Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers impersonate AOL users

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Tue, 25 Jan 2000 23:26:50 -0700
Forwarded From: darek.milewski () us pwcglobal com


Hackers impersonate AOL users
By Lisa Napoli, MSNBC
January 24, 2000 6:09 PM PT
http://www.zdnet.com/zdnn/stories/news/0,4586,2426698,00.html?chkpt=zdnntop

Since November, a group of teenagers say they have been stealing AOL
Instant Messenger screen names and masquerading as their rightful owners.
The hackers sometimes act as imposters and pilfer credit card numbers and
other personal data from friends and family of the exploited online users.
The hackers demonstrated their method to MSNBC on Monday.

According to a letter the hackers sent on Sunday to members of the
technology press, they use the names "just for the pure joy of trying to
ruin friendships by insulting friends who have no idea they are talking to
a hacker and not the victim."

The hackers say they have contacted the media because AOL (NYSE: AOL) had
not responded to their notification to them of the security hole.

An AOL spokesman, Rich D'Amato, said on Monday afternoon, "We are aware of
the situation and are deploying security measures to defeat it. When
hacker behavior crosses the line into illegal action, we'll certainly
bring it to the attention of authorities."

D'Amato would not specify how many people had been affected or pinpoint
the time line, saying those details could affect the investigation.

"AOL is so easy to abuse, it's pathetic," said TangentX, who says he is
17- years-old and, along with two others, found the security hole this
fall. They discussed it, he said, in special private chat rooms on AOL for
hackers and use of the so-called "exploit" spread. He estimates that 400
names have been stolen to date.


 AOL press materials say that 45 million people have created AOL Instant
Messenger screen names as of last August. The popular software allows
online users to chat privately, almost in real time, with others who have
the software.

AOL also owns ICQ, another popular instant messaging program, which claims
50 million registered users.

TangentX says he and others have found several ways to make an instant
message screen name into an AOL account without the password. One involves
resetting a password for a screen name through a security hole. The other
involves taking a screen name, creating an AOL account for it and then
changing the password.

When he was given a screen name on Monday afternoon by MSNBC, TangentX was
able to access the account and send an instant message from the name in a
matter of minutes.

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: