No clues on AOL security breach

[InfoSec News <isn () C4I ORG>]

http://www.zdnet.co.uk/news/2000/24/ns-16070.html

By Charles Cooper, ZDNet News US
Mon, 19 Jun 2000 09:17:00 GMT

The world's largest ISP is still investigating a Friday break-in by
vandals who wormed their way into customers' accounts

America Online was still investigating an attack by vandals who fooled
several company employees to gain access to an undisclosed number of
member accounts.

So far, however, no clues -- or at least none that the company is
ready to talk about just yet.

"We're in the process of investigating, so I can't provide you with
information about when this may have occurred," said AOL spokeswoman,
Trisha Primrose. Essentially a cyber con job, the attack -- which came
to light on Friday -- highlights once again the vulnerability of even
the world's largest Internet services provider to the threat of hacker
attacks.

The attack appeared to use a Trojan Horse -- a program that seems
useful, but in actuality has a secret mission. The attack resembles in
some ways the ILOVEYOU virus that temporarily paralyzed tens of
millions of computers last month, penetrating networks in government
and companies worldwide.

The company said that a small number of member accounts may have been
illegally viewed, but the AOL spokeswoman rejected suggestions that
this was part of a widespread and concerted attack.

"I'd point out that I think the word attack is the wrong word,"
Primrose said. "It appears as though a small number of employee
accounts were compromised through the downloading of a virus, and that
by illegally using these accounts, hackers claim to have viewed a very
limited number of member customer service records."

Here's how it worked: the perpetrators of the attack targeted AOL
customer service representatives with e-mails containing a 'Trojan
horse' attachment, that, when opened, created a connection to the
sender's computer and allowed access to some AOL accounts.

The company has so far declined to say how many accounts were
compromised or when the attacks occurred.

AOL says the hackers involved did not appear to have gained access to
AOL's 23 million member database of subscribers, or data on users of
other services that include CompuServe, Netscape Netcentre, ICQ and
other popular sites.

The latest break-in appears to have affected at most several hundred
AOL member accounts, according to a hacker familiar with the events.

The attacks came to light after 'Inside AOL' and 'Observers.net', two
Web sites critical of America Online's service, published details of
the attack, said 'ytcracker', a member of the Inside AOL group.

Ytcracker said no AOL member information had been made public. The
attacks appeared to be a stunt to gain control of desirable screen
names on the AOL service, not invade member privacy or steal credit
card information for example, he said.

AOL appeared to be alone among major US Internet sites in averting a
shutdown of its services during a wave of attacks on major e-commerce
Web sites in February. AOL has previously said it had seen minimal
impact from the ILOVEYOU virus in May.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".