AOL: Hackers broke into some member accounts Reuters, 06/16/00

NEW YORK - America Online Inc. said Friday vandals had broken into its AOL service and gained access to an undisclosed number of member accounts, highlighting the vulnerability of even the world's largest Internet services provider to the threat of hacker attacks.

The software virus attack appeared to be similar in kind, but by no means in scale, to the "ILOVEYOU'' virus that temporarily paralyzed tens of millions of computers last month, penetrating networks in government and companies worldwide.

"A small number of member accounts may have been illegally viewed,'' America Online spokesman Rich D'Amato said. "We are aware of claims that a small number of member accounts were illegally accessed. We take these claims seriously,'' he said.

The perpetrators of the attack targeted AOL customer service representatives with e-mails containing a "Trojan horse'' attachment, that, when opened, created a connection to the sender's computer and allowed access to some AOL accounts.

D'Amato declined to say how many accounts were compromised or when the attacks occurred.

He stressed that the hackers involved did not appear to have gained access to AOL's 23 million-member database of subscribers, or data on users of other services that include CompuServe, Netscape Netcenter, ICQ and other popular sites.

"We will continue to investigate these claims and will turn over what we learn to law enforcement authorities,'' D'Amato said. "We will take any and all opportunities to prosecute these hackers,'' he added.

The latest break-in appears to have affected at most several hundred AOL member accounts, according to a hacker familiar with the events.

The attacks came to light after "Inside AOL'' and ''Observers.net'' (http://www.observers.net), two Web sites critical of America Online's service, published details of the attack, said "ytcracker,'' a member of the Inside AOL group.

Ytcracker said no AOL member information had been made public. The attacks appeared to be a stunt to gain control of desirable screen names on the AOL service, not invade member privacy or steal credit card information for example, he said.

D'Amato said AOL has gone to great lengths to avert hacker attacks on its site and protect member information.

AOL appeared to be alone among major U.S. Internet sites in averting a shutdown of its services during a wave of attacks on major e-commerce Web sites in February. The spokesman said AOL had also seen minimal impact from the ILOVEYOU virus in May.

"We spend a lot of time and resources reminding employees and members never to download (e-mail) attachments. We were not significantly affected by the 'ILOVEYOU virus,''' he said

http://www.boston.com/news/daily/16/aol.htm

-- Martin Thompson (mthom1927@aol.com), June 16, 2000

Answers

AOL: No clues on security breach The world's largest ISP is still investigating a Friday break-in by vandals who wormed their way into customers' accounts. No word on when the attack occurred or how many customers were affected.

By Charles Cooper, ZDNet News UPDATED June 17, 2000 12:01 PM PT

NEW YORK -- America Online Inc. was still investigating an attack by vandals who fooled several company employees to gain access to an undisclosed number of member accounts. So far, however, no clues -- or at least none that the company is ready to talk about just yet.

"We're in the process of investigating, so I can't provide you with information about when this may have occurred," said AOL spokeswoman, Trisha Primrose. Essentially a cyber con job, the attack -- which came to light on Friday -- highlights once again the vulnerability of even the world's largest Internet services provider to the threat of hacker attacks.

The attack appeared to use a Trojan Horse -- a program that seems useful, but an actuality has a secret mission. The attack resembles in some ways the "ILOVEYOU'' virus that temporarily paralyzed tens of millions of computers last month, penetrating networks in government and companies worldwide.

The company said that a small number of member accounts may have been illegally viewed, but the AOL (NYSE: AOL) spokeswoman rejected suggestions that this was part of a widespread and concerted attack.

"I'd point out that I think the word attack is the wrong word," Primrose said. "It appears as though a small number of employee accounts were compromised through the downloading of a virus, and that by illegally using these accounts, hackers claim to have viewed a very limited number of member customer service records."

Here's how it worked: The perpetrators of the attack targeted AOL customer service representatives with e-mails containing a "Trojan horse'' attachment, that, when opened, created a connection to the sender's computer and allowed access to some AOL accounts.

The company has so far declined to say how many accounts were compromised or when the attacks occurred.

AOL's database untouched AOL says the hackers involved did not appear to have gained access to AOL's 23 million-member database of subscribers, or data on users of other services that include CompuServe, Netscape Netcenter, ICQ and other popular sites.

The latest break-in appears to have affected at most several hundred AOL member accounts, according to a hacker familiar with the events.

The attacks came to light after "Inside AOL'' and ''Observers.net'' (http://www.observers.net), two Web sites critical of America Online's service, published details of the attack, said "ytcracker,'' a member of the Inside AOL group.

Ytcracker said no AOL member information had been made public. The attacks appeared to be a stunt to gain control of desirable screen names on the AOL service, not invade member privacy or steal credit card information for example, he said.

AOL appeared to be alone among major U.S. Internet sites in averting a shutdown of its services during a wave of attacks on major e- commerce Web sites in February. AOL has previously said it had seen minimal impact from the ILOVEYOU virus in May.

Reuters contributed to this story

http://www.zdnet.com/zdnn/stories/news/0,4586,2589679,00.html

-- Martin Thompson (mthom1927@aol.com), June 17, 2000.

AOL Boosts Email Security After Attack

Jim Hu CNET News.com 6/19/2000 America Online has confirmed that hackers have illegally broken into 200 of its member accounts by targeting key company employees with an email virus. AOL spokesman Rich D'Amato declined to comment on what kind of information was accessed by the perpetrators, but said AOL has increased security measures designed to prevent such an attack from reoccurring.

He said the perpetrators gained access to the accounts when unsuspecting AOL staff downloaded virus-infected email attachments. As previously reported, the attacks targeted employees authorized to review and edit account data, including credit card information and passwords.

"This is about a very small number of accounts that have been compromised by a download of a virus and the illegal activities of a bunch of hackers misusing those accounts," D'Amato said.

The online service has begun investigating the attacks; it plans to hand its findings to law enforcement agencies, D'Amato added.

The break-ins were first discovered by two AOL insider Web sites, Observers.net and Inside AOL.

According to the publications, the perpetrators targeted AOL customer service representatives who have access to the company's main member database, dubbed CRIS (Customer Relations Information System). The targeted employees have the authority to bump people off their accounts and reset their passwords. The employees also had access to personal and billing information.

The perpetrators sent emails containing a malicious attachment known as a Trojan horse. When a victim opens the email and downloads the attachment, it automatically establishes a connection between the employee's computer and the sender's. Once the sender is connected, he or she can access areas within AOL such as CRIS that are normally restricted to authorized employees.

AOL's D'Amato said the company scans incoming email for possible viruses and customarily warns employees and members to never download attachments from strangers.

AOL, the largest Internet service provider with 23 million paid subscribers, is targeted frequently by account crackers. In some cases, crackers have gained unauthorized access to accounts by convincing AOL employees to provide restricted information.

Although AOL declined to elaborate on the effects of the account takeovers, a member of Inside AOL who goes by the name of "ytcracker" said the account crackers' intentions seemed "harmless." They mainly wanted to take over AOL screen names that were already being used, the member said.

AOL members who have discovered their screen names are no longer working can call AOL to fix the problem.

"All they need to do is call AOL and get their account back again," ytcracker said in an interview. "It's probably more of a hassle than anything."

Richard Smith, an Internet security consultant, said the AOL break- ins are reminiscent of other email-borne viruses, such as the "I Love You" bug that damaged computer systems around the world. Both are examples of malicious attacks using email attachments to achieve their objectives.

Smith's advice to corporations and individuals worried about protecting computers from infection: Don't open attachments.

"Tell your people never to run attachments; try to make it so they can't run attachments even if they try," Smith said.

http://abcnews.go.com/sections/tech/CNET/cnet_aolemail000619.html

-- Martin Thompson (mthom1927@aol.com), June 19, 2000.