CNN Says Chat Rooms Are a Haven for Hackers

MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd lock us all up for abusing Kurt the Pope.

Also used by 'hackers'

[Raedwald]

And fresh reports say that 'hackers' also use e-mail, telephones and postal services. Shut them all down!

Re:Also used by 'hackers'

[Archie+Steel]

...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

This reminds me of two famous (and nearly identical) quotes:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
-- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.
-- President Thomas Jefferson.
1743-1826

Re:Also used by 'hackers'

[-brazil-]

The difference is that since IRC channels are basically public, monitoring them is both easier and no violation of civil rights.

BTW, another quote:

There is no freedom without security.

-- Wilhelm von Humboldt

Total freedom means survival of the strongest and least scrupulous and those valuable to them, i.e. mainly the freedom to be robbed, raped, murdered and suppressed. The ideal is to find a balance between freedom and security.

Re:Also used by 'hackers'

[jedrek]

So basically they need to whip up some way of controlling IRC as well.

To read *any* message on a typical IRC network you need access to this many servers:

One.

The way IRC is constructed each message goes to every server, so it's a no-brainer.

Re:Also used by 'hackers'

[WowTIP]

And the channels they want to monitor are probably not that easy to join either, one might guess. Of course they could force some ircop or something like that to grant them access, but that would make the users of the channel very aware of their precense. And there are also ways to encrypt your irc chats, I don't really know how heavy the crypto is, but it would probably make their job a little bit tougher.

Re:Also used by 'hackers'

[Kafka_Canada]

The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

The sadder thing is, this war is purportedly being fought for our freedoms, and the government seems to think the best way to secure our (hard-won) civil liberties is to start by taking them away.

Although they have been pretty clever about it: a war against an invisible, intangible, unmeasurable "enemy" (terrorism) is an invisible, intagible, unmeasurable war -- in other words, there is never a time when they have to/can declare victory and drop the pretext of fighting terrorism, and thus there is never a time when they have to give up the gradual rescinding of our liberties "in order to guarantee our security." How is this fighting for freedom?

Of course, while it's clever, it's hardly original. Pretty reminiscent of the never-ending wars fought in 1984; Big Brother's rhetoric's not even far off from Bush's, and the declared purposes of the wars are likewise pretty similar.

Oh well.

Re:Also used by 'hackers'

[arnie_apesacrappin]

Snip (Archie Steel):

This reminds me of two famous (and nearly identical) quotes:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

Well, it seems that Attorney General John Ashcroft doesn't agree with two of America's great founding fathers. He was quoted as saying, "To those who scare peace-loving people with phantoms of lost liberty, my message is this: your tactics only aid terrorists."

I'm sorry John, but here, you are the terrorist. Don't persuade me or anyone else to give up my freedoms to make your job easier under the guise of making the world a safer place. To calmly allow you to take my rights is the first step onto a slippery slope that I don't even want to know the results of. I won't quit using IRC, I won't give up my private keys, and I will continue to protect my right to say and hear what I'm constitutionally allowed to. If you want to take my rights, try to change the first amendment. Until then, in the spirit of Monty Python's The Life of Brian(I know they're not American, but it's the best quote I could think of), "piss off!"

Re:Also used by 'hackers'

[Archie+Steel]

There is no freedom without security.
-- Wilhelm von Humboldt

To which I'll add: "There is on peace without justice."
--Peter Tosh, Reggae Singer

Total freedom means survival of the strongest and least scrupulous and those valuable to them,

Actually, that is a logical fallacy, since total freedom also means freedom to live - "total" freedom, as in "optimal" freedom would mean that everybody shared the same freedom without infringing upon other people's freedom. The balance is delicate, I'll give you that - but it isn't between freedom and security. Rather it is between everyone's freedom. Of course we also need to discuss what types of freedom: obviously, no sane society will condone freedom to perpetrate crimes against other people (because then it would negate those people's own freedom). We can stick to the basic freedom that every human should have, amongst which are the classics (freedom to live, freedom of speech, freedom of movement), and everybody will be just fine. However, with that freedom comes some risk that people will use it to do bad things. That is just something we have to accept: limiting everyone's freedom because of inherent risks is not an acceptable solution.

All right, that's enough typing of the word "freedom" for a single day!

Re:Also used by 'hackers'

[Z4rd0Z]

Of course, while it's clever, it's hardly original. Pretty reminiscent of the never-ending wars fought in 1984; Big Brother's rhetoric's not even far off from Bush's, and the declared purposes of the wars are likewise pretty similar.

That's absolutely true. We've had some kind of "war" going on for a long time. I first remember it with the bombing of Libya in the 80's, but I'm sure it goes back farther. It's typically not an officially declared war, but rather some kind of foreign conflict with a purpose that is unclear. The "War on Terror" appears to be designed to last for a good long while yet. That ought to keep the minds of the masses from being occupied with Real Issues for the next decade.

Re:Also used by 'hackers'

[SAFH]

Hrm... Burn Karma or post AC...

Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.

So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.

OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.

I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.

The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:

...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of). This reminds me of two famous (and nearly identical) quotes: They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773. Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

Re:Also used by 'hackers'

[jafac]

. . . preceeded by about 20 years by:

"A man that would sacrifice his freedom for security deserves neither. The God who gave us life gave us liberty at the same time."
-Montesquieu, The Rights of British America

CNN is quality media

[timothy_m_smith]

In this age of watered-down single source media, this article is about par for the course. It's hard to believe that the bulk of American's accept CNN as a reliable media outlet.

Re:CNN is quality media

[MaxVlast]

Mr. Babbage and Mrs. Lovelace might be surprised to read your post.

Of course, they'd be surprised by a CRT. Let alone TCP.

Re:CNN is quality media

[hex1848]

CNN == "Communist News Network"

Telephone System A Heaven for Criminals

[Rentar]

Criminals that want to organize any criminal actions are known to use the telephone system to communicate!

Re:Telephone System A Heaven for Criminals

[bareminimum]

No, they actually sit in cafes, bars, restaurants and other public places and ... TALK.

Brought to you by citizens for a mute and honest society.

Re:Telephone System A Heaven for Criminals

[ReelOddeeo]

Criminals that want to organize any criminal actions are known to use the telephone system to communicate!

Criminals wanting to conspire to commit criminal action are known to sit in corporate boardrooms in closed, secret conferences.

Wow, what bullshit . . .

[cjpez]

I used to work for a company that actually used IRC. We had a bunch of geographically-diverse locations, and we needed to be in near-constant communication with them, so we just set up an IRC server and that was that.

Ah, what fun we had with bots . . . We had a bot to talk to our phone list database, a bot to page people, etc . . . Grand fun.

Shocking!

[TheLocustNMI]

this just in -- dancefloors, bars, other public settings rumored to be HACKER FREE!

Selective Reading

[ackthpt]

If you want to see something, you will. It's called 'predisposition'.

Chatrooms, in the news over the past years, have also been a haven for:

People sharing interest in pretty much everything you can find in alt.* and rec.*

Pedophiles

People meeting each other legitimately and socially

Terrorist plots

The future of Slashdot

It's just another red herring for the media, the biggest news for the New Yahk media is a big drought in Delaware, so guess what they dig up to shock Mr. and Mrs. Average American. Big wh00p.

Web chat is a solution

[famazza]

One of the solutions for this problem is webchats. Webchat can be done using http and a web browser, all the functionality becomes controled by web frames inside the browser. No information can be retrieved besides the ones avaiable.

Of course that there are plenty of disadvantages, the speed is one of them, but I think that is acceptable so we can increase security.

Other option is modify IRC protocol to avoid these security flaws, this would avoid speed problems, and maybe is the more intelligent thing to do. But, will new IRC clients/servers implement the new protocol.

IMHO the new protocol, whatever it would be, http or new irc, should not be compatible with the old one, so we enforce the change, and avoid further problems.

What are the other options?

Re:Web chat is a solution

[imipak]

What are the other options?

The other options include "don't try to fix something that isn't broken." This is pretty much the standard 'slow news day' Internet horror story which CNN|the BBC | Fox | Time |whoever comes out with once or twice a year. Identity thieves use IRC. Film at 11. The problem that needs to be fixed is the ease with which people's IDs can be stolen, thanks to lots of personal data being stored on various insecure systems. I mean, you know, there are people out there buying things over the web using Visa cards from IE, to webservers running IIS... sorry, folks, Billy was lying: Windows (well, Win 9x), and IE/Outlook/IIS are NOT safe at any speed.

Incidentally, did every get a good laugh from today's announcement of no less than EIGHT new IIS holes? Lo,they are mostly present in the current version; and lo!(too), they were mostly(all?) discovered by OUTSIDE researchers, not Microsoft programmers on their month of 'intensive security auditing' their existing codebase (*giggle*)

Re:Web chat is a solution

[Kintanon]

Here's a solution for you, piss off. None of the people who USE IRC care about the security of the protocol. Snoop all you want, who cares if you know everything I ever said on IRC? The X bot probably has a log of 90% of everything that's been said on Undernet. We use IRC because it's fast and we can find lots of people quickly without any trouble. Anyone can start a new chan to talk to their friends in. It's simple, it works well, we like it. So stop trying to fuck with it. There's nothing wrong with IRC. It doesn't need to be changed. Piss off.

Kintanon

Nice headline.

[reaper20]

Anonymously stealing, trading personal information

Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.

hmmmm..... maybe I need to check out #amazon and #brilliant.

Re:Nice headline.

[zCyl]

Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.

Of course, given that the current definition of criminal is "one who does not make campaign contributions."

Wow, investigative reporting

[T1girl]

the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat

Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.

And while we're on the subject...

[Cinnibar+CP]

"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

You should ALSO assume that your wife is cheating on you. And you're about to be fired. And someone is monitoring you. Constantly. We even know what brand of socks you're wearing.

Re:In other words...

[Michael_Jarvis]

In other words, just trust the big companies and none of this would ever happen???

I don't think that was either the Schneier's point. I think Schneier was just pointing out the obvious.

If I am not mistaken, AOL has always monitored and censored their chatroom conversations. As a corporation, AOL has the ways and means to control the whole process. With IRC there is not any centralized control--someone can be running an IRC server in their dorm room, specifically FOR illegal activity, and there's nobody for the Fed's to subpoena, since they probably won't even know about it.

All Schneier was saying is that it's a no-brainer for the criminal types to use IRC instead of some sort of proprietary corporate communication method.

Hehe, that's funny ;)

[Sase]

That was a good laugh.. and my friends.. that's why it was posted to /. :)

I've been IRC'ing since 1992. That's 10 years, and I'm still not a veteran.

Some of the World's (Internet's) greatest heros and founders hang out on EFNet/IRC or some like service...

Remember BBS? :) Surprised they didn't talk about that.

It's so typical for people to lash out on things they do not understand. More or less, its all too typical that they never emphasize the best parts about it. I mean comon.. Let's think about it.

IRC is a place to share knowledge, not just CC #'s (who are they kidding.. I have never been asked to trade a CC # or anything of the like.) Many of the World's 'hackers' (or techies that work for YOUR company) can acredit their knowledge (or at least the start) to IRC. I know I can.

I knew nothing (well, not nothing, a tincy bitty bit) about the Internet, its structure, protocols, computers, other operating systems, etc. before I came to IRC.

It all started with the 'need' to have an eggdrop bot in my channel.. How the hell was I to do this?

*shrug* I didn't know what I was doing.. but I got my hands on a free WOPR.net shell, (if anyone knows who I'm talking about.. send a shout out.. I'm curious) and was forced to learn a bit of unix commands (heh) to opperate the bot...

By and by I had shell after shell.. learning more about *nix as the opportunity came along. I eventually had the oppertunity to have root on a friends system (from IRC) and learned more and more about the system and how it worked.

Fast forward a bunch of years :) I met both my partners of my company (Web Hosting/Web Development) on IRC, and they have been good friends ever since. It is quite the successful business, and I have learned much since then... all because of IRC (well, I guess not that much.. I'm still using /. ;)

The news concentrates on the bad things always.. I've become a better person because of IRC, completely. Not only have I learned a tone of IT stuff.. I've also learned how to be a ;better person.. to react in the right mannor (not just to get +o.. or plus +O for that matter ;0)

Much of the Internet success stories are because of IRC, and I feel this article fails to discuss this... That is a bad thing, and this is why us 'hackers' seem to get a bad rep.

Oh yeah.. IRC didn't teach me how to spell, really :) afaik :)

Is Bruce Schneier on crack?

[Nos.]

He says this:

"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

To me this says, that I should assume, in my wallet is a stolen credit card. Well, there isn't, and I don't need to check. I have one credit card, and since I get a statement every month with my name on it, I obviously didn't steal it.

Now if he's just a confusing person and is actually saying that I should assume that one of my credit card numbers has been stolen. Well, as long as everyone out there practices some basic security, they shouldn't worry about that either. The first thing is to make sure you have fraud protection on your credit card (most have a $50 limit now). Second, look at your statement! If you just pay your bill without examining the charges, well, send me your credit card number!

Let me get this straight:

[oyenstikker]

"Hackers" getting personal information and selling it to other "hackers" is bad.
Corporations getting personal information and selling it to other corporations is good.

People with tightly held secrets are suspect.
Corporations with tightly held secrets are to be trusted.

A person trying to extort people is a thug and scam artist.
A corporation trying to extort people is just protecting the artists.

OK. I got it. Now can I incorporate myself? I think I'd be much better off as a corporation than as a citizen.

Duh

[dieMSdie]

"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."

There's the only useful statement in the whole fscking article. What a loaf of fertilizer. Must have been a boring newsday for the CNN "tech" crew...

Not really so alarming...

[jonesvery]

There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC".

It actually seems to me that Schneier did a pretty good job of preventing some editor from slapping an alarmist breaker along the lines of "IRC is a tool designed for smelly hackers" into the piece; take a look at the full quote:

"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC." [Emphasis added.]

He goes out of his way to point out that there's nothing that makes IRC particularly "suited" to nefarious purposes, but rather that its non-corporate nature is likely to appeal to anti-corporate people. (That, of course, is an assertion that can be argued forever, but it doesn't strike me as too alarming.)

Re:Not really so alarming...

[uncadonna]

Not as alarming as the /. blurb made out, but still revealing of the corporate mindset. Apparently AOL/TW/CNN still finds something dubious or alarming about the concept that people would have something to say to each other and use their technology to do it. In the mass media world, everyone who wasn't a member of a tiny content-production elite was expected to be a consumer and only a consumer. To the extent that everyone is now a publisher, this is threatened.

AOL/TW/CNN obviously has risked much to become a major player in the content game. Their discomfort with a world in which anyone is a content producer leaks out here. You'd hope they would find ways to profit from this prospect of freedom, rather than trying to squelch it, but it's not surprising that some folks in that outfit don't get it.

As for me, I'm not anti-big-corporation where big corporations matter. I like airlines and bridge builders and silicon foundries, but I'm not about to set one up in my basement. I don't like Starbucks, because their main value-added is de-localizing what ought to be a lot of small businesses.

If information megacorps want to help me, they'll help me make the most of all the content out there, and they'll help me stay secure even though there's no sensible way to keep bad people out of chat rooms. I don't want to live in a world where people steal my credit card, but even more I don't want to live in a world where significant powers feel free to characterize online chat as subversive.

CNN *runs* an IRC server!

[LinuxHam]

I may have skimmed a little too lightly, but I didn't see anyone mention that CNN actually runs one of the best IRC servers used for interactive televsion! When Mir was returning to Earth, there were well over 800 people in the room.

Then, with Talkback Live, they make excellent use of AIM and IRC. Very forward thinking.

Re:CNN *runs* an IRC server!

[mdwebster]

From the CNN website:

CNN.com has closed its open chat room, but will continue to offer hosted chats with international newsmakers.

Let's play the Slashdot Overreaction Game.

[Stonehand]

Any guesses as to how many posts on this thread will...

- Call CNN a bunch of morons.
- Suggest that we should therefore ban ::insert whatever:: using ridiculous slippery-slope logic.
- Say "Duh".

...without showing ANY evidence of reading the article, or making any factual statements whatsoever?

Really, now.

Now, for those with actual central nervous systems and who actually care about facts rather than knee-jerk responses:

IRC is a multiperson always-on real-time worldwide system, and is therefore more conducive to exchanges and marketing than phones, pagers and their ilk. There's no comparison, really, except for morons, because while a phone system at most might be a small-scale party line, messages on IRC can reach nigh-arbitrary amounts of people whom you DON'T need to have previous knowledge of. Even if you do NOT have any intended buyers in mind, calling random people and offering credit card numbers is stupid. Sending a CC list offer to an appropriate IRC channel is less stupid, in that you can reach more people at once, and they're voluntarily reading so they're more likely to be interested. Plus, there's no Caller ID, and if you're bright you may be using a compromised machine so that your own IP isn't shown. If the distribution of logs crosses national borders, it may be quite a hassle for anybody to ever find your identity -- assuming that you can maintain anonymity during an exchange, of course, by not screwing up by, say, using one of your own personal bank accounts.

And, most people who read CNN have little experience with IRC. Therefore, it's fair to give them a "heads up", especially, say, if they've got a teen who's spending a lot of time online and ordering more stuff than you think he could afford, or similar situations... this merely provides a bit of awareness to the technologically naive.

Other forms of communication

[red_dragon]

Some other media that the CNN article forgot to mention:

• Smoke
• Flash lights
• Morse code
• CB/Ham radio
• Phones
• Pen and paper
• Station wagons full of magnetic tape/CDs/DVDs

Bayes Theorem

[Glorat]

I dunno how many of you nerds know Bayes Theorem but it's one of the first rules and statisticians learn and, annoyingly, it is one of the more unintuitive arguments for the uninitiated

<Offtopic>I can't stand the current Cannibis debate in the UK where people state something like that 95% of heroin addicts used Cannibis first as a gateway drug. Therefore Cannabis should be illegal. While I agree Cannabis should be illegal, that argument is a statistically false one because you cannot say that 99% of cannabis users go on to take heroin. That would be significant</offtopic>

Here, just because I imagine 99% of script kiddies use IRC, does not mean we should be anti IRC. You cannot map it to the proper argument where I imagine only <1% of all IRC users have anything to do with hacking and scripting. If you, for example, kill IRC, you upset 99% of the populatoin and script kiddies go elsewhere

Exploitation of people's misunderstanding of Bayes makes the easiest and most effective weapon in the world of FUD

Re:Bayes Theorem

[gorilla]

I agree Cannabis should be illegal

Funny, cause the UK doesn't. It was downgraded from Class B to Class C last year, with a pilot program in one London borough with the only thing the police can do is confiscate it - a program that is exepected to be extended to the whole country soon, and the committe charged with making recommendations on drug policy have reported that it should be decriminalized, which is expected to be accepted by the Home Secretary. In fact, in the UK, the whole "War on Drugs" approach is widely seen as a failure, with the minor opposition party having decriminalization of all drugs (As happened in Portugal last year) as a platform, and many members of both major party agreeing with that policy. BTW, the drug most likely to be associated with crime is ... alcohol. "between 72% and 82%, depending on the area, testing positive for alcohol. " (http://www.druglibrary.org/schaffer/Library/studi es/runciman/pf7.htm)

Re:Bayes Theorem

[mpe]

In fact, in the UK, the whole "War on Drugs" approach is widely seen as a failure,

Hardly a UK specific viewpoint, even in the US there is plenty of evidence that prohibition/war on drugs is an expensive farce.
Maybe with the possibility of a ceasefire in the "war on drugs" politicans feel they need a "war on hackers" to compensate.

What Is Considered "Subversive and Illicit"

[DonWallace]

The bottom line of this article appears to be that if someone uses *anything* called a 'chat room', they're implicitly engaged in illicit activities:

"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."

This spokesperson is basically saying that chat outside the venue of a benevolent, all-watching big corporation is evidence of intent to cause harm to the capitalist system, by extension. (and don't forget all of the child molesters hanging out on ... er... AOL!!)

While many are mocking the origin of the story, don't laugh.

Civil liberties can easily be eroded by the F.U.D. and implied subversion that a large media company such as CNN can implant in the minds of readers over a perior of time. "Chat room" == "bad unsupervised people up to no good" can become implanted in reader's minds subtly by repetition... with the terrorism paranoia running rampant in our society, spin like this ain't positive.

Check your wallet.

[MongooseCN]

...but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

Opens up wallet.

OMG! He's right! Someone stole a CC number off the Internet and put it in my wallet! These hackers are good!

This story

[Beautyon]

is unworthy of repetiton. It is poor journalism of the most illiterate kind, engineered to whip up hysteria over something as old as the hills.

The author "With more than 23 years of journalism experience to draw from, Renay San Miguel is a technology anchor and correspondent for CNN Headline News based in CNN's world headquarters in Atlanta....From 1997-2000 he was with CNBC, where he served as a correspondent specializing in technology and the Internet. "

really needs to have 23 years of experience in how to research a story. And anyway, how on EARTH can someone from 1997, "..specializing in technology and the Internet.." not have ever used or seenIRC???

If he knows what IRC is, and STILL wrote that, then he really is just a sh1t stirrer, first class.

Nothing to see here: move along!

Uniformed Reporting

[Vodak]

Yes IRC is a great tool and sometimes it can be a lot like ebay. I've gotten some good hardware that I can't find anywhere else just by talking to people on IRC.

Of course these people will go to IRC chat rooms all the time, hell like every other type of computer geek on the internet they like to boost. It's natural for a geek to go somewhere and brag about their exploits.

The claim that identity theft is running wild and it's the fault of the hackers is an amazing assumption. While I do believe things like this happen to people around on many occasions. I do not believe it's as large scale as some people would have us believe. I have seen many more cases where identity theft is caused by people in the real world either losing their wallets. or other malicious deeds in which a criminal gets information from a victim.

You should automatically assume your credit card was stolen? Frankly if your not reviewing your credit card transactions you are a fool. But again. there are many more cases of this happening because of a store employee collecting the information some nameless computer hacker who is out to get you.

Why would things like pirated software, child pornography, and stolen information be available on IRC? It's a quicker communication medium. It's easier and faster for people to exchange the information then web pages or e-mail.

People use IRC networks like EFNET, DALNET, GAMESNET, etc. as opposed to AOL or Microsoft because the big business companies consider their users to be morons that don't need more advanced forms of software. When your network blocks out all types of profanity because it's "bad" many people are going to look to communicate where they can speak as they wish.

As for the law enforcement issue it is up to all the irc networks in question to regulate the going on in their own set of servers. I'll use Gamesnet as an example. They are constantly attempting to stop the "warez trade" from happening on their network and have assisted law enforcement when they find out their users are committing crimes.

The FBI gets lucky because like all criminals people who are involved in things like identify theft, child pornography sing like canaries. that's the only reason they get lucky. the boasting of hackers helps the FBI catch hackers

Re:paper tiger

[Takeel]

Boy, oh, boy...you must be relatively new to the Internet.

Here's just one example of organized credit card fraud on the Internet. Some software piracy groups have *entire segments* dedicated to credit card fraud. They even have a name for these folks: "carders." They'll "card" a laptop, CD writer, etc. for you, and find a way to get it safely received. Many of these folks have huge lists of names, addresses, and credit card numbers that often come from compromised websites.

It's happened to me before. Luckily, I caught it, and I learned from my mistake. I've found a way to help defend against this kind of attack.

Everyone should think about using one-time-use credit card numbers when making purchases from anyone over the phone or Internet. Several credit card issuers offer this feature. Here's an example of one of them.

Re:This is news?

[arnie_apesacrappin]

To badly quote Norm MacDonald, "Breaking news from the scientific journal DUH!"

Other places hackers hang out:

• malls
• coffee shops
• schools

CNN might want to investigate these places as well. Inside sources from CNN also tell me that these things called "newsgroups" exist. Appearantly, these "newsgroups" allow people to exchange "news", which according to CNN sources is a "code word" for "illegal activities", and is a new sweeping trend in the scary hacker underworld.

Also, staring at the sun can cause blindness.

Re:This is news?

[richardbowers]

I thought the only people on IRC were FBI agents pretending to be 14 year old girls. There are hackers there, too?

Re:This is news?

[llamalicious]

Pardon me. But my colorblind friend says the sky is a medium gray.
He can't understand blue, or what possible uses that color has on a day to day basis.

Likewise, the people out there coming up with these "notices" are technology blind.

So if we couldn't trust a colorblind person to paint your house, how can we trust technology-blind legislators and other political reps to make the right decisions or statements on our behalf...?

Time to get out the voting stick.

Oh yeah, god forbid!

[Restil]

Someone might utilize a USEFUL tool in such a way that might entail malace. Among other things, IRC is useful for the following things:

Trading porn including child pornography (tm).
Trading illegal mp3's.
Trading illegal movies.
Trading illegal books.
Trading illegal software.
Trading illegal TV shows.
Stalking.
Preying grounds for Child Molesters (tm).
Learning BAD english "31337 anyone???"
Discussing illegal activity.
DOS zombie gathering points.
Trojan access gathering points.

Oh, and of course, its primary purpose, so that large groups of people can easily gather online in a user friendly way to discuss various topics of interest to them.

People, its a tool, nothing more. You can use it legally or illegally. I can cut butter or stab someone with a knife. I can buy food or drugs with money. I can use a telephone to call my friends to say hi, or I can prank call someone and threaten to have them killed. And yes, if I really wanted to, I could use IRC illegally. As could I with AIM, or yahoo's chat/forums, or anywhere else that I wanted to.

Yes CNN, Chat rooms are most likely havens for hackers (tm). Its not so much an issue of debate, but an issue of declaring the obvoius. I'll bet they use phones too. And Email. And websites. I mean, if there wasn't an internet, there would still be hackers even though all the reasons you think they're bad would be null and void. Hackers pre-date the internet, even those inflicted with malice. Although, script kiddies are a rather recent breed.

-Restil

Congratulations for discovering PROPAGANDA

[aphor]

Welcome to the world of PROPAGANDA. Psychologists know that people will subconsciously accept brazen lies if they are sufficiently tired, confused, or distracted before taking in the false causal statement. This is called "suggestability". They will subconsciously seek a (false if necessary) internal logic or even a leap-of-faith to understand the author. If they are too tired to question this understanding, they will keep it and use it as if it were fact, gleefully making false judgements baed upon the supposed "fact."

AKA: sales pitch.