Some really important info was leaked from our private IRC channel on our own server. Luckily, it was something that most people wouldn't believe without real proof, which the leaker didn't really have. So we're glad to have not been in a real shit-hit-the-fan situation yet. Can you find the weak link, or atleast offer suggestions on how to stop this from happening again?
A little bit of info about our setup... We own our own dedicated server which runs a public IRCD (UnrealIRCD latest stable version if you're curious). On this network, we have our own invite-only private channel which only about 10-14 people have access to. The channel is +i and +k with a large enough key that cannot be bruteforced. On top of that, we use FiSH encryption (blowfish)
inside the channel. The key for the channel is exchanged/given to others after initiating a PM session which is also blowfish encrypted after a Diffie-Hellman 1080 key-exchange. So we're pretty sure that our encryption key hasn't been sniffed at any point. Plus, even having the dedicated server rootkitted/trojanned wouldn't compromise our encrypted talk since it's only forwarding encrypted packets. All of us connect using one of the two clients - mirc and xchat.
The only way to get something from this channel that I can think of is either someone leaking the info by mistake or on purpose, or people with trojans or keyloggers. We're pretty sure none of us are infected after running multiple scans for rootkits, viruses/trojans and checking outgoing/incoming connections and processes. But it obviously cannot be ruled out since none of the tools are 100% trustworthy when it comes to detection. About someone leaking info from here, well, I'd like to think it's impossible. All of us have been a part of this channel for upwards of a year now, would trust each other, and have had access to a lot more important stuff than what was leaked. If someone wanted to make a profit off it, they could have done so quite a long time ago... Again, not ruling it out, but if there is another explanation for this leak, I'd put my faith in it being that one instead of the theory of a leaker.
The info was posted on a bunch of public forums. We're friends with the admins of all those public forums and had access to the poster's ip. Unfortunately, all of them were known TOR ips, so we cannot really find out who it was.
So, super-hacker mefites, find our weak link, and offer me suggestions on how I/we can make it even more secure. If you're a super psychologist (or is it psychiatrist?), you can even offer suggestions on how I could find the leaker by observing behavior patterns. Thanks!
anonymous throwaway mail for this question: firstname.lastname@example.org