The Internet's Wilder Side

[R. A. Hettinga]

Warning. Do not drink and read this at the same time. Your keyboard and
screen are not safe.

Cheers,
RAH
-------

<http://www.nytimes.com/2004/05/06/technology/circuits/06chat.html?pagewanted=print&position=>

The New York Times

May 6, 2004

The Internet's Wilder Side
By SETH SCHIESEL

T was just another Wednesday on the sprawling Internet chat-room network
known as I.R.C. In a room called Prime-Tyme-Movies, users offered free
pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.''
In the DDO-Matrix channel, illegal copies of  Microsoft's Windows software
and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for
downloading. In other chat rooms yesterday, whole albums of free MP3's were
hawked with blaring capital letters. And in a far less obtrusive channel, a
hacker may well have been checking his progress of hacking into the
computers of unsuspecting Internet users.

 Even as much of the Internet has come to resemble a pleasant, well-policed
suburb, a little-known neighborhood known as Internet Relay Chat remains
the Wild West. While copyright holders and law enforcement agencies take
aim at their adversaries on Web sites and peer-to-peer file-sharing
networks like Napster, I.R.C. remains the place where people with something
to hide go to do business.

 Probably no more than 500,000 people are using I.R.C. worldwide at any
time, and many of them are engaged in legitimate activities, network
administrators say. Yet that pirated copy of Microsoft Office or Norton
Utilities that turns up on a home-burned CD-ROM may well have originated on
I.R.C. And the Internet viruses and "denial of service'' attacks that
periodically make news generally get their start there, too. This week, the
network's chat rooms were abuzz with what seemed like informed chatter
about the Sasser worm, which infected hundreds of thousands of computers
over the weekend.

"I.R.C. is where you are going to find your 'elite' level pirates,'' said
John R. Wolfe, director for enforcement at the Business Software Alliance,
a trade group that fights software piracy. "If they were only associating
with each other and inbreeding, maybe we could coexist alongside them. But
it doesn't work that way. What they're doing on I.R.C. has a way of
permeating into mainstream piracy.''

Two weeks ago, the F.B.I., in conjunction with law enforcement agencies in
10 foreign countries, announced an operation called Fastlink, aimed at
shutting down the activities of almost 100 people suspected of helping
operate illegal software vaults on the Internet. The pirated copies of
music, films, games and other software were generally distributed using a
separate Internet file-transfer system, said a Justice Department
spokesman, but the actual pirates generally used I.R.C. to communicate and
coordinate with one another.

"The groups targeted as part of Fastlink are alleged to have used I.R.C. to
have committed their crimes, like almost all other warez groups,'' the
spokesman, Michael Kulstad, said in a telephone interview. Warez,
pronounced like wares, is techie slang for illegally copied software.

When I.R.C. started in the 1980's, it was best known as a way for serious
computer professionals worldwide to communicate in real time. It is still
possible - though sometimes a bit difficult - to find mature technical
discussions among the tens of thousands of I.R.C. chat rooms, known as
channels, operating at any one time. There are also respectable I.R.C.
systems and channels - some operated by universities or Internet service
providers - for gamers seeking opponents or those who want to talk about
sports or hobbies.

Still, I.R.C. perhaps most closely resembles the cantina scene in "Star
Wars'': a louche hangout of digital smugglers, pirates, curiosity seekers
and the people who love them (or hunt them). There seem to be I.R.C.
channels dedicated to every sexual fetish, and I.R.C. users speculate that
terrorists also use the networks to communicate in relative obscurity. Yet
I.R.C. has its advocates, who point to its legitimate uses.

"I.R.C. is where all of the kids come on and go nuts,'' William A. Bierman,
a college student in Hawaii who helps develop I.R.C. server software and
who is known online as billy-jon, said in a telephone interview. "All of
the attention I.R.C. has gotten over the years has been because it's a
haven for criminals, which is a very one-sided view.

 "The whole idea behind I.R.C. is freedom of speech. There is really no
structure on the Internet for policing I.R.C., and there are intentionally
no rules. Obviously you're not allowed to hack the Pentagon, but there are
no rules like 'You can't say this' or 'You can't do that.' "

It is almost impossible to determine exactly how many people use I.R.C. and
what they use it for, because it takes only some basic technical know-how
to run an I.R.C. server. Because it is generally a text-only medium, it
does not require high-capacity Internet connections, making it relatively
easy to run a private I.R.C. server from home.

Some Internet experts believe that child pornography rings sometimes use
their own private, password-protected I.R.C. servers. Particularly wary
users can try to hide their identity by logging in to I.R.C. servers only
through intermediary computers. There are, however, scores of public I.R.C.
networks, like DALnet, EFNet and Undernet. Each typically ties together
dozens of individual chat servers that may handle thousands of individual
users each.

 "We're seeing progressively more and more people coming onto the network
every year,'' said Rob Mosher, known online as nyt (for knight), who runs a
server in the EFNet network. "As more and more people get broadband, they
are moving away from AOL and they still want to have chat.''

For end users, using I.R.C. is relatively simple. First, the user downloads
an I.R.C. client program (in the same way that Internet Explorer is a Web
client program and Eudora is an e-mail client program). There are a number
of I.R.C. clients available, but perhaps the most popular is a Windows
shareware program known as mIRC (www.mirc.com).

When users run the I.R.C. program, they can choose among dozens of public
networks. Within a given network, it does not really matter which
individual server one uses. Alternately, if users know the Internet address
of a private server, they can type in that address. Once logged in to a
public server, the user can generate a list of thousands of available
channels. On an unmoderated network, the most popular channels are often
dedicated to trading music, films and software.

That is because in addition to supporting text-only chat rooms, I.R.C.
allows a user to send a file directly to another user without clogging the
main server.

 That capability has a lot of legitimate uses for transferring big files
that would be rejected by an e-mail system. Want to send your brother
across the country a digital copy of your home movie without burning a disc
and putting it in the mailbox? The file-transfer capability in I.R.C. may
be the most convenient way.

Naturally, that file-transfer capability also has a lot of less legitimate
uses. Advanced I.R.C. pirates automate the distribution of illegally copied
material so that when a user sends a private message, the requested file is
sent automatically. It is fairly common on I.R.C. for such a system to send
out hundreds or even thousands of copies of the same file (like a music
album or a pirated copy of Windows) over a few weeks.

 An official from the Recording Industry Association of America said that
some hackers even obtain albums that have been recorded but not yet
released. "Quite often, once they get their hands on a prerelease, they
will use I.R.C. as the first distribution before it goes out into the wider
Internet,'' Brad A. Buckles, the association's executive vice president for
antipiracy efforts, said in a telephone interview.

But perhaps the most disruptive use of I.R.C. is as a haven and
communications medium for those who release viruses or try to disable Web
sites and other Internet servers.

In some ways, the biggest problem is Microsoft Windows itself. Windows has
holes that can allow a hacker to install almost anything on a computer that
lacks a protective program or device called a firewall. Users'
vulnerability can be compounded if they have not installed the latest
patches from Microsoft.

Hackers scan through millions of possible Internet addresses looking for
those unprotected computers and then use them to initiate coordinated
"denial of service'' attacks, which flood the target machine (say, a Web
site) with thousands or millions of spurious requests. In all of the noise,
legitimate users find the target site unavailable.

How can a hacker direct his army of compromised drones to the target of the
day? Through I.R.C.

"Each time it breaks into a new computer and turns it into a drone, the
program copies itself and proceeds to keep scanning, and so very quickly
you can have a very large number of drones,'' Mr. Bierman said, adding that
a worm may well include a small custom-made I.R.C. client. "Then all of the
drones connect to I.R.C. and go into one channel made especially for them.
Then the runner can give commands to all of those drones.''

Chris Behrens, an I.R.C. software developer in Arizona known online as
Comstud, said: "It's amazing how many machines at home are hacked or have
been exploited in some way. We have seen 10,000 hacked machines connect to
I.R.C. at one time, and they all go park themselves in a channel somewhere
so someone can come along and tell them who to attack.''

Mr. Bierman and other I.R.C. developers and administrators said that they
were contacted by federal law enforcement officials fairly often. Mr.
Bierman said that he sometimes cooperated in helping the government track
down specific people using I.R.C. to wage major attacks. He added, however,
that he had refused government officials' requests to build a back door
into his I.R.C. software that would allow agents to monitor I.R.C. more
easily.

"Basically the F.B.I. is interested in the best way to monitor the
traffic,'' Mr. Bierman said.

 Mr. Kulstad of the Justice Department declined to comment on its specific
contacts with the I.R.C. community.

Mr. Bierman and other I.R.C. administrators said that in addition to their
free-speech concerns, they were also reluctant to confront hackers, because
angry hackers often turn their drones against I.R.C. servers themselves.

Mr. Mosher echoed other I.R.C. administrators in saying that attempts to
regulate the shady dealings online were doomed to failure.

"Look, if we find one channel and close it, they move to another,'' he
said. "It's been like this for years. You can't really stop it.''


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'