Experts: Chat rooms a haven for hackers
Anonymously stealing, trading personal information
(CNN) -- Computer security expert Chad Harrington regularly surfs Internet Relay Chat (IRC), one of the oldest chat technologies on the Web. The IRC networks have names like Dalnet and EFnet, but he agrees that another name works just as well: eBay for hackers.
"Once the hacker or someone in the underworld has personal information, credit card numbers, social security numbers, address, whatever it may be," says Harrington, once the hacker "has that information and wants to sell it, often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
The ability for hackers to go onto the Internet and chat up fellow hackers is as old as the Net itself. But with identity theft becoming a more popular form of fraud, according to the Federal Trade Commission (FTC), more attention is being paid to chat rooms that serve as flea markets for hackers.
"We know that credit card numbers are bought and sold over the Internet because they have real cash value," says Bruce Schneier, founder and CTO of Counterpane Technologies and a pioneer in network security.
"A lot more credit card numbers are stolen than ever used, but you should assume that right now, in your wallet, there's a credit card number that has been stolen off the Net."
Both Schneier and Entercept Security Technology's Harrington say that your stolen personal information can be swapped or sold in other Web venues. But IRC is largely unregulated -- a Wild West of chat that has a special appeal for hackers.
"Hackers obviously want anonymity when they're looking to trade personal information that they've obtained via identity theft, so Internet Relay Chat is a commonly used mechanism," says Harrington.
Difficult to monitor
The unfettered nature of IRC is also appealing to hackers, says Schneier.
"It's older, it's not tied to Microsoft or AOL or a big company, it's one of the Internet protocols ... so if you're running Windows or Linux or Macintosh or another flavor of Unix, you can use it," says Schneier. "So it's not that it's more suitable for hackers to use, it's just a more basic service and people who are anti-big-corporation are going to be more likely to use something like IRC."
(AOL Time Warner is the parent company of CNN.)
That same aspect of IRC also makes it a tough digital obstacle for law enforcement.
"In the electronic world of the Internet, it's such a vast landscape and there's no way that the FBI and CIA or any law enforcement agency can be involved in watching over the shoulder of every Internet user," says Harrington. "Unfortunately, that's probably what it would have to take to prevent this sort of fraud."
Occasionally the FBI gets lucky. The feds were able to track down the hacker known as "Mafiaboy" when he bragged about his exploits in chat rooms.
And while the FBI's National Infrastructure Protection Center (NIPC) didn't provide any statements to CNN regarding what goes on in Internet Relay Chat, security experts say it's a matter of law enforcement manpower and trying to track down hackers in a very crowded -- and loud -- chat room.
Hacker exposes financial data at Georgia Tech
March 20, 2002
Microsoft, Sun, Netscape warn of flaw in Java
March 6, 2002
How can personal firewalls help your PC?
February 27, 2002
Review: Five free firewall utilities
January 30, 2002
Hyped hacker-investor claims to flee Germany
January 15, 2002
Hacker explains recent exploits in WorldCom site
December 10, 2001
CERT: Unix, Linux server FTP vulnerability found
December 3, 2001
Timeline: A 40-year history of hacking
November 19, 2001
Companies examine cyber-security
September 21, 2001
How Hollywood portrays hackers
April 5, 2001
Identity thefts increase, but few occur online
February 13, 2001
New denial-of-service attack tool uses chat programs
September 6, 2000
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
|Back to the top|