Hacker hits IRC network Undernet with denial-of-service attack

Internet Relay Chat (IRC) is one of the Internet's largest and best-established chat systems, predating such technologies as America Online's instant messaging services AOL Instant Messenger and ICQ. It has millions of users.

A number of Internet service providers hosting Undernet servers--including some in the United States, the Netherlands and France--have been hit with distributed denial-of-service (DDoS) attacks.

A DDoS attack involves bombarding a server with a tidal wave of data from many different hacked machines at many different locations. According to Undernet, some ISPs have been bombarded with 100MB of data per second.

DDoS attacks jumped to prominence earlier this year when such attacks were blamed for temporarily bringing down Web sites of major Internet companies. In February, Yahoo, eBay, E*Trade, Amazon.com, the FBI and other sites were inundate by floods of fake information requests that crippled the sites and in many cases effectively shut them down.

One IRC server system administrator--who spoke on condition of anonymity so his servers would not become a target--said Monday that the attacks appear to be coming from hundreds of remote machines taken over by a single hacker based in Romania. He also suggests that Romania lacks the legal infrastructure to deal with the attacks.

"This is a big problem since the Romanian hackers' community is very active," he says. "We don't want to close IRC, but there is truly a lack of interest from the authorities about it."

Undernet issued a statement on its Web site Sunday suggesting that the situation threatens the existence of its IRC service.

"To put it simply, we cannot provide you with a free and stable IRC service if that means the companies providing that service must continually suffer the loss of customers and revenue, the cost is simply too great. This ongoing problem threatens the existence of IRC as one of the 'classic' Internet services," reads the statement.

Richard Stagg, senior security architect with security firm IRM, says that this type of attack is especially nasty. "Distributed attacks are the most dangerous sort of denial-of-service attacks because they are very hard to shut down, especially in countries that don't have the legal infrastructure," he said.

Stagg said it is fairly simple to write a script that will allow IRC servers to be targeted. He agreed that this situation shows the need for greater cooperation between international law enforcement agencies.

Another system administrator who also spoke on condition of anonymity said that the attacks were likely to be the result of some IRC channel feud.

Undernet is one of the largest IRC networks in the world, with 45 servers in 35 countries connecting more than 100,000 different people every week.