RealTime IT News

Hackers Again Strike AOL

America Online, Inc. is the latest Net crime victim to have the privacy of some of its 23 million members violated.

While the extent of weekend damage is unknown, the knowledge of how to access security holes in America Online's network is spreading quickly through Internet channels.

While AOL members are assured at every point of contact that their information is secure from potential maliciousness, a hacker with the handle "Retired" shared information with security watchdog Observer.net about some of his exploits at the expense AOL's security.

According to the Observer.net report, the chasm of the security breach is at AOL's Customer Relations Information System. CRIS is the user interface to the main AOL database that manages all member accounts, information and other related data.

AOL employees who need to access information use CRIS to determine a member's last login date, type of software used on the last login, account status, account type, pricing and contact information. The database also reveals a member's full name, address, phone number, and all screen names and passwords connected with the account.

While customer care consultants access and support technician's access to the database varies, AOL limits full access to CRIS to only a few hundred employees.

After AOL's network security was compromised in 1995, the largest online service provider in the nation implemented a new policy designed to limit access to CRIS. Only employees accessing the database from inside its campus could be logged onto the internal office network, remote access as banished.

"Retired" managed to access the supposedly secure customer database by creating a redirect program through the Transmission Control Protocol.

AOL's firewalls naturally block incoming TCP connection attempts, but hackers can readily send a "trojan" program to an internal AOL server. Like the mythical "Trojan Horse," the program conceals the hacker's external access by acting like a client that is connecting to a local host server.

By editing a TCP.CCL file to connect to the localhost, the port identifying the hacker's computer is sent to an internal AOL "trojaned" computer, which appears to be a completely legitimate internal connection to AOL operations and the CRIS database.

The hacking method only works over a cable modem. After a TCP.CCL is edited, it can connect and send commands to through the cable modem, just like AOL would send commands internally through a workstation. In order to complete the access, AOL staffers must unwittingly download the fixed files onto local computers inside the network.

Observers.net contends that AOL could readily scan and disable both "trojan" and viral attempts to access its networks. Observers.net further condemned AOL, because it has had ample time to get a security fix built-in to its networks.

Last year, AOL had Jay Satiro arrested for using a "trojan" hacking program to prove to the online giant how easy it was to access its networks.

At the time AOL informed its members that privacy and account security is of utmost importance to the firm and that its billing information is stored on a different computer, separated from servers that operate its online access connections.

From its base operations in Colorado, YTCracker Labs makes a point of defacing public, private, and institutional networks that don't lift a finger to keep violators out of their systems.

Orchestrated by a 17-year-old benevolent hacker, "YTCracker" has a court date looming in his near future for defacing the City of Colorado Springs Web site in December 1999 when he publicized its security flaws.

YTCracker, who wrote the Observers.net bulletin,