Early Phishing

Early Phishing

Koceilah Rekouche krekouche@pushstart.info

The history of phishing traces back in important ways to the mid-1990s when hacking
software facilitated the mass targeting of people in password stealing scams on America
Online (AOL). The first of these software programs was mine, called AOHell, and it was
where the word phishing was coined. The software provided an automated password
and credit card-stealing mechanism starting in January 1995. Though the practice of
tricking users in order to steal passwords or information possibly goes back to the
earliest days of computer networking, AOHell’s phishing system was the first automated
tool made publicly available for this purpose. 1 The program influenced the creation of
many other automated phishing systems that were made over a number of years. These
tools were available to amateurs who used them to engage in a countless number of
phishing attacks. By the later part of the decade, the activity moved from AOL to other
networks and eventually grew to involve professional criminals on the internet. What
began as a scheme by rebellious teenagers to steal passwords evolved into one of the
top computer security threats affecting people, corporations, and governments.

The Internet In 1996

The Internet In 1996

internet96

In 1996, the Internet Archive began archiving the web for a service called the Wayback Machine. They’ve now archived 55 billion web pages. That’s enough web pages that if you were to print them all out using your roommate’s printer while he was at class and tape them end-to-end, you could reach the moon and back 28 trillion times.

I decided to peruse the Wayback Machine’s earliest archives to see what the internet looked like in 1996, when I was 14 and evidently had much less free time than I do now. Much to my chagrin, few websites from these early years have been successfully archived, and many of the best preserved ones were created by fast food and soft drink corporations because they were some of the earliest adapters of the internet. They viewed the medium as a chance for inexpensive advertising and invested dozens upon dozens of dollars into it. The results are tremendously humiliating.

ICQ

ICQ

Once you were weaned off AOL, you still needed a reliable messenger to keep in touch with all your 133t friends and buddies, and back in the day, we didn’t have that newfangled skype software with its fancy video and voice chat, so if you wanted to send online messages, you used ICQ (I Seek You) and you got to toggle between instant message mode…
Netscape Composer

Netscape Composer

When I first started browsing the web, my browser of choice was Netscape. Back in the 90s, Netscape Navigator actually had less credibility than IE, and the browser was often referred to as netcake by 1990s website elitists.  However, one vital feature that was bundled in with the browser, which started me off designing very badly coded but visually decent pages, was Netscape Composer. Composer…
NetBus

NetBus

NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor. NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998. It was in wide circulation before Back Orifice was released, in August 1998. The…
Exploring Historical & Emerging Phishing Techniques

Exploring Historical & Emerging Phishing Techniques

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

Is Your Son a Computer Hacker?

Is Your Son a Computer Hacker?

1. Has your son asked you to change ISPs? Most American families use trusted and responsible Internet Service Providers, such as AOL. These providers have a strict "No Hacking" policy, and take careful measures to ensure that your internet experience is enjoyable, educational and above all legal. If your child is becoming a hacker, one of his first steps will be to request a change…
Adrian Lamo

Adrian Lamo

img-article-shenon-adrian-lamo_075825934724-300x199

Inverview taken on: 1/12/01

What are your current AIM screen names? Line Trace
What is your e-mail address? adrian@adrian.org
Do you have a web site? inside-aol.com, terrorists.net, securid.org
What is your real name? Adrian Lamo. . if you want to be technical, its the Doctor Reverend Adrian A. Lamo, Ph.D . . Doctor of Divinity and minister through the Universal Life Church, the grandma of all diploma mills everywhere. . .i don’t take those seriously, and don’t expect anyone else to, but i put them on my resume and my business cards to make a point of my disdain for the certification and educational process.
Where do you live? i move around alot .. i like to travel, and have lived on both coasts, and spent a couple years in south america. . i’m in transit right now. . but am based out of San Francisco.
How old are you? 19
What are your hobbies? i like to break and explore. breaking things is integral to the progression of technology. . people accuse me of being directionless, but i think its important to drop dynamite into the pond sometimes, to see what floats up. in my copious free time, i like to explore abandoned buildings and sewer systems, as well as exploring occupied buildings – its amazing how many security guards will escort you up to the roof of a skyscraper if you only ask, or won’t even stop you if you look like you know where you’re going. . urban exploration is definitely a big passtime. one of the reasons i like to travel, too., i used to be involved in local activism and whatnot. . worked with the city government, stuff like that. . i’m massively disinterested in politics now though.
How would you describe your physical appearance? scrawny geek ; )
What do you hope to do as a profession? same as i do now. . short term, interesting contracts for worthwhile places. i’ve been working since i was 16, and have run through a pretty big variety of jobs and contracts. . most of them designed to be short term .. i did a 3 month security audit for a fortune 500 company once, that was probably the most interesting. . but i’ve worked for everything from nonprofits to law firms to private investigation firms. . i set up a Netzero account for one of kevin mitnick’s former attorneys at one of them, of all the ironic things. . thats the sort of thing i want to keep doing. i don’t want to be stuck behind the same desk all my life, working at the same place until i have too much invested in what i’m doing to be able to do anything to risk it.
How long have you been on AOL? used the service briefly when i was younger, when it was known as Quantum Link, and i was playing around with my commodore 64. . but i didn’t start to really use it til the mid-90’s. . i used AOL 1.6 for DOS/GeoWorks for the longest time, and actively resisted going over to the Windows version until they started disabling features one by one. .they eventually sunsetted it altogether in June of 1999. So. .something like 7 or 8 years now.
How much time do you think you spend online each day? it varies. . .depending on where i am and what i’m doing. sometimes, if i’m interested in something, i’ll spend days online nonstop. . sometimes i’ll spend days without touching a computer. on a really average day, anywhere between 4 and 12 hours ;x
What programming languages are you familiar with? i don’t really program. the only languages i’ve worked with are x86 assembler and OPL for the EPOC16 palmtop OS.
What do you spend most of your time online doing? breaking and exploring -=)
Who are your good friends online? They know who they are.

Miley Cyrus Hacker Raided by FBI

Miley Cyrus Hacker Raided by FBI

A 19-year-old hacker who published provocative photos of teen queen Miley Cyrus earlier this year was raided by the FBI Monday morning in Murfreesboro, Tennessee.

The hacker, Josh Holly, repeatedly bragged online about breaking into the Disney star’s e-mail account and stealing her photos. He also gave interviews to bloggers and others and boasted that authorities would never find him because he moved so often. [Last month, Holly contacted Threat Level seeking to have an article written about him here.]

But this morning the FBI did find him and, after talking with him for more than an hour about his exploits, served him with a search warrant and a list of items to be seized (which was posted at the hacking site digitalgangster.com after Holly showed it to a friend).

mileycyrus2

 

Comcast.net Hijacker Gets 4 Months

Comcast.net Hijacker Gets 4 Months

A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.

James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.

Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”

“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”