The AOL Protocol

The AOL Protocol

When you hear the phrase “The AOL Protocol”, I bet most of you immediately think of FDO, right?
Although FDO is a part of the AOL protocol, it in no way encompasses the big picture. When I use
the term “The AOL protocol”, I refer to how the AOL client and server interact with each other,
how data is prepared, how it is sent, and how it can be manipulated.

There currently exists no formal documentation of the AOL protocol, or at least one that is
publicly available. For this reason, I have taken it upon myself to strip the bits of
information from my feeble mind and write a document with at least basic information about
the AOL protocol. The information included in this document is what I have learned, from
exploration, help from others, and just stumbling upon it. I in no way guarantee the accuracy
of the information contained herein. That said, here is what I know.

(more…)

Read More

From O0O of AOL-Files

I found this old post from O0O of the old AOL-Files.com site posting this on DigitalGangster.com

 

Join Date:  Apr 2007
Location:  NYC
Posts:  1,428

 

its funny how 12-14 years later people remember things so much differently than what you remember. Many of the names here I haven’t seen since bouncing around the PRs in the late `90s. Many of you remember the “leet” SN jackers/suspenders and the progger types….or guys like Kali that cracked OHs to scroll for hours on end…

 

I have a very different perspective, I spent most of my time on IRC or in PRs that many in the scene didn’t know about like “leo9” and “atomdrop”.

 

We had some very smart people in the scene back then, many of them went on to be very successful over the past 12 years….a couple of them I’m glad to still be able to talk to/work with IRL. Some ended up in jail or are dead now. There was a lot of crazy shit going on behind the scenes that kept the scene moving forward, even though there were a couple thousand of us and only some spoke to each other, we were still all tied together through the exploits and programs that a small cadre of really smart dudes figured out and built for others.

(more…)

Read More

Apologetic New Bedford hacker gets 4-year jail sentence cam0

He goes by the online monikers “cam0,” “Freak,” and “leetjones.” But you might know him as the guy who hacked Burger King’s Twitter account, to claim the fast-food chain was bought by its rival McDonald’s. He is also known as the guy who hacked Paris Hilton’s phone and publicly posted racy photos of the socialite.

On Monday, 25-year-old Cameron Lacroix apologized for his crimes, telling a federal judge that he recognized the seriousness of what he thought was innocuous computer hacking. Lacroix pleaded for mercy as he was about to be sentenced for computer fraud.

“My actions let a lot of people down,” Lacroix told US District Court Senior Judge Mark L. Wolf. (more…)

Read More

Early Phishing

Koceilah Rekouche krekouche@pushstart.info

The history of phishing traces back in important ways to the mid-1990s when hacking
software facilitated the mass targeting of people in password stealing scams on America
Online (AOL). The first of these software programs was mine, called AOHell, and it was
where the word phishing was coined. The software provided an automated password
and credit card-stealing mechanism starting in January 1995. Though the practice of
tricking users in order to steal passwords or information possibly goes back to the
earliest days of computer networking, AOHell’s phishing system was the first automated
tool made publicly available for this purpose. 1 The program influenced the creation of
many other automated phishing systems that were made over a number of years. These
tools were available to amateurs who used them to engage in a countless number of
phishing attacks. By the later part of the decade, the activity moved from AOL to other
networks and eventually grew to involve professional criminals on the internet. What
began as a scheme by rebellious teenagers to steal passwords evolved into one of the
top computer security threats affecting people, corporations, and governments.

(more…)

Read More

Exploring Historical & Emerging Phishing Techniques

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

(more…)

Read More

Tila Tequila, Hilary Duff Hacked By “Tesla” of Kryogeniks

I couldn’t imagine a crazier way to get yourself some attention from the hacking crew you want to join than taking out one of the biggest “phenomenons” on Myspace then following it up with the Hilary Duff music page, but there you go. The page content doesn’t appear to have had anything malicious placed on it, but the individual behind the hacks couldn’t resist sending out a few bulletins.

 

tila_1

(more…)

Read More

Justin Timberlake, Hilary Duff, Tila Tequila MySpace profiles compromised to impress hacker group

A person wanting to impress a hacker group broke into the popular MySpace profiles of several celebrities, including Justin Timberlake and model and MTV personality Tila Tequila, researchers said today.

The hacker, who uses the handle “Tesla,” gained access late Wednesday into the profiles of Timberlake, Tequila and actress-singer Hilary Duff, and used the compromised accounts to blast out bulletins to the celebrities’ tens of thousands of MySpace friends, said Chris Boyd, senior director of malware researchFaceTime Security Labs.

The messages, which appeared to come from the Hollywood stars themselves, proclaimed support for a hacker group known as Kryogeniks.

One read: “Hey Tesla here. Justin Timberlake has been hacked by me. HTTP://kryogeniks[dot]org. Cheers [expletive].”

(more…)

Read More

Miley Cyrus Hacker Raided by FBI

A 19-year-old hacker who published provocative photos of teen queen Miley Cyrus earlier this year was raided by the FBI Monday morning in Murfreesboro, Tennessee.

The hacker, Josh Holly, repeatedly bragged online about breaking into the Disney star’s e-mail account and stealing her photos. He also gave interviews to bloggers and others and boasted that authorities would never find him because he moved so often. [Last month, Holly contacted Threat Level seeking to have an article written about him here.]

But this morning the FBI did find him and, after talking with him for more than an hour about his exploits, served him with a search warrant and a list of items to be seized (which was posted at the hacking site digitalgangster.com after Holly showed it to a friend).

mileycyrus2

 

(more…)

Read More

Comcast.net Hijacker Gets 4 Months

A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.

James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.

Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”

“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”

(more…)

Read More

Secret-Spilling Sources at Risk Following Cryptome Breach

Ruxpin-Vanity-Page-660x244

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

(more…)

Read More