Services and IRCop Impersonators

Version 1.0.2


Last revised by Fredfred () on 2005-11-12

Originally written by Kzoo (), LadyDana (), and Pyr0s () on 2001-01-22

Please direct any comments or feedback about this document (only! no help requests!) to docs@dal.net. If you need help on issues not covered in this document, please see the information at http://help.dal.net.

Introduction

New DALnet users are sometimes tricked into giving their passwords to someone posing as DALnet Services or as an IRC Operator. Services Impersonators attempt to fool users by sending out notices that resemble the ones used by the real DALnet Services whereas fake IRC Operators use intimidation. In both cases, they play on the new user's lack of experience. Sometimes users need help and seek it from somebody who is not an actual IRCop. They might then give away passwords and other information to the wrong person.

The purpose of this document is to show how to recognize the real DALnet services or a real IRCop. It will also give you an idea of what things to look out for when identifying impostors.

Contents

1 · Services Impersonators

Users who want to steal nickname passwords often try to impersonate DALnet Services and ask you for your passwords in private. If you don't want to lose your nickname, there are a few things that you must absolutely take into consideration.

First of all, you should never use your DALnet password on another network and you should change it on a regular basis - just don't forget it. :)

Many users have lost their nicknames in the past after joining another network and giving out their password to Services on that network.

It may also be a good idea to type out commands in the Status window (if you have one) so that you will not accidentally give away your passwords to an open channel or to a private chat window.

Secondly, it is very important that you learn how to recognize fake Services on DALnet.

1.1 Ways to Identify to NickServ

There are many ways to identify to DALnet Services; some are secure, some are not. Let's take a look at what Nickserv teaches you to do.

If you use a registered nickname, you will get:

-NickServ- This nick is owned by someone else. Please choose another.
-NickServ- If this is your nick, type: /msg NickServ@services.dal.net IDENTIFY password

The ENFORCE option is now set by default after the complete nickname registration. If you have the ENFORCE option turned on then you will see a third line:

-NickServ- Your nick will be changed in 60 seconds if you do not comply.

Therefore, you should use:

/msg NickServ@services.dal.net IDENTIFY password

or one of the other built-in commands for identifying to NickServ.

These built-in commands are:

/nickserv IDENTIFY password
/identify password
/services IDENTIFY password

For those who wish to identify to a nick that they are not using at the time, these variations are available:

/nickserv IDENTIFY nick password
/identify nick password
/services IDENTIFY nick password

Please keep in mind that your IRC client may prevent you from using one of the above mentioned built-in commands. In those cases, we advise you to use the /quote prefix in order to send your identification command directly to the server.

Examples:

/quote nickserv IDENTIFY password
/quote identify password
/quote services IDENTIFY password

Finally, remember these commands and do not use any other variations. DALnet is not going to change NickServ to another name. If you are in doubt about this, you can always ask in one of the DALnet help channels such as #DALnetHelp, #Help or #IRCHelp.

1.2 Ways to Identify to ChanServ

As with NickServ, the standard way to identify to ChanServ would be:

/msg chanserv@services.dal.net IDENTIFY #channel password

There are also the three built-in commands:

/chanserv IDENTIFY #channel password
/identify #channel password
/services IDENTIFY #channel password

Once again, if you run into problems with your IRC client then use the /quote prefix to get around the limitation:

/quote chanserv IDENTIFY #channel password
/quote identify #channel password
/quote services IDENTIFY #channel password

If you are not sure about something then go to one of the DALnet help channels and ask. #DALnetHelp, #Help and #IRCHelp are always available to you.

1.3 Auto-Identification Scripts

DALnet does not support or encourage the use of auto-identification scripts. Scripts are tricky things. There are many people who attempt to steal passwords by providing a script that slips them a constant report of what you are doing while chatting on-line.

In addition, it is quite easy for someone else who has access to your script to retrieve the password. It has also happened that users have accidentally sent out their nickname and channel passwords to other users when they wanted to share their scripts.

An insecure script may also send the password to a services impersonator instead of the real Services.

1.4 'Fake' DALnet Services Ploys

Frequently, impostors try to impersonate DALnet Services. The most popular way is to use a nickname with a very similar spelling to the actual Services. Before we continue, you should have a good idea of what the real Services look like.

NickServ is service@dal.net * Nick Registration Service
NickServ using services.dal.net DALnet services home base
NickServ End of /WHOIS list.

ChanServ is service@dal.net * Channel Registration Service
ChanServ using services.dal.net DALnet services home base
ChanServ End of /WHOIS list.

Note: It is normal to see ChanServ on different channels every time you /whois ChanServ, as it constantly joins channels to masskick. For example:

ChanServ on @#randomchannel #Dragonrealm #chatzone

Services Impersonators will attempt to deceive you by adopting nicks and Real Name fields that are similar to one actually used by Services. The following would be a good example:

NickSrve is service@mc-38-214.tm.net.my * Nick Registration Service
NickSrve using twisted.ma.us.dal.net Global NAPs - Quincy, MA
NickSrve End of /WHOIS list.

Since they want to trick you into giving out their password, they will send out notices that are similar to, or exactly like the ones sent out by Services:

-NickSeve- This nick is owned by someone else. Please choose another.
-NickSeve- If this is your nick, type: /msg NickSeve IDENTIFY password
-NickSeve- Your nick will be changed in 60 seconds if you do not comply.

There are myriad nicks that Services impersonators come up with every day. It is impossible to list them all, however, you should always be wary of anything that asks you to use a command not mentioned previously in section 1.1. Another good way of recognizing Services impersonators is to note which server they are on. The real DALnet Services will always be located on services.dal.net.

On occasion, Services Impersonators will go one step further by claiming that your nick or channel will drop unless you identify to them or that they are some type of "back-up" services. Do not pay them any attention. You can always ask in one of the help channels if you feel they sound genuine.

2 · IRCop Impersonators

In addition to users who pretend to be Services, there are also a lot of users around who pretend to be IRC Operators. They may resort to threats ("you will be klined" is a popular one) in order to intimidate you or they may act helpful in order to trick information out of you. Either way, they do not have your best interests at heart.

2.1 Telling Passwords

Never tell your password to someone who messages you and asks for it. DALnet staff do not message users and ask for passwords. DALnet will not send you mail and ask for passwords. If you get a sudden message asking for a password, you can assume it is not for a good reason.

2.2 How to Tell an IRC Operator?

When a person is given IRC Operator privileges, it is written into the IRCd of a particular server. The IRCd is a program which coordinates everything that happens on DALnet with all the other servers. It has various other functions which are not important to this document. Because the IRC Operator privileges are written into the IRCD, it recognizes the IRC Operator when this Operator issues a special command. This is often called 'opering up'. When an IRC Operator 'opers up', the IRCD recognizes the privileges this person has and adds a separate line to the IRC Operator's /whois. This line is by itself and says,

Heathcliff is an IRC Operator

When you look at all the information for someone you think may be an IRC Operator, it would look something like this:

Heathcliff is moi@pp326.sometimes.net * Wherever you go, there you are.
Heathcliff using jade.va.us.dal.net Hell hath no fury like a woman scorned for Sega.
Heathcliff has identified for this nick
Heathcliff is an IRC Operator - Services Administrator
Heathcliff End of /WHOIS list.

If you do not see that line by itself in a /whois, someone is trying to fool you. If you think that perhaps this person might be an IRC Operator, ask him or her to 'oper up' and then look for that line in the /whois. If it doesn't show, run quickly in another direction and put this person on ignore if they continue to bother you.

2.3 'Fake' IRC Operator Ploys

There are many ways someone may try to appear to be an IRC Operator. One of the most frequent is to have the word 'oper' in his or her nick or username. Here are some examples.

OperHelper is IRCop@DL34.really.net * IRC Operator

IRCopper is oper@23673.pretend.net * I'm a IRCop and I'm gonna get you

Another thing a fake oper might do is to put an away message in his or her /whois to try to simulate the statement on a single line. An example of this might be,

OperMan is MircOper@ppp317.wonderful.net * Your busy IRC Operator
OperMan using jade.va.us.dal.net Hell hath no fury like a woman scorned for Sega.
OperMan is away: IRC Operator - Services Administrator
OperMan has been idle 18mins 12secs, signed on Sat Oct 21 19:12:13
OperMan End of /WHOIS list.

Look at the difference between these lines.

Heathcliff is an IRC Operator - Services Administrator (the real thing)

OperMan is away: IRC Operator - Services Administrator (a fake)

Notice the : after the word 'away'. This person has set an away message to try to look like a real oper. Notice also that this user has not identified to that nick. It probably isn't registered. There are some nicks which have been abused so much by people pretending to be opers, that they are no longer permitted to be registered. You may also have seen that this person seems to be bragging about being an IRC operator in just about any way he can. Real opers don't have the need for all this bragging. The single line says it all.

2.4 In Summary

There are some not-so-nice users who pretend to be IRC Operators. They sometimes do that to intimidate, and sometimes to get passwords from people so they can take over nicks and channels. Users need to know how to protect themselves against such nasty users.

DALnet personnel will not message you and ask for a password. If this happens, do not give it.

DALnet will not mail you and ask you for your password. If this happens, do not give it.

If you are approached by someone who claims to be an IRC Operator, do a /whois nick command.

In the information, look for a separate line that says So-and-So is an IRC Operator.

Be sure there is not an away message made to look like the person is an IRC Operator.

Never give your password to anyone.

3 · Frequently Asked Questions

Q: Where can I report an IRCop or Services Impersonator?

A: You can report the incident in #OperHelp or find an IRCop personally by following the instructions at http://docs.dal.net/docs/findoper.html.

Q: Is there any one simple thing that I can use to identify a Services Impersonator?

A: Yes. If they are using a nick other than NickServ or ChanServ then they are not the real thing. Services are always going to be on the server services.dal.net as well.

Q: I lost my nick/channel to a Services Impersonator. Can you give it back to me?

A: No. We consider password security to be your own responsibility. There are simply way too many users for DALnet to watch over your shoulder every time you do something. We do our best by providing you with resources such as warnings, documents and staff in the DALnet owned help channels. Think of this as a lesson... you will not make the same mistake again.