Warning. Do not drink and read this at the same time. Your keyboard and screen are not safe. Cheers, RAH ------- <http://www.nytimes.com/2004/05/06/technology/circuits/06chat.html?pagewanted=print&position=> The New York Times May 6, 2004 The Internet's Wilder Side By SETH SCHIESEL T was just another Wednesday on the sprawling Internet chat-room network known as I.R.C. In a room called Prime-Tyme-Movies, users offered free pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.'' In the DDO-Matrix channel, illegal copies of Microsoft's Windows software and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for downloading. In other chat rooms yesterday, whole albums of free MP3's were hawked with blaring capital letters. And in a far less obtrusive channel, a hacker may well have been checking his progress of hacking into the computers of unsuspecting Internet users. Even as much of the Internet has come to resemble a pleasant, well-policed suburb, a little-known neighborhood known as Internet Relay Chat remains the Wild West. While copyright holders and law enforcement agencies take aim at their adversaries on Web sites and peer-to-peer file-sharing networks like Napster, I.R.C. remains the place where people with something to hide go to do business. Probably no more than 500,000 people are using I.R.C. worldwide at any time, and many of them are engaged in legitimate activities, network administrators say. Yet that pirated copy of Microsoft Office or Norton Utilities that turns up on a home-burned CD-ROM may well have originated on I.R.C. And the Internet viruses and "denial of service'' attacks that periodically make news generally get their start there, too. This week, the network's chat rooms were abuzz with what seemed like informed chatter about the Sasser worm, which infected hundreds of thousands of computers over the weekend. "I.R.C. is where you are going to find your 'elite' level pirates,'' said John R. Wolfe, director for enforcement at the Business Software Alliance, a trade group that fights software piracy. "If they were only associating with each other and inbreeding, maybe we could coexist alongside them. But it doesn't work that way. What they're doing on I.R.C. has a way of permeating into mainstream piracy.'' Two weeks ago, the F.B.I., in conjunction with law enforcement agencies in 10 foreign countries, announced an operation called Fastlink, aimed at shutting down the activities of almost 100 people suspected of helping operate illegal software vaults on the Internet. The pirated copies of music, films, games and other software were generally distributed using a separate Internet file-transfer system, said a Justice Department spokesman, but the actual pirates generally used I.R.C. to communicate and coordinate with one another. "The groups targeted as part of Fastlink are alleged to have used I.R.C. to have committed their crimes, like almost all other warez groups,'' the spokesman, Michael Kulstad, said in a telephone interview. Warez, pronounced like wares, is techie slang for illegally copied software. When I.R.C. started in the 1980's, it was best known as a way for serious computer professionals worldwide to communicate in real time. It is still possible - though sometimes a bit difficult - to find mature technical discussions among the tens of thousands of I.R.C. chat rooms, known as channels, operating at any one time. There are also respectable I.R.C. systems and channels - some operated by universities or Internet service providers - for gamers seeking opponents or those who want to talk about sports or hobbies. Still, I.R.C. perhaps most closely resembles the cantina scene in "Star Wars'': a louche hangout of digital smugglers, pirates, curiosity seekers and the people who love them (or hunt them). There seem to be I.R.C. channels dedicated to every sexual fetish, and I.R.C. users speculate that terrorists also use the networks to communicate in relative obscurity. Yet I.R.C. has its advocates, who point to its legitimate uses. "I.R.C. is where all of the kids come on and go nuts,'' William A. Bierman, a college student in Hawaii who helps develop I.R.C. server software and who is known online as billy-jon, said in a telephone interview. "All of the attention I.R.C. has gotten over the years has been because it's a haven for criminals, which is a very one-sided view. "The whole idea behind I.R.C. is freedom of speech. There is really no structure on the Internet for policing I.R.C., and there are intentionally no rules. Obviously you're not allowed to hack the Pentagon, but there are no rules like 'You can't say this' or 'You can't do that.' " It is almost impossible to determine exactly how many people use I.R.C. and what they use it for, because it takes only some basic technical know-how to run an I.R.C. server. Because it is generally a text-only medium, it does not require high-capacity Internet connections, making it relatively easy to run a private I.R.C. server from home. Some Internet experts believe that child pornography rings sometimes use their own private, password-protected I.R.C. servers. Particularly wary users can try to hide their identity by logging in to I.R.C. servers only through intermediary computers. There are, however, scores of public I.R.C. networks, like DALnet, EFNet and Undernet. Each typically ties together dozens of individual chat servers that may handle thousands of individual users each. "We're seeing progressively more and more people coming onto the network every year,'' said Rob Mosher, known online as nyt (for knight), who runs a server in the EFNet network. "As more and more people get broadband, they are moving away from AOL and they still want to have chat.'' For end users, using I.R.C. is relatively simple. First, the user downloads an I.R.C. client program (in the same way that Internet Explorer is a Web client program and Eudora is an e-mail client program). There are a number of I.R.C. clients available, but perhaps the most popular is a Windows shareware program known as mIRC (www.mirc.com). When users run the I.R.C. program, they can choose among dozens of public networks. Within a given network, it does not really matter which individual server one uses. Alternately, if users know the Internet address of a private server, they can type in that address. Once logged in to a public server, the user can generate a list of thousands of available channels. On an unmoderated network, the most popular channels are often dedicated to trading music, films and software. That is because in addition to supporting text-only chat rooms, I.R.C. allows a user to send a file directly to another user without clogging the main server. That capability has a lot of legitimate uses for transferring big files that would be rejected by an e-mail system. Want to send your brother across the country a digital copy of your home movie without burning a disc and putting it in the mailbox? The file-transfer capability in I.R.C. may be the most convenient way. Naturally, that file-transfer capability also has a lot of less legitimate uses. Advanced I.R.C. pirates automate the distribution of illegally copied material so that when a user sends a private message, the requested file is sent automatically. It is fairly common on I.R.C. for such a system to send out hundreds or even thousands of copies of the same file (like a music album or a pirated copy of Windows) over a few weeks. An official from the Recording Industry Association of America said that some hackers even obtain albums that have been recorded but not yet released. "Quite often, once they get their hands on a prerelease, they will use I.R.C. as the first distribution before it goes out into the wider Internet,'' Brad A. Buckles, the association's executive vice president for antipiracy efforts, said in a telephone interview. But perhaps the most disruptive use of I.R.C. is as a haven and communications medium for those who release viruses or try to disable Web sites and other Internet servers. In some ways, the biggest problem is Microsoft Windows itself. Windows has holes that can allow a hacker to install almost anything on a computer that lacks a protective program or device called a firewall. Users' vulnerability can be compounded if they have not installed the latest patches from Microsoft. Hackers scan through millions of possible Internet addresses looking for those unprotected computers and then use them to initiate coordinated "denial of service'' attacks, which flood the target machine (say, a Web site) with thousands or millions of spurious requests. In all of the noise, legitimate users find the target site unavailable. How can a hacker direct his army of compromised drones to the target of the day? Through I.R.C. "Each time it breaks into a new computer and turns it into a drone, the program copies itself and proceeds to keep scanning, and so very quickly you can have a very large number of drones,'' Mr. Bierman said, adding that a worm may well include a small custom-made I.R.C. client. "Then all of the drones connect to I.R.C. and go into one channel made especially for them. Then the runner can give commands to all of those drones.'' Chris Behrens, an I.R.C. software developer in Arizona known online as Comstud, said: "It's amazing how many machines at home are hacked or have been exploited in some way. We have seen 10,000 hacked machines connect to I.R.C. at one time, and they all go park themselves in a channel somewhere so someone can come along and tell them who to attack.'' Mr. Bierman and other I.R.C. developers and administrators said that they were contacted by federal law enforcement officials fairly often. Mr. Bierman said that he sometimes cooperated in helping the government track down specific people using I.R.C. to wage major attacks. He added, however, that he had refused government officials' requests to build a back door into his I.R.C. software that would allow agents to monitor I.R.C. more easily. "Basically the F.B.I. is interested in the best way to monitor the traffic,'' Mr. Bierman said. Mr. Kulstad of the Justice Department declined to comment on its specific contacts with the I.R.C. community. Mr. Bierman and other I.R.C. administrators said that in addition to their free-speech concerns, they were also reluctant to confront hackers, because angry hackers often turn their drones against I.R.C. servers themselves. Mr. Mosher echoed other I.R.C. administrators in saying that attempts to regulate the shady dealings online were doomed to failure. "Look, if we find one channel and close it, they move to another,'' he said. "It's been like this for years. You can't really stop it.'' -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'