~ IRC Anonymity ~
         Back to irc lore   

published at searchlores in February 2003

Internet Relay Chat Anonymity
by Kane

I'm writing this essay with the primary goal of being anonymous while searching for files on IRC, it's not an introduction to IRC if your looking for one of those try here. Its secondary goal is to allow you to stay anonymous while searching for information by whatever means necessary, be that trolling or stalking or other methods. IRC has its own little mini cultures all huddled into their own corners, you just have to know which rock to turn over to get the information you need. But overall this essay can probably be used for other purposes, such as annoying the lonesome people who sit in #teen waiting for nicks such as Tiffany17 to join, in other words it's entirely up to you what you use it for.

Topics covered in this essay:

Why Would I Want to Hide In the First Place

There are many reasons why someone wishes to be anonymous on IRC. The main reason is the same reason many people wish to cloak themselves while surfing webpages. As the webpages you surf log your visits, IRC servers log your public chats, so anything you say in a #channel or when you /MSG someone is most likely logged. Some IRC servers such as irc.box.sk used to publish its public channel logs onto its website. If the servers logging you wasn't bad enough, the people who sit in the channels often log as well. Included in these logs is your nickname, your username if your on a public machine with ident (getting less and less common these days) your IP address/hostmask and whatever you talk about in the channel. These things are the cornerstone of stalking someone or stealing their identify, your IP address can be traced back to what country and maybe even city with a simple whois query, after that they just have to narrow it down by combing and klebing through databases such as the web to see if you posted to any message boards or sites. Armed with information like your ICQ number and interests, which they might have got from sites or posts you made to usenet they can close the gap even more by looking up your ICQ user details which may have your real name in it. I recently stalked someone on the ~S~ message board using these tricks, but he will remain nameless :) you know who you are.

So your thinking so what, I don't leave paper trails around the web for people to follow. Well that's a good defense against stalkers, but there are a lot of people interested in what goes on in IRC with a few more resources at hand. The two examples that I can recall is firstly a hit by the BSA, arresting a few kids with cable modems who were distributing warez. After this happened a lot of suspicious people started to appear on the IRC networks, people who actually filled out their real name fields in their clients with what appeared to be real names. They used to talk conservatively, with no hint of any chat slang, which made them stick out like a sore thumb. They disappeared after a few days, or at least stopped having such a blatant presence, but it wouldn't surprise me if they and many others on the commercial side of things patrol around on IRC these days. The Second example of what roams around IRC other than stalkers and anti-(warez/porn) agencies, is journalists. They love a good story, especially one that smells of billions of dollars lost, here's a good one regarding ebooks "Pirates invade book publishing". The day after the article was published along came the commercial zombies again, not BSA this time but people with the same inability to actually cloak themselves from looking like a corporate suit inside a crowd of tshirts and jeans.

The other threats you might encounter on IRC other than logging and stalking, are mainly people trying to exploit trojans or holes in your operating system. Most of these type of attacks can be blocked with a firewall such as kerio personal firewall, and a brain. The people just a little bit higher up in the echelon from the zombies who are infected with trojans, is the ones who actually try to infect you with them (they were probably infected themself not so long ago and thought gee what a great thing to do), they run scripts which when you join a channel will auto send you a .pif or a .vbs, with the name of britneyspearsnude.jpg.pif, or some other zombie keyword, dumb? oh yes, but it infects 1000s of people running windows which has a habit of turning off file extensions by default. One attack which is harder to avoid is DDoS (Distributed Denial of Service), its more popular on IRC networks that don't use nickname registration services such as EFnet, if you happen to use a nick that someone else thinks they *own*, they often try to send so much data down your connection that you get disconnected from IRC or the net altogether. The only solution to this attack is cloaking your IP, and this is only a partial solution.

Methods of Hiding

Choosing a Nickname That Blends In

There was an article published on searchlores a while ago, about evil nicks and the meanings behind them. Were not interested in evil nicks here (unless you want to fit into some kind of underground scene channel like #2600), but we are interested in picking one that will fit into the atmosphere of whatever room were sitting in so we don't attract unnecessary attention. The first thing is never use a female nickname, there are times when a female nickname is very useful, mostly when you want something, because men on IRC will walk upside-down and backwards to give help to some innocent girl who appears helpless, however for anonymity its most certainly a bad thing. The best way to pick a nick depends on what type of channel your visiting, for content specific channels like warez, emulation, mp3, you can pick almost anything to do with the topics of those channels for example warezguy/mp3guy/emuman. If your visiting a chat channel, your going to have to put more thought into it, unlike the channels where you get files the chat channels normally have people paying attention to who's coming and going. If its standard chat just pick any normal male name like brad42, if its technical like linux or security related, names start to give you away more, especially if your trolling in these channels. Your best bet is to use both names, first and last (made up of course) in your nick, like say the name was Tom Sawyer, shorten it to TSaw and put Tom Sawyer into the real name field of your irc client.

Topics Beyond the Scope of This Essay

There's a few things that I can think of that you may wish to look into regarding IRC anonymity which isn't covered above, one is just a variant of paying for a shell account like in the above section about the bouncers, except instead of using a bouncer you just telnet/ssh to the shell and run an IRC client like BitchX directly from the shell itself. Secondly a trick called DNS poisoning. By using this method you spoof your real IP to the DNS server by cache poisoning, so when you connect to IRC it appears that your someone else. It has a lot more use than just hiding your IP on IRC, it also takes a lot more effort and research to pull off since its been heavily cracked down upon recently. For those interested SANS has an article on it here. Finally, the sub7 trojan has a plugin which acts as a bouncer, but I'm not going to write up on how to find and use infected zombie boxes here, the best info for this I'll give you is a whitepaper wrote by fyodor, The Art of Port Scanning.

Further Reading

IRC Privacy Guide at All-Nettools

Invisible IRC Project


Back to irc lore

(c) III Millennium: [fravia+], all rights reserved