Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

CIA Researching Automated IRC Spying 413

Iphtashu Fitz writes "CNet News is reporting that the CIA has been quietly investing in research programs to automatically monitor Internet chat rooms. In a two year agreement with the National Science Foundation, CIA officials were involved with the selection of recipients for research grants to develop automated chat room monitors. Researchers at Rensselaer Polytechnic Institute received $157,673 from the CIA and NSF for their proposal of 'a system to be deployed in the background of any chat room as a silent listener for eavesdropping ... The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention.' How soon until all IM conversations are monitored by Big Brother? The abstract of the proposal is available on the NFS website."
This discussion has been archived. No new comments can be posted.

CIA Researching Automated IRC Spying

Comments Filter:
  • by Folmer ( 827037 ) * on Wednesday November 24, 2004 @04:59PM (#10913093)
    Even if its able to spy on private chat rooms on major networks, they wont be able to spy on thoose who dont want to be spied on... Its relatively easy to set up your own IRC server, and control exactly who has axcess to it so the feds are left outside alone...
    • IRC is just a telnet hack, so everything's plaintext. They can easily sniff packets at the ISP level.

      I'd think anyone planning crimes on IRC would be a complete moron, but then, many criminals tend to be complete morons.
    • Yeah, but you don't have physical control over the pipes between yor server and all your clients. How do you think your bits get sent back and forth? I just have to put an intercept between you and your clients to grab all the data I want.

      This would be some sort of program that can sit on an ISP's trunks, and grab all traffic that looked like IRC traffic and dump it in a log. Since it is the CIA, (And they are in theory, the Intelligence 'Offense') it might be a small embedded hardware solution that has
      • by Eil ( 82413 ) on Wednesday November 24, 2004 @06:08PM (#10913828) Homepage Journal

        Yeah, but you don't have physical control over the pipes between yor server and all your clients. How do you think your bits get sent back and forth? I just have to put an intercept between you and your clients to grab all the data I want.

        OpenSSL [openssl.org]. Many IRCds and clients these days support encryption.

        This would be some sort of program that can sit on an ISP's trunks, and grab all traffic that looked like IRC traffic and dump it in a log. Since it is the CIA, (And they are in theory, the Intelligence 'Offense') it might be a small embedded hardware solution that has a built in microdrive. It would be very handy to have a CIA controled operative slip in to a NOC in a hostile country, snap it onto a trunk in an unobtrusice location and pick it up a month later.

        They already have this, it's called Carnivore. It's not a secret from the ISPs, either, they know it's there. But they are prohibited by law from telling the public whether or not a Carnivore box is monitoring their traffic. Additionally, Carnivore is not only for email these days.
      • by DaNasty ( 833075 )
        Reminds me of that bash.org quote...
        <Stormrider> I should bomb something

        <Stormrider> ...and it's off the cuff remarks like that that are the reason I don't log chats
        <Stormrider> Just in case the FBI ever needs anything on me
        <Elzie_Ann> I'm sure they can just get it from someone who DOES log chats.
        *** FBI has joined #gamecubecafe
        <FBI> We saw it anyway.
        *** FBI has quit IRC (Quit: )
    • by elh_inny ( 557966 ) on Wednesday November 24, 2004 @05:17PM (#10913329) Homepage Journal
      I totally support this opinion.
      Open source IRC daemon running on open source OS.
      An invite only channel, with key, now where does CIA plan to step in?
      And it's obvious no valuable information will be exchanged via popular IMs. I once though it would, as there is so much traffic, that no one is able to comprehend it, bu as soon as I wanted to relay sth valuable, let's say a password or whatever, delicious cookie recipe, I used secure channels.
      Now why would they want to spy on 14 year olds, I don't know.
      How can they differntate what's real, I remeber that somwhere out there there is this Echelon system working, recording all my phone call and checking for 'special' words. I try to use 'nuke', 'osama', 'chemical weapons' in few languages, but the black suits still refuse to come.

      In general I'm not so paranoid, I don't think that we're facing Orwellian times. The main reason for that, there are not enough human resources to have it working. Let's say we wanted every person in the world to be spied on by another person, the way it is done now, is in shifts, at least two people involved, usually much more. Now technology helps with this problem, let's say we can record every minute of a man's life, there still has to be someone to watch all that footage, if we go on, we could probably end up with only half of the population in the BigBrother business, I think with current economy it is not possible.
      I could elaborate on this subject a bit more, but I hope you get my point.
      • An invite only channel, with key, now where does CIA plan to step in?

        At some router.

        To be snarky: the IRC protocol travels over these things called "wires," which can be tapped. If you don't think that Some Agency is monitoring TCP packets on the network, well, I think you're naive.

        Now, you can certainly encrypt your traffic and make it harder for them. I have no idea what capabilities they have for decryption. It's possible that they've backdoored popular algorythms -- the math on some of these thing

    • Exactly. In the end it will be trivial to weed these guys out, or prevent them altogether. And the IRC network is brutal: I'm almost certain that the entire country of Norway has been banned from IRC altogether.
    • As long as we can trust the servers the silc project looks very good.

      You can set channel keys to encrypt the channel or per user query key to encrypt private communications.

      Looks very promising but not may people are using it yet.
    • by Tehrasha ( 624164 )
      It wont take more than a couple days of monitoring all of that teen angst and drama for the computer to commit suicide.
  • Sample (Score:5, Funny)

    by Anonymous Coward on Wednesday November 24, 2004 @04:59PM (#10913095)
    > Join: NotWithCIA [notspying@user128a85b.cia.gov]
    <l33th4x0r> and i h4ck3d into the NSA and compiled gentoo on it
    <l33th4x0r> it was awesome
    <l33th4x0r> like a beowulf cluster of beowulf clusters
    <myPPburns> how long did that take?
    <l33th4x0r> like 2 days
    <myPPburns> no, I mean compiling Gentoo
    <l33th4x0r> yah, like 2 days
    <myPPburns> who is that new guy? NotWthCIA?
    <l33th4x0r> dunno, never seen him before
    <myPPburns> cool nick tho
    <myPPburns> I'm gonna go hack WoW l8r. make myself king orc!!!
    <l33th4x0r> yah, im gonna go post a letter from osama on drudge
    <l33th4x0r> watch the media fr33k out
    > Quit: NotWthCIA (OSAMA DETECTED! ALERT! ALERT!)
  • by BobPaul ( 710574 ) * on Wednesday November 24, 2004 @04:59PM (#10913103) Journal
    Just avoid the rooms with the *CIA_Chanserv* bot running
  • Solution (Score:5, Funny)

    by PaintyThePirate ( 682047 ) on Wednesday November 24, 2004 @05:00PM (#10913107) Homepage
    /mode +b #haxxor *!*@*.cia.gov
  • by Anonymous Coward
    ICQ is owned by Odigo, an Israeli company.
  • by ad0gg ( 594412 ) on Wednesday November 24, 2004 @05:00PM (#10913115)
    My irc script supports ROT13 encryption.
  • Isn't that what Echelon does already?

    I mean, filter certain keywords, and associations from ALL communications (IRC included?)

    • Bing!Bing!Bing! (Score:3, Informative)

      Correct, at least as far as public rumors about secret government spying software goes. However, the Carnivore project is FBI. The FBI doesn't work for the CIA, so why would you expect them to actually work together?

      Also, technically, the FBI are just federal cops, as opposed to state cops or local cops. The CIA is an intelligence agency (spies), and so they might not want the exact same sort of application. You can't simply get a court order to slap Carnivore on an ISP's lines when the ISP in question i
    • Of course, but... (Score:2, Insightful)

      by Anonymous Coward
      They have to pretend to be "researching" things they've had in operation for decades to keep us regular folks from getting too suspicious.

      They'll probably announce in a couple of months that IRC monitoring was not feasible due to the super-complicated technical problems inherent in logging plain text.
  • by Anonymous Coward on Wednesday November 24, 2004 @05:02PM (#10913130)
    I wonder if slashdot will be able to unmount them?
  • by laurent420 ( 711504 ) on Wednesday November 24, 2004 @05:02PM (#10913131)
    If you didn't have a reason to enable SSL on your IRCD or on your client, now sounds like a GREAT time to do so!
  • Ahhh, IRC (Score:5, Funny)

    by k4_pacific ( 736911 ) <k4_pacific@yahoo . c om> on Wednesday November 24, 2004 @05:02PM (#10913132) Homepage Journal
    Where men are men,
    Women are men,
    13 year old girls are FBI agents,
    and that guy who never says anything is a CIA bot.
    • Re:Ahhh, IRC (Score:2, Insightful)

      by laurent420 ( 711504 )
      you know its funny, everyone mentions BOTs, but did you think about the nature of the IRC protocol. as if the CIA wasn't redirecting other protocols to their workhorse servers for analysis, it would be pretty bloody easy for them to flex their muscle and have TCP/6667+ datagrams routed there as well.
    • by endx7 ( 706884 )
      and that guy who never says anything is a CIA bot.

      Crap, me and too many others must be CIA bots.

      I mean, really, what else is IRC for if not idling?
    • by sik0fewl ( 561285 )

      and that guy who never says anything is a CIA bot.

      Hmm.. I should stop idling in so many channels. Maybe if I put some sort of message on a timer that does "/me is not a CIA bot". Yeah.. I think that'll do just fine.

  • ... when is the CIA gonna get Google to index all their logs privately so they can actually *do* something with it?

    Seriously, how can one possibly do anything with all that data that comes in...

  • IRC is special when compared to Instant Messenging. IM tends to be a one on one thing, something that requires third parties to be invited to.

    IRC tends to be much bigger. There are channels and private messages. Plus the big thing about IRC, are the channel modes +i and +s. So if they're talking bots to monitor all channels, yeah right, they're not going to hit the right ones.
  • Time for a cryptography architecture to become default in chat apps. "Flying dutchman" data arrangements would be very easy to do in chat rooms, because everyone has to receive the commonly-viewable chatter anyway. P2P chats like Waste seem to be getting more popular as well.

    Of course, nobody who has anything to hide knows anything about botnets.
    • Time for a cryptography architecture to become default in chat apps.

      Can it get any more cryptic than LOL,l8r,ROTFLMAO, np ,kewl and everything spelt with an 3 instead of an E?

    • they already make an encryption plug in for AIM (un-official), same with Trilian. ICQ and others shouldn't be that hard to do.
    • Re:Crypt-IRC (Score:5, Interesting)

      by inKubus ( 199753 ) on Wednesday November 24, 2004 @05:52PM (#10913634) Homepage Journal
      It's pretty easy to bypass. Get yourself a custom IRC client that logs into 3 or 8 or 100 servers at a time. Then your contact logs into the same servers and into randomly selected channels. You send a message which is scrambled up and is sent in pieces to each server. So say your message is "Let's meet at the tower at midnight." it would be split up on as many channels as you have servers connected on both sides. So say you are using three servers on each side, then only every third character would be sent, with an offset of which server it is:

      So like channel #random19a9x on server 1 would get a message from you:
      L'mtt w dh

      and channel #random19a9x on server 2 would get:
      ese BLAH BLAH etc

      rinse and repeat for as many channels as you like. of course, while all this is happening, you could be continually logging off and on, changing nicks or channels or sending to other servers in a predefined fashion. Perhaps the control connection could be over a DCC connection while the actual secure messages travel thru the IRC never to be found again. (Outband signaling).

      You could also combine this with email, SMS, web pages, etc to split the message up into as many channels and media as possible. And of course, you have to make the software client script driven so new scripts can be easily generated to stay ahead of any technology Big Brother could use to monitor it.

      Possible problems are pretty obvious: everything originally comes from your IP so anything between you and the network can be compromised. It's really pretty safe to assume that the core routers are compromised as well. Well, this is not the case. The order could be randomized and the complexity of putting it back together grows in proportion with the number of channels.

      The idea is to make it as much like chat as possible but not have any full packets of clear or encrypted text go out at once, preventing any easy way to view it. And the ability to change the patterns and behavior of the connecting and reconnecting would thwart anyone learning the way it works.
  • Juristiction? (Score:3, Insightful)

    by Folmer ( 827037 ) * on Wednesday November 24, 2004 @05:02PM (#10913139)
    Does anyone know if theyre allowed to "spy" on foreign citizen? If i chat on an european server with fellow europeans i cant see any way that they should be allowed to "spy" on me?
    • Heh, no of course not. Just like they don't monitor cell traffic out of the US. Remember in Afghanistan there for awhile, every time a cell phone call was made a cruise missile got launched.
    • Legally (theoretically) (yeah right) they are ONLY allowed to spy on foreign citizens/governments. The CIA jurisdiction is supposedly restricted to outside the borders of the U.S. (If those foreign governments/citizens object to being spied on by the U.S. it is up to them to try and obstruct such spying (counter-espionage)). The FBI has the jurisdiction for spying within the borders of the U.S.
    • Does anyone know if theyre allowed to "spy" on foreign citizen? If i chat on an european server with fellow europeans i cant see any way that they should be allowed to "spy" on me?

      I was under the impression that the CIA were *only* allowed to spy on foreigners and that the FBI had jurisdiction over the US. Nevertheless, I have absolutely no doubt whatsover that the CIA couldn't give a damn about the rights of foreigners. The US administration is only concerned with protecting US interests. The CIA take th

    • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Wednesday November 24, 2004 @05:18PM (#10913339)
      Does anyone know if theyre allowed to "spy" on foreign citizen?
      Are you trying to be funny? They're a spy agency. Their goal is to gather intelligence. You think the Chinese, Russians, Iranians, and Koreans love being spied on by the USA? The CIA can damn well spy on anyone they want to, at any time. And of course, the CIA isn't the only international organization spying on you, silly.
    • Re:Juristiction? (Score:5, Insightful)

      by qbzzt ( 11136 ) on Wednesday November 24, 2004 @05:26PM (#10913412)
      AFAIK, there is no international law about spying. This means that there is no rule that says that a government cannot spy on people in other countries. They don't need a search warrant or a wiretap warrant.

      This means that there is no law stopping the US government from spying on Europeans, or for that matter European governments from spying on people in the US. A government can even use this to bypass its own privacy regulations by having a friendly government spy on its citizens and getting that information.

      If you want to stop wiretapping, use encryption. Do not assume that a legal barrier is going to stop a secretive organization with little oversight into its activities.
      • Re:Juristiction? (Score:3, Interesting)

        by Ann Coulter ( 614889 )
        I'm curious as to rather or not there are any existing applications that allow for public key encryption of IRC traffic. It shouldn't be too difficult to have the regulars in a channel or room all use the said application. This application would probabily spam the room with unreadible junk from the viewpoint of anyone without a relevant private key but it would allow for secure communication in a chat area. If there is no such application, perhaps I should write one.
    • It is a public network. You should ASSUME one or more entities(people, groups, governments) are spying on you. IRC is as public as you can get, everyone on the channel has your ip address, there is no real authentication(without the extra services, non-required features) and no encryption.

      If you want to be free from this stuff, look at IIP or ssl(or similar) encryption, private networks and authentication.
    • What do you think the real job of the CIA is???

      Spying on foreign citizens and countries!

      In theory (yea right!) the CIA cannot spy within the US.

      In theory.......

  • Heh (Score:5, Informative)

    by FiReaNGeL ( 312636 ) <fireang3l.hotmail@com> on Wednesday November 24, 2004 @05:03PM (#10913146) Homepage
    So basically they received 150k to develop a logging bot? Not that it existed for the past 10 years... I sure hope their technology is more sophisticated than that. Even then, I don't think they'll get usefull info monitoring public chat rooms; its not like terrorists go to #terrorism to chat about their next plan.
    • /j #terrorism
      #terrorism unable to join channel (need correct key)
    • I sure hope their technology is more sophisticated than that.

      I'm guessing all the extra money is for technology to parse the chat logs and extract useful information. I mean, IRC has even more abbreviations and l337-speak than email or IM, so wouldn't it be harder to parse?

      I don't think they'll get usefull info monitoring public chat rooms; its not like terrorists go to #terrorism to chat about their next plan.

      That's a good point -- this isn't actually all that invasive. I'm a privacy nut (gonna join

    • So basically they received 150k to develop a logging bot? ... I sure hope their technology is more sophisticated than that.

      I don't and I've got lots of better thing to do with $150,000.

  • by EM Adams ( 463821 ) on Wednesday November 24, 2004 @05:03PM (#10913155)
    The only reason the government gets technology like this developed is intelligent people will do anything for their degree or grant money. Until we all stand together and refuse to help Americans spy on other Americans or any one else in the world our rights will continue to slowly errode because of people like the researchers at Rensellaer. Really, they are the ones who need to be punished by ostracizing them from the scientific community and their neighborhoods to make it clear that any one who accepts tax dollars to further the goals of Big Brother are not welcome in our hearts or minds as comrades.
    • *CIA_Silent_Running_botServ Activated ("comrades" key word - class naughty detected)
      ///Initiate background_check_with_extreme_prejudice @ user EM_Adams///
      ///Begin create_fake_logs in (#overthrow, #terrorcentral, #McVeyDaMan!)///
      ///AutoGenerate GitMo_Reservation///
    • ...and so many responses:
      • Somebody's going to get their grant money, so it might as well be me (metaphorically -- I'm not a researcher).
      • Science isn't about deciding right or wrong, it's about true or false. Right and wrong is what politics and religion is for (err, theoretically at least).
      • As an American, I have no problem with the CIA spying on foreigners -- that's what it's for!
      • IRC is public anyway. Snooping email is one thing, but logging public chat isn't a problem.
      • Yeah, and using mob tactics ("ost

    • The only reason the government gets technology like this developed is intelligent people will do anything for their degree or grant money.

      No, the only reason they get technology like this is because we allow them to ask for it. You think that if they offered enough money (say $157,673) that some company wouldn't jump to make this same product for them? Should we boycott IBM because they sell computers to the government which they then use to crack codes or monitor the Internet (Carnivore, etc)? Shou

  • don't worry (Score:5, Funny)

    by digid ( 259751 ) on Wednesday November 24, 2004 @05:03PM (#10913156)
    * digid slaps CIA-bot around a bit with a large trout
  • Umm... (Score:3, Interesting)

    by Anonymous Coward on Wednesday November 24, 2004 @05:05PM (#10913176)
    Isn't that considered interstate wiretapping?

    The last time I checked, federal law said you needed a warrant to do that.
    • heh, that was a good one.

      No, you are mistaken, this could be used to catch 'terrorists' and is thus above both the law and common sense (and judicial oversight).

      Good try though, better luck next time. /tongue-mostly-in-cheek
    • Re:Umm... (Score:3, Funny)

      by mr_burns ( 13129 )

      the last tine I checked, the patriot act made warrants easier to get than cooties on a playground. I think they come out of judges whenever they sneeze.

    • Re:Umm... (Score:2, Funny)

      by Anonymous Coward
      Sure, you need a warrant if you want to use the info in a court. If not. . .
  • for people to start using Secure Internet Live Conferencing.
    http://silcnet.org/ [silcnet.org]

  • How Soon... (Score:5, Funny)

    by Tackhead ( 54550 ) on Wednesday November 24, 2004 @05:06PM (#10913194)
    From the article:
    > How soon until all IM conversations are monitored by Big Brother?

    <musicfan> Hey, anyone got The Smiths - How Soon Is Now.mp *THUMPTHUMPTHUMP* "FEDERAL COPYRIGHT CZAR SQUAD! PUT DOWN THE HEADPHONES AND STEP AWAY FROM THE IPOD!"
    *** Disconnected

  • by 3Suns ( 250606 ) on Wednesday November 24, 2004 @05:06PM (#10913197) Homepage
    I don't see how people can be upset about monitoring chatrooms, unless they were actually doing something questionable with that data. As most of IRC is a completely public network by design, there is no expectation of privacy. And it's also well-known that your IP address is exposed to all those on the server.

    IM conversations are a different matter, though. There, the network is private, run by a company, and the expectation is that the conversations are private as well. It might very well be illegal for AOL (and other IM networks) to be monitoring individual IM sessions.
    • by mordors9 ( 665662 ) on Wednesday November 24, 2004 @05:11PM (#10913272)
      There ya go. Didn't Nixon say that, if you don't have anything to hide why do you want us to get a search warrant.
      • That's not my point. Talking on IRC is not a private conversation, and everybody knows that anyone can be listening and/or logging. You never need a warrant to, say, listen to a protester give a speech in public, which is also an example of non-private conversation.
    • by twitter ( 104583 ) on Wednesday November 24, 2004 @05:21PM (#10913368) Homepage Journal
      I don't see how people can be upset about monitoring chatrooms, unless they were actually doing something questionable with that data. As most of IRC is a completely public network by design, there is no expectation of privacy.

      It's easy to understand why I'm upset. You might understand the next time you pay your taxes. Remember that a fraction of your hard work is going to pay for your government to listen in on your conversations. Many people are making a living at it. I think they and my government have better uses for my money. I did not ask for it, I don't like it and I don't want to pay for it. it's also well-known that your IP address is exposed to all those on the server.

      If you don't mind that kind of thing, perhaps I can interest you in a few personal services. For the low price of $50/hr, I'll log all of the communications from your "exposed" IP address, cull what I want, damage your reputation by questioning your peers if I note anything suspicious and even charge you with crimes if you happen to say the wrong thing. Most of the work will be automated but I take no responsibility for the information being stolen by insurance companies, employers and other organizations that have a direct impact on your quality of life. By freedom of information, I'll be sure to let people know that I'm investigating you but I'll tell them that I'm an official government agency, so they won't question my motives and will instead turn their suspicions onto you. Sound like a good deal?

      Pay up!

    • IM is like a phone conversation. You talk with someone, and you "know" exactly who that someone is.

      IRC is more like a bar. You're talking to a bunch of people, and people come and go freely. Of course people can record what you're saying in a bar, just as they can record a log of what's said in an IRC channel, but would you go to a bar with the expectation of your every word being recorded?

      And, if you were in a bar and there was a high probability that your every word was being monitored, wouldn't you cho
    • There, the network is private, run by a company, and the expectation is that the conversations are private as well. It might very well be illegal for AOL (and other IM networks) to be monitoring individual IM sessions.

      I doubt it. Telcos (including wireless) are allowed to monitor any activity (incl. voice traffic) on their network, all in the name of network security and maintenance. Targetting specific person or persons and following their calls through a network (aka wireless) would probably be crossing
  • by darkmayo ( 251580 ) on Wednesday November 24, 2004 @05:07PM (#10913206)
    They are just trying to find the best quotes and submit them to bash.org

    • by bersl2 ( 689221 ) on Wednesday November 24, 2004 @05:15PM (#10913309) Journal
      #88575 +(3525)- [X]

      <Stormrider> I should bomb something
      <Stormrider> ...and it's off the cuff remarks like that that are the reason I don't log chats
      <Stormrider> Just in case the FBI ever needs anything on me
      <Elzie_Ann> I'm sure they can just get it from someone who DOES log chats.
      *** FBI has joined #gamecubecafe
      <FBI> We saw it anyway.
      *** FBI has quit IRC (Quit: )
      Wrong agency, but still funny.
  • I've been wondering for years why I don't see any chatroom bots built on Eliza or Alice. It seems to me these could be much more useful in both advertising and gathering information.

    Has anyone ever tried this?

    • Re:Eliza anyone? (Score:2, Informative)

      by stratjakt ( 596332 )
      Sure, there are plenty of them.

      Here's [jibble.org] the first google hit for "irc bot ai", there are plenty more.

      I don't think they're useful, but they can be entertaining when some leghumping 15 year old kid gets into a fight with, or hits on one.

  • Big Brother is watching j00
  • Would fund one PhD researcher for 1.5 years here. You cannot do very much with that, especially if people are trying to hide.

    Seems to me this is more a shot in the dark.
  • by Magickcat ( 768797 ) on Wednesday November 24, 2004 @05:11PM (#10913270)
    Anyone who thinks that the CIA doesn't already have systems to automatically monitor email, chatrooms etc - needs to read a bit more on intelligence technology. This would fall under "Echelon" [hiwaay.net] anyhow.

    The NSF might lack the tools, but I sincerely doubt that the CIA are developing these sorts of very basic tools. More likely, the NSF aren't given access or information on the extent of CIA information gathering.

    Also, I imagine such a news article makes the public likely to believe that the technology isn't already in active use.

  • threat models (Score:4, Insightful)

    by ConsumedByTV ( 243497 ) on Wednesday November 24, 2004 @05:12PM (#10913280) Homepage
    The CIA is still being semi-passive here. It's shady seeming, but I think if you can join freely, they can as well.

    This surpasses basic monitoring of clear text protocols like irc but it still doesn't have the ability to monitor where you must actually be a part of a community. If you use irc over SSL, you're in the clear from passive and undetectable monitoring. This obviously gets around that but it means that they will have some interesting people poking around with people who normally do the poking on networks.

    The rand corp goes one step further and seeks to hire people to become members of groups by being an outright spy. Pretty interesting stuff. It was on cypherpunks a while back.

    It should be assumed that if you don't use encryption, it can be monitored. If you use encryption (irc over ssl, silc, etc) in a broadcast medium (for an entire room), you should assume it's monitored also. It would just have to be monitored by an agent of some sort.

    It's all about the threat model you're up against.
  • I've always assumed that AIM conversations were subject to some kind of monitoring, if just the most cursory scanning for certain keywords. Why else would all traffic need to go through AOL-controlled servers?
  • I had a nightmare the other night that the NSA was after me for posting pictures on the Internet that made fun of George W Bush.
  • by Fencepost ( 107992 ) * on Wednesday November 24, 2004 @05:25PM (#10913407) Journal
    I'd have figured something like that would've gone into place quite some time ago, at least on the larger IRC networks (EFNet, Dalnet, whatever they are these days).

    All you really need is the servers at a few of the nodes to be running logging software, and it wouldn't even need to be running in the context of the IRC server - it'd just need to be tracking the inbound and outbound traffic. It wouldn't catch everything, but you'd get a fair amount of it and probably get enough to tell you what areas needed more examination.

    Similarly, I assume that just about everything on Usenet is monitored and saved by at least a few agencies domestic and foreign, if not more. How much would Giganews charge for a full feed? That's not going to be a lot of use against one-way traffic, but discussions would almost certainly be trackable.

    As with many things the information stream itself is relatively easy and inexpensive to get access to, but extracting good information out of it is likely to be harder. I wouldn't be surprised if a big chunk of the money they're giving out is related more to the analysis of that sort of information stream (and existing store) than to the simple acquisition of data.

  • by Doc Ruby ( 173196 ) on Wednesday November 24, 2004 @05:26PM (#10913415) Homepage Journal
    The CIA should be operating in public spaces - there's little expectation of privacy in public. joeschmo can watch IRC traffic, so spy007.exe should be able, too. The control points on this activity lie at a slightly deeper level: we need a definition of "public" vs. "private" on the Internet that can work in courts and congresses as well as in compilers and chatrooms. And the CIA, or any organization (government, corporate, NGO or otherwise) must abide copyright constraints, which include right to copy personal info (including message traffic) for the express purpose in the license. In the case of the CIA, that means info that is read from public data must be either immediately discarded, for the purpose of separating data relevant to an operation from that which is not; or, if stored, it must be directly relevant to an operation. That further requires the CIA define the scopes of its operations sufficient for Congressional oversight to second-guess decisions of what data to retain.

    Of course, cynics (like me ;) will say that once the CIA is operating at all in this medium (it surely already is), the finer points of policy and law will be given mere lip service, and abuse will be the norm. Unfortunately, the CIA has Americans over a barrel: their legitimate service is essential, while their unaccountability is lethal, in the survival of our society. This issue doesn't change that dilemma, though it forces the issue - and ought to pressure exactly these kind of delineations. Since the current purges at the CIA seem likely to merely institutionalize the Iran/Contra CIA abuses to the exclusion of any legitimate control, we who understand these issues can at least understand their workable boundaries, and enforce them ourselves, for ourselves. Like comprehensive crypto for messaging, which defines an expectation of privacy, whether defensible from CIA codebreaking filters or not. It's all we've got, and will be harder for the CIA, or any other prying eyes, to casually violate, either on the Net or in a court.
  • If you read the RFC for IRC, you'll see that they have planned for a secure model. The only problem is that no one uses the mode.
  • by ztirffritz ( 754606 ) on Wednesday November 24, 2004 @05:34PM (#10913484)
    I personally welcome our CIA...you know, this is getting to be really old and boring. I say "F@CK the CIA Overlords" We're all moving to Canada!
  • This is the CIA? (Score:2, Insightful)

    by sokoban ( 142301 )
    Okay, so one of the largest and most complex intelligence organizations in the world is dropping $150k on getting a college to make a really complex chat logging system. How lame is that. Shouldn't the CIA have their own people that specialize in this kind of thing? Also, why are they getting the NSF to help fund it? $150000 is peanuts to these folks. They have a $40 billion or so budget. If something is this critical to "national security" doesn't it deserve more than .0004% of your resources?
  • logs can be edited way too easy. They shouldn't be allowed as evidence, hence can't be used to get warrants or anything.

    GG CIA, you lose.
  • So that's massive amounts of money, countless hours of research... for what. An eggdrop bot?
  • by Cryofan ( 194126 ) on Wednesday November 24, 2004 @05:42PM (#10913555) Journal
    Actually, this would not be that bad an idea, if only, IF ONLY, our government actually represented th average citizen, and NOT the corporations and the investors.

    Until we can control our govts, something like this is just a bad thing.

  • On a whim, I cobbled together a very basic chatroom scanner using Access (for storage), mIRC, and some VB a few years ago.

    Basic scanning, and parsing is very easy to do, and then you just need some "ai" in the background to scan the data and report/perform an action when patterns are matched.

    I'm sure the feds are looking at a much more serious creation than I was, but I'm sure the concept's similar. The scary thing, to me at least, is that they're probably going at it from a server level, so they coul
  • Good luck (Score:3, Insightful)

    by Gadzinka ( 256729 ) <rrw@hell.pl> on Wednesday November 24, 2004 @06:13PM (#10913887) Journal
    Been tired of the kids monkeying around on IRC years ago and switched to Jabber. Good luck in monitoring my conversations on private servers with SSL connections and end-to-end PGP encryption. Distributed networks of servers like email or jabber (and unlike msn messenger, yahoo, aim, icq etc) seem to have other advantages, besides the "load balancing".

    Or good luck to listening to my Skype conversations. Although, knowing that Skype is closed source and proprietary, I have absolutely no guarantee, that their claim of AES encryption gives me any protection/privacy. Just recently there was thread on /. about "encrypted" usb-flash keys that kept password in plaintext on the key.

    Or couple of years ago, I've had to convince my boss that "security" of MDaemon on Windows does not exist. I sat to its password files, noticed something peculiar about them and broke the "secret algorithm" in about 4hrs. Passwords were not even xored, they were summed[1] with "secret" and encoded with base64. The secret was "The setup process could not create the necessary system accout MDaemon".

    Robert

    [1] you know: (passwd[n] + secret[n]) & 0xff
  • by Chatmag ( 646500 ) <editor@chatmag.com> on Wednesday November 24, 2004 @06:23PM (#10913980) Homepage Journal
    A related proposal, involving "uniformed" police to monitor chat rooms, was announced June 9th 2004 Cyber Cops to Patrol Internet Chat Rooms [cnn.com] We polled over 100 IRCops and Server Administrators and posted the results at: Chat Network Operators and Users Wary of Uniformed Police Presence [chatmag.com]

Things are not as simple as they seems at first. - Edward Thorp

Working...