[mschuster91]

I wonder, why DDoS the IRC servers, if you can find out the IP addresses of the "offending" users via /WHOIS and then inject TCP FIN packets to disrupt their connections.

After all the NSA has the capability to do very deep going traffic manipulation as proven with Quantum Insert, so why not use it here?

[vinkelhake]

QuakeNet makes it trivial for a user to hide their IP from other users on the network. If you are registered with Q (a network service) and set mode +x on yourself, you will now have the host username.users.quakenet.org.

[dewey]

/whois doesn't work if you are cloaking your hostname or just connect via tor/vpn or just some random place. Probably easier to just target the central node.

[mschuster91]

Yeah, but how many scriptkiddies use a VPN or apply for cloaks? Next to zero for most of them.

Also, I bet my behind that the NSA has epxloits for the most popular IRCd's, so that only tor/vpn are a real problem for them (and besides, even these connections can be shot with TCP FIN injections).

[dmix]

Actually the vast majority of script kiddies and "cyber criminals" use VPNs. The problem is that they have a habit of accidentally connecting to servers without always turning on their VPNs. They lack professional discipline, not toolsets.

[corin_]

On plenty of networks (it's been years since I was on IRC, so unsure which IRCd's support it, but iirc both Quakenet and Freenode do in slightly different ways) even support host-masking as long as you are auth'd on the network - of course, IRCops could still find out, so a subpoena (or hacking into the servers) could see it, but prevents /whois from telling you at least.

(I think some networks even partially hide your IP by default anyway)

[baldfat]

Scriptkiddies have very good how to guides and they are always shown to hide their IP address.

[caf]

I tend to doubt that there's many exploits out there for the popular ircds, because IRC is such a hostile environment - ircd is probably one of the most battle-hardened codebases out there.

[pera]

"inject TCP FIN packets"? really?? that would be like making a public statement saying "HI WE ARE THE NSA FUCK YOUR INTERNETS"

Sorry but no, that's not the way they do it....

[PavlovsCat]

Even assuming there would have been a valid reason for law enforcement to disrupt the communications of those individuals, how could an intelligence agency be justified in doing so?

[RamiK]

Try to remember the NSA is an intelligence agency, not a law enforcement agency. They're not interested in producing evidence and bringing anything to trial.* Rather, they're targeting anonymity and privacy in all forms since these oppose their core mission (Signals Intelligence (SIGINT) and Information Assurance (IA)... http://www.nsa.gov/about/mission/index.shtml).

* Though through inter-agency collaboration, they tip off other agencies when they have something...

[PavlovsCat]

I still don't see how disrupting the ability of individuals to communicate with each other does anything to undermine anonymity and privacy.

[RamiK]

For this discussion's sake, there are two forms of communication: (1) The public forum you can meet up with new people and talk. (2) And the direct message sending kind like phones and emails. Though the NSA is actively monitoring both, here we're discussing the latter.

With that out of the way, they're targeting the former in-order to make it impossible for people to come together and organise privately and anonymously around subversive ideas.

The specifics of targeting IRC are probably tied to the efficiency of the protocol which allows very cheap hardware and minimal bandwidth to the extent that non-complying private foreigners may provide a free forum the government can't control.