If you've ever wondered where you can find the next generation of criminal hackers, let me introduce you to Internet Relay Chat (IRC).

IRC is free and easy to use and has some legitimate purposes.

Similar to instant messaging (IM), IRC is free and easy to use and has some legitimate purposes. But IRC is also a favorite online hangout of a small but significant user base that sees the Internet as its private playground: script kiddies, who actually range in age from 14 to 40 and who are becoming increasingly dangerous to you and me.

As with IM, to access IRC, you need to download a client app; MIRC is perhaps the most popular one for Windows. Once you download and install such a client, you can connect to specific-topic chat channels or create your own. It's the latter that interests the script kiddies.

With IRC, the originator of a specific chat channel is called a channel operator, with the power to admit or kick off participants. Moreover, he or she can assign this operator status to friends. But as soon as the last assigned operator leaves a chat channel, that operator status is up for grabs. Thus, groups of bored kids--and others--spend their time trying to knock off rival operators, ganging up so that they can claim ownership of a particular chat channel, such as #haxors.

This may seem like harmless fun. But the consequences can be far from harmless--and not just for IRC denizens. Here's why.

Script kiddies sometimes take over chat channels by using denial-of-service scripts.

Script kiddies sometimes take over chat channels by using denial-of-service scripts. These scripts send thousands of request-to-connect messages to a user or a site, overloading either one with bogus traffic and effectively shutting them down. The condition lasts until the attack ends or is filtered via a firewall. IRC operators attacked in this fashion must disconnect from the Net and are replaced by a rival.

Own the Internet in your spare time
In order for such denial-of service attacks to be effective, they must be big. The attacker either needs to find a server with enough bandwidth to flood a user or a site with requests or to plant Trojan horses on hundreds or thousands of vulnerable computers; these so-called zombie computers are then directed to flood a user or a site in a coordinated attack. Some cracker gangs brag of owning a big server or several hundred boxes and sometimes even trade this ownership for pirated software or media files.

What really bothers me about these attacks is their collateral damage. Last week, I wrote about the Trojan horse defense, specifically about how U.K. teenager Aaron Caffrey was able to claim that someone else remotely controlled his computer at the time of a large denial-of-service attack on another IRC participant. The actual attack overloaded a compromised server at the Port of Houston, causing the machine to go down at the sixth largest shipping port in the world.

Although computer sabotage has been ruled out in the Northeast blackout of August 14, what if the compromised server had instead been part of the FirstEnergy power utility system?

Internet as playground
As script kiddies such as Caffrey continue to abuse the Internet in their own private turf battles, someone will get hurt. That's why it's important to do the following:

Update your operating system with the latest patches.

Keep your antivirus program up-to-date.

Install a personal firewall.

Periodically sweep for Trojan horses running on your PC.

I think it's unfair that end users must bear the burden of keeping everyone else safe and secure. But the risks of doing otherwise have become too great. Let's keep the script kiddies from playing on the PCs that are our responsibility. Maybe with fewer places to play, they'll find something more productive to do with their free time.

What do you think? Have you taken all the precautions suggested above? If not, why not? Tell me about it--TalkBack to me!