Date Fall 1998
Founded Alan
Submitted By O0O
Source AOL-Files.com/FDO-Files.com Archive
AOL’s network is made up of hundreds of Unix boxes which all run the same server software written by AOL called “AOL Server”.
Alan found an exploit in AOL Server which allowed anyone to access the tcl compiler for the Unix Box. Using this tcl compiler exploit Alan was able to root dozens of AOL Unix boxes running AOL Server. Using these boxes he setup several port redirects for IRC but more importantly was able to access CRIS by setting up his computer as part of the AOL LAN. Alan also had access to very confidential source code and other files on AOL’s internal network.
An internal Opssec email sent out to all System Administrators describing the exploit and how to patch it can be found here.
This exploit eventually got Alan arrested in March, 1999 even after he told AOL how to patch it and they said he wouldn’t be prosecuted. Alan became only the 2nd person to get arrested in connection with AOL for violating Computer Hacking laws(the first was Happy Hardcore), although Federal charges were never brought; he was prosecuted under a Class D NY State Computer Crimes felony.