AIM Security
March 15, 2004 11:37 AM   Subscribe

How 'secure' is AIM? My brother is behind a firewall and uses a proxy to connect to AIM at his university. Assuming there were people who wanted to, how easy would it be for someone within the university to read his ramblings?
posted by attackthetaxi to Computers & Internet (18 answers total)
Live or logged files(archive)? Think I used the right wording, as I'm curious to both.
posted by thomcatspike at 11:59 AM on March 15, 2004

Response by poster: To clarify things (a bit), he works for the university. They had to send someone to his computer to open up the port that AIM uses. Any other details would make me sound paranoid. I probably already sound paranoid. Thanks for any help.

on preview, live. But of course, if someone has the ability to maintain a log of what he is transmitting/receiving, that'd suck too. I'm not sure he keeps logs.
posted by attackthetaxi at 12:11 PM on March 15, 2004

If I'm not mistaken, it's very, very easy to see AIM traffic. Certainly anyone in the IT department--and probably a moderately computer-savvy undergraduate with a couple of easily googleable hacker tools-- could do it.
posted by jpoulos at 12:20 PM on March 15, 2004

AIM is not encrypted so it would be trivial for a network administrator with the access and know-how to start logging his activity.

if the network isn't too old or set up poorly it would be fairly challenging for a random person to intercept his conversations. it would probably be easier for them install some snooping/keylogging software/hardware on his computer.

soon if not now, i think AIM is going to offer encrypted IM and i'm sure that Triallian does already, though ive never tried it.

i have yet to hear of a university with the resources to scan IM traffic for phrases like 'i got drunk last night' or 'damn i need a new job' so until then, im not going to be paranoid about my university employer snooping my connection.
posted by yeahyeahyeahwhoo at 12:24 PM on March 15, 2004

AIM doesn't have any security built in, so AIM conversations could be monitored or logged at the proxy if someone wanted to.

If both parties use Trillian, you can enable a feature called SecureIM and your AIM (or ICQ) conversations will be encrypted. Observers will still be able to see the user names and that a conversation took place between them for a certain period of time, but won't be able to read the actual content of the messages.
posted by hashashin at 12:27 PM on March 15, 2004

when you say "proxy" are you talking about ssh? any traffic over ssh is relatively secure. but i suspect you're using "proxy" in some other way...
posted by andrew cooke at 12:32 PM on March 15, 2004

Response by poster: yeahyeahyeahwhoo: If the university in question wasn't located in Beirut, I wouldn't care too much either.

Thanks, people, for the (somewhat alarming) answers.

I don't know in what sense I'm using 'proxy', to be honest. And he knows even less than I do. I do know that the university gets denial of service attacks on a semi-regular basis, they're a bit agro on security stuff, and weren't thrilled that he wanted to use AIM in the first place.
posted by attackthetaxi at 12:48 PM on March 15, 2004

AIM is not encrypted

It can be. Go to "Security" in the preferences.
posted by badstone at 1:17 PM on March 15, 2004

" easy would it be...?"

The short, mostly correct answer: Utterly trivial.

At least this is the case for some vast 99%-ish majority of the AIM traffic out there. It is possible to encrypt conversations to discourage interception, but it depends on support -- and the same sort of support, at that -- for doing so at both ends of every conversation.

I've never seen a cryptanalysis of AIM's "secure" mode -- though there probably is one out there -- and I have no idea how breakable the protocol, key exchange, or cipher itself is. Unless your brother has been taking special measures to protect his traffic, the only truly safe thing to do is assume every word of every AIM conversation is being recorded as it passes over the network.

As to the bits about a firewall and proxy being involved in the connection, ignore them. They have no effect whatsoever other than potentially making eavesdropping even easier than it already is: the work of a few seconds as opposed to a few minutes.
posted by majick at 2:07 PM on March 15, 2004

thanks for pointing that out, badstone--I've been using Trillian for so long I didn't realize the stock AIM client had added encryption.
posted by hashashin at 2:12 PM on March 15, 2004

Oh, and while I'm at it:

"They had to send someone to his computer to open up the port that AIM uses."

No, they didn't. They don't even have to be on the same continent as his computer to open up the port that AIM uses. That's something they would configure on a piece of network hardware in a closet, machine room, or data center somewhere, and almost certainly would be doing remotely in any case.

Assume that whatever "they" did during this physical visit to his computer was malicious, misinformed, or at the very least unnecessary.
posted by majick at 2:13 PM on March 15, 2004

Use Trillian's SecureIM option. Diffie-Hellman key exchange, Blowfish cipher - I wouldn't exactly send, say, the secret RSA key used to encrypt all Xbox games over it if I were an MS employee, but it's MORE than sufficient for your brother's needs. Nothing but a determined US government (in which case your brother has bigger problems to worry about anyway) or very serious hacker with a LOT of slaved machines is going to crack it.
posted by Ryvar at 2:46 PM on March 15, 2004

it's more than likely, if the guy's less savvy than attackthetaxi, that he's wide open to a social engineering attack. so i'm not sure saying how secure [insert protocol/cipher here] is is really helpful.
posted by andrew cooke at 2:51 PM on March 15, 2004

As with anything that goes across a public network, it is safest to assume that anything you send can be seen by anyone else. What precautions you take have to depend on the potential damage that would be caused by the information being intercepted. If your brother is sending anything over AIM or e-mail that could impact on his job, he should assume that others are reading what he says and act accordingly. I know that this is not the technical answer to "can they" you were looking for, but you should always assume that they can.
posted by dg at 3:16 PM on March 15, 2004

So, just out of curiosity, if you wanted to--ahem--say, maybe, spy on someone over a network--I mean, I'm just saying--how would you--ahem--maybe do that? Just asking. For informational purposes. I'm writing an article. Ahem.
posted by adrober at 3:28 PM on March 15, 2004

adrober: As it relates to this particular question, you spy on someone like this:

First, you own the network the person is attached to. This is optional if the network is one big shared segment.

Second, you use any one of a whole mess of tools to listen in, by attaching them to the network. That is, installing them on a machine and plugging that machine in to the network at the appropriate place.

attackthetaxi's brother should assume this is the case, but as mister cooke says, he is (as are most users) vulnerable in more ways than merely this.
posted by majick at 3:56 PM on March 15, 2004

I think majick was hinting at this in his earlier post: brother had better be wary of a keylogger on his machine.

A totally secure channel is useless if the endpoint is insecure. (Which is why we don't use internet banking on a public access machine, kids).
posted by i_am_joe's_spleen at 6:27 PM on March 15, 2004

And adrober: read part 6 of Peter Gutmann's Godzilla Crypto Tutorial. Take a gander at the TEMPEST slides. Within reason, you don't need access to the network at all.

Persuading your target to install a trojan executable that will allow remote access to his machine (eg Back Orifice and its successors) is always a good one too.
posted by i_am_joe's_spleen at 6:57 PM on March 15, 2004

« Older How can I get Comcast Cable Internet access to...   |   What's the definitive solution to comment spam on... Newer »
This thread is closed to new comments.