www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: June 2006

Three Dronerunners Arrested

A 63-year-old from England and a 28-year-old man in Scotland, and a 19-year-old man in Finland (all said to be member of the M00P online group) have been arrested and charged of “an international conspiracy to infect computers using viruses attached to unsolicited commercial e-mail,” a spokesman of the English police said.

The groups’ activities were mainly directed at businesses in the U.K. of which computers were being infected with one of three virusses: Stinx, Breplibot or Rykanos. Once infected, the virus would try and hide itself using features from Sony BMG digital rights management or other DRM software.

The group would also try and steal drones previously infected by other groups.

Infected machines (popularly called drones) were being controlled from an IRC channel. Main goal was to collect private data stored on the computer of the infectee.

“We believe the suspects created and adapted viruses with the aim of causing massive infection by spamming. Today’s arrests will send a clear worldwide signal to the authors of malicious software that national borders will not limit the ability and commitment of law enforcement authorities to clamp down on this criminal activity,” a spokesman of the English police said.

Cracker Creates Havoc at Freenode

Last Saturday a user who was using the nick ratbert has been creating havoc after he gained the password of Freenode’s admin Robert Levin, aka lilo.

Once gained access he kill’ed and klined staff of the network, delinked servers and send out a global notice and attempted to abuse a mIRC DCC exploit.

-ratbert- I am a fat asshole, who loves abuse, die

-ratbert- DCC SEND YOUAREALLJUDENLOL

Eventually, also network owner lilo was killed by ratbert; * lilo has quit (Killed by ratbert (die ))

Once reconnected, lilo sent out the following global notice: -lilo- Hi all. As you may be aware, freenode has experienced a crack attack and we’re working on tracking down the details. At this point, we cannot guarantee that more problems will not occur.

Since then several security related questions have raised that remain to be answered. How was a user able to gain lilo’s password, and how come his access is not additionally protected by a specific hostmask?

At first users were afraid the attacker got hold of a substantial amount of private data from users, such as passwords. This turned out to be quite minimal however, confined to a series of new registrations at NickServ during the attack. Freenode admin HedgeMage explains: “We believe that <25 nickserv passwords were compromised during a limited window, but all concerned individuals are encouraged to change their nickserv passwords just in case.”

Although Freenode has a list of people they suspect being responsible for the attack, they do not want to release too much information on that as it might influence near future investigations. “We are not releasing our suspect list, but we have some reasons to expect that bantown or GNAA may have been involved”, according to Freenode admin HedgeMage.

Users from GNAA (the “world-famous trolling organization” quoted from their website) have been interrupting a session held by Freenode to answer some questions from its users.

IRC-Junkie has been trying to contact Freenode with additional questions but received no reply so far.

Thanks to upinsmoke for the tip.