IRC (Internet Relay Chat) is a micro-world of its own, filled with all kinds of characters—an ecosystem that can remind you of everything from a text-based version of Blade Runner to a cyber version of ham radio.
It’s used for many good purposes, but the darker side of IRC is its common use by hackers. The indefatigable PaperGhost has spent countless hours on IRC, hunting down nasty malware that might not have been found otherwise. It’s also used by malware itself, something for which Symantec gained some mild attention a while back — Norton Antivirus kicked you off an IRC session if you used the words “startkeylogger” or “stopkeylogger”. It was babyhood a bit, but I think most would see it has normal heuristics doing their job (in this case, better to have a false positive than to not catch it at all..).
IRC is also being used for Advance Fee Fraud (419 scams). Recently on a private IRC newsgroup, I saw this reported by security researcher FiXato
[2006-05-12 - 14:05:22] am looking for hackers with logins and drops. i have hsbc am not buying it from you we have to share the real money together.
[2006-05-12 - 14:05:23] am loking for hackers who knows about logins and drops. i have hsbc
This piqued my interest. This fellow is looking for a “hacker” who knows about “logins and drops” (drops being places to store stolen data). He has “hsbc”, which assumably means he has stolen data from customers of HSBC bank (The Hongkong and Shanghai Banking Corporation).
Is this from phishing? A keylogger?
NetRange: 188.8.131.52 - 184.108.40.206
country: EU # country is really somewhere in African Region
So, it looks like it was some naughty, naughty Nigerian, quite likely looking to hook a hacker into a 419 scam.
Spadge tells me that he’s seen quite a few of these. They start looking for hackers, and before you know it, “they are asking you to get them a loan so they can study in the US”.
Spadge hunted around and gave me an example a typical conversation, this one encountered a while back with some hapless scammer who goes by “bcky”. Check this out:
[23:19] what, no space bar?
[23:19] what about?
[23:22] I see.
[23:24] I don't talk to people who don't use spaces between words.
[23:24] ok sorry abt this
[23:24] what did you want to know about hacking?
[23:24] well how to host website to get somedetails
[23:25] hosting a website is easy. what details do you want to get?
[23:25] bank logins
[23:27] to know and get the logins for online transfer
[23:27] are u there
[23:27] sometimes, I wonder if the internet exists in nigeria solely for some kind of crime or money making scam.
[23:28] well i think so but things are not like that
[23:30] but there some people not using it for crime nor scam
[23:31] but you don't think you'd like to be one of them
[23:31] i think to be one of the but the economy situation here
[23:32] but am thinking of being one of them very soon so i can leave the scam of a thing
[23:34] I would strongly advise against any kind of internet scam or identity theft or other kind of theft. Anonymity online is a myth.
[23:35] but can u help me for the last time and i stop.....do u know why i am into this ?
[23:36] I can't help anyone do anything illegal for any kind of material gain.
[23:36] and no, I don't know why.
[23:36] well i was give a scholarship to study in the USA but i need to pay certain amount after the scholarship
[23:37] i wrote to the state government here to help me on this but they said no
[23:37] and that is why am looking for Bank logins to make the transfer for the school
[23:38] i can show u proof for this
[23:38] you will get caught, and you will not be allowed to go to the US ever.
[23:38] though it is not good but I am being frustrated to doing this
[23:39] am not doing for livin jst to get my school fee paid
[23:39] if u could help me
[23:40] I can't
[23:43] i mean if u can get me a loan
Session Close: Tue Dec 06 23:53:23 2005
So there it is. Nigerian 419ers trying to find hackers to scam out of money. Poetic, isn’t it?
Of course, there are may be real hackers out there looking to collaborate, and that’s why it may not always easy to see through these setups. But as Spadge says “In my experience they are always working some scam. They offer lucrative rewards for help with illegal activities. This is so that when you get ripped off, as you can't go to the police.”
In his eyes, it’s “exactly the same as the original ‘I am the former attache to the former finance minister… with millions of dollars” 419 scam, only modernised for the internet generation. Needless to say, they aren't actually involved in doing said illegal activities, they just want to get your money off you somehow.”