www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: July 2007

Major US ISPs Hijack IRC Server DNS

“I am writing to this list because I no longer know where to turn” admin Anthony from Ablenet started his email to the full-disclosure list. “Over the course of the past 2 to three weeks I have watched my services on the Internet become systematically blocked and redirected by no less than 3 major isps in their efforts to stop botnets from connecting to IRC.”

What happened was that three major ISPs (TimeWarner/AOL, Verizon and Cox) had set the DNS of the servers from Ablenet to resolve to their alternative IRCd instead of the actual IP, resulting in the users being redirected to the ISPs IRCd. Once connected to this IRCd they were being directed into a channel, where they would be presented by a list of commands intended to remove zombie software. For many years IRC was a popular place for dronerunners to control and command their dronenet from.

“Because we were hit by 3 major ISPs at the same time,” Anthony starts explaining to IRC-Junkie in a reaction, “… for a period of approximately one month, we have seemingly lost approximately 75% of our user base, who were either directly affected or peripherally affected and followed their communities to an unaffected network.

The action did not remained restricted to this relatively small network however, also 5 servers from EFnet were caught. One of them is irc.vel.net, with Exstatica as its admin. He explained how he discovered his server was involved as well. “Yesterday July 22nd, The admin-body discovered that a handful of EFNet servers have been “juped”.  Not only have they taken the irc record, but they’ve also hijacked the SOA and NS records too.”

Anthony tried to contact the ISPs in question but got either no reply at all, or a standard message that resources were too limited to reply. Also Exstatica tried to contact the ISPs; “Yes I’ve tried, I’ve contacted the abuse team at cox, they’ve requested logs, which I provided in the first email, and then gave me a canned response that I need to check my computer for viruses.”

Anthony stressed the character of his network was far from being a rogue one that hosted drone networks. “Our network has always been one that relied on their communities, under the premise that people come to irc to share ideas, meet new people and to gather in their own communities.  We were never big on the notions of unnatural expansion, inflated, false communities or hierarchies. We’re tough on botnets and non-conducive to file sharing… We have (had?) literary communities, fan communities, hobbyists, gamers, etc; pretty much running the gamut of personalities.”

Both Anthony and Exstatica have considered legal actions. But as there is no monetary loss and it involves only a violation of the RFC specifications such an action will most likely not be very fruitful.

For Anthony and Exstatica there is one reason left to fight back however, stand for Net neutrality. Anthony: “I also hope that our representatives do something, regarding Net Neutrality, to prevent the monopolization of the Internet.  This could in some ways be compared to racketeering or a corporate equivalent of China’s restriction on the Internet.  I firmly believe this to be a constitutional violation to our right of free speech and if we do not act now, when do we act? When will it be too late?”

Reviewing the move from the ISPs, how many drones could have been caught is unknown, it can not be that much as most of the zombie software has since moved from IRC to use P2P and HTTP. Also the text commands can either be given in a private message, channel message or topic. Prefixes range from . to , to & and can be virtually anything, including the word of the command itself, remove, uninstall, etc.

Admins advice users to use alternative DNS servers if they experience these problems when connecting to their IRC network. Since the media attention on this issue started yesterday several DNS records have been restored, of course without an explanation why they have been hijacked in the first place.

Over the past few years this has happened a few times before, but never ona  scale as this move, and not involving networks as large as EFnet’s.

IRC-Junkie was unable to contact any ISPs named in this article.

Hacker Close to Cracking iPhone

Hackers united in #iphone are close to cracking the iPhone, several media reported this week.

Once cracked, the phone can be used with different providers, and third party software can be used on the phone. Additionally, the phone can then be used in parts of the world where it is not released yet, such as Europe and Asia.

Jon Lech Johansen, well known as DVD Jon, was one of the first to release a hack for the iPhone. The hack would activate the phone and the Wi-Fi capabilities. The device can not yet operate as a telephone with this hack however, but Jon has an answer to that on his blog, “Stay tuned!”

Hackers from #iphone are now working on an assembler utility for the iPhone’s processor. “This is our last major hurdle to overcome in order to write programs for the phone,” a spokesman of the hackers said last week.

When they can run their own programs on the iPhone they will be able to circumvent the provider lock, which is AT&T’s EDGE network.

Others hacks released so far include one that will allow users to select their own ringtone.

UnrealIRCd Makes a Drastic Change

UnrealIRCd has decided to make a drastic change in it’s project. They decided to, instead of writing a new Unreal4 in C++ Aspects, to instead fork InspIRCd; a completely modular IRCd that has been gaining interests over the years. This change is due in large because of Syzop going inactive (Article) and their only being one head developer (Stskeeps) left to run the projects.

UnrealIRCd has decided the following with their projects. To produce 3.2.* a bit further, scrap Unreal3.3* (for now) and to keep the main focus on Unreal4, which they feel will be a big hit in the IRC community. “The goals for that project currently is to produce a 3.2.8, which may be the last in that branch – we have practically given up on trying to improve further on the basic things of the IRCd” explains Stskeeps. “The existing 3.3.* code will be turned into a 3.2.8 instead“. But don’t worry, Unreal still plans on releasing bug & security fixes for Unreal3, because they couldn’t expect everyone to just halt their networks.

I went on to ask Stskeeps what other reasons they decided to fork InspIRCd, and the response is in conjunction with Syzop leaving. “In the light that we simply don’t have the manpower to start something properly from scratch and complete it – and the Unreal3.* branch going towards a slow halt / brick wall which we cannot pass, we have decided to do a radical change in strategies.” Stskeeps goes on explaining, “For years now InspIRCd has been a recode in C++ of IRCd, targetting modularity and “fresh” code – and this IRCd has many facets that are alike UnrealIRCd, so through some talks, we have decided to fork InspIRCd for Unreal4 – creating a user experience that uses InspIRCd inside, but feels to client/admin as an UnrealIRCd.”

A lot of people may be thinking, “Is this a way to take down InspIRCd?” No, quite the opposite. “This is not a unfriendly fork or us trying to steal InspIRCd’s sunshine – we are working together with InspIRCd to cover the entire IRCd feature spectre, so people can run InspIRCd bare, or colourful (Unreal)” explains Stskeeps.

Also, UnrealIRCd has given InspIRCd proper credit for the fork, to ensure that it’s a friendly fork. In their /Credits, for Unreal4, users will see:

* Based on the original code by the InspIRCd development team

* (C) 2002-2007 InspIRCd Development Team

* – http://www.inspircd.org/wiki/index.php/Credits

Which is what the InspIRCd team members wanted, and Unreal was more then happy to provide.

So, as UnrealIRCd focuses on it’s new projects, and it’s old ones, I’m sure we can all expect the IRC community to change drastically, and, for the best.

A few side notes for those running InspIRCd and/or UnrealIRCd. Unreal4 will be able to link to InspIRCd if they’re running the same modules. The idea is to make them compatible incase either of the projects do end up dying. Also, you can take modules from either party to the IRCd they want. UnrealIRCd is also planning on being able to line Unreal3* and Unreal4* which, if they work it out, will be able to link to InspIRCd.

Article written by Bricker

Split Leaves ZiRC Annihilated

“Due to recent events several ZiRC staff have decided to part ways with ZiRC,” David announced on the ZiRC website. Following a series of events this week the majority of admins (including David) decided to leave the network and form a new network named synIRC. Left behind is ZiRC with just a single server.

The events that eventually led to the departure of the admins had a start in early May of this year. Due to several events Prince, the owner of ZiRC’s domain, the server housing service, and co-owner of the network, resigned from the network.

In July things escalated as admin Eien explains: “On the evening of 05 July 2007, prince returned, tampered with services, added a former member of staff (who was not well regarded by the rest of staff and is generally believed to be an asshole) as an oper on his server with the netadmin flag set, blew away the DNS for ZIRC.ORG completely, removing the host records necessary for email to function, and setting irc.zirc.org to only point to his server, avalon.” Eien took over Prince’s positions when he resigned. “When he finally talked to me, he said he was willing to start a war for ownership of the network but he never explained why or, really, what the hell was going on. He demanded the SU password for services which I provided. However, his tampering with services rendered my SU password unusable. So he decided to restore services to a backup before his resignation in May.”

Although the following day Prince said he would discuss matters with Eien, that eventually did not occur, which was the limit for many admins.

“Prince has a reputation of being drunk and doing odd things but most of the time they were minor or easily fixed. In this case, he completely trashed his own network. As long as he has access to the network (which he will always have since he owns the domain name), the network, its staff, and, most importantly, its users, will always be at the mercy of prince’s whims. Therefore ZiRC was no longer a stable or optimal environment for our users,” Eien explains.

The users who have moved to the new network have been positive so far, according to Eien. “I’ve seen several offers from users to help out that I hadn’t seen on ZiRC so I’d say it’s a good sign so far.”

Since the split there has not been any contact between synIRC’s management and ZiRC. “Personally, I’d like terms between synIRC and ZiRC to be, at the least, civil and respectful. However, I do not expect there to be good relations between synIRC and ZiRC in the future,” Eien said.

The new network set itself a list of tasks. The first is to establish a “charter or equivalent thereof”, a proper website and infrastructure, and “the long-term future plan is really to provide the best service we can to our users. Gaining users obviously couldn’t hurt.”

“I’d like to thank our users for their faith in us to make the jump from an old, established network like ZiRC to a completely new one. And I’d like to apologize to them if the split has inconvenienced them in any way. It’s also sad to see ZiRC go like this. It had been a good home for many years,” Eien ends.

IRC-Junkie tried to contact ZiRC as well but had no reply so far.

Romanian Hacker Faces Court in USA

A Romanian I.T. graduate faces court in the USA today. He has been accused of hacking systems from NASA, the U.S. Navy, the U.S. Energy Ministry as well as the Jet Propulsion Laboratory and Goddard Space Flight Center. He is accused of altering data as well as installing IRC Deamons.

Victor Faur, 22-year-old from Arad, Romania, can be convicted for 12 years in prison, and paying up to $2 million in damages as claimed by NASA for repairing their systems.

Faur, who is said to lead an online group named “White Hat Team” was arrested by Romanian authorities after being alerted by the Unites States. He denies being a member of any group and repeatedly said to have hacked the systems only to proof their vulnerabilities. “Everything was a game, I did not want to hurt anyone,” was his defense.