Users login

Create an account »


Users login

Home » Hacking News » Attacks Fell an Online Community

Attacks Fell an Online Community

by Nikola Strahija on January 27th, 2003 After battling eviction for more than two years, a massive online community has finally been driven from its virtual home. DALnet, one of the largest Internet Relay Chat, or IRC, networks and long the victim of torment by hackers, has finally succumbed to a series of denial-of-service attacks that began in August.

"We have had attacks before," said Emma Monks, a member of DALnet's exploits prevention team, "but they haven't been anything like what we're experiencing now."

DALnet administrators claim to be working with the FBI to prevent the attacks. However, agents at the National Infrastructure Protection Center and the San Francisco bureau denied any knowledge of the case.

U.S. law enforcement agencies have investigated denial-of-service attacks in the past. In 2000, a Canadian teenager known as Mafiaboy was arrested for masterminding denial-of-service attacks on Yahoo, eBay and

Such attacks have become more common in recent years as broadband Internet connections have increased. Often these high-speed networks link unsecured computers that are owned by private individuals. Thus, hackers are able to hijack hundreds or even thousands of them for unfriendly purposes.

Using these makeshift virtual armies, hackers can launch a denial-of-service attack on adversaries -- real or imagined -- and overwhelm a website, server or entire network with an intense, sustained barrage of data.

Because the data is coming from hundreds of different places, it is almost impossible to block them all. And it is difficult to trace the attack to its source. An administrator has no choice but to take the server out of the line of fire -- offline -- and wait for the attack to stop.

DALnet's administrators are still waiting.

Although they insist that DALnet is merely down and not out, the network was brought to a complete standstill on Jan. 9 and has not resumed continuous service since.

The recent attacks come almost exactly two years after a Lynwood, Washington, teenager was arrested for creating software enabling users to launch distributed denial-of-service attacks that took down the Undernet IRC network in January 2001.

One of the largest online communities that predates the World Wide Web, IRC remains outside of corporate control. It is staffed completely by volunteers using donated hardware and pro bono bandwidth.

IRC is comprised of 500 subnetworks running on more than 4,000 servers spread across the world. Home to a vibrant community of file traders, it is not uncommon for IRC to host more than a million users at a time.

Because IRC networks are not maintained by a central authority, security holes abound. Security experts say that users trading files over IRC often unwittingly download Trojan horses that allow hackers to exploit their victims' computers as weapons.

Although authorities understand how hackers mount denial-of-service attacks, the more challenging questions are why they do it and who they are. On IRC news sites and message boards, two of which were attacked last weekend, rumors are swirling.

With the rise of such mainstream alternatives as chat rooms and instant messaging on major networks like Yahoo and MSN, some users say that IRC has become overrun with feisty teen hackers looking for a fight.

Much of the speculation focuses on so-called script-and-packet kiddies, young hackers who are also often implicated in credit-card fraud and media piracy.

"Macker," an IRC user for more than 10 years, says attacks come for a variety of reasons, many of which are of the playground variety. Beyond reprisals for an insult or political injury, many packet kiddies will attack a network just to prove they can do it.

One metafilter post describes it as "the Net equivalent to sticking M-80s in mailboxes and butchering the neighborhood cat."

Another rumor making the rounds is that the Recording Industry Association of America is to blame for the attacks, as a back-alley response to the torrent of illegal file trading that takes place on IRC.

Monks denies it. "This definitely has nothing to do with the RIAA," she said. "Bored teenagers? Yes."

Although some view the attacks as petty Net vandalism, others see it as a sign of bigger threats to come.

"I do believe that threats won't always be from bored teenagers.... I'm less concerned about attacks on banks and power companies than I am of the effect that disrupting popular services could have," Macker wrote in an e-mail.

"If they kill all the IRC networks, who do they go after next?" asked Monks. "There's always other things to attack if you're a bored teenager."

Administrators caution that hackers are not only a threat to IRC, but to any organization with a stake in the Internet.

Chris Elworthy, the DALnet exploits prevention team leader said, "It's a major concern to the entire world as they can drop massive ISPs and hosts in a matter of minutes."

Monks is asking users and ISPs to secure their computers and networks.

"We believe this problem can only be combated if providers (especially broadband providers), take a more active role in ensuring users secure their machines, and only if DoS and DDoS (Distributed Denial of Service) is taken seriously by authorities and governments."

- article available at -

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »