Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIA Researching Automated IRC Spying

Posted by timothy on from the will-u-be-my-friend-lol-j/k dept.

Iphtashu Fitz writes "CNet News is reporting that the CIA has been quietly investing in research programs to automatically monitor Internet chat rooms. In a two year agreement with the National Science Foundation, CIA officials were involved with the selection of recipients for research grants to develop automated chat room monitors. Researchers at Rensselaer Polytechnic Institute received $157,673 from the CIA and NSF for their proposal of 'a system to be deployed in the background of any chat room as a silent listener for eavesdropping ... The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention.' How soon until all IM conversations are monitored by Big Brother? The abstract of the proposal is available on the NFS website."

15 of 413 comments (clear)

  1. Umm... by Anonymous Coward · · Score: 3, Interesting

    Isn't that considered interstate wiretapping?

    The last time I checked, federal law said you needed a warrant to do that.

  2. You don't control the trunks by TiggertheMad · · Score: 3, Interesting

    Yeah, but you don't have physical control over the pipes between yor server and all your clients. How do you think your bits get sent back and forth? I just have to put an intercept between you and your clients to grab all the data I want.

    This would be some sort of program that can sit on an ISP's trunks, and grab all traffic that looked like IRC traffic and dump it in a log. Since it is the CIA, (And they are in theory, the Intelligence 'Offense') it might be a small embedded hardware solution that has a built in microdrive. It would be very handy to have a CIA controled operative slip in to a NOC in a hostile country, snap it onto a trunk in an unobtrusice location and pick it up a month later.

    American Tinfoil hat people, relax. The FBI is the group spying on you, not the CIA.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
    1. Re:You don't control the trunks by Anonymous Coward · · Score: 1, Interesting

      -1, Wishful thinking. You completely ignore the fact that the internet is international. On the network of IRC servers I use, there are multiple channels for nearly every country in the world, filled with residents or ex-pats or people interested in them. My channel gets people from around the world on a daily basis and my packets seem to have no trouble reaching them. They don't mysteriously disappear at the border.

      So yeah, the CIA could still spy on me over this. They'd be wasting their time and money in my opinion (Though I'm sure they could forge logs in interesting ways if they ever had to justify their actions).

    2. Re:You don't control the trunks by michaelredux · · Score: 2, Interesting
      Speaking both as an author of an ircd and somebody with a comprehensive understanding of what SSL does: worthless. ...Read CRYPTO-GRAM and some of Schneier's books.
      This quote from Schneier in CRYPTO-GRAM-0303 does not seem to support your opinion:
      I wouldn't discard SSL as being irrelevant... Security is only as strong as the weakest link, and SSL is nowhere close to being the weakest link.
      http://www.schneier.com/crypto-gram-0303.html
  3. Re:It wont really be any good... by bigberk · · Score: 2, Interesting
    I'd think anyone planning crimes on IRC would be a complete moron
    People have planned crimes on IRC, and got caught for it. One of the recent instances was someone tied to Foonet talking organizing DDoS attacks -- Foonet got busted by the FBI. These were the fellows that did attacks-for-hire (including against antispam services) if you remember.
  4. I had a nightmare the other night by Gary+Destruction · · Score: 1, Interesting

    I had a nightmare the other night that the NSA was after me for posting pictures on the Internet that made fun of George W Bush.

  5. What, you mean they aren't? by Fencepost · · Score: 4, Interesting
    I'd have figured something like that would've gone into place quite some time ago, at least on the larger IRC networks (EFNet, Dalnet, whatever they are these days).

    All you really need is the servers at a few of the nodes to be running logging software, and it wouldn't even need to be running in the context of the IRC server - it'd just need to be tracking the inbound and outbound traffic. It wouldn't catch everything, but you'd get a fair amount of it and probably get enough to tell you what areas needed more examination.

    Similarly, I assume that just about everything on Usenet is monitored and saved by at least a few agencies domestic and foreign, if not more. How much would Giganews charge for a full feed? That's not going to be a lot of use against one-way traffic, but discussions would almost certainly be trackable.

    As with many things the information stream itself is relatively easy and inexpensive to get access to, but extracting good information out of it is likely to be harder. I wouldn't be surprised if a big chunk of the money they're giving out is related more to the analysis of that sort of information stream (and existing store) than to the simple acquisition of data.

    --
    fencepost
    just a little off
  6. Re:Crypt-IRC by inKubus · · Score: 4, Interesting

    It's pretty easy to bypass. Get yourself a custom IRC client that logs into 3 or 8 or 100 servers at a time. Then your contact logs into the same servers and into randomly selected channels. You send a message which is scrambled up and is sent in pieces to each server. So say your message is "Let's meet at the tower at midnight." it would be split up on as many channels as you have servers connected on both sides. So say you are using three servers on each side, then only every third character would be sent, with an offset of which server it is:

    So like channel #random19a9x on server 1 would get a message from you:
    L'mtt w dh

    and channel #random19a9x on server 2 would get:
    ese BLAH BLAH etc

    rinse and repeat for as many channels as you like. of course, while all this is happening, you could be continually logging off and on, changing nicks or channels or sending to other servers in a predefined fashion. Perhaps the control connection could be over a DCC connection while the actual secure messages travel thru the IRC never to be found again. (Outband signaling).

    You could also combine this with email, SMS, web pages, etc to split the message up into as many channels and media as possible. And of course, you have to make the software client script driven so new scripts can be easily generated to stay ahead of any technology Big Brother could use to monitor it.

    Possible problems are pretty obvious: everything originally comes from your IP so anything between you and the network can be compromised. It's really pretty safe to assume that the core routers are compromised as well. Well, this is not the case. The order could be randomized and the complexity of putting it back together grows in proportion with the number of channels.

    The idea is to make it as much like chat as possible but not have any full packets of clear or encrypted text go out at once, preventing any easy way to view it. And the ability to change the patterns and behavior of the connecting and reconnecting would thwart anyone learning the way it works.

    --
    Cool! Amazing Toys.
  7. Re:Juristiction? by Ann+Coulter · · Score: 2, Interesting

    I'm curious as to rather or not there are any existing applications that allow for public key encryption of IRC traffic. It shouldn't be too difficult to have the regulars in a channel or room all use the said application. This application would probabily spam the room with unreadible junk from the viewpoint of anyone without a relevant private key but it would allow for secure communication in a chat area. If there is no such application, perhaps I should write one.

  8. Re:It wont really be any good... by flyingsquid · · Score: 2, Interesting

    That's why serial killers are smart. It's not that dumb people don't have similar tendencies, it's just that they get caught before murdering 37 people.

  9. Re:Bing!Bing!Bing! by Anonymous Coward · · Score: 1, Interesting

    Although to go one step further, I believe it is illegal for the CIA to spy on US citizens (and/or in the USA). The FBI spys on us, the CIA spys on them (Yes, the FBI are cops, but they also get counter-espionage duty). I don't know where NSA falls in the mix.

    So does the CIA only get to use this system on foreign IRC servers? Or do the post-9/11 security rules mean that these silly retriction of powers laws go away, and the CIA can spy on us, too?

    I feel safer already. Is there any chance these systems will be used to help people, or only in the distant sense of "catching the bad guys so that others are safe"?

  10. Similar proposal met with opposition by IRCops by Chatmag · · Score: 2, Interesting

    A related proposal, involving "uniformed" police to monitor chat rooms, was announced June 9th 2004 Cyber Cops to Patrol Internet Chat Rooms We polled over 100 IRCops and Server Administrators and posted the results at: Chat Network Operators and Users Wary of Uniformed Police Presence

    --
    Pete Carr Owner Chatmag.com
  11. Re:That's easy to beat... by VertigoAce · · Score: 2, Interesting

    When this project was described to me as a possible project for undergrad research (I'm a student at RPI), it sounded like the initial research was going to use data from chat rooms and message boards. The focus was on pattern detection based on knowing that particular people sent messages at particular times. The content of those messages is not part of the project (IRC data, for example, would just be time stamps and names, not the full logs). The idea is that the CIA can easily monitor when communication is happening, but not necessarily what is being said. I haven't begun working on the project yet, so the above is just my vague understanding of what we're going to do this spring and summer.

  12. Protect yourself by donkstuff · · Score: 2, Interesting

    All anyone needs to do is protect themselves. You can connect to most irc networks via ssl, and if you PM between people on ssl connections, you're safe. Also if you talk in a channel set +z, that would be for SSL only users. Also, setting channel modes like +s (secret/unlisted in the /list command), +i (invite only), or +k (key protected, need key to join), would protect any outside users from seeing/entering your channel.

    If a user would do the above, then the only way their IRC usage could be monitered would be if the server admins allowed them access server side, which most networks sould not allow.

    Note that the +z channel mode is used in the ircd used by the protium irc network which is based on ircu with the nefarious ircu patch.

    -- d0nk` (irc.protium.org / #protium )

    --
    :(){ :|:& };:
    Paluminum.net
  13. I think the real question is... by AbsurdProverb · · Score: 2, Interesting

    Now that they're actually talking about it, how long have they already been monitoring IRC? I have been told intelligence agencies are up on the curve by years. However given the recent intelligence blunders of the last three years or so, I can't help but question that assumption.