From O0O of AOL-Files

I found this old post from O0O of the old AOL-Files.com site posting this on DigitalGangster.com

Join Date:  Apr 2007
Location:  NYC
Posts:  1,428

its funny how 12-14 years later people remember things so much differently than what you remember. Many of the names here I haven’t seen since bouncing around the PRs in the late `90s. Many of you remember the “leet” SN jackers/suspenders and the progger types….or guys like Kali that cracked OHs to scroll for hours on end…

I have a very different perspective, I spent most of my time on IRC or in PRs that many in the scene didn’t know about like “leo9” and “atomdrop”.

We had some very smart people in the scene back then, many of them went on to be very successful over the past 12 years….a couple of them I’m glad to still be able to talk to/work with IRL. Some ended up in jail or are dead now. There was a lot of crazy shit going on behind the scenes that kept the scene moving forward, even though there were a couple thousand of us and only some spoke to each other, we were still all tied together through the exploits and programs that a small cadre of really smart dudes figured out and built for others.

TK was incredibly important to the scene. He found exploits, made tools and came up with concepts that led to more exploits further down the road. Most of you wouldn’t have had icases, indents, 2/3 chars without TK, Endo, Hypah and BMB. Most of the early AIM jack methods came from the Macfilez crew that was mentioned earlier in the thread, hypah and endo figured out alot of the methods on the Mac side and TK, BMB and I ported them to the PC. Endo came up with many of the web based AIM jacking methods early on and then others popped up here and there as AOL introduced more features to their AIM web interfaces.

I wrote a whole blurb on Wired’s blog 5 years ago on the Customer database hacks, i’ll repost it here for posterity.

O0O • 5 years ago
Couple more comments on the AO Scene and the history of their Customer Databae hacks.

AOL like any other company will always be vulnerable to the “human element”. You can’t teach common sense in all your call reps. You’re going to have viruses/trojans downloaded by people that just don’t give a crap about their job enough to spend the time figuring out what is a valid communication from a friend and what is one from a hax0r social engineering you.

The first CRIS hacks occurred in 94-95. They weren’t even real hacks. CRIS was available anywhere in the country if you were signed onto an Internal with access rights. KW: Cris, there you go. Back in the day CRIS allowed you to view the full user’s password, that’s how The Meth, Red Ryder and others signed onto TOSAdvisor, SteveCase and other “well known” screen names back in the day. AOL responded to this breech by taking away password viewrights and creating Viewrule 151, which limited access to those on the Internal LAN only.

Fast forward to Dec 1998, between 95-98 all the CRIS information people were getting were through corrupt call center employees in Oklahoma, Albuquerque and Ogden. Alan Ende Aka Jay Satiro found a tcl compiler exploit in AOLServer(AOL’s unix based OS that ran several of their servers. He used that exploit to connect his personal computer into the AOL LAN. Several #node regulars and I fed him Internal SNs to log onto via his LAN connection to pull CRIS information/reset passwords. Jay was caught because he didn’t use any proxies and was convicted of several NY State felonies.

Four months after Jay was arrested, in the Summer of `99, The Knight and I took the TCP Redirect concept and applied it to AOL. We created a trojan horse that served as a keylogger, password stealer and emailer. But more importantly it opened up an outgoing TCP connection on port 80 from the AOL employee’s computer workstation. The TCP connection would go out to blahicantremember.dyndns.org. We would change the dyndns.org resolution IP hourly to a random Back Orifice infected computer with high-speed internet connection. The BO infected computer had our Server program running on it that would look for incomming connections from AOL workstations. Once it had a connection we would point our AOL client software to the Server, which would then loop our packets back through the open socket to the AOL employee’s computer. The infected employee would then open up a connection to americaonline.aol.com and we now had a TCP connection to AOL through the LAN which let TK and I use CRIS. The proxy prevented AOL from tracing back to us and we never used the same proxy twice or longer than 15 minutes. In fact, we tried not to use the same Internal account twice.

We went in and out of CRIS for seven months, from Summer of `99 until FEB 2000. By that time we were bored with it and I was planning on leaving the scene. That’s when I leaked the TCP redirect idea out to people I knew would pass it along to others. I also agreed to let observers.net release the information, in their article I was referred to as “Retired”. Within three months, other hax0rs duplicated TK and I’s redirect and thats what created all the press attention in June 2000 that made AOL make all Internal Sign-ins SecurID only.