AOHell v3.0 Rage Against The Machine by Da Chronic

For the last year, America Online has fought a freely-distributed program called AOHell, which allows would-be hackers unlimited free access to the system–in part, by exploiting AOL’s free trial disks.

The program provides powerful add-ons to AOL software, but also exploits bugs in AOL’s system to allow high-tech harrassing of users in chat rooms and via e-mail. In the documentation for AOHell, its creator explains why he wrote the program and its connection to AOL’s hypocritical stance on child pornography.

*******AOHell v3.0 Rage Against The Machine*******
By:
Da Chronic
Part I ——————- What is AOHell?
Part II ——————- The features in AOHell v3.0
Part III ——————- Is it safe to use AOHell?
Part IV ——————- Why I made AOHell

(more…)

Read More

Early Phishing

Koceilah Rekouche [email protected]

The history of phishing traces back in important ways to the mid-1990s when hacking
software facilitated the mass targeting of people in password stealing scams on America
Online (AOL). The first of these software programs was mine, called AOHell, and it was
where the word phishing was coined. The software provided an automated password
and credit card-stealing mechanism starting in January 1995. Though the practice of
tricking users in order to steal passwords or information possibly goes back to the
earliest days of computer networking, AOHell’s phishing system was the first automated
tool made publicly available for this purpose. 1 The program influenced the creation of
many other automated phishing systems that were made over a number of years. These
tools were available to amateurs who used them to engage in a countless number of
phishing attacks. By the later part of the decade, the activity moved from AOL to other
networks and eventually grew to involve professional criminals on the internet. What
began as a scheme by rebellious teenagers to steal passwords evolved into one of the
top computer security threats affecting people, corporations, and governments.

(more…)

Read More

Exploring Historical & Emerging Phishing Techniques

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
[email protected]
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
[email protected]
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

(more…)

Read More

AOL Warez – The History of AOL Warez – AOL Hacking

Before I begin, let me state the following: This is my personal perspective of the history of Warez and the scene in general on America Online (AOL). How the scene developed in the beginnings, and where it has evolved to today. I also would like to thank Mat Stars, Reflux, and Da Chronic himself for their input and insight. Enjoy.

Well, as of writing this, I am 22 years old (it’s 2003 as of this writing). I chose to write this little piece on the history of AOL Warez (at least from my perspective) for two primary reasons. Firstly, it may sound ‘lame’ or whatever, but I’ve been involved in the scene in one form or another since I was 10 years old… so that’s 12 years and counting. For better or for worse, AOL Warez has played a part in my life, and it’s something I don’t wish to ignore or forget as I get older, so this is a good reminder document for me. Secondly, being the “wise sage” that I am, I feel it may be of benefit or interest to others to share my experiences and knowledge about the history of the scene.

To be fully honest, I don’t know or recall exactly how *I* first got involved. I know it was when I had a 2400 baud modem, and was trading old software (DOS, 16 color games, etc) through single line BBS’s, around 1991 I believe. I first began using AOL 2.0 back in 1993, when the first version of AOL for Microsoft Windows was released. Yes, I had tried AOL for DOS (back then, there was no version number) in 1991, but at that point, AOL was called Quantum Computer Services. And in case anyone is wondering why AOL has always “been so easy to use,” it’s because it was originally designed for the Macintosh and Apple II. Anyhow, at this point there were fewer than 1 million subscribers, chat service did not exist, and the scene had not yet been born. Obviously, this is also pre-unlimited use per month days (which did not occur until 1996).

With the advent of 9600 baud modems, public chat rooms, and soon the private rooms which began spawning on the AOL service. Back then, the internet was not for everyone. Only tech savvy people who knew what was going on ever logged on to the internet during this time period, and by tech savvy, I’m referring to people such as myself: young, adolescent boys, with a curiosity of technology and sense of adventure. (Yes, I consider myself the Tom Sawyer of the modern age). Anyways, enough background information, on to the creation of the scene…

Primarily through word of mouth, news spread about free programs being offered in chat rooms for trade and download. Prior to this, I had been doing BBS trading on boards such as Iniquity and Eternity. On AOL, this was first done in public chat rooms; soon of course, people migrated to private rooms, and the creation of the “warez” series of rooms. For teenage boys who wanted free software, and to be part of the “in” club, things were going great. But something was missing. Along came a man, calling himself “Da Chronic.” Now, if you don’t know of this nick name, stop reading beyond here, you don’t belong. Da Chronic, who at the time was a 17 year old high school student from Pittsburgh, Pennsylvania, created the first of what was to become literally thousands of programs for use on AOL, none other than “AOHell.” A fairly simple program created in Visual Basic, AOHell reached a level of popularity which has never been equaled or even rivaled (no, don’t tell me FateX was more popular, it was not). AOHell allowed people to do several basic things. Firstly, it allowed anyone, his sister, mother and dog, to create fake accounts on AOL using randomly generated information. Secondly, it had a few built in macro’s, the most popular of which was the “scrolling middle finger.” Third, you could “email bomb” or “IM bomb” people, and just be generally disruptive, which was the true intent of Da Chronic. The original version of AOHell was released around November 1994.

So at this time, AOL didn’t really do a whole lot to stop the spread of Warez on their system. I’m sure they regret this now. Had they been aggressive in the early stages of the development of the scene, I am positive that it would not have survived, just as it did not on other similar services, such as Compuserve and Prodigy. All AOL did was modify the account sign up process. Essentially, they changed the checking account creation to have some sort of validation period, and basically that was about it for a while. Of course, that didn’t stop us. Some brilliant person figured out the now infamous ‘5396’ MasterCard prefix. Simply by having the correct 4 digit CC prefix, you could still create fake accounts fairly quickly, and AOHell and similar programs automated the process for you.

The “scene” as an organized community did not establish itself until the middle of 1995, probably during the summer months. Prior to this time, such a thing as “free warez” did not exist. You traded for programs/games/utilities etc. Then along game the first known organized group, dedicated to the “free warez” concept, SHiZZa. Basically, group members from SHiZZa went around warez rooms (now being called such things as ‘cold’ or ‘thin’ ice, since the word “warez” had been banned), and recruited new members. This was taken a step further by FWA (the Free Warez Alliance, which claimed to have created the ‘freewarez’ series of private rooms, once the ‘ice’ series was also banned). Other people quickly followed suit, and created groups of their own, most notably, UPS, MySTiC, and SNT which were formed within weeks or months of SHiZZa. Groups worthy of mention who came about in the second and third waves, include Synapse and iMaGe (which iMaGe was formed via merger of Gen-X and Digital) who then later on merged to form what is now Legion, DGG (which spawned off Arise), WaY (which died off), Logic (which moved to I-Net only), and OsW (died off). I’m sure there were other groups during this time, but these are the most important and prominent ones (and the ones which I can still remember). The three dominant groups during this time were UPS, MySTiC and WaY (the latter of which, I was a part of for a few short weeks). UPSS by the way, (the AOL arm of UPS), was the first group to begin “massmailing” Warez with automated programs, and WaY took it a step further when CooLziE created IcE DroP MM’er, the first stable, fast, and fully automated MM program (it could both collect screen names from a chat room where people signed up, and then MM them all on its own).
It was also during this time when “phishing” for accounts was ever so popular. Stupid new AOL’ers just seemed to love sharing their accounts with people. At that time, it was almost too easy to steal passwords since no one made unique, hard to guess pw’s. I remember trying out passwords like sex123 and getting into accounts with ease. Of course, the other major thing which was going on was “carding.” Once you stole a person’s CC information (or more often, they ‘volunteered’ it, you could go to places such as buy.com and FedEx shit using that stolen CC info, and within a few days have a new computer, or stereo or whatever your heart desired. Now, this is a simplified explanation of how ‘phishing’ and ‘carding’ both worked, but I am not going to get into the details of those two scenes; I merely wanted to mention them because they were loosely associated with the Warez scene.

(more…)

Read More