From: mtshor@aol.com (MTShor)
Newsgroups: alt.aol-sucks
Subject: THIS IS A GOODY....
Date: 3 May 1996 20:16:57 -0400
Organization: America Online, Inc. (1-800-827-6364)
Subj: Security Update
Date: 96-04-16 02:46:31 EDT
From: PHYPOLITE
To: Sblan
Sent on: the Internet
To All AOL Internal Employees,
Please be aware that hackers are sending programs to certain AOL employees
that are purported to be password management utilities. However, when
these programs are downloaded and executed, they change the password on the
account and email the result to a predesignated email address(s).
The programs are entitled "INTERNAL.EXE (51206 bytes)" and "GUARDPWI.EXE
(51206 bytes)". If you receive these or any programs which claim to
automatically modify your password information, DO NOT DOWNLOAD OR EXECUTE
THEM.
Instead, forward them immediately to screen name TOSSEC2. If you have
already executed one of these programs, you or your supervisor should
immediately contact the Community Action Team (TOS) to reset your password
by forwarding your information to TOSSEC2.
Thank you,
AOL Community Action Team
From: herriman@cris.com (Richard Cretan)
Newsgroups: alt.aol-sucks
Subject: Re: News from the top. Read Read...
Date: Sat, 04 May 1996 17:18:50 GMT
Organization: Concentric Internet Services
mtshor@aol.com (MTShor) wrote:
>Subj: Security Update
>Date: 96-04-16 02:46:31 EDT
>From: PHYPOLITE
>To: Sblan
>Sent on: the Internet
>To All AOL Internal Employees,
>Please be aware that hackers are sending programs to certain AOL employees
>that are purported to be password management utilities. However, when these
>programs are downloaded and executed, they change the password on the account
>and email the result to a predesignated email address(s).
>The programs are entitled ÍINTERNAL.EXE (51206 bytes)Î and ÍGUARDPWI.EXE
>(51206 bytes)Î. If you receive these or any programs which claim to
>automatically modify your password information, DO NOT DOWNLOAD OR EXECUTE
>THEM.
>Instead, forward them immediately to screen name TOSSEC2. If you have
>already executed one of these programs, you or your supervisor should
>immediately contact the Community Action Team (TOS) to reset your password by
>forwarding your information to TOSSEC2.
>Thank you,
>AOL Community Action Team
This post, if true, makes me grin. I'm not in favor of hacking AOL,
but once again the service appears to be hapless in the face of the
d00dz. Can't a multimillion-dollar online company stop a few
teenagers? (Answer: nope.)
And what is this "Community Action Team"? Is this the AOL euphemism
of the month? Sounds like superhero action figures: collect all ten.
Richard Cretan
Date: Mon, 18 Sep 1995 23:26:23 -0700
Newsgroups: alt.2600,alt.aol-sucks
From: an387897@anon.penet.fi
Times AOL has cancelled this post: 6
What follows is the text of an intercepted EMAIL message between AOL
inhouse staff describing, in great detail, ongoing and planned legal action
spearheaded by the FBI against Da Chronic. This is a much more complete
version of the message that I posted about a week ago. Read and be amazed:
(Periods have been inserted before mail headers to make SMTP happy)
========================================================================
.Date: Sun, Sep 3, 1995 7:24 PM EDT
.From: EKirsh
.Subj: Fwd: AOHell Status
.To: GardinerJD
.cc: Jean, LenL, Steve C, Leonsis, NaviSoft, PamMcGraw
Posted on: America Online (using WAOL 2.0)
John this looks like good progress. Thanks for getting this going. Ellen
============
Forwarded Message:
.Date: Thu, Aug 31, 1995 11:19 AM EDT
.From: GardinerJD
.Subj: AOHell Status
.To: EKirsh, Dphillips
Posted on: America Online (using WAOL 2.5)
CONFIDENTIAL -- FOR AOL INTERNAL USE ONLY
Ellen and Dave:
Last Tuesday (Aug 22) I arranged a meeting between AOL and Federal law
enforcement to discuss AOHell. In addition to me, AOL attendees included:
Pete Hypolite, Brad Willard, David Kirk, a consultant assisting Kirk, a
Webmaster (Jason). Fed attendees included: FBI Agent Hugh McLean, FBI
Agent Court Jones, DOJ Attorney Philip Reitinger.
I provided the Feds with background information for the meeting and
presented our case, with support from Pete, Brad and David. Jason (from
the Webmaster group) downloaded AOHell and gave a presentation of Credit
Wizard (the credit card generator) and the AOHell functionality.
The presentation was basically along the lines that through AOHell, adept
users may can hack AOL s network using a variety of fictitious names and
actual credit card and bank account numbers. Though AOL has implemented
procedures to detect patterns of usage of AOHell, and has thus been able to
terminate a substantial number of AOHell users and track some of them down,
people are still using the program. We made it clear that the only purpose
of AOHell is to abuse the AOL service and that a number of issues their
investigating (i.e., child porn, computer crimes, etc.) are attributable to
AOHell users because they have unbridles access to AOL. In addition, the
Feds were made aware that issues include: (1) Copyright/Intellectual
Property Infringement; (2) Fraud on America Online; (3) Fraud on Banks and
Credit Cards; (4) Unauthorized Access and (5) Other Actions (AOHell users
have been linked to illegal activity which AOHell promotes (e.g., a bomb
scare, death threats to political figures, software piracy, child
pornography and harassment)).
The Feds stated that they were very interested in assisting us and that
they would be willing to investigate incidents of use and postings and held
track down the developer. The DOJ attorney is computer literate and very
familiar with ECPA. He said that they would issue subpoenas to obtain
information for their investigations. The FBI agent, though not as
computer savvy, appears eager to investigate and issue subpoenas. I can't
assess the likelihood of his success. Finally, the matter has also bee
referred to an Asst US Attorney for the eastern district of VA, Jack Hanly
(who, I am told, does not have a computer).
The meeting resolved one problem for us. The FBI will get the information
from the coms/orgs/edus used to create web sites distributing AOHell as
well as from coms/orgs/edus with which persons distributing AOHell have
user ids. If we got the information, unless it was a significant matter,
we would not proceed on the civil side. Therefore, we should NOT proceed
with our own subpoena efforts and use outside counsel on this, but rather
we should (and I am starting to coordinate) handle the matter internally as
follows:
(1) Webmaster and TOS will monitor newsgroups/web sites for AOHell
distribution and will pass on the information to the Legal Department.
(2) If its a web page distributing AOHell or a posting offering AOHell, we
will contact the com/org/edu and notify them that their services is being
used to distribute illegal hacking software. Thus far, every com/org/edu
has terminated the web site. Postmasters at com/org/edus will determine
whether the userid should be terminated pursuant to their applicable "TOS".
This is the best way for us to take action. When we get our crimes
specialist, he/she will undertake this effort. In the meantime, I have
been calling and have enlisted Preston Green's assistance in tracking
things down and making certain calls.
(3) We will inform the com/org/edu that we are forwarding the info the FBI
and they may be contacted soon. Thus far, Agent McLean has been contacting
those com/org/edus I have identified. Thus, the FBI can investigate and do
the leg work of tracking down Da Chronic.
Through this procedure we can take action ourselves to immediately (a) get
the site/posting deleted and (b) get the perpetrator's service provider
involved and perhaps terminate his/her userid. Further, with the FBI, DOJ
and US Attys. offices involved, they can handle the investigation better
than we can as far as compiling a file of all names associated with
distribution and tracking Da Chronic. Already I have been told that people
are screaming (in some newsgroups) for AOHell 4 because web sites have been
deleted (some I think through our efforts).
Please let me know if you have any questions, comments, etc.
John
========================================================================
Brought to you by The Ripper
From: mcclane@ix.netcom.com (John McClane)
Newsgroups: alt.aol-sucks
Subject: Re: AOHell...The story...and a few Questions...
Date: Fri, 26 Apr 1996 21:49:10 GMT
Organization: Netcom
liv2kik@aol.com (Liv2kik) wrote:
>AOHell is NOT a "hacker" program. Its a VB or C++ program om Macros.
>Would take MAYBE 3 weeks to make. As for the account creator, after 3.0
>B1 it wasnt
>included. Dont ask me, you wont get it. YES, the creator was caught and
>given 35 years, not for "hacking", but credit card fraud. Seems SOME
>people dont know the story... Ans one last thing, He WAS traced, but
>AOHell wasnt the lead.
>If that was the case (which anyone with a little sense could tell), The
>person who
>said the tracing thread left a questuon unanswered: WHY THEN, ARENT ALL
>THE PEOPLE ON FAKES TRACED? And if they are, what are the chances of the
>tracing it back to HIM, out of, my guess, 15-20% of ALL AOL members using
>fakes?
First of all the people who use fakes are not traced because there are
simply too many of them. I do not know about Chronic being caught but
a friend of mine knows a former aol guide who said Chronic was
bouncing his login through 5 or so different numbers. What happnes
with fake CC numbers is that someone discovers a prefix that gets past
aol's validation programs. It has to do with the credit card
algorithims and other such things which I do not completely
understand. When AOHell came out it exposed many holes in aol's CC
validation. AOL then patched those holes so the version of AOHell
which first came out was rendered useless. In fact I don't think any
CC generating program (including Skitzos, which some dumbass asked
about earlier. Stupid fucking kid acts like it is a secret) works
anymore. What happens now is certain people who know certain people
can get numbers which will work. These are passed on between friends
and kept very quiet. It used to be that these numbers would last a
very long time, but now aol is cracking down and few go longer than a
month. When aol discovers a phony number they do not try to trace the
user (even though they use caller id to validate checking account
customers which would be the easiest fake) they simply destroy the
account. The user then tries for another fake CC#. By the way in
another article someone mentioned that forgeing a CC was illegal but I
doubt it is a serious offense unless the CC exists and money is
charged to the account. Then the person who holds the card can press
charges. All this talk about getting on with fake CC#s has skipped
over the best feature of these AOHell/Lucifer/AOBomer type programs.
They allow you to do things in the free area, things such as
downloading large file which take 2 hours each. One last thing
remember that not all the aol warez people are punk kids. It is just
that they post more than the mature ones.
From: jbowyer@primenet.com (JR Bowyer)
Newsgroups: alt.aol-sucks
Subject: AOL add-ons (i.e. AOHell)
Date: Thu, 26 Jan 1995 11:49:06 MST
Organization: Primenet
Does anyone have any other AOL add-ons like AOHell. I have AOHell and another
one called Evil Advantage 1.0. They're both pretty cool and good for wreaking
havoc on AOL losers.
From: rona@usa.net (Ronald Anderson)
Newsgroups: alt.aol-sucks
Subject: Re: aohell
Date: 7 Dec 1995 06:09:33 GMT
Organization: TECLink Internet Services: info@TECLink.Net
X-Newsreader: WinVN 0.93.14
In article <49f7ig$56p@news2.isp.net>, trebor@slip.net says...
>
>deanjp@ix.netcom.com (CyberBoy) wrote:
>
>>unbuckld@cdsnet.net (Michael Scott) writes:
>>>You can just subscribe to it. But the correct name is AOL, not
"AOHell."
>[snip]
features and more availiable internets = better.
^^^^^^^^^
Geez! Why do you all go flaming the poor person when it's really YOU who
have no idea what you're talking about. AOHell is a real program, an REAL
anti-aol program.
You've been trolled, son, and trolled hard. HAND.
Actually you are wrong to dis th' dude that says AOhell is a real
proggie... becuz it iz...
there are actually 2 AOHell proggiez... one is just a mass mailer (AOHell
Beta) and the other is a hack proggie that can (if you can figure out how
to use it) keep the account that its running on a "new member account"
with perpetual "free introductory" hours... there are add ons including
"Guide95" that give you the ability to TOS or in Guide terms "boot"
accounts off-line. the only prob with this module is that aol changes
their guide passwords monthly and when you go to TOS someone offline, if
you dont have that months password then your BOOT will fail...
incidently, last months AOL GUIDE password was "FORREST"...
From: Stan Parker
Newsgroups: alt.aol-sucks
Subject: Re: aohell
Date: 8 Dec 1995 07:29:13 GMT
Organization: Center for Telecommunication Justice
X-Mailer: Mozilla 1.1N (Macintosh; I; 68K)
X-URL: news:4a5nab$i8j@felix.teclink.net
rona@usa.net (Ronald Anderson) wrote:
>WHICH VERSION? ITS QUITE EASY... GO INTO AOL, GO TO PRIVATE ROOM
>"WAREZ", "WAREZ2" "WAREZ3" OR "WAREZ4" WAIT FOR ONE OF THE SEVERAL
>HACKER GROUPS TO SOLICITE "MM" (MASS-MAILINGZ) AND FOLLOW THEIR
>INSTRUCTIONS... YOU'LL GET AOHELL, GUIDE95,BONEZ FINAL, LUCIFERX668,
>PURGE AND MANY OTHER AOL HACKER PROGRAMS... BUT YOU BETTER HURRY, RUMOR
>IS AOL IS SHUTTING THE HACKER ROOMS DOWN IN JANUARY...
>
AOL just pulled a friends account for 1 week just for being in a Warez
room, it was his first visit there and he did nothing but be there. I
wonder what a second offense would bring?
()__()
(\( oo )
\^`\%'^\
( . )\)
Q/--\Q
TeddiBear ::::Waving:::: at you
From: avenger55@aol.com (Avenger55)
Newsgroups: alt.aol-sucks
Subject: AOL security is a joke
Date: 11 Jun 1995 17:03:32 -0400
Organization: America Online, Inc. (1-800-827-6364)
What's the deal with AOL security? I'm writing this while on AOL (fake
account), and within 2 minutes, I could set up a fake account and write it
again. I went to a bunch of new member chat rooms, used AOHell to fish
for passwords, and got 25 of them. Most were for real. Doesn't AOL tell
it's users to not do that? I didn't try to get credit card #'s, but I bet
it would be nearly as easy. Are Compuserve and Prodigy this easy to hack?
Also, if any real AOL'ers read this and threaten to report me, please
note that this is a FAKE account. And get off AOL, cause I've been here 2
days, and am about ready to puke.
From: Mimi Kahn
Newsgroups: alt.aol-sucks
Subject: Re: "Disruption?" What the hell.
Date: 20 May 1995 05:28:13 GMT
Organization: Megabyte Press
pilgrim@teleport.com (Vinyard J. Hrovat) wrote:
>Mimi Kahn said:
>
>> the TechLies "remote staffers" are issued li'l bulletins
>>about what's not working and what to say, usually, "Check your modem
>>string" or "We're working on it."
>
>I think they get these in standardized macro form as well. That way, when
>someone complains about a GPF. the TechLive just has to hit ctrl-m (for
>example) to generate a message saying "Check your modem strings. :)"
>
>My favorite TechLive macro was "Unknown :)". That was one of their most
>frequently used ones, which makes sense.
The TechLiars can't use macros these days. In an effort to stamp out
AOHell, AOL in its infinite wisdom now immediately punts anyone using
*any* macro in a chat room situation, which includes TechLies. All of
those innocent AOLers who use the various AOL add-ons (Way to Go, Sweet
Talk) can't use their macros lest they get instantly disconnected.
Mimi
From: thygenius@aol.com (Thy Genius)
Newsgroups: alt.online-service,alt.aol-sucks,alt.2600
Subject: Re: PC Computing says AOL is tops!
Date: 8 Jul 1995 00:18:06 -0400
Organization: America Online, Inc. (1-800-827-6364)
Xref: nntp.crl.com alt.online-service:14592 alt.aol-sucks:26151 alt.2600:98922
AOL does suck, but if u spend those free 10 hours u steal staff accts then
u get FREE time,cause they have overhead accts. Then u can do ANYTHING u
want for FREE! Email me for more details!
Thy Genius@aol.com
From: asymettry@aol.com (Asymettry)
Newsgroups: alt.aol-sucks
Subject: AOL Meeting with FBI: Tracking down Da Chronic
Date: 9 Sep 1995 17:11:43 -0400
Organization: America Online, Inc. (1-800-827-6364)
*Peter Hypolite is manager of AOL's Terms of Service Department*
*You can call him at 703-883-1544*
*John Gardiner is an Attorney in AOL's employ*
*You can call him at 703-918-2042*
Date: Fri, Sep 1, 1995 17:19 EDT
From: PHYPOLITE
Subj: Fwd: Attendees at AOL/FBI Meeting regarding AOHell
To: MDHorton
Posted on: America Online (using WAOL 2.5)
Mike, lets rap about one of your "special forces" coordinating activities
w/Jason Mitchell (Webmaster) to handle searches of web sites on a regular
basis, and keeping a report of this.
-Pete
--------------
Forwarded Message:
Date: Thu, Aug 31, 1995 11:26 EDT
From: GardinerJD
Subj: Attendees at AOL/FBI Meeting regarding AOHell
To: PHYPOLITE, DHKirk, PMDAtropos, BWillard
cc: EKirsh, Dphillips
Posted on: America Online (using WAOL 2.5)
Gentlemen:
I have provided Ellen Kirsh and Dave Phillips a short memo recommending
the following (in light of our meeting with the FBI last week) which is
pretty much what we are doing in any case and adds the Fed component:
(1) Webmaster and TOS will monitor newsgroups/web sites for AOHell
distribution and will pass on the information to the Legal Department.
(2) If its a web page distributing AOHell or a posting offering AOHell,
Legal will contact the com/org/edu and notify them that their services is
being used to distribute illegal hacking software. Thus far, every
com/org/edu has terminated the web site. Postmasters at com/org/edus will
determine whether the userid should be terminated pursuant to their
applicable "TOS". This is the best way for us to take action. When we
get our crimes specialist, he/she will undertake this effort. In the
meantime, I have been calling and have enlisted Preston Green's assistance
in tracking things down and making certain calls.
(3) We will inform the com/org/edu that we are forwarding the info the FBI
and they may be contacted soon. Thus far, Agent McLean has been
contacting those com/org/edus I have identified. Thus, the FBI can
investigate and do the leg work of tracking down Da Chronic.
Through this procedure we can take action ourselves to immediately (a) get
the site/posting deleted and (b) get the perpetrator's service provider
involved and perhaps terminate his/her userid. Further, with the FBI, DOJ
and US Attys. offices involved, they can handle the investigation better
than we can as far as compiling a file of all names associated with
distribution and tracking Da Chronic. Already I have been told that people
are screaming (in some newsgroups) for AOHell 4 because web sites have
been deleted (some I think through our efforts).
Pete and Webmaster should coordinate monitoring activities. For now, info
should be sent to me and I'll divvy it out for action as per above. Going
forward, we should have monthly status meetings. I will let you know
about setting one up for next month when we can discuss our finalized and
approved policy.
Let me know if you have any thoughts. Thanks.
John
From: asciridr@nyc.pipeline.com (Christopher M Mc Craken)
Newsgroups: alt.aol-sucks
Subject: Re: AOL Meeting with FBI: Tracking down Da Chronic
Date: 9 Sep 1995 18:08:39 -0400
Organization: The Pipeline
In article <42svuf$m8b@newsbf02.news.aol.com>, Asymettry writes:
>Further, with the FBI, DOJ
>and US Attys. offices involved, they can handle the investigation better
>than we can as far as compiling a file of all names associated with
>distribution and tracking Da Chronic.
Mark my words................they will never find Da Chronic.
Never. He may have created something that screwed up AOL. But he is no
Mitnick.
Also, be aware that AOL terming AOHell as "Illeagal hacking software" is
inaccurate.
One other thing, will someone please send me AOHell, Even though im a
macintosh User, I have a BBS with many many PC users and..........AOL can
get a Web site, or a USer terminated.
Let them try to terminate my BBS.
I fucking Challenge them to shut down my BBS.
A big fuck you and a spit in the eye to Steve Case.
==========End of Line.=============
**************************************
*Father ASCIIRIDER ..See Ya Starside.*
**************************************
* A Holy Lunching Friar *
**************************************
//////////////////////////////////////
| So the world is spinning faster.......... |
| Are you dizzy when you're stoned? |
| Let the music be your master. | AOHell Dosent
make someone
| Will you heed the master's call? | a Hacker.
Intelligence does.
| Oh, Satan and man |
| Said there ain't no use in cryin' |
| 'Cause it'll lonely only drive you mad|
| Does it hurt to hear him lyin'? |
| Was this the only world you had? |
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|-- Led Zeppelin. Houses Of The Holy. |
//////////////////////////////////////
"Get real everyone AOL is the best service around at any
price."--Skier007@aol.com
Brought to you by: alt.aol-sucks, Prefered Flame group of 9 out of 10
former AOL'ers who were tired of making Steve Case's wallet fatter
needlessly at their expense.
From: asciridr@nyc.pipeline.com (Christopher M Mc Craken)
Newsgroups: alt.aol-sucks
Subject: Re: How DO WE HURT AOL.....A report from inside.
Date: 5 Sep 1995 18:39:11 -0400
Organization: The Pipeline
In article <42i77s$r50@news2.isp.net>, trebor@slip.net writes:
>kenpch@ix.netcom.com (Ken) wrote:
>Some people suggest terrorist activities, such as AOHell or even calling
>AOL for a free disk as often as possible. I doubt these tactics really
hurt
>AOL that much and, if anything, could make the public side with AOL.
Heres a report on some of the terrorist activities i think youll find
nothing less than humorus. Im not advocating this type of behavior.
However, in the position i am in on AOL, i happen to be in the way of
knowing these things.
There is a new toy for the 12 year old hackers on AOL. Its called Cloaking.
It involves some serious manipulation of the system. Basicly (and im not
gonna get real technical here) it allows you to sign on to multiple accts
at the same time, and "jump" from acct to acct.
Now, when you jump from one acct to the other, both are active, but the one
not being used, even though it is active regesters as being "not signed
on".........very confusing to a guide who is trying in vain to "TOS"
someone.
Well, there is now a new Ball Player on the field who goes by the name
Ambiant. He seems to have found a back door to reeeeelly play with AOL.
He has been cloaking real Guide, TOS, And billing employee Accts. He has
even ( and this is what takes balls, if you ask me) Cloaked Steve Case real
acct.
This is not text manipulation..........this is for real.
The point is, the hacking and the continual system disruptions are costing
AOL. I was discussing this with an AOL employee friend of mine, he said
"AOL just fixes problems as they come up, they take NO preventive measures,
You should see the guide message boards, Nothing but frustration, because
they are powerless to stop the hackers"
AOHELL is simply another stumbling Block. It is being fixed By AOL.
The other New little toy that is making a big noise at AOL is the Mac
program called AOL4Phree........this is reeeeel nifty. And it dosent
involve alot of mucking around. All it is is a replacement AOL application.
It is modified so that it continually sends a "Do not Bill, Free Area"
Token packet to the stratus in Virginia. Hence, no matter what you do, AOL
never Bills you for ANY time. Because it always thinks your in a free area.
Its these inventions that are causing AOL lots o problems. And the thing
is, it will NEVER stop. Every time the plug a hole, Someone finds another
leak in the system. Moral among Employees is at an all time Low.
But AOL has noone to blame for any of this but themselves.........
Asciirider.......................See ya Starside!
"If God is all powerful, Why can't He create a wall that he cannot jump
over?"
"It must and will be done in the name of Jesus Christ." - NatakaC@aol.com,
which translated means "Reisitance is Futile" - Locutus of Borg
AOL Sucks. Why? Go Read alt.aol-sucks and find out for yourself!
What the hell is this noise?
"Oh Please..............your not a godamn hacker, your a freaking 11 year
old with a mailbomb
dont make me laugh! Why dont you promptly go and jack off with a handful of
razorblades!"
"Get real everyone AOL is the best service around at any
price."--Skier007@aol.com
From: scooby239@aol.com (Scooby239)
Newsgroups: alt.aol-sucks
Subject: AOHELL VER 3 BETA 4 WORKS!!!!!!
Date: 20 Aug 1995 19:18:01 -0400
Organization: America Online, Inc. (1-800-827-6364)
To bad for all the little turds on this group who were so happy about
AOL's fixing of AOHELL v3 b3.
AOHELL v3 b4 is out and works better than ever. All us little lamers you
thought were gone for good, are back!
So get your hands out of your panties and stop celibrating cause we'r
comming back with a vengence bitch.
From: mcgatney@access.digex.net (D. McGatney (hv))
Newsgroups: alt.aol-sucks
Subject: *** W$J ON HACKING AT AOL ***
Date: 9 Sep 1995 17:20:52 GMT
Organization: X-Aol-er <---> Badge of Freedom
X-Newsreader: WinVN 0.99.5
DAwn Writes----->>>
While reading Friday's W$J, I found the following article on AOL,
hacking, and Asciirider.
~~~~~~~~~~~~~~~~~~~~~~~~~~~ Article Follows ~~~~~~~~~~~~~~~~~~~~~~~~~
AMERICA ONLINE Inc. was forced to beef up its security system after
hackers plagued the service with homemade software tools that created
free accounts on the service.
The computer on-line service was responding to hacker software
programs known as "AOHell" and "AOLAPHREE," and several others.
"AOHell" allowed users to kick others off the service, create accounts,
and "mail-bomb" other users by sending them hundreds of pieces of
e-mail within seconds. "AOLAPHREE" automatically duped the Vienna,
Va. [Virginia, US] company's computers into thinking that a user
was roaming in a free area of the service and therefore shouldn't
be charged.
In response, AOL implemented a system over the past week that
disconnects a new user after he has entered a credit-card number.
Only after the number's authenticity is verified can the user proceed.
And in an open letter posted to the service last [Thursday] night,
Stephen Case, president of AOL, warned subscribers to change their
passwords frequently.
The problems underscore the potential dangers throughout cyberspace
of hacker intrusions and credit-card fraud. Commercial online
services such as H&R Block Inc.'s CompuServe and AOL have boasted
of better security than the more freewheeling, quasipublic Internet.
The global computer network's underlying technology is well known to
hackers, while commercial services use proprietary software that isn't
widely known.
One hackers, known as "Asciirider," said AOL's recent fixes may not
work for long. "These provisions will work for the time being until
some ingenious 16 y.o. kid finds something that no one else saw and
exploits it.," he said.
The hacker claimed in an interview that he has accessed AOL areas
intended only for the service's employees and maintained an area on
AOL where hackers traded pirated copies of software. Hackers also
use the Internet to distribute hacking tools and trade secrets over
bulletin-board discussion groups.
"Asciirider" also contended that hackers have found a way to use
other users' AOL accounts, driving up their monthly fees, and noted,
"It's possible" to steal other users' credit-card numbers. Even AOL's
Mr. Case is said to have had his personal account broken into,
according to the San Francisco Chronicle.
AOL denied users' credit-card numbers can be stolen. Spokeswoman
Pam McGraw said the numbers are protected and would be better
protected if members changed their passwords frequently.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ End of Article ~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----DAwn McGatney
mcgatney@access.digex.net
From: mergy@macdaddy.com (Jonathan Mergy)
Newsgroups: alt.aol-sucks
Distribution: world
Subject: WE WILL BEAT AOL!
Date: 06 Aug 1995 16:32:36 GMT
Organization: The Mac Daddy BBS
Everyone snag as many AOL disks as you can!
We must grab as many of those disks as we can in order to bring Case to his
knees!