IRC Networks Under Systematic Attack From Governments

"It seems very likely that they're getting the same government treatment as Quakenet" is not a conclusion that can be drawn from this blog post or the leak. My understanding based on what I read is that "Anon IRC" is on its own network and QuakeNet has nothing to do with anything except apparently relishing any opportunity to publish a political op-ed. IRC servers (and their users) have been DDOSed from the dawn of time by anyone and everyone.

To put it another way - when a body is found in the woods, you don't instantly jump to the conclusion that it must have been government drones because the government is using drones to kill people in Yemen.

Most DDoS attacks directed at IRC networks are not government related. IRC networks have a long and proud history of being one of the most DDoS-prone targets on the internet.

That's not at all a given. I distinctly recall, for instance, DALnet being the target of crippling DDoS attacks ~15 years ago. IRC servers are incredibly vulnerable in this particular regard.

IRC has been so DDOS prone for 20 years or so that many hosting providers explicitly disallow IRC clients or servers. No need to jump to conclusions.

Just exactly what purpose would the government be serving by DDoS'ing freenode? I would think if they wanted to spy on us they would want the servers up and running and everyone able to connect so they can monitor. Killing the servers just disconnects everyone and if they continue to do it people will find other places, likely more than 1.

>Given that Freenode hosts channels for many open source projects, these attacks aren't just annoying bystanders, they're potentially affecting the progress of our technology.

As if governments could care less...

Some Minecraft servers I know have been getting DDoSed too. I wonder if they are using IRC for the chat backend, and if that is just getting his by these same things?

There's no suggestion in that blog post that the security agencies have indulged in DDOS attacks.

so we've had a solution to the credential sniffing for 10+ years: our services support AUTH via something very similar to CRAM-MD5.

with that out of the way: you've missed the main point, and that is that it's really really hard (I would use the word impossible but I'm not 100% certain) to secure multiuser chat.

the sheer number of places that could be compromised is so high, that offering a 'secure connection' (which users associate with actually secure online commerce) is dangerously misleading.

we understand the threat model very well, and we recommend that you shouldn't trust us to secure your communications, and suggest something like fish instead.

IRC is also used as command and control for a lot of malware.

Bot-net owners can be disrupted if they can't access the channels their compromised machines are connecting to.

This isn't much different then many other things governments do, like the war on drugs for example.

humour* ;)

we believe it's better to not have it than to do it badly.

the other way to do it would be like freenode: do it quickly without understanding the risks... they used the same SSL cert for every ircd, then they got hacked, and with no PFS, all their past SSL'ed IRC is now effectively in the clear.

we are now actively working on the problem for server links, but ultimately believe that having ssl for client connections at this moment in time adds little value: https://www.quakenet.org/articles/99-trust-is-not-transitive...

It's unfortunately also very CPU intensive which is a big problem for IRC networks which handle stupid numbers of connections at the same time.

It saddens me to think that I once applied and actually wanted to work for GCHQ. Fortunately they told me to "come back when you've graduated" and that was enough time for me to come to my senses.

> Who would work for a government agency like the NSA or GCHQ?

At this point, I think they only hire psychopaths.

According to the leaked documents, denial of the targeted users to communicate with each other.

Basically, jamming communications between internet terrorists / freedom fighters (depending on your stance on the matter)

Telling their boss that they did something.

DDoS has also been used to cause netsplits, which can then be exploited to gain access to private rooms.

They wanted to stop AnonOps from enabling the planning and execution of Anonymous operations. They bragged that a month after "rolling thunder" that the same nicknames/operations weren't there anymore. It's hardly effective, mostly childish.

QuakeNet makes it trivial for a user to hide their IP from other users on the network. If you are registered with Q (a network service) and set mode +x on yourself, you will now have the host username.users.quakenet.org.

/whois doesn't work if you are cloaking your hostname or just connect via tor/vpn or just some random place. Probably easier to just target the central node.

"inject TCP FIN packets"? really?? that would be like making a public statement saying "HI WE ARE THE NSA FUCK YOUR INTERNETS"

Sorry but no, that's not the way they do it....

Even assuming there would have been a valid reason for law enforcement to disrupt the communications of those individuals, how could an intelligence agency be justified in doing so?

It is unlikely that "overly eager teenagers" are doing anything other than playing around or engaging in raw, unbacked braggadocio, as is especially the way of the male teenager. It is unlikely that targeting these users, shutting them down, or prosecuting and convicting them will do anything to enhance security, but it will cost the government money, incur an opportunity cost as these resources are wasted while more reasonable (if less sexy) things that might actually have a positive effect are left undone, and, oh, last and most assuredly least from the government's point of view, it may destroy young lives which were quite likely on a track to be otherwise quite productive, computer-savvy citizens. (How many people here can tell tales of early, somewhat-less-than-legal activities before they became productive members of the computer world?)

I've phrased it with "probably"s on purpose; every once in a while a teenager will manage to escalate to the "true threat" level. However I think it is likely such a teen will either A: tend to show up by other, more practical measures or B: slip through a crack regardless; it doesn't justify harassing relatively innocent and frankly naive users, for what is probably little more than the purpose of padding numbers to make your enforcement look good by going for cheap, easy targets, regardless of whether that's good for anybody else.

It's more of a play on 'juvenile behavior', as in, Anonymous DDOSes whoever they don't agree with under the pretense of 'FREEDOM!11ONE' or whatever. Speaking of low.

No, nobody can easily know this - Quakenet's probably still the target of DDoS.

Aren't we getting to the point where we more or less must assume that these kind of things happens? I mean, taking into account all the news we have seen during the past, err, year :-)

Tor allows for rampant abuse and is problematic to prevent. Many IRC networks ban it due to this.

However, the solution is to make it so if you want to use Tor on an existing that you instead connect via a hidden service address, allowing the IRCd to mark you as a Tor user and then allow channels to stem abuse.

we actually don't, the only thing tor specific we do is set to their host to something along the lines of 11223344.tor.gateway.quakenet.org.

OTOH a lot of people do naughty things through tor (e.g. mass flooding) and get caught automatically by the network services, resulting in a large %age of tor hosts being banned for short periods.

Server-Server and Servier-Client SSL is a thing for IRC. Of course if you operate one of the servers then you naturally see everything that goes through it. Any anybody in the same channel sees everything in that channel, since that is the point of IRC.

IRC clients typically also support DCC, though I am unaware of what the encryption options there are. There are are other forms of encrypted "IMing" however, if you want secure peer-to-peer text chat you should probably look outside what irssi has to offer.

I'm not really clear how you would encrypt an IRC network? Its very nature is one of wide dissemination.

You can use FiSH, but that's really mostly for one to one communication in which both parties are trusted. I suppose you could use it for group chat, but it would become harder and harder the more people that were added (what happens if you trust all of them, but two of them don't trust each other and so on). There are plenty of good options for encrypting real time communication.

Encrypting group chat is a much more challenging issue and one could argue it goes against the whole spirit of IRC.

It's sort of not readable on my desktop, the lines extend off the browser. In Firefox I View/PageStyle/NoStyle. Is anything like that implemented on mobile browsers?

>Agencies go after anon because of the actual criminal activity.

Where is the due process? There isn't any. Please tell me which actual crimes that some Anons have committed whose consequences are so critical that it justifies the abandonment of longstanding principles of fair governance, and military action to sabotage IRC operations in order to halt the occurrence of said crimes.