AOL spokesman Rich D’Amato declined to comment on how many accounts were affected or what kind of information was accessed by the perpetrators. He said the perpetrators gained access to the accounts when unsuspecting AOL staff downloaded virus-infected email attachments. The attacks targeted employees authorized to review and edit account data, including credit card information and passwords.
“This is about a very small number of accounts that have been compromised by a download of a virus and the illegal activities of a bunch of hackers misusing those accounts,” D’Amato said.
The online service has begun investigating the attacks; it plans to hand its findings to law enforcement agencies, D’Amato added.
The break-ins were first discovered by two AOL insider Web sites, Observers.net and Inside AOL.
According to the publications, the perpetrators targeted AOL customer service representatives who have access to the company’s main member database, dubbed CRIS (Customer Relations Information System). The targeted employees have the authority to bump people off their accounts and reset their passwords. The employees also had access to personal and billing information.
The perpetrators sent emails containing a malicious attachment known as a Trojan horse. When a victim opens the email and downloads the attachment, it automatically establishes a connection between the employee’s computer and the sender’s. Once the sender is connected, he or she can access areas within AOL such as CRIS that are normally restricted to authorized employees.
AOL’s D’Amato said the company scans incoming email for possible viruses and customarily warns employees and members to never download attachments from strangers.
AOL, the largest Internet service provider with 23 million paid subscribers, is targeted frequently by account crackers. As previously reported by CNET News.com, crackers in some cases have gained unauthorized access to accounts by convincing AOL employees to provide restricted information.
Although AOL declined to elaborate on the effects of the account takeovers, a member of Inside AOL who goes by the name of “ytcracker” said the account crackers’ intentions seemed “harmless.” They mainly wanted to take over AOL screen names that were already being used, the member said.
AOL members who have discovered their screen names are no longer working can call AOL to fix the problem.
“All they need to do is call AOL and get their account back again,” ytcracker said in an interview. “It’s probably more of a hassle than anything.”
Richard Smith, an Internet security consultant, said the AOL break-ins are reminiscent of other email-borne viruses, such as the “I Love You” bug that damaged computer systems around the world. Both are examples of malicious attacks using email attachments to achieve their objectives.
Smith’s advice to corporations and individuals worried about protecting computers from infection: Don’t open attachments.
“Tell your people never to run attachments; try to make it so they can’t run attachments even if they try,” Smith said.
June 16, 2000