Old AOL Phishing Phrases

Hi, I’m with AOL’s Online Security. We have found hackers trying to get into your MailBox. Please verify your password immediately to avoid account termination. Thank you. AOL Staff

Hello. I am with AOL’s billing department. Due to some invalid information, we need you to verify your log-on password to avoid account cancellation. Thank you, and continue to enjoy America Online.

Good Evening. I am with AOL’s Virus Protection Group. Due to some evidence of virus uploading, I must validate your sign-on password. Please STOP what you’re doing and Tell me your password. — AOL VPG

These have been pulled from an old module (.bas) file.

(more…)

Read More

Exploring Historical & Emerging Phishing Techniques

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
[email protected]
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*[email protected]
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

(more…)

Read More

Secret-Spilling Sources at Risk Following Cryptome Breach

Ruxpin-Vanity-Page-660x244

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

(more…)

Read More

farm9

farm9 README.txt for cryptcat
09-22-2000

Thanks for downloading cryptcat

This is a simple modification to netcat to add twofish encryption.
netcat was origianally written by the l0pht (hobbit and weld pond).

The portion of the code written by farm9 is being released as Open Source.

See the file ‘farm9 Public License Agreement.txt’ for info on Open Source licensing.

(more…)

Read More

Digital5k.com

aol progz… a digital throw back to AOL, 1995.

one of the main reasons that i decided to recreate my digital5k.com website was the constant memories of the AOL progz days.  i won’t lie, there are redundant reminders of my AOL/visual basic (vb)/C++ childhood.  it was a great time in life and the internet, if you ask me.  let’s start off by how it all caught my attention and obsession… ascii art – which doomed my future and solidified my career in computers, programming, development and marketing.

2014-10-25 10_14_23-aol progz… a digital throw back to AOL, 1995.

yep, ascii art was the one little element that attack my attention span and made me say ‘whoa, that’s pretty cool’.  better known in those days as scrollers or macros.  a macro is simple font characters put together to form a type of pre-digital art.  i’ll never forget the first time i signed into AOL and say that beautiful scroll ascii art by ao-hell.

AOHellSplashScreen (1)

i was in 6th grade.  who knows how old i was, i don’t feel like doing the math.  i had just moved to the hell hole known as _____ from Houston, Texas.  i had no friends.  i knew nobody.  i just wanted to go home.  since Texas schools let out a few weeks earlier, i had some time to kill.  a very dangerous thing for a teenager.  what is a borderline anti social teen to do in a city with no friends?  go on the internet with the elite speed of 56 bits per second.

for those of us who remember, AOL was very… fucked.  the horrible chatrooms, stupid interface, laggy system and overall confusing nature, yet – it’s all we had.  the internet was a different place back in 1995.  images of a woman’s breasts were downloaded one pixel line at a time.  often stopping right above the nipple or right below the belly button.  there were no scams, very little spam, limited advertising and an innocence that can never be restored.  the internet was the preacher’s virgin daughter that was just getting ready to leave home, go off to college and get fucked, hard.

it took 3-4 attempts to connect to AOL back then, i would go on to later know the swift backdoor, alternate numbers and general brute force attacks that would prioritize my place in dial up line.  once you gained a stable connection, it was a release of endorphins that no drug has been able to reignite in my brain.  it was instant freedom.  no reality, no physical or gravitational limits, nobody to answer to.  it was an open digital playground with visual basic as monkey bars and the rush of adrenaline for swings.  it was a beautiful feeling for a child at the age of 12 with no real world experience.

finally,  you’re logged into AOL and you’re at the horrible start screen.  let’s go to a chatroom and see what’s popping.  ASL?  remember that?  jesus christ, why do i?  i must have been in a basketball related chatroom when i saw the very thing that would literally go on to change my life.  for the best.  a fucking scrolling advertisement for an aol prog known as ao-hell in an ascii format.

when i saw the 2 line scroll in a basketball chatroom i was first intrigued and then a bit shocked.  my initial thought was, what the hell is this?  i had no idea what it was, but i knew i needed it.  i needed to own it.  i needed to download it.  i needed to run this application.  just by the name, i knew it was something i would appreciate.
aol25_940x700-300x211

i started to IM the person who had ran this ao-hell prog.  the username?  that, too i will never forget – da chronic.

after 10-20 ignored IM’s i finally got an email.  a bit confused, i checked out the email.  it was blank.  cocksucker.  but wait, there’s an attachment?  aohell32.exe?  this must be the prog i’ve seen advertised.  without caution, i download and run it… and with that, my career choice is altered in a very dramatic way.

wait, a tool that i can use to flood emails? scroll and flood chatrooms?  boot people offline and cause all kinds of general hell and annoyances?  this is what i want.  this is what i need – this is what i want to make.  however, before i even thought about how/what it took to make one, i needed to study them all.  i cannot honestly tell you how many hours i spent in my bedroom over the next 2 years downloading, running, studying and then networking with the AOL progs and their programmers.  a few huge ones stick out for some reason for me;gothic nightmares, fate zero, millennium, pepsi, havok, ao-hell and the prophecy trilogy by unab0mber.

pepsi

well, in the course of those two years i had networked with some of the greatest programmers i’ve seen.  oogle, unab0mber, phat, da chronic, masta, pyro, mr simms, noob,  etc.  there were a few chatooms back in the day that were essentially hacker/progz meetups.  some of the chatrooms that i can recall were,  warez, police, macro, proggies, progz, proggy, clan, zeraw (warez backwards), etc.  while chatting in these chatrooms i started to have very close friendships with some of AOL’s top programmers and hackers (at the time).  with this, i was able to not only understand more about the AOL ecosystem, but learn its flaws and breaking points.  it was a very interesting feeling, to be 13/14 years old and have a complete understanding to AOL’s front end and administrative side end.

during the summer before high school i was approached by a major online hacker group, by a specific member who wanted me to join the clan, group, etc.  it was as flattering as it was shocking – i’ve spend my entire 2 years trying to get accepted; yet, i had one drawback – i had never released a mainstream, heavy downloaded prog.  well, let me tell you, that summer – i pumped out some code.  thanks to some open source modals and bas files, i was able to quickly compile a major aol prog in the course of one summer.  at the end of summer, 1998 i had created my ultimate demonstration of my deviated and twisted technically inspired youth; digital dynasty.  programmed fully in visual basic 3.0 on a respectable windows 98 machine.

now, i am arrogant by nature, but i had no idea my prog digital dynasty would blow up so big.  it was a large prog at that time, the original version being around 1.1MB – which is a lot of a little 56k modem to handle.  my prog had over 300 options, which gave (at the time) the best prog, gothic nightmares, a very competitive run for masta’s (the programmers) money.  despite, i was never able to overtake him as the top prog of that time period – much respect to masta and gothic nightmares.  however, i had become an overnight aol legend to may programmers.  at the heat of digital dynasty’s fame, there were 2-3 fakes released, my source code resold and redistributed, thus, re-labeled and marketed, etc.  i guess that’s where my business sense kicked in.  if people are hacking my program to extract code, why not just release the code and charge a.) a premo price tag (again, being 14/15 years old) and b.) require some kind of credit on my behalf for the code and art.  i’ll be fucked, it worked – well, for the most part.

micro-server_940x700

not only did i clear some money, but i had a popular AOL prog circulating the aol community, i had just launched digital5k to help promote it, sell it and market it and i was on my way to developing the second version of digital dynasty to be released the following summer.  at the climax, digital5k (a mixture of my online handle, digital and one of my favorite bands at the time – powerman5000), had over 8,000 users a day.  i calculated over 30,000 downloads in my AOL-career of programming.

things seemed to make sense on the internet.  it was at this point my life changed.  i began to obsess with technology.  i started to obsess with exploitation and hacking.  there was a very fine line in morals.  the internet is dog eat dog.  you adapt or get left behind.  you innovate or you copy.  you make it or you don’t.  with that early life lesson, i ventured to program the second and final version of my famous AOL prog, digital dynasty final.

with digital dynasty rocking the charts and getting downloaded and distributed throughout AOL, it was time to finally drop the final version a year later, summer 2000.  by early 2000, i could not even sign on with my known screen name (itbedigital) at the time.  i would have hundreds of messages within 10 seconds of sign on.  greetings from ‘your prog is awesome!’ to ‘you’re a noob faggot’.  neither may be true, or both may be – whatever, it comes with the territory.

after digital dynasty 1.0 gained traction, my role in the online hacker group was escalated.  it was a fantastic role that helped me network with friends i still talk to, up to this day – over 12 years later.  at this point, AOL was at, what, version 4 going into 5 and 5.1?  sounds about right.  i recall at this time, AOL changed a lot of their API’s and a lot of modals did not work correctly.  more so, technology was changing…  ADSL was coming around and gaining traction, larger monitors and higher resolutions were growing in popularity and more importantly, the user base of AOL was dropping, like a bag of bricks.

being on the verge of a high school freshman and realizing that this internet bubble was doomed to explode, i concluded to create the final version of my AOL prog, digital dynasty final.  i wanted to leave the scene with a bang and i wanted to be remembered for my last prog.  i worked with several high profile programmers at the time to develop new modals, new code, new mass mailers, new exploits and new methods of cloaking AOL staff ID.  as the latter years of my programming and AOL progz/hacking in general evolved, it became more… challenging and sinister.  with that being said, the main goal of digital dynasty final was to create a way to cloak or spoof AOL staff members, primarily, CAT/TOS members.  the goal was not only to bypass AOL’s poor security and lacking 2-token authorization to access your account (eg; social manipulation plus a yell to a fake wife “what’s the damn password to these americans online accounts?!”) would easily bypass any security measures by an operator, allowing you full access to an account.  i guess this is where my latter obsession with hacking and security came into play – but maybe i’ll talk some smack about that later on…

with the new feature list set in my head, i spent 6 months programming, developing, creating art/graphics and then marketing/pushing my newest prog, digital dynasty final.  this prog was released in july, 2000 and i had help and support from a few long-term friends, Mr. Simms, Anti, Click, Beav, Dalton and Rachez.  it was released by digital, under the (at then recently formed company) micro digital, inc.  the return on digital dynasty final (for AOL 3.0, 4.0 and 5.0) was great.  it gained 10/10 ratings from the top prog websites, below is a screen capture for the ranking on lenshell:

digitaldynasty-final

within weeks, i would log into AOL and see the digital dynasty advert scrolling in chatrooms.  i would read happy reviews and i would get hundreds of emails per day with fans with requests for features, wanted me to help with their prog or wanted to help with mine.  at the time, i dubiously confessed i would release a third version, digital dynasty gold; however, my other website projects took priority.  the third version was never released.  on the contrary, i did help on a few major progs that released shortly after before the AOL scene slowly died out.

after about 3 months of my prog being released, i sold several copies, even sold advertising space on my initial digital5k.com version 1.0 and even offered ad space in my prog and the progz zip file.  years before PPC.  imagine that.  things were going well and it was time for the retirement – of an AOL status, that is.  it was time for bigger and better things…

it’s funny when you try to sit back and think about important times in your life and you can remember them so well, but it’s always difficult to figure out how they started and how they ended…  i guess, in a way, it never ended for me.  although many programmers vanished, some turned to the dark side of hacking and others broke off to change paths – some remain in the industry as hacktavists, general whitehat/blackhat hackers/ or as developers or designers.  i do recall, the following summer, 2001 and 2002 being in the scene.  it was more hacking and phone phreaking then.  that transition from programming to phone phreaking was an easy step, obviously – hand in hand, really.  the AOL scene was dead, and forums and general blogs (yes, before blogs were cool) started to take trend.  most programmers/aol progz guys conformed to the blog or forum status, simply venting or offering technical highlights, reviews, raves and rants.

 

by the latter end of 2002, i started to step closer and closer away from hacking, programming, etc.  my focus at that point was business and creating a computer based business that would make money.  it was probably for the best, as I was approaching 18 years old, being charged as an adult rather than a minor would put a damper on any college or career plans.  i guess it was just all perfect timing.. or fate… fate zero ;-) (shout outs to MaGuS).  little did i know then, that my master plans of business and online success would continue to grow, just in different and various niches and industries.

in conclusion, i can honestly say, with no sarcasm or regret that developing, programming and experiences with such people, connections, situations such as those 4am hack-a-thon gatherings helped form me to who i am today, with the knowledge i know, the skill set i posses and the drive i have.  it’s interesting to go to a local grocery store and see a person from high school and thinking ‘what the fuck happened to your life that you work here’.  irony, it seems, comes with a sense of humor and karma.

warcraft

the nerds, geeks, antisocial and hell raisers struck back on AOL, then we struck back on the internet as a whole, now we struck back by having powerful jobs, incredible knowledge and a passion for what we do and how we do it that only athletes and entertainers could only know.  most of us were not the coolest kids in school, most of us did not have a very social or friendly childhood, so we went online.  we went online to bond, to grow and to get ahead of the crowd.  we went online to learn, apply and then repeat.  we are everywhere.  the scene might have died, but we are still alive and kicking.  so, please, be respectful to your technician or consultant. 

references and worthwhile, related reads:

 

Source:  http://www.digital5k.com/aol-progz-a-digital-throw-back-to-aol-1995/

PC Client Cloning

Date 1997 it could be done using AOL 3.0 32-bit and later using 4.0 and 2.5
Founded Various
Submitted By Tau
Source AOL-Files.com/FDO-Files.com Archive

Cloning, as it has come to be called, is the process of signing onto more than one screen name simultaneously on the same computer. There are however two restrictions that you should be aware about before beginning. First, you have to use whatever America Online version you are currently using (4.0, 5.0, or 6.0) and America Online version 2.5. Second, the two screen names you want to use must be on different accounts. So, if both of the names you want to use are on your Sign On list, you cannot use them. If you do not have a problem using AOL 2.5 and you have access to two accounts, then continue reading.

Before you begin, you need to have America Online v2.5 (http://www.aol-files.com/downloads/aolclients/25america.exe) installed on your computer.

Step 1: Opening more than one AOL

If an attempt is made to open a second AOL while a first AOL is already running, then the first AOL pops up and the second stops loading. It is crucial to understand what happened while loading AOL that causes this to happen. Every window has a name, just like every person has a name. Every AOL version has the name “AOL Frame25″. While AOL 2.5 is loading, it checks to see if any other window has the same name. If it finds another window, which would be AOL 4.0, 5.0, or 6.0, with the same name then it stops loading. However, if AOL 2.5 cannot find another window with the name of “AOL Frame25″, then it continues loading.

It is possible to bypass this if the name AOL 2.5 searches for is altered. For the sake of simplicity we will change the name to “AOL Frame26″. So, after the alteration to the name is made this is the process by which two AOLs can load. To epitomize what was just said, I will take you through the process that will happen after the following alteration is made. First, you will load AOL 4.0,5.0, or 6.0. This AOL has the name “AOL Frame25″. Then, when AOL 2.5 is loading, it checks to see whether any window has the name “AOL Frame26″. Since no windows do, it loads.

To accomplish this modification you need to download the modified version of waol.exe available at http://www.aol-files.com/downloads/waol.exe and replace the already existing one in the AOL25 folder with it. Step 2: Setting AOL to Sign On more than one name

If you have not done so already, load AOL 4.0, 5.0, or 6.0 (what ever you normally use) then load AOL 2.5. There are two methods which most people use to get online with AOL. The most common is with the phone line and the other is via TCP/IP. The TCP/IP method allows you to connect to AOL via an already an already established connection to the internet with another ISP. That is how AOL Instant Messenger works; it connects via an already established connection. In this step we are going to set AOL 2.5 to allow you to sign on via TCP/IP through the connection made with AOL 4.0, 5.0, or 6.0. If you already sign on AOL 4.0, 5.0, or 6.0 via TCP/IP then this will still work.

To change the sign on settings for AOL 2.5:

1. In AOL 2.5 click “Setup” 2. Click “Add location” 3. From the combo box with various methods of signing on, choose “TCP/IP”. 4. Click “OK” 5. In the list box on the left side of the setup window choose the last item (the one you just added) 6. Click “OK”

Step 3: Putting it all together

Now everything is set. To begin cloning:

Load AOL 4.0, 5.0, or 6.0 and sign on. Load AOL 2.5 and sign on. (Note: If this is the your first time using AOL 2.5 you will need to select “Existing Member” then sign on. This will allow you to set all the names in the sign on list to the screen names on your other account.