The Undernet is the third largest real-time Internet Relay Chat (IRC) network, with approximately 40 servers connecting people worldwide.
Have you ever heard of IRC before? If you’ve been following cybercrime stories for a long while, you’re bound to have done so. IRC channels played a role in many threat groups’ activities, like those of the infamous Russian Business Network (RBN) in the 2000s.
- Why Do Cybercriminals Favor Using IRC Channels?
- Who Developed the Undernet?
- Is the Undernet Safe to Use?
- How Does the Undernet Protect Its Users?
- Is the Undernet Easy to Use?
- Current List of Undernet Servers
- What Factors Contribute to the Undernet’s Success to This Day?
- Key Takeaways
Read More about the Undernet
As mentioned above, the RBN took advantage of IRC servers to provide the first blackhat hosting services. They gave cybercriminals a means to host their malicious web pages without fear of getting identified. While they didn’t necessarily use the Undernet, they utilized a similar platform to make anonymity possible for their threat actor clients.
Why Do Cybercriminals Favor Using IRC Channels?
IRC platforms like the Undernet give threat actors a simple and low-bandwidth means to communicate with one another. They also make it easy to host centralized servers that can remotely control botnets for malware distribution and small-scale distributed denial-of-service (DDoS) attacks.
On the plus side, IRC traffic is encrypted, allowing users to maintain anonymity throughout their communication.
Coreflood, which surfaced in 2010, is an example of an IRC botnet. According to the Federal Bureau of Investigation (FBI), it infected “approximately 17 state or local government agencies, including one police department; three airports; two defense contractors; five banks or financial institutions; approximately 30 colleges or universities; approximately 20 hospital or healthcare companies; and hundreds of businesses.”
Hildegard, meanwhile, is an example of a malware variant that uses an IRC channel for command and control (C&C) and remains active to this day.
Who Developed the Undernet?
Danny Mitchell, Donald Lambert, and Laurent Demally created the Undernet in October 1992. It was initially an experimental network that used custom software to use less bandwidth and be less chaotic than its predecessor EFnet. At that time, netsplits and takeovers were also plaguing EFnet, and several small IRC networks closed shop soon after they cropped up.
Given its stability, the Undernet has become one of the largest and oldest IRC networks.
Is the Undernet Safe to Use?
Cybercriminals often abuse IRC platforms, so you may wonder if using them is safe.
The Undernet provides server software and services that protect its network from abuse. That said, it should be safe to use for legitimate purposes.
How Does the Undernet Protect Its Users?
The Undernet protects legitimate users via its Channel Service, which uses X to maintain all registered channels on the network. It also gives channel managers an effective way to maintain their userlist and banlist.
Is the Undernet Easy to Use?
Undernet usage can be complicated at first. Fortunately, its developers maintain OpSchool that has online sessions for channel managers, channel operators, or anyone interested in using it.
Current List of Undernet Servers
The Undernet’s current list of servers include:
What Factors Contribute to the Undernet’s Success to This Day?
The Undernet has survived all these years primarily because of its contributors that span way more than its developers, administrators, and operators. It has at least four committees that make it work, namely:
- Coder Committee: It continues to develop the IRC protocol to make the Undernet a more efficient chat network.
- Undernet Channel Service: It provides an easy way to register channels to maintain channel stability, prevent takeovers, and manage banlists and userlists. It also hosts special online classes so users can learn about the ins and outs of channel management.
- Undernet Routing Committee: It reviews IRC servers and evaluates new applications for them in the U.S., Canada, and Europe. That way, the Undernet will only link the most qualified servers to keep the network as efficient and lag-free as possible.
- Undernet User Committee: It is the sounding board for thoughts and proposals from Undernet users. It also supervises related projects to make the Undernet a better network.
- The Undernet is the third largest real-time IRC network, with approximately 40 servers connecting people worldwide.
- Threat actors favor using IRC platforms because they provide a simple and low-bandwidth means to communicate with one another. They also make it easy to host centralized servers that can remotely control botnets for malware distribution and small-scale DDoS attacks. On the plus side, IRC traffic is encrypted, allowing users to maintain anonymity throughout their communication.
- The Undernet protects legitimate users via its Channel Service, which uses X to maintain all registered channels on the network. It also gives channel managers an effective way to maintain their userlist and banlist.