AOL security breach exposes personal info

[InfoSec News <isn () C4I ORG>]

http://news.cnet.com/news/0-1005-200-2091566.html?tag=st.ne.1430735..ni

By Jim Hu
Staff Writer, CNET News.com
June 16, 2000, 12:35 p.m. PT

America Online has confirmed that hackers have illegally compromised
an undisclosed number of its member accounts by targeting key company
employees with an email virus.

AOL spokesman Rich D'Amato declined to comment on how many accounts
were affected or what kind of information was accessed by the
perpetrators. He said the perpetrators gained access to the accounts
when unsuspecting AOL staff downloaded virus-infected email
attachments. The attacks targeted employees authorized to review and
edit account data, including credit card information and passwords.

"This is about a very small number of accounts that have been
compromised by a download of a virus and the illegal activities of a
bunch of hackers misusing those accounts," D'Amato said.

The online service has begun investigating the attacks; it plans to
hand its findings to law enforcement agencies, D'Amato added.

The break-ins were first discovered by two AOL insider Web sites,
Observers.net and Inside AOL.

According to the publications, the perpetrators targeted AOL customer
service representatives who have access to the company's main member
database, dubbed CRIS (Customer Relations Information System). The
targeted employees have the authority to bump people off their
accounts and reset their passwords. The employees also had access to
personal and billing information.

The perpetrators sent emails containing a malicious attachment known
as a Trojan horse. When a victim opens the email and downloads the
attachment, it automatically establishes a connection between the
employee's computer and the sender's. Once the sender is connected, he
or she can access areas within AOL such as CRIS that are normally
restricted to authorized employees.

AOL's D'Amato said the company scans incoming email for possible
viruses and customarily warns employees and members to never download
attachments from strangers.

AOL, the largest Internet service provider with 23 million paid
subscribers, is targeted frequently by account crackers. As previously
reported by CNET News.com, crackers in some cases have gained
unauthorized access to accounts by convincing AOL employees to provide
restricted information.

Although AOL declined to elaborate on the effects of the account
takeovers, a member of Inside AOL who goes by the name of "ytcracker"
said the account crackers' intentions seemed "harmless." They mainly
wanted to take over AOL screen names that were already being used, the
member said.

AOL members who have discovered their screen names are no longer
working can call AOL to fix the problem.

"All they need to do is call AOL and get their account back again,"
ytcracker said in an interview. "It's probably more of a hassle than
anything."

Richard Smith, an Internet security consultant, said the AOL break-ins
are reminiscent of other email-borne viruses, such as the "I Love You"
bug that damaged computer systems around the world. Both are examples
of malicious attacks using email attachments to achieve their
objectives.

Smith's advice to corporations and individuals worried about
protecting computers from infection: Don't open attachments.

"Tell your people never to run attachments; try to make it so they
can't run attachments even if they try," Smith said.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".