CNN Says Chat Rooms Are a Haven for Hackers

MiTEG writes "CNN is carrying an article about IRC and how it aids "hackers" with their mischief. There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC"." Yeah, if they ever hung out in our chatroom, they'd lock us all up for abusing Kurt the Pope.

Also used by 'hackers'

[Raedwald]

And fresh reports say that 'hackers' also use e-mail, telephones and postal services. Shut them all down!

Re:Also used by 'hackers'

[Archie+Steel]

...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).

This reminds me of two famous (and nearly identical) quotes:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
-- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.
-- President Thomas Jefferson.
1743-1826

Re:Also used by 'hackers'

[-brazil-]

The difference is that since IRC channels are basically public, monitoring them is both easier and no violation of civil rights.

BTW, another quote:

There is no freedom without security.

-- Wilhelm von Humboldt

Total freedom means survival of the strongest and least scrupulous and those valuable to them, i.e. mainly the freedom to be robbed, raped, murdered and suppressed. The ideal is to find a balance between freedom and security.

Re:Also used by 'hackers'

[arnie_apesacrappin]

Snip (Archie Steel):

This reminds me of two famous (and nearly identical) quotes:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.

Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

Well, it seems that Attorney General John Ashcroft doesn't agree with two of America's great founding fathers. He was quoted as saying, "To those who scare peace-loving people with phantoms of lost liberty, my message is this: your tactics only aid terrorists."

I'm sorry John, but here, you are the terrorist. Don't persuade me or anyone else to give up my freedoms to make your job easier under the guise of making the world a safer place. To calmly allow you to take my rights is the first step onto a slippery slope that I don't even want to know the results of. I won't quit using IRC, I won't give up my private keys, and I will continue to protect my right to say and hear what I'm constitutionally allowed to. If you want to take my rights, try to change the first amendment. Until then, in the spirit of Monty Python's The Life of Brian(I know they're not American, but it's the best quote I could think of), "piss off!"

Re:Also used by 'hackers'

[Archie+Steel]

There is no freedom without security.
-- Wilhelm von Humboldt

To which I'll add: "There is on peace without justice."
--Peter Tosh, Reggae Singer

Total freedom means survival of the strongest and least scrupulous and those valuable to them,

Actually, that is a logical fallacy, since total freedom also means freedom to live - "total" freedom, as in "optimal" freedom would mean that everybody shared the same freedom without infringing upon other people's freedom. The balance is delicate, I'll give you that - but it isn't between freedom and security. Rather it is between everyone's freedom. Of course we also need to discuss what types of freedom: obviously, no sane society will condone freedom to perpetrate crimes against other people (because then it would negate those people's own freedom). We can stick to the basic freedom that every human should have, amongst which are the classics (freedom to live, freedom of speech, freedom of movement), and everybody will be just fine. However, with that freedom comes some risk that people will use it to do bad things. That is just something we have to accept: limiting everyone's freedom because of inherent risks is not an acceptable solution.

All right, that's enough typing of the word "freedom" for a single day!

Re:Also used by 'hackers'

[SAFH]

Hrm... Burn Karma or post AC...

Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.

So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.

OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.

I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.

The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:

...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of). This reminds me of two famous (and nearly identical) quotes: They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773. Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. -- President Thomas Jefferson. 1743-1826

CNN is quality media

[timothy_m_smith]

In this age of watered-down single source media, this article is about par for the course. It's hard to believe that the bulk of American's accept CNN as a reliable media outlet.

Shocking!

[TheLocustNMI]

this just in -- dancefloors, bars, other public settings rumored to be HACKER FREE!

Selective Reading

[ackthpt]

If you want to see something, you will. It's called 'predisposition'.

Chatrooms, in the news over the past years, have also been a haven for:

People sharing interest in pretty much everything you can find in alt.* and rec.*

Pedophiles

People meeting each other legitimately and socially

Terrorist plots

The future of Slashdot

It's just another red herring for the media, the biggest news for the New Yahk media is a big drought in Delaware, so guess what they dig up to shock Mr. and Mrs. Average American. Big wh00p.

Nice headline.

[reaper20]

Anonymously stealing, trading personal information

Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.

hmmmm..... maybe I need to check out #amazon and #brilliant.

Re:Nice headline.

[zCyl]

Ok, do this over IRC, and you're a criminal - do it with a website, spyware, or spam, and you're a business.

Of course, given that the current definition of criminal is "one who does not make campaign contributions."

Wow, investigative reporting

[T1girl]

the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat

Gee, I guess it would have been way too much trouble for CNN's hotshot reporters to log on and find out for themselves before running this half-baked article.

And while we're on the subject...

[Cinnibar+CP]

"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

You should ALSO assume that your wife is cheating on you. And you're about to be fired. And someone is monitoring you. Constantly. We even know what brand of socks you're wearing.

Hehe, that's funny ;)

[Sase]

That was a good laugh.. and my friends.. that's why it was posted to /. :)

I've been IRC'ing since 1992. That's 10 years, and I'm still not a veteran.

Some of the World's (Internet's) greatest heros and founders hang out on EFNet/IRC or some like service...

Remember BBS? :) Surprised they didn't talk about that.

It's so typical for people to lash out on things they do not understand. More or less, its all too typical that they never emphasize the best parts about it. I mean comon.. Let's think about it.

IRC is a place to share knowledge, not just CC #'s (who are they kidding.. I have never been asked to trade a CC # or anything of the like.) Many of the World's 'hackers' (or techies that work for YOUR company) can acredit their knowledge (or at least the start) to IRC. I know I can.

I knew nothing (well, not nothing, a tincy bitty bit) about the Internet, its structure, protocols, computers, other operating systems, etc. before I came to IRC.

It all started with the 'need' to have an eggdrop bot in my channel.. How the hell was I to do this?

*shrug* I didn't know what I was doing.. but I got my hands on a free WOPR.net shell, (if anyone knows who I'm talking about.. send a shout out.. I'm curious) and was forced to learn a bit of unix commands (heh) to opperate the bot...

By and by I had shell after shell.. learning more about *nix as the opportunity came along. I eventually had the oppertunity to have root on a friends system (from IRC) and learned more and more about the system and how it worked.

Fast forward a bunch of years :) I met both my partners of my company (Web Hosting/Web Development) on IRC, and they have been good friends ever since. It is quite the successful business, and I have learned much since then... all because of IRC (well, I guess not that much.. I'm still using /. ;)

The news concentrates on the bad things always.. I've become a better person because of IRC, completely. Not only have I learned a tone of IT stuff.. I've also learned how to be a ;better person.. to react in the right mannor (not just to get +o.. or plus +O for that matter ;0)

Much of the Internet success stories are because of IRC, and I feel this article fails to discuss this... That is a bad thing, and this is why us 'hackers' seem to get a bad rep.

Oh yeah.. IRC didn't teach me how to spell, really :) afaik :)

Is Bruce Schneier on crack?

[Nos.]

He says this:

"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

To me this says, that I should assume, in my wallet is a stolen credit card. Well, there isn't, and I don't need to check. I have one credit card, and since I get a statement every month with my name on it, I obviously didn't steal it.

Now if he's just a confusing person and is actually saying that I should assume that one of my credit card numbers has been stolen. Well, as long as everyone out there practices some basic security, they shouldn't worry about that either. The first thing is to make sure you have fraud protection on your credit card (most have a $50 limit now). Second, look at your statement! If you just pay your bill without examining the charges, well, send me your credit card number!

Not really so alarming...

[jonesvery]

There are some alarming quotes from Bruce Schneier, CTO of Counterpane Technologies, such as "people who are anti-big-corporation are going to be more likely to use something like IRC".

It actually seems to me that Schneier did a pretty good job of preventing some editor from slapping an alarmist breaker along the lines of "IRC is a tool designed for smelly hackers" into the piece; take a look at the full quote:

"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC." [Emphasis added.]

He goes out of his way to point out that there's nothing that makes IRC particularly "suited" to nefarious purposes, but rather that its non-corporate nature is likely to appeal to anti-corporate people. (That, of course, is an assertion that can be argued forever, but it doesn't strike me as too alarming.)

Re:Not really so alarming...

[uncadonna]

Not as alarming as the /. blurb made out, but still revealing of the corporate mindset. Apparently AOL/TW/CNN still finds something dubious or alarming about the concept that people would have something to say to each other and use their technology to do it. In the mass media world, everyone who wasn't a member of a tiny content-production elite was expected to be a consumer and only a consumer. To the extent that everyone is now a publisher, this is threatened.

AOL/TW/CNN obviously has risked much to become a major player in the content game. Their discomfort with a world in which anyone is a content producer leaks out here. You'd hope they would find ways to profit from this prospect of freedom, rather than trying to squelch it, but it's not surprising that some folks in that outfit don't get it.

As for me, I'm not anti-big-corporation where big corporations matter. I like airlines and bridge builders and silicon foundries, but I'm not about to set one up in my basement. I don't like Starbucks, because their main value-added is de-localizing what ought to be a lot of small businesses.

If information megacorps want to help me, they'll help me make the most of all the content out there, and they'll help me stay secure even though there's no sensible way to keep bad people out of chat rooms. I don't want to live in a world where people steal my credit card, but even more I don't want to live in a world where significant powers feel free to characterize online chat as subversive.

CNN *runs* an IRC server!

[LinuxHam]

I may have skimmed a little too lightly, but I didn't see anyone mention that CNN actually runs one of the best IRC servers used for interactive televsion! When Mir was returning to Earth, there were well over 800 people in the room.

Then, with Talkback Live, they make excellent use of AIM and IRC. Very forward thinking.

Bayes Theorem

[Glorat]

I dunno how many of you nerds know Bayes Theorem but it's one of the first rules and statisticians learn and, annoyingly, it is one of the more unintuitive arguments for the uninitiated

<Offtopic>I can't stand the current Cannibis debate in the UK where people state something like that 95% of heroin addicts used Cannibis first as a gateway drug. Therefore Cannabis should be illegal. While I agree Cannabis should be illegal, that argument is a statistically false one because you cannot say that 99% of cannabis users go on to take heroin. That would be significant</offtopic>

Here, just because I imagine 99% of script kiddies use IRC, does not mean we should be anti IRC. You cannot map it to the proper argument where I imagine only <1% of all IRC users have anything to do with hacking and scripting. If you, for example, kill IRC, you upset 99% of the populatoin and script kiddies go elsewhere

Exploitation of people's misunderstanding of Bayes makes the easiest and most effective weapon in the world of FUD

Check your wallet.

[MongooseCN]

...but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."

Opens up wallet.

OMG! He's right! Someone stole a CC number off the Internet and put it in my wallet! These hackers are good!

Re:paper tiger

[Takeel]

Boy, oh, boy...you must be relatively new to the Internet.

Here's just one example of organized credit card fraud on the Internet. Some software piracy groups have *entire segments* dedicated to credit card fraud. They even have a name for these folks: "carders." They'll "card" a laptop, CD writer, etc. for you, and find a way to get it safely received. Many of these folks have huge lists of names, addresses, and credit card numbers that often come from compromised websites.

It's happened to me before. Luckily, I caught it, and I learned from my mistake. I've found a way to help defend against this kind of attack.

Everyone should think about using one-time-use credit card numbers when making purchases from anyone over the phone or Internet. Several credit card issuers offer this feature. Here's an example of one of them.

Re:This is news?

[arnie_apesacrappin]

To badly quote Norm MacDonald, "Breaking news from the scientific journal DUH!"

Other places hackers hang out:

• malls
• coffee shops
• schools

CNN might want to investigate these places as well. Inside sources from CNN also tell me that these things called "newsgroups" exist. Appearantly, these "newsgroups" allow people to exchange "news", which according to CNN sources is a "code word" for "illegal activities", and is a new sweeping trend in the scary hacker underworld.

Also, staring at the sun can cause blindness.

Re:This is news?

[richardbowers]

I thought the only people on IRC were FBI agents pretending to be 14 year old girls. There are hackers there, too?

Re:This is news?

[llamalicious]

Pardon me. But my colorblind friend says the sky is a medium gray.
He can't understand blue, or what possible uses that color has on a day to day basis.

Likewise, the people out there coming up with these "notices" are technology blind.

So if we couldn't trust a colorblind person to paint your house, how can we trust technology-blind legislators and other political reps to make the right decisions or statements on our behalf...?

Time to get out the voting stick.