It was just another Wednesday on the sprawling Internet chat-room network known as Internet Relay Chat, or IRC.
In a room called Prime-Tyme-Movies, people offered free pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.'' In the DDO-Matrix channel, illegal copies of Microsoft's Windows software and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for downloading. In other chat rooms Wednesday, whole albums of free MP3s were hawked with blaring capital letters. And in a far less obtrusive channel, a hacker may well have been checking his progress of hacking into the computers of unsuspecting Internet users.
Even as much of the Internet has come to resemble a pleasant, well-policed suburb, this little-known neighborhood remains the Wild West. While copyright holders and law enforcement agencies take aim at their adversaries on Web sites and peer-to-peer file-sharing networks like Napster, IRC remains the place where people with something to hide go to do business.
Probably no more than 500,000 people are using IRC worldwide at any time, and many of them are engaged in legitimate activities, network administrators say. Yet that pirated copy of Microsoft Office or Norton Utilities that turns up on a home-burned CD-ROM may well have originated on IRC. And the Internet viruses and "denial of service'' attacks that periodically make news generally get their start there, too.
This week, the network's chat rooms were abuzz with what seemed like informed chatter about the Sasser worm, which has infected hundreds of thousands of computers.
"IRC is where you are going to find your 'elite' level pirates,'' said John Wolfe, director for enforcement at the Business Software Alliance, a trade group that fights software piracy. "If they were only associating with each other and inbreeding, maybe we could coexist alongside them. But it doesn't work that way. What they're doing on IRC has a way of permeating into mainstream piracy.''
Two weeks ago, the FBI, in conjunction with law enforcement agencies in 10 foreign countries, announced an operation called Fastlink, aimed at shutting down the activities of almost 100 people suspected of helping operate illegal software vaults on the Internet. The pirated copies of music, films, games and other software were generally distributed using a separate Internet file-transfer system, said a Justice Department spokesman, but the actual pirates generally used IRC to communicate and coordinate with one another.
"The groups targeted as part of Fastlink are alleged to have used IRC to have committed their crimes, like almost all other warez groups,'' the spokesman, Michael Kulstad, said in a telephone interview. Warez, pronounced like wares, is techie slang for illegally copied software.
When IRC started in the 1980s, it was best known as a way for serious computer professionals worldwide to communicate in real time. It is still possible--though sometimes a bit difficult--to find mature technical discussions among the tens of thousands of IRC chat rooms, known as channels, operating at any one time. There are also respectable IRC systems and channels--some operated by universities or Internet service providers--for gamers seeking opponents or those who want to talk about sports or hobbies.
Still, IRC perhaps most closely resembles the cantina scene in "Star Wars''--a louche hangout of digital smugglers, pirates, curiosity seekers and the people who love them (or hunt them). There seem to be IRC channels dedicated to every sexual fetish, and IRC users speculate that terrorists also use the networks to communicate in relative obscurity. Yet IRC has its advocates, who point to its legitimate uses.
"IRC is where all of the kids come on and go nuts,'' William Bierman, a college student in Hawaii who helps develop IRC server software and who is known online as billy-jon, said in a telephone interview. "All of the attention IRC has gotten over the years has been because it's a haven for criminals, which is a very one-sided view.
"The whole idea behind IRC is freedom of speech. There is really no structure on the Internet for policing IRC, and there are intentionally no rules. Obviously you're not allowed to hack the Pentagon, but there are no rules like 'You can't say this' or 'You can't do that.'"
It is almost impossible to determine exactly how many people use IRC and what they use it for, because it takes only some basic technical know-how to run an IRC server. Because it is generally a text-only medium, it does not require high-capacity Internet connections, making it relatively easy to run a private IRC server from home.
Haven for criminals
Some Internet experts believe that child pornography rings sometimes use their own private, password-protected IRC servers. Particularly wary users can try to hide their identity by logging in to IRC servers only through intermediary computers. There are, however, scores of public IRC networks, like DALnet, EFNet and Undernet. Each typically ties together dozens of individual chat servers that may handle thousands of individual users each.
"We're seeing progressively more and more people coming onto the network every year,'' said Rob Mosher, known online as nyt (for knight), who runs a server in the EFNet network. "As more and more people get broadband, they are moving away from AOL and they still want to have chat.''
For end users, using IRC is relatively simple. First, the user downloads an IRC client program (in the same way that Internet Explorer is a Web client program and Eudora is an e-mail client program). There are a number of I.R.C. clients available, but perhaps the most popular is a Windows shareware program known as ( mIRC).
When people run the IRC program, they can choose among dozens of public networks. Within a given network, it does not really matter which individual server one uses. Alternately, if people know the Internet address of a private server, they can type in that address. Once logged in to a public server, the person can generate a list of thousands of available channels. On an unmoderated network, the most popular channels are often dedicated to trading music, films and software.
That is because in addition to supporting text-only chat rooms, IRC allows a person to send a file directly to another person without clogging the main server.
That capability has a lot of legitimate uses for transferring big files that would be rejected by an e-mail system. Want to send your brother across the country a digital copy of your home movie without burning a disc and putting it in the mailbox? The file-transfer capability in IRC may be the most convenient way.
Naturally, that file-transfer capability also has a lot of less legitimate uses. Advanced IRC pirates automate the distribution of illegally copied material so that when a person sends a private message, the requested file is sent automatically. It is fairly common on IRC for such a system to send out hundreds or even thousands of copies of the same file (like a music album or a pirated copy of Windows) over a few weeks.
An official from the Recording Industry Association of America said that some hackers even obtain albums that have been recorded but not yet released. "Quite often, once they get their hands on a prerelease, they will use IRC as the first distribution before it goes out into the wider Internet,'' Brad Buckles, the association's executive vice president for antipiracy efforts, said in a telephone interview.
But perhaps the most disruptive use of IRC is as a haven and communications medium for those who release viruses or try to disable Web sites and other Internet servers.
In some ways, the biggest problem is Microsoft Windows itself. Windows has holes that can allow a hacker to install almost anything on a computer that lacks a protective program or device called a firewall. Computer users' vulnerability can be compounded if they have not installed the latest patches from Microsoft.
Hackers scan through millions of possible Internet addresses looking for those unprotected computers and then use them to initiate coordinated "denial of service'' attacks, which flood the target machine (say, a Web site) with thousands or millions of spurious requests. In all of the noise, legitimate users find the target site unavailable.
How can a hacker direct his army of compromised drones to the target of the day? Through IRC.
"Each time it breaks into a new computer and turns it into a drone, the program copies itself and proceeds to keep scanning, and so very quickly you can have a very large number of drones,'' Bierman said, adding that a worm may well include a small custom-made IRC client. "Then all of the drones connect to IRC and go into one channel made especially for them. Then the runner can give commands to all of those drones.''
Chris Behrens, an IRC software developer in Arizona known online as Comstud, said: "It's amazing how many machines at home are hacked or have been exploited in some way. We have seen 10,000 hacked machines connect to IRC at one time, and they all go park themselves in a channel somewhere so someone can come along and tell them who to attack.''
Bierman and other IRC developers and administrators said that they were contacted by federal law enforcement officials fairly often. Bierman said that he sometimes cooperated in helping the government track down specific people using IRC to wage major attacks. He added, however, that he had refused government officials' requests to build a back door into his IRC software that would allow agents to monitor IRC more easily.
"Basically the FBI is interested in the best way to monitor the traffic,'' Bierman said.
Kulstad of the Justice Department declined to comment on its specific contacts with the IRC community.
Bierman and other IRC administrators said that in addition to their free-speech concerns, they were also reluctant to confront hackers because angry hackers often turn their drones against IRC servers themselves.
Mosher echoed other IRC administrators in saying that attempts to regulate the shady dealings online were doomed to failure.
"Look, if we find one channel and close it, they move to another,'' he said. "It's been like this for years. You can't really stop it.''
You can view the original article here... http://news.com.com/2100-1032_3-5207202.html?tag=nefd.top