Cracker Creates Havoc at Freenode

[Asmo]

Last Saturday a user who was using the nick ratbert has been creating havoc after he gained the password of Freenode's admin Robert Levin, aka lilo.

Once gained access he /kill'ed and klined staff of the network, delinked servers and send out a global notice and attempted to abuse a mIRC DCC exploit.

-ratbert- I am a fat asshole, who loves abuse, die
-ratbert- DCC SEND YOUAREALLJUDENLOL

Eventually, also network owner lilo was killed by ratbert; * lilo has quit (Killed by ratbert (die ))

Once reconnected, lilo sent out the following global notice: -lilo- Hi all. As you may be aware, freenode has experienced a crack attack and we're working on tracking down the details. At this point, we cannot guarantee that more problems will not occur.

Since then several security related questions have raised that remain to be answered. How was a user able to gain lilo's password, and how come his access is not additionally protected by a specific hostmask?

At first users were afraid the attacker got hold of a substantial amount of private data from users, such as passwords. This turned out to be quite minimal however, confined to a series of new registrations at NickServ during the attack. Freenode admin HedgeMage explains: "We believe that <25 nickserv passwords were compromised during a limited window, but all concerned individuals are encouraged to change their nickserv passwords just in case."

Although Freenode has a list of people they suspect being responsible for the attack, they do not want to release too much information on that as it might influence near future investigations. "We are not releasing our suspect list, but we have some reasons to expect that bantown or GNAA may have been involved", according to Freenode admin HedgeMage.

Users from GNAA (the "world-famous trolling organization quoted from their website) have been interrupting a session held by Freenode to answer some questions from its users.

IRC-Junkie has been trying to contact Freenode with additional questions but received no reply so far.

Thanks to upinsmoke for the tip.
_________________
Asmo

webmaster www.IRC-Junkie.org

[idani]

see this

http://www.gnaa.us/pr.phtml?troll=gnaa-freenet

"Ten-thousand Freenet User Identities Compromised"

[Asmo]

Uhm... freenet != freenode...

Freenet is a totally anonymous (at least, that's what I understand of it, I never used it) p2p network which is becuase of its anonymous nature in use by people which use it to transfer/obtain highly doubtable type of content.
_________________
Asmo

webmaster www.IRC-Junkie.org

[idani]

oh right,
but you sould see it anyway

and since we're talking already, why is the site updates so slow in the last 2-3months? there sould be irc-news somewhere...

[Asmo]

I'm doing my best :) I dont want to add 'un-worthy' news like server changes and stuff. If I would do that, I'd have new news daily though ;)

I prefer good quality content over quantity... Hope (and I think...) you'll agree to that :)
_________________
Asmo

webmaster www.IRC-Junkie.org

[idani]

i do agree and i think you do enormous job

but you could always sum all server changes and notices and some other user groups news once a week/month if there are no 'good' news to report on

[Hjorten]

[v0rtexio]

keep up the great work asmo!!

I think it is good that big networks mess up from time to time... makes them enforce security better and learn..!

enjoy
_________________
http://v0rtex.org
Amazing Website - Go post on the forums!! woo

http://thebuild.webdesigngroup.net
ONLINE RADIO - THURSDAYS FROM 7 - 8PM GMT

[Asmo]

Problems will always occur, I dont think anyone is able to make 100% security :)
_________________
Asmo

webmaster www.IRC-Junkie.org