[Air-l] RE: FW: [chineseinternetresearch] National Science Foundation to help CIA spy on IRC chatrooms

elijah wright elw at stderr.org
Mon Dec 6 10:55:14 PST 2004


>> communication.  IRC is not only unencrypted, but the protocol was 
>> designed to enable lurking.  It's not even covert lurking though: the 
>> authors make no attempt to modify their IRC bot so that channel users 
>> are cannot see the surveilling bot.

Tis worth pointing out that there are various ways of securing IRC, most 
of which rely on your trust of the IRC server operator.

Summary:

1) IRC client protocol - from client to server - is often encrypted with
    SSL.

2) inter-server communication (irc server to irc server) is often
    encrypted with SSL.

3) Individual IRC channels may require keys (key-phrases, actually) to
    enter.

4) alternate IRC-like technologies (SILC, for example) exist and are in
    wide use.

5) people on IRC who don't want to be spied on use "DCC" chat [direct
    client communication - person's ip address to person's ip address] to
    talk rather than '/query' to do so.  the latter passes through the IRC
    server (and thus is easy to spy on), the former does not.

6) people have produced 'hacks' to make it possible to encrypt their
    communications traffic via PGP keys and other means.  there's also a
    long history of using Eggdrop-style bots as "party line" chat channels.

7) if someone can use a packet sniffer or a man-in-the-middle attack
    against you, at any point in the end-to-end communication, call it
    "Game Over".  it is possible to secure IRC -- but it is pretty darn
    difficult.


> This also points to another, almost funny issue: yes, of course, we all 
> know there is no privacy in chatrooms, etc.  So how dumb are terrorists 
> going to be to try to use them - even with encryption - to discuss their 
> next big strike against the U.S.?

How do you know that al'Qaeda [et al] doesn't already have its own secure, 
locked-down, private-key encrypted, VPN-using 'shadow' network already 
overlaid on top of the mainstream Internet?

It seems to me that this is a rather reasonable, feasible, and 
to-be-expected kind of thing for a "terrorist" group to do, and one that I 
would think they might try.

Good luck to the goverments in figuring out where those servers are - it 
is not so hard to hide things you don't want to have found by accident.

> 1. The rationale _for_ passive surveillance of an open system seems
> extraordinarily weak: if we're after terrorists, do we really expect they'll
> discuss their plans on an open system, and in ways that will be detectable
> by algorithmic methods of data coding and categorizing?

I think people *do* expect it, because they expect everyone to be as 
non-sneaky as they are.


> relationships, and democratic polity, then _if_ we want to introduce 
> something like passive surveillance of open systems - the burden of 
> proof for doing so should be extraordinarily high. Again, I don't see 
> that the burden of proof has been met.

i agree with you on both of these points, though my text above may not 
make that the least bit clear.

--elijah



More information about the Air-L mailing list