Undernet added a new command to its channel service. The command sets wether you allow other people to add you to new channels.
Requested by users and opers, it is especially usefull for those people who keep finding themself added in channels without their knowledge.
To set, use /msg x set noadduser ON, and to unset use /msg x set noadduser OFF
Last weekend an account of a high level CService admin got compromised which caused some havoc on this top 5 IRC network. CService is Undernet’s channel service and is responsible for the channel service bot on the network, X.
For the account to be compromised the malicious person used social engineering and got the ISP of the admin in question to trust him and supply him with the password of the email account of the admin.
Once compromised, he used the high level access to cause some havoc in a few channels. His actions were noticed quickly however. An CService admin said to IRC-Junkie that all of CService’s actions are extensively logged and thus all actions were being rolled back to their original state leaving no permanent changes.
This event is a prime example where it shows that the human is still the weakest link in (online-) security.
The Australian government took an interesting path to battle the increasing problem of zombies on the Internet. Zombie is the term for PC’s which have been infected with software and then being abused by malicious people using them for spam, but also for example for DDoS attacks.
It is Senator Helen Coonan, minister for communications, information technology and the arts that came up with the plan for a 3 month trial. A total of 5 ISP’s have been selected for the trial.
Software has been build that can detect zombie PC’s based on the activity they have engaged in. Anthony Wang, working at the Australian Communications and Media Authority (Acma) which is responsible for the test, explained that the application “identifies IP addresses that have been used for illicit reasons; for example, spamming. There are a range of sensors… that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are, so can contact them.”
Once a machine has been identified as a zombie, the ISP will contact the consumer and help disinfect the PC. If the consumer is unwilling, it might have the consequence that the connection will be cut from the ISP to prevent further abuse.
It is estimated that 60% of the global spam problem is caused by using zombie PC’s. Consumers generally have no idea their machines are being abused for these purposes. The ISP’s participating in the test explained that generally the consumers are very glad the ISP’s are notifying them of the problem, and accept the help to clean their systems.
Worldwide the interest from the law enforcing organizations towards rolling up botnets is increasing. Only a month ago the Dutch police arrested three men who were controlling a net containing an estimated 1500000 machines.
Now Jeanson James Ancheta, 20, of Downey, California has been arrested last Tuesday by the FBI. Apparently it is the first time that a person has been arrested who is selling time on his botnet to outsiders.
He will have to stand trial for a total of 17 counts, including causing damage to protected computers, causing damage to computers owned by the government, fraud and money laundering. Machines found in the potnet belonged to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, both part of the United States Department of Defense.
He also used his botnet for sending spam and DDoS.
He used IRC both to control the bots, and to advertise his ‘services’ to interested parties.
If convicted, he can face up to 50 years in prison.
Napster and WinAmp are just two programs that are well known with the type of people that regurarly read IRC-Junkie, that is a known fact. What is lesser known is, that both project benefited greatly from an IRC channel on EFNet that functions as a gathering place for “professional software developers, talented college and highschool students, novice programmers seeking help and the usual charlatans and rogues that add character to the colourful world that is the Internet”, as the channels’ website explains.
An article about the channel, #Winprog, appeared today on Wired. “The IRC channel has played virtual incubator to a gamut of fledgling developers for more than a decade”, the article explains.
Beside being a point of help to programmers, the channel also functions as a meeting point of companies seeking talented programmers.
On a personal note: I love it when this face of IRC is being shown in the media as well from time to time!