Trading illegal books.
Trading illegal software.
Trading illegal TV shows.
Stalking.
Preying grounds for Child Molesters (tm).
Learning BAD english "31337 anyone???"
Discussing illegal activity.
DOS zombie gathering points.
Trojan access gathering points.
Oh, and of course, its primary purpose, so that large groups of people can easily gather online in a user friendly way to discuss various topics of interest to them.
People, its a tool, nothing more. You can use it legally or illegally. I can cut butter or stab someone with a knife. I can buy food or drugs with money. I can use a telephone to call my friends to say hi, or I can prank call someone and threaten to have them killed. And yes, if I really wanted to, I could use IRC illegally. As could I with AIM, or yahoo's chat/forums, or anywhere else that I wanted to.
Yes CNN, Chat rooms are most likely havens for hackers (tm). Its not so much an issue of debate, but an issue of declaring the obvoius. I'll bet they use phones too. And Email. And websites. I mean, if there wasn't an internet, there would still be hackers even though all the reasons you think they're bad would be null and void. Hackers pre-date the internet, even those inflicted with malice. Although, script kiddies are a rather recent breed.
-Restil
Play with my webcams and lights here
/me slaps the FBI bot with a limp trout
Awhile back an entire database of card numbers was taken and STREAMED in an IRC channel. I believe it was EggHead's card database. Golly, this was reported all over and you didn't hear about it? The Reg carried it I'm sure as did others.
It was real, my card number was one of them and my card was cancelled\reissued by my bank. My big question though was WHY EggHead still had my card # on file. I went through my records and found that I'd not bought anything from them in over a year and yet my account was still being held by them - as was my E-mail judging from the SPAM barrage that followed this incident. Needless to say I've not bought ANYTHING from them since nor will I ever again. They lost my trust big time.
Rest assured credit card theft and identity theft happen all the time. I've now met two people who have had their identities stolen and it sux! Depending upon the circumstances getting a new SN can be a real PITA too. One of them hasn't been able to sufficiently "justify" a new SSN and has to explain the whole thing every time they need credit.
Build it, Drive it, Improve it! Hybridz.org
well, anyone who knows anything about how IRC works (ie, a "hacker") knows that it has to be the most insecure method of communicating out there. Your message to #whatever is going down the line to everyone else in the channel, in plain text.
,and not everyone on a server cares about "secure IRC", so some irc daemons are implementing secure channel modes, etc.
There is little doubt in my mind that the government already has something in place for monitoring IRC, what after all those "irc.psychic.com" web defacements a year or two ago.
Hacker crap asisde though, it's about time there was a secure method of chat to protect your messages from prying eyes (hackers, the government, or other). over at irc.leechbox.net, we're messing around with using SSL connections and providing backwards compatibility for all irc clients.
SSL only works if all parties involved are using it,
Authentication is another battle, "nickserv" just isn't secure enough. So i hope to see some proper use of SSL client and server certivicates in place sometime soon, but for now i'll settle with all text being encrypted.
Dosn't CNN run their own, pretty popular IRC setup?
autopr0n is like, down and stuff.
We live in a world of absolute freedom. We just choose to use that freedom to form governments to prevent the unscrupulous from abusing others.
Au contraire.
Those in power, that is, the power to limit your freedom and mine, inherited that power in a fairly unbroken succession going back, at minimum, centuries. Everyone else is subject to their will.
Don't you recall the ever-bandied figures of 2% of the world's population owning >90% of the world's wealth? Class distinctions are ubiquitous. "For the people, by the people" is a joke.
Encrypted, Anonymous, Opensource IRC.
IIP
Welcome to the world of PROPAGANDA. Psychologists know that people will subconsciously accept brazen lies if they are sufficiently tired, confused, or distracted before taking in the false causal statement. This is called "suggestability". They will subconsciously seek a (false if necessary) internal logic or even a leap-of-faith to understand the author. If they are too tired to question this understanding, they will keep it and use it as if it were fact, gleefully making false judgements baed upon the supposed "fact."
AKA: sales pitch.
--- Nothing clever here: move along now...
So what? How is meeting on IRC different from (physically) meeting in public places? (all kinds of) Hackers always had their virtual hangouts all over the net, and if one (kind) is shut down they'll find other places. The same places are used by other folks too, and while it may be interesting to observe that hackers dislike proprietary services like AOL (for reasons not only applying to hackers) that just means, that different places attract a different audience. Compare the demographics of a McDonalds with that of a tea-house for reference.
Now if the apparent fact, that some illegal activity is conducted via IRC should imply something about IRC (that it should be banned/forbidden, identify it's users, copy each message to the CIA) then the same is true for any public place, so let's start bugging pubs and demand a personal ID from everyone who goes there.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Ok people, there is a grain of truth to what CNN reports. Just spend a little time in the password chatrooms on DALnet; credit card numbers are streamed in there quite regularly.
From the CNN article: "We know that credit card numbers are bought and sold over the Internet because they have real cash value"
I'm wondering how one pays for these numbers or other information. By credit card? Ha.
I think having to exchange monies for whatever information defeats the idea of this anonymity that IRC chatrooms provide. Maybe one can send cash to a P.O. box somewhere. Still not 100% foolproof since someone can wait to see who shows up to collect the money.
And, haven't you heard not to send cash by the mail?
If you don't believe me, ask that guy over there.
As an American who has watched the Cable News Network (hereinafter "CNN") extensively, I feel compelled to offer the following information to the global information community of the Inter-net. The following piece of information will be useful for Americans.
I would like you to open your Internet Relay Chat (hereinafter "IRC") client, and instead of connecting to "leet-warez.ru", connect to "chat.cnn.com". Now you will have access to over ten illegals.
For more information, click here.
Boy, if these guys fear anti-corpororate users with hacker tendencies, then OpenProjects has to be public enemy #1!
8==8 Bones 8==8
From the article: "Computer security expert Chad Harrington regularly surfs Internet Relay Chat (IRC), one of the oldest chat technologies on the Web."
So now Internet is the same thing as the Web? Is mail then the oldest form of messaging over the Web?
--
\ Christian A Strømmen
If they do start silently monitoring EFNET etc then people will just stop using it and change to another network, in a similar way people switched to kazaa after napster died.
Let alone the fact that you have a better chance of your card# being taken from a resteraunt than a secure net connection... Heh.. No news in that, though.
You need a FREE iPod Nano
"In a surprising move, the FTC has filed a motion to shutdown CNN for distributing news information to hackers who watch TV, citing that CNN "adds to the hacker's base of knowledge". CNN has rebuked this charge, saying that it's news has no informational value whatsoever and would there for be worthless to a hacker. Testimonies in the case begin next Tuesday."
You need a FREE iPod Nano
Personally, I don't see what the big deal is with credit card numbers. The reason I say this is because it seems that most people don't think a whole lot about their credit cards.
Yes its a generalization, but I know this from experience--at least from where I live.
I work at Subway. We take credit card orders all the time. It would be trivial for me to copy down the credit card numbers we have in a little paper sack we keep the reciepts in. Am I legally responsible if I distribute these reciepts? Not that I know of.
Of course, I wouldn't do anything like that for the ethics of that. But there are a lot of people who perhaps wouldn't think that way.
Customers, I've found, don't give a rats ass about the security of their credit card. Think about it. Do you sign it? Where I work, we don't check the signatures anyway. I've began checking though but too often the signatures are too faded or unreadable anyway. Many of the more security conscious customers write "See I.D." in place of the signature. I asked someone for their ID the other day and they were surprised. It seems that our store isn't alone.
The big problem is that no one is trained properly for swiping cred cards. Basically employees train employees and so people only know what they need to know to get the job done.
It isn't all our fault either. Too many customers hand me their credit card before I've even rung up their meal. If they don't check the price on their reciept before they sign it, which I am sure most don't, I could easily run the credit card for an extra fifteen bucks, and then take fifteen bucks out of the register. Chances are, no one would know any better.
Credit card numbers are not secure and any fear on getting them over IRC is just empty hype. Of course we all know that. Credit cards could be relatively secure, but there are too many weak links in the chain. In the end, its up to you to protect yourself. Personally I would avoid using a credit card for small purchases. Only purchase at places where they *always* check your ID and always get a reciept.. The government isn't going to protect you and certainly these online tabloids aren't. Its up to you.
Incidently, AOL actually runs a few irc servers. 2 of them are on Undernet. Maybe AOL shouldn't be the example. They used to have servers linked to all of the larger networks (except IRCnet afaik), but the old admin neglected them and only the Undernet servers remain.
Funny, up until the recent AOLization of CNN, CNN ran an IRC server for discussing their news stories. They even provided a newsticker through the IRC channel. They just shutdown the server in the last month or two.
Now that they are out of the IRC business, they are claiming it is used by hackers? Seems more like AOL has decided all those bad people on IRC should be chatting through AIM instead like good little sheep.
Basically all you need to do is monitor one or perhaps two hub servers. Of course if you have no users who are in a particular channel to make it route via your hub, get yourself an AOL account and join a client to the channel.
Often times I'm sure if the server admin had a warrant to allow monitoring of the server, do you think he is going to refuse? To protect script kiddies...I don't think so.
IRC by its nature is not a secure medimum of communication, nor is that the intention of IRC. If you *want* it to be a bit more secure, you'll need to do end-to-end encryption of all traffic between you and you and the person you are talking to. Of course this is the job of the client and not the server.
Of course people have a lot of misconceptions as to what IRC is supposed to be, the capabilities of the administrators. If you need to monitor some channel, if you have warrants handed too two or three of the admins on the major hub servers on the network, you have vibility to probably 90% of the traffic on the network.
Of course if all the users are on one server, this won't work. If somebody wants to see what you are saying bad enough on IRC, they'll be able to see it.
-Aaron (Hybrid IRCd coder)
During 9/11 chat.cnn.com irc server was the best place to get real time news.
In that order.
The next comment I write will be ready soon, but subscribers can beat the rush and see it early!
that if it is not 100% a micrpsoft product, hackers are prone to using it...
hmm, mr. goats must have really paid them off.
QED
BSD is for people who love UNIX. Linux is for those who hate Microsoft.
I repeat classes.
scott
Of course they are hacker free, at least in the U.S., you have to be 21!
They don't call 'em Script Kiddies for nothing.
often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat which provides them some anonymity [my emphasis]
Real "hackers" use IIP (Invisible IRC Project), which provides strong anonymity on IRC. Another, somewhat related, sweet project is SILC, which, though it doesn't provide anonymity, adds strong crypto to IRC.
Anonymity? Let's see what happens when I /whois myself on my favorite IRC server:
Hey, that's my host name! That translates into a Real World IP address, 207.225.41.92. The website was specified in the "real name" value provided by one's IRC client, which is readily changable. Often, the user name ('piranha' in '~piranha@dialup...') is changable as well, without ident on the client's site. But the host name is not.
I don't see how IRC is any more anonymous than AOL Instant Messenger chat rooms or ezboard.com or other "mainstream" communications fora. (0-day credit card numbers on Slashdot?)
For those that don't know, any user can /whois any other user on IRC and get their IP address. Very, very few servers intentionally obfuscate the host name to prevent tracing it down to a real person. As far as I know, the major networks (EFnet, Dalnet, Undernet, etc) do not whatsoever. Some silly IRC servers don't check reverse lookups to see if they match IP addresses (for example, if I come from 11.22.33.44, and 44.33.22.11.in-addr.arpa resolves to www.whitehouse.gov, www.whitehouse.gov won't resolve to 11.22.33.44), but exploiting that requires that you have control of your own reverse DNS zone. (Did I get my terminology right?) And even if people do pull that off, an administrator at the IRC server's site can pull off one of probably several tricks to see what the real IP address is. (Like, start a tcpdump session, saving to a log file, and CTCP or /msg the person, and see where the packet goes to.)
By the way, it's sort of ironic I chose irc.2600.net for this example in a retort to this article; this server really isn't full of 3r33t h4x0rz, and I have observed no identity theft or other fraud on #2600. If you don't believe me, stop by and see for yourself, which is apparently a bit too much to ask for from the people at CNN.
You can't deny that the open, underground nature of IRC makes it ideal for both hacking and illegal activity. (Notice how I specifically did not equate those activities :-)
"Anything is better than IE, and you can quote me on that." -- Wil Wheaton.
I'm shocked, shocked to find that gambling - er - hacking - is going on in here!
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Did they think hackers would be running MSN messager under wine, or what?
----
All of whose base are belong to the what-now?
Thats like saying the internet is a haven for hackers. :-P
"Once the hacker or someone in the underworld has personal information, credit card numbers, social security numbers, address, whatever it may be," says Harrington, once the hacker "has that information and wants to sell it, often they'll go to a hacker back alley, a place in the city using an a mask which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
The ability for hackers to go onto the streets and chat up fellow hackers is as old as the city itself. But with identity theft becoming a more popular form of fraud, according to the Federal Trade Commission (FTC), more attention is being paid to back alleys that serve as flea markets for hackers.
"We know that credit card numbers are bought and sold in back alleys because they have real cash value," says Bruce Schneier, founder and CTO of Counterpane Technologies and a pioneer in city security.
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the street."
Both Schneier and Entercept Security Technology's Harrington say that your stolen personal information can be swapped or sold in other avenues. But back alleys are largely unregulated -- a Wild West of chat that has a special appeal for hackers.
"Hackers obviously want anonymity when they're looking to trade personal information that they've obtained via identity theft, so masks are a commonly used mechanism," says Harrington.
Difficult to monitor
The unfettered nature of back alleys is also appealing to hackers, says Schneier.
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the street protocols ... so if you're
running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that
it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going
to be more likely to use something like back alleys."
(AOL Time Warner is the parent company of CNN.)
That same aspect of back alleys also makes them a tough digital obstacle for law enforcement.
"In the molecular world of the city, it's such a vast landscape and there's no way that the FBI and CIA or any law enforcement agency can be involved in watching over the shoulder of every citizen," says Harrington. "Unfortunately, that's probably what it would have to take to prevent this sort of fraud."
Occasionally the FBI gets lucky. The feds were able to track down the hacker known as "Mafiaboy" when he bragged about his exploits in back alleys.
And while the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in back alleys, security experts say it's a matter of law enforcement manpower and trying to track down hackers in a very crowded -- and loud -- back alley.
--
Seeing is believing; You wouldn't have seen it if you didn't believe it.
..I still love to read articles like this for one reason.. it makes me feel waaay more el1te than I really am.
:
:-|
If we were to go by everything the media tries to put down the technologically 'uninitiated's throats, I could consider myself to be an Uber
a) Hacker (Hey, I use IRC.. so I MUST hate the corporate world, and hack for fun!)
b) Pirate (GASP.. he has MP3 copies of his own CD's.. oh, and he uses a broadband connection.. oh, and throw the IRC thing in there again.. he must be using his connection to download illegal copies of movies!!)
I wont bother going on, but I think you know what I am getting at. Misinformed respresentatives of the media go and spread stories like that, which ultimately only rallies support for zealots like Senator Hollings, and his Disney cronies. They just piggyback off the public uncertainty to make geeks like, like most of us here, look bad...
*grrrrrrrrr*
"Hey! Unless this is a nude love-in, get the hell off my property!!"
They report real news? Coulda fooled me:
a r. wars.line.ap/
http://www.cnn.com/2002/SHOWBIZ/Movies/04/11/st
/ \
\ / ASCII ribbon campaign for peace
x
/ \
Stamped by inmates at the state penetentiaroy of course...
"I may disagree with what you have to say, but I shall defend, to the death, your right to say it" - Voltaire
America unleashes war on IRC. Bombing expected to be started by early next week somewhere, anywhere. Probably Iraq. It has the same first two letters. Yes. That will be perfect.
love, greg
sig - .
maybe they meant insightful as in inciting a riot.
Run your own IRC server, or convince a friend to do so, and allow only SSL connections. Unreal, a popular ircd, supports SSL connections (port 994 by default).
Unless you then do everything as a DCC chat. This will only encrypt the client-server connection. It won't necessarily protect the server-server connections or help if the server itself is hacked.
Is it a lagged April 1 story? I can't believe the page in its entity. I mean, that black hand on Netscape 4.x, VISA etc...
And the most funny is:
Read more about chat-room hackers and identity theft in a chat with Entercept's Chad Harrington
Geez, it was a april 1 story right?
This came to me over the opirc (where I do some of my tellecommuting work) network just a bit ago:
/. article....unfortunately, probably no one :)l d=-1&commentsort=0&tid=95&mode=flat&pid=3324348
!lilo:*! Reply to a comment on a
will see it since I can't sign onto my account from work
http://slashdot.org/comments.pl?sid=30906&thresho
It's the real deal: Mod It Up!
Howard Dean for president
Er, that should be "already willing to give up liberty".
Remember "Bring 'em on"? *sigh