Slashdot Mirror

← Back to Stories (view on slashdot.org)

Freenode Network Hijacked, Passwords Compromised?

Posted by ryuzaki0 on from the hope-your-password-wasn't-important dept.

tmandry writes "The world's largest FOSS IRC network, FreeNode, was hijacked (for lack of a better term) by someone who somehow got a hold of the privileges of Robert Levin, AKA lilo, the head honcho of FreeNode and its parent organization, PDPC. To make matters worse, the passwords of many users may have been compromised by someone posing as NickServ, the service that most clients are configured to send a password to upon connecting, while they reconnected to the servers that hadn't been killed. Of course, if someone was able to nab lilo's password, every user password may have been ripe for the taking. The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."

31 of 414 comments (clear)

  1. This is why I prefer the anarchy of efnet by Anonymous Coward · · Score: 5, Funny

    Even if someone hijacked it, who could ever tell the difference?

    1. Re:This is why I prefer the anarchy of efnet by ronz0o · · Score: 4, Insightful

      And it is the type of people like YOU that piss me off. "All hackers write viruses break stuff omgwtf." Chill out. I have found many security flaws, and reported them to the proper authorities. (Fashion Bug...ie, Charming Enterprises) Making it public like this is wrong, but it should have been done on a 1 to 1 basis. People DO listen when things like this may be compromised...

    2. Re:This is why I prefer the anarchy of efnet by IamTheRealMike · · Score: 5, Insightful

      In that case you are a hacker in the original sense of the word - a competent professional who Gets Things Done.

      The OP was complaining about "hackers" in the ZOMG HOLLYWOOD!! sense of the word, usually people who want the thrill of Beating The Man without actually having to do anything dangerous, like getting off their seats.

    3. Re:This is why I prefer the anarchy of efnet by jonoid · · Score: 5, Funny

      So, you consider yourself a hacker but you have a LiveJournal?!

    4. Re:This is why I prefer the anarchy of efnet by KiloByte · · Score: 4, Insightful

      No, it's idiots from Hollywood stealing our word and our name for nothing but an attempt to squash yet another penny from Joe Sixpack and soccer moms.
      Bill's henchmen waging a rabid campaign against us don't help, too.

      And remember: being a hacker doesn't mean you exploit security holes (for good or ill). It means that you employ a certain approach to programming/doing sysadmin tasks/solving physics problems/etc.

      Just because a majority of the mindless part of the society fails to understand a word, the word doesn't change its meaning.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    5. Re:This is why I prefer the anarchy of efnet by Lord+Ender · · Score: 5, Insightful

      Have you ever been 15? Everything is a game. Especially everything on the computer. 0wning this guy's chat server feels about the same as making a slam dunk right over a bigger defender's head, then joking about his mother. Just a game.

      At that age, kids have never had responsability, and so are unable to feel empathy for those who they are harming.

      I was an ornry teenager once, too. I recall sending ATH0 pings, sending OOB packets, mounting unprotected file shares, and feeling a thrill every time I one-upped these older, smarter people. The internet was just a Nintendo game to me.

      This kid, like the others, is no more of a jackass than any other kid his age. He will just grow out of it with time, like everyone else.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    6. Re:This is why I prefer the anarchy of efnet by Anonymous Coward · · Score: 5, Insightful

      At that age, kids have never had responsability, and so are unable to feel empathy for those who they are harming.

      Having responsibility and being able to feel empathy are two orthogonal things (their are plenty people with lots of responsibility and little or no empathy). And the ability to feel empathy (and to act upon it to a certain degree) comes a lot earlier than the age 15 for most people.

      This kid, like the others, is no more of a jackass than any other kid his age.

      What kind of silly overgeneralization is this? At 15, there were quite a few kids my age who weren't such assholes, and there were also some others who were. The latter were by far a minority in my case, although of course bullies always manage to get some following among the less strong-willed. I would at least never describe this sort of behaviour as "normal".

      He will just grow out of it with time, like everyone else.

      Probably, but not necessarily. Some people remain assholes all their life.

    7. Re:This is why I prefer the anarchy of efnet by shish · · Score: 4, Insightful
      No, it's "hackers" in the sense of the world that the vast majority of the world's population refers to it
      By that rule, the screen is "the computer", the big box to the side is "the hard drive", and the thing you stick CDs in is "the cup holder" :-/
      --
      I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  2. Password on IRC and you're worried? by garcia · · Score: 5, Insightful

    Ok, seriously, who here uses an important password on Freenode (or any IRC network) for NickServ? I certainly don't. Hell, my Slashdot password is more important than the one I use on IRC and the one I use here isn't even that secure...

    I have no sympathy for someone that has an "at risk" password on IRC.

  3. yeah well by scenestar · · Score: 4, Insightful

    *Don't auto ident during connect
    *Don't use multiple passwords
    *Change password after someone got ahold of it
    *Realise that it's just a goddamn nickname

    --
    perpetually dwelling in the -1 pits
    1. Re:yeah well by A.K.A_Magnet · · Score: 4, Informative
      *Don't auto ident during connect
      And if you auto-identify in your perform, do something like : /identify *pass* which is a server-side macro for "PRIVMSG NickServ@<services-fakeserver-hostname> :password".

      The IRC protocol allows to send messages to Nick@server (means "send a message to 'Nick' if and only if he's on 'server'"), so you can do the same with services. Then if the Nickserv nickname is hijacked, it won't matter, because the services "fake server" cannot be hijacked without knowledge of hub configuration (C/N lines) and if ever it happens, IRC admins/opers will notice (that's not something you can't miss).

      So either choose the macro (/identify) or the whole command. Or identify manually :)
  4. ircd's and security by proudhawk · · Score: 5, Insightful

    I am more that familiar with ircd and security
    (having run a server network for better than 5 years).

    Rule #1, the admin password is NEVER stored in nickserv.
    anyone who does this deserves whatever it is they get!

    its better to mod the conf file and do a command rehash
    from the cli.

    --
    Understanding is much like a 3-edged-sword. in this: there are always 2 sides and the truth.
  5. Explaining the jargon... by kaden · · Score: 4, Funny

    FOSS = Free and Open Source Software, in case anyone was wondering...

    1. Re:Explaining the jargon... by leenks · · Score: 5, Funny

      You seriously felt the need to post that on Slashdot? :o

    2. Re:Explaining the jargon... by capiCrimm · · Score: 5, Funny

      Slashdot is a popular technology-news website that can be found at slashdot.org. Just incase anyone was wondering.

    3. Re:Explaining the jargon... by A.K.A_Magnet · · Score: 5, Insightful
      After all, we aren't smarter-than-thou elitists at Slashdot, are we?
      Yes we are! :) And proud of it. I understand there was some irony in your comment, but it makes me think of something else.

      Something I hate on Digg is how in each thread of discussion someone feels obliged to explain everything (and how lame stories like "a super set of icons", "learning to program", etc. are posted). And why that?

      The cost of joining Digg is null. You join, you digg, you reply. That's how 14 years old are now ruling Digg (while it was originally populated with slashdotters and other tech-oriented websites readers). That's Digg so-called "democracy" (except, in democracy, one is supposed [only supposed] to be mature before voting, that's why there's a minimal age, which unfortunately cannot be implemented on Digg; something great would be "you can choose up to 20 domains of expertise, can change only one every two weeks or month, and you can vote only on stories regarding your level of expertise". Plus some incentive to only have one (1) account).

      Joining Slashdot is free, but there's a cost when you join: you're eaten alive by grammar and spelling nazis if you don't post correctly, you're eaten alive by an "expert" if you say something technically wrong, you receive negative mod points and get ignored, etc. That's why there are so many accounts and so few posters. And that's how Slashdot has been able to remain readable. I was no newbie when I first start reading Slashdot, but not being a newbie I already knew that you have to understand the subculture and the community first before participating (the same goes for IRC). So I actually registered and became myself a slashdotter years later. Most Diggers are newbies. That's why Digg is good for fresh news and lame for comments, while Slashdot is good for comments (but lame for fresh news). Because we're smarter-than-thou elitists.
    4. Re:Explaining the jargon... by EnsilZah · · Score: 5, Informative

      This really should have been moded informative, people need to work on their sense of meta-humour. =\

  6. spam by Punto · · Score: 5, Funny

    o noes, If someone got a hold of lilo's password, they could start spamming the users with useless server-wide notices nobody cares about!!1!

    --

    --
    Stay tuned for some shock and awe coming right up after this messages!

  7. But I Thought Information WANTED to Be Free? by RobotRunAmok · · Score: 4, Funny

    D00d...?

    I say we strip the DRM from all passwords! Down With Evil Password IP!!

    Who's with me?

    OK, compromise: Everytime we use your password, we promise to give you credit and link to your blog. Deal?

    Face it, until people start making passwords available for a fair price in all nations everywhere, this kind of piracy will be rampant...

  8. The IRCD could have helped with some of that... by SailorFrag · · Score: 4, Insightful

    As an admin on another IRC network, I'm actually quite surprised that the ircd would let someone take the nick nickserv... or at least, if it's permitted to happen, that there isn't some alternate authentication mechanism that guarantees it only goes to a legitimate recipient (i.e. /nickserv or /msg nickserv@services.ircnetwork.net or whatever). Fortunately, my password on there is intentionally weak.

    On the other hand, I understand what it's like to have compromised servers on the IRC network. I wish them the best in their efforts to get things working smoothly again. Tracking down the culprits can be exceedingly hard and time intensive, and reloading rooted servers is never fun.

  9. I was there. by Avillia · · Score: 5, Interesting

    Mass delinking.
    Mass throttling.
    Mass glining and killing.
    Mass notices of DCC SEND.
    GNAA denying fault.
    Bantown claiming fault.
    The hilarity of not being auto-removed from #wikipedia thanks to a lack of ChanServ.
    Having up to 20 variations of one persons name.
    Lilo being killed off with a hilarious message.
    And the topic wars...

    Good times.

  10. Re:So Levin is just another "peer"? by ZoFreX · · Score: 4, Insightful

    You may not know how right you are, I've been calling Freenode "Animal Farm" for weeks - Patrick McFarland (a.k.a. Diablo-D3) has been highlighting some of what's wrong with freenode and in doing so has become their "snowball" - he is literally blamed for everything that goes wrong on freenode, including the recent torbot attacks and no doubt this most recent one as well.

  11. What questions? by supabeast! · · Score: 5, Funny

    "The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."

    I don't think that there have been any questions about the security of anything involving IRC for a long time. Everyone with half a brain knows that IRC is a cesspool of hackers, phreakers, crackers, and script-kiddies just looking to stir up shit.

  12. Re:Good Riddance by SailorFrag · · Score: 4, Informative

    I was going to suggest something along those lines, but if you think about it... if the services database were compromised, even if there's hashing, then everyone's passwords might get out anyway. I don't think anything actually implied that they're stored plaintext.

    I hope not, at least.

  13. Re:Good Riddance by Sinbios · · Score: 4, Insightful

    I'm pretty sure the idea is that they replaced NickServ with something else that intercepts the passwords when users tried to identify.

    --
    Anyone can "stand up for what they believe", but it takes a very brave individual to change what they believe. - Loundry
  14. Nickserv passwords. by me22 · · Score: 4, Insightful

    It says "the passwords of many users may have been compromised by someone posing as NickServ".

    This doesn't mean that someone found a plaintext list of all the passwords. If you want to find out if there even is one, then download the source code for hyperion and look for yourself.

    What it does suggest is that someone /nick'ed to NickServ and consequently could see all the passwords of people joining then they were /msd'ed.

  15. WTF by Anonymous Coward · · Score: 4, Insightful

    If this had happened to a Microsoft Server the comments would be off the wall about how this PROVES BEYOND DOUBT THAT WINDOWS REALLY SUCKS. (Bold characters intended to fool moderation drones). The hypocrisy on Slashdot is incredible.

  16. Uh oh. by SwartKrans · · Score: 5, Funny

    Oh no! Someone stole my Freenode password! Now they can login and have no control over anything!

  17. My thoughts.. by paulmer2003 · · Score: 4, Insightful
    People should not use /msg nickserv pass on connect. They should be using scripts that check that nickserv is on a certain server (services.int, services.* etc etc) and its hostname matches.The IRC server should also have *serv juped/qlined so nobody can set their nick to *serv.
    Of course, if someone was able to nab lilo's password, every user password may have been ripe for the taking.
    What im wondering is, WHY THE FUCK ISNT HIS O:LINE IP RESTRICTED? Did he use one password for both the ircd ssh and his operline (if they were the same hacker could add himself a oline or add his ip to his oline..)? Either way, hes a moron.
    The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."
    Not really. If he had his shit setup correctly this would have never happened in the first place.
    1. Re:My thoughts.. by nenolod · · Score: 5, Informative

      Hi! I used to be freenode staff, and I figured I would comment on this.

      You obviously have no idea how freenode's infrastructure is managed -- the infrastucture isn't a land of ZOMG I BOUGHT SHELLZ FROM SHELLFX.NET garbage. Most of these servers exist solely to host freenode, do not use ssh passwords (instead private keys are used), and do not use the same passwords as lilo's o:line password.

      The fact is that they rooted servers close to freenode servers (i.e., on the same switch); then used ettercap to sniff o:line passwords. This was exacerbated by the fact that o:lines are (NOT masked *@*, but masked ?=levin@*), so basically all that had to be done was use the username levin, and boom you're opered up.

      That is what the issue is, the o:lines are insecure masked. Nothing more.

      HOWEVER, since they were sniffing, it is possible that they may have lifted services passwords as well -- people should probably change them. Then again, how do you know that they still aren't sniffing. Quite simply, nobody except the people behind this know.

      Also, the group freenode is dealing with is known as Bantown, which has a reputation of causing whatever hell they wish wherever they feel like doing so. So no, none of what you said is truly relevant, as this group is a tad more unpleasant than the GNAA is. Infact the GNAA is a bunch of nice guys in comparison to Bantown.

  18. It goes to lilo by a16 · · Score: 4, Insightful

    The money goes 100% to Lilo. *All* of their servers and hardware are donated. I believe they may pay for their web server, but even then, that's $99/month max?

    This is what annoys me most about Lilo's "donation" pledges - he has set up a non-profit organisation with himself as the only paid employee, and receives thousands in donations yearly which all go to him. Oh, and "supplies", which of course are used by the only employee of the organisation. Yet he doesn't make this clear, at all. I believe most people genuinely think they are donating to the network, not the guy who sits there all day running it.

    Lets also not forget his latest project, for us to all pay off his debt and buy him a new trailer to live in. Seriously, I'm not joking.

    Freenode really, really needs new leadership, fast. Something not controlled by one person, or even if it is, someone competent would be a nice change :)