– IRC News

All about Internet Relay Chat

Cracker Creates Havoc at Freenode

Last Saturday a user who was using the nick ratbert has been creating havoc after he gained the password of Freenode’s admin Robert Levin, aka lilo.

Once gained access he kill’ed and klined staff of the network, delinked servers and send out a global notice and attempted to abuse a mIRC DCC exploit.

-ratbert- I am a fat asshole, who loves abuse, die


Eventually, also network owner lilo was killed by ratbert; * lilo has quit (Killed by ratbert (die ))

Once reconnected, lilo sent out the following global notice: -lilo- Hi all. As you may be aware, freenode has experienced a crack attack and we’re working on tracking down the details. At this point, we cannot guarantee that more problems will not occur.

Since then several security related questions have raised that remain to be answered. How was a user able to gain lilo’s password, and how come his access is not additionally protected by a specific hostmask?

At first users were afraid the attacker got hold of a substantial amount of private data from users, such as passwords. This turned out to be quite minimal however, confined to a series of new registrations at NickServ during the attack. Freenode admin HedgeMage explains: “We believe that <25 nickserv passwords were compromised during a limited window, but all concerned individuals are encouraged to change their nickserv passwords just in case.”

Although Freenode has a list of people they suspect being responsible for the attack, they do not want to release too much information on that as it might influence near future investigations. “We are not releasing our suspect list, but we have some reasons to expect that bantown or GNAA may have been involved”, according to Freenode admin HedgeMage.

Users from GNAA (the “world-famous trolling organization” quoted from their website) have been interrupting a session held by Freenode to answer some questions from its users.

IRC-Junkie has been trying to contact Freenode with additional questions but received no reply so far.

Thanks to upinsmoke for the tip.

DDoS'er Convicted to 5 Years Jail

Jeanson James Ancheta, 20, of Downey, California, of which we reported about his arrest here, and him pleading guilty here, has heard his sentence from United States District Judge R. Gary Klausner in Los Angeles.

Judge Klausner, who characterized Ancheta’s crimes as “extensive, serious and sophisticated,” has sentenced him to 57 months in jail. After he completes his jail time, he will serve three years of supervised release. In this time his access to computers and the Internet will be limited. He will also have to pay 15000$ USD damages to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, and all his profits from the activities including a BMW have been forfeited.

Judge Klausner concluded the sentence with saying to Ancheta that “… your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this.”

Ancheta hired out his botnet to people who used it for example to perform DDoS attacks. He also made approximately 60000$ USD by having the compromised machines installing adware. He also caused damage in several Ministry of Defense computers.

The sentence Ancheta received has been the longest sentence ever for distributing computer viruses.

British Research Shows 300 to 400 Creditcard Sales a Night

British newspaper The Times had done a research on the sale of illegal creditcard information of British citizens.

According to The Times between 300 and 400 creditcard numbers are sold each night of British citizens. It is mostly gangs from Eastern Europe and South East Asia who are involved in this type of criminality.

The gangs use IRC channels to sell the information. A creditcard number is worth 1$ and a creditcard number together with the security number is worth between 3$ and 5$.

The creditcard information is usually obtained by compromising websites where customers have used their creditcards to pay.

Australian Man Charged with DDoS to IRC Networks

A 22 year-old man from Victoria, Australia has been arrested in Melbourne yesterday. He has been charged with several DDoS attacks which includes attacks he performed towards IRC Networks.

It was inititally the Belgian police who tipped the Australian police about the man. But also ISPs in United States, Singapore and Austria were affected by the DDoS which took place from botnets.

“Bots and bot networks continue to be of concern and are linked … to a range of other malicious activity including identity theft and spam,” said Mr Zuccato, from the Australian High Tech Crime Centre.

The maximum penalty for this type of offense in Australia is 10 years in prison.

Person Spreading Trojans Over IRC Arrested

Lately a wave of arrests have been made regarding people using DDoS, and today a press release has been made regarding the arrest of 30 year-old Richard C. Honour, nicknamed Fyle/Anatoly from Seattle.

Honour is believed to have coded and then spread trojans over IRC. Infected PCs were supplying Honour with information such as online banking and other identity and privacy sensitive data.

“This name is not just familiar with DarkMyst, but throughout the IRC community” said Ryan, admin on DarkMyst in a reaction to IRC-Junkie. “Honours’ activities affected many IRC networks, many of which were involved in the operation and provided information that led to his arrest.”

“Computer viruses have the potential to cause an incredible amount of damage to the nation’s economy,”] said United States Attorney Catherine L. Hanaway who is handling this case. “This office will pursue these cases aggressively.”

If found guilty, Honour can receive a maximum of 10 years in prison and a possible fine of $250,000 USD.