How is IRC so secure/untraceable that hackers and pirates use it to communicate?

In addition to Rory's points...


Internet Relay Chat is actually incredibly insecure

I don't think IRC is in any way secure by default. Almost all servers utilize communication through plaintext. Your ISP can snoop on the contents easily. All of your messages, in general, are unencrypted. You have to install addons to enable encrypted communications, if they're even done right.

Even if the server itself encrypted the messages/uses SSL, it's a moot point: everyone can connect and read what you're saying unless you encrypted it on your end. IRC admins can read your private messages as well.

The vast majority of servers I've visited also expose your IP Address to everyone unless you're behind a proxy or VPN, so there's no real anonymity. Even the ones that partially mask your IP will show part of where you are. For example: Random432342.hsd1.ca.comcast.net. While other servers will block everything, all IRCops/admins know the real IP you're connecting from. What's to stop them from cooperating with law enforcement?

Your IRC client could also be vulnerable to buffer overflow attacks / string formatting vulnerabilities / etc. Or maybe you'll just click on a drive-by-download link...


Does true anonymity exist on IRC?

Some people have a different definition of anonymity than me. Rory's definition is correct in the context of being anonymous to most people, but that's not the definition I subscribe to. For me, anonymity is being anonymous to everyone, no matter what.

How do you think people keep getting busted even though they're "behind 7 proxies"? If you're behind a proxy/vpn, you're still communicating with the IRC server. Your proxy/VPN is connected to that IRC server, and you are connected to that proxy/vpn server at a specific time.

Once you send text, whether it's encrypted or not, all law enforcement really needs to do is line up timestamps, even if it's encrypted. Lag delay? Yeah, that's very easy to account for. Soon, a very clear pattern will emerge, and your entire proxy/VPN chain will be quickly unraveled to the source.

How can they do that? XKeyscore, Prism.

Right now, true anonymity doesn't really exist on IRC.


But Mark Buffalo, I've never been caught!

They either don't care about you because you're a small fry who doesn't matter, or they're slowly building up a case to get you on maximum charges. Or you're simply out of their jurisdiction, but they're still ready to pounce.


Maybe this "security" is actually a jurisdiction issue?

I think part of the confusion here is jurisdiction. Jurisdiction can offer tremendous security if there's a refusal to co-operate. This is why many criminals may still be around after "getting caught."

If you're in another country which refuses to cooperate with the law enforcement of another country, you might be safe from prosecution, but you'll probably still be indicted on charges. So as long as you never enter that country...


Anonymity is the main one:

  • you can use IRC servers anywhere, or set up your own, rather than be tied in to centralised messengers
  • you don't need any personal data tied to your IRC account, so tracing you is next to impossible
  • Any time you send commands directly, you are much more directly discoverable, whereas a botnet using IRC is next to impossible to trace back

And for ease of use, it is entirely text based - so commands can be easily sent and received.

Additionally - it has been around longer than most of the other messenger tools, so it is well understood, there are free clients for every platform, and there are millions of IRC instances on the Internet.


Rory did a good job of answering the IRC part, but to answer the second part about botnets, it's not that IRC is or isn't secure.

What's a botnet?

A botnet is a collection of devices, usually computers (but can also be cellphones and pretty much any other internet-connected device, like a refrigerator), that are connected to a C&C server to receive commands. Botnets can actually be used for good, but what makes the news of course is the botnets that aren't used for good.

C&C?

C&C, sometimes seen as CnC, CNC, or CC, is Command and Control. As Rory mentioned, IRC has been around for a very long time, is text-based so it is easy to write clients for it, and is easy to setup. C&C services exist on Twitter, GitHub, SMS, and other technologies, IRC is a go-to because of its simplicity. It also allows for an enormous amount of bots to be controlled with relative ease.

So what about commands?

Commands are executed by the bots on behalf of the bot owner. Using the C&C service, the owner sends commands to one or more bots at a time. These commands can be sending spam, denial of service attacks, updating the client, looking for new devices to infect, and more.

Tags:

Irc

Botnet