The AOL List: Blood Feud

David Cassel (
Sun, 23 Feb 1997 04:12:21 -0800 (PST)

			  B l o o d   F e u d


Blood drips from an icon reading "Army of Lamers".  The hacker web page
obtained in-house memos, screen shots of internal software, and
instructions for modifying AOL content. "Welcome to my page on AOL, and
all the goodies n' trinkets I have gathered," it begins--the text
appearing on a background of flames.

A 14-year-old hacker named PSyChO began poking around AOL in 1993.  Today
he notes that AOL's security staff was unable to stop him (putting the
word "security" in quotation marks.)  Over three years, he assembled
"stuff AOL doesn't want you knowing" for his web page. "Everything I say I
have personally seen with my two eyes,"  he told the AOL List -- or read
in AOL's internal areas. 

When corporations declare their information off-limits, it won't deter
everybody.  The so-called "hacker riot" last week reflected disdain for
AOL's weak security.  A definitive account of its place in AOL hacker
history is at,1012,668,00 --
but beyond chat room malcontents are young computer enthusiasts, finding
security holes as a way of exploring, testing limits, and learning about
the on-line world first-hand.  "What I mainly liked to do with AOL was
soak in information,"  PSyChO told the AOL List.  "It kinda mesmerized me. 
So I just kept learning more and more about the system..."

Bad security on remote staff libraries provided the first crack. 
Thousands of users across the country fill AOL's Guide and Forum Host
positions.  AOL warns staffers that "All information made available to you
through the course of being a Guide is to be kept completely
confidential," -- but even that memo leaked out to the "Why AOL Sucks"
page. (  PSyChO's web
page displays another, describing the danger with AOL's own words.  "You
have first-level access to some keywords you wouldn't with a regular
account... For example, keyword: RAINMAN, INTERACT, EOI, etc."

Those tools allow hackers to modify content areas on AOL.  And they're
apparently being used.  In November C|Net reported that AOL's Court TV
area had been altered, an icon for the O.J. Simpson case returning the
message "It's a PIC of Olaf".  The text appeared under AOL's standard
title bar (which read "This area under construction")--and included the
heart icon that allows users to put the area in their file of favorites. 
(,4,5712,00.html )

NewsBytes suggested staffers had mistakenly given hackers their
passwords--which PSyChO says is fairly common.  "It seems as if now
everyone is phishing AOL staff accounts that have Rainman access, and have
been making areas on AOL with it," he commented Friday.  In 1996 one web
page showed screen shots of an internal site displaying pornographic
pictures;  another hacker told the AOL List they'd seen an internal file
library offering pirated copies of Windows 95.  The only obstacle to
creating areas: once hackers obtain the Rainman program, many don't know
how to use it.

But in 1995, the software was used to access internal e-mail, including
Steve Case's and other AOL executives'.  AOL withheld news of the security
breach from customers until it broke in national news stories--when a
staffer concerned by AOL's response leaked in-house warnings to the San
Francisco Chronicle.  (
)  Steve Case urged staffers not to contact the press after the incident,
in a memo he posted to AOL's internal areas.  "We need everyone's protect AOL's interest," the message read.  Weeks later, it
had also leaked out, and was posted to Usenet.

It continues unabated.  Weeks ago a leaked memo showed cover-ups over a
"Trojan Horse" program--warning staffers to adopt a low-profile response
because "material about virus safety will likely draw negative media
attention."  The memo's distribution included security chief Tatiana
Gau--which outrages the program's victims.  "AOL is just helping the
people who put the Trojans there in the first place by hiding the fact
that they exist," one commented to the AOL List Friday.  "I feel extremely
angry that AOL has downplayed this problem.  It was a very simple thing to
advise us on." 

AOL's done worse.  In his wanderings through internal accounts, PSyChO saw
a folder called "Ideas for the newest release of AOHell96 virus".  In an
attempt to retaliate against hackers, the folder indicated, AOL released a
version of the point-and-click hacking tool containing a virus. 

Poetic justice strikes.  "Password-fishers" have stolen dozens of
passwords for accounts with staff privileges, according to PSyChO--most
recently, from an area dedicated to "The Rolando Show" (a New York City
talk show). "From what I understand, even some internal users are falling
for it," says PSyChO.  He's never had a staff account himself, "because I
just suck at phishing"--and is only able to access internal areas "when
friends have one."  But dozens of passwords have materialized.  "AOL must
now be trying to pinpoint the idiots of society to hire!" 

Using information gathered during his travels, PSyChO posted names, screen
names, and phone numbers for 18 members of AOL's Terms of Service
department. His web page includes first-hand reports of the internal areas
their accounts can access. ("TOSStaff1's account could not access KW: RED,
I tried.") 

It's at

"Oh boy. My name's up on a web page, huh?" one staffer commented when the
AOL List phoned to verify his number.  What he doesn't know is that four
other pages are also displaying an internal memo he wrote showing on-line
conversations about security leaks. ("I'm getting pagers about someone
hacking a guide account & being in private room 'MacWarez' :/ " 

The end of the memo gives his beeper number. 


According to one stolen memo, hackers accessed the areas for AOL's
Guides--and created folders with vulgar names. 

They even gained access to the sensitive "Center of the Earth" area. 
"Several members hacked into the COE today," the memo concludes, adding,
"it seemed more than usual..." 

	David Cassel
	More Information