Old AOL Phishing Phrases

Hi, I'm with AOL's Online Security. We have found hackers trying to get into your MailBox. Please verify your password immediately to avoid account termination. Thank you. AOL Staff Hello. I am with AOL's billing department. Due to some invalid information, we need you to verify your log-on password to avoid account cancellation. Thank you, and continue to enjoy America Online. Good Evening. I am.....

Hacking IRC – The Definitive Guide

Copyright 1996 klider@panix.com Welcome to Hacking IRC- The Definitive Guide. The purpose of this page if you have not already guessed is to provide what I consider optimal methodology for hacking IRC channels. In addition, I provide some of the better channels to hack as well as fun things to do while “owning a channel.”

Contents

Section 1— Why Hack IRC?

Section 2–Requisite Tools

Section 3–What It Takes To Gain Control

Section 4–Link Looker(LL)

Section 5–Bots and Scripts

Section 6–Multi-Collide-Bot(MCB)

Section 7–Pre-Takeover Preparation

Section 8–Thing To Do ONce You “Own” the Channel

Section 9–Best Channels to Hack

Early Phishing

Koceilah Rekouche krekouche@pushstart.info

The history of phishing traces back in important ways to the mid-1990s when hacking
software facilitated the mass targeting of people in password stealing scams on America
Online (AOL). The first of these software programs was mine, called AOHell, and it was
where the word phishing was coined. The software provided an automated password
and credit card-stealing mechanism starting in January 1995. Though the practice of
tricking users in order to steal passwords or information possibly goes back to the
earliest days of computer networking, AOHell’s phishing system was the first automated
tool made publicly available for this purpose. 1 The program influenced the creation of
many other automated phishing systems that were made over a number of years. These
tools were available to amateurs who used them to engage in a countless number of
phishing attacks. By the later part of the decade, the activity moved from AOL to other
networks and eventually grew to involve professional criminals on the internet. What
began as a scheme by rebellious teenagers to steal passwords evolved into one of the
top computer security threats affecting people, corporations, and governments.

Exploring Historical & Emerging Phishing Techniques

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.


A person wanting to impress a hacker group broke into the popular MySpace profiles of several celebrities, including Justin Timberlake and model and MTV personality Tila Tequila, researchers said today.

The hacker, who uses the handle “Tesla,” gained access late Wednesday into the profiles of Timberlake, Tequila and actress-singer Hilary Duff, and used the compromised accounts to blast out bulletins to the celebrities’ tens of thousands of MySpace friends, said Chris Boyd, senior director of malware researchFaceTime Security Labs.

The messages, which appeared to come from the Hollywood stars themselves, proclaimed support for a hacker group known as Kryogeniks.

One read: “Hey Tesla here. Justin Timberlake has been hacked by me. HTTP://kryogeniks[dot]org. Cheers [expletive].”

Comcast.net Hijacker Gets 4 Months

A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.

James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.

Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”

“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”

Secret-Spilling Sources at Risk Following Cryptome Breach

Ruxpin-Vanity-Page-660x244

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

Bad-mother-fucker.org

corner2Another website that was hosted by “Russell Handorf” aka Satanklawz.

SatanKlawz

Satanklawz hosts all the servers, and does mostly all the technical stuff.

Title: Chief of Security
Joined Badmotherfucker: 7/26/00
Sex: A Man
Age: 2/19/80
Hometown: Memphis, TN
Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf

10/18/12 Update: 2006 posting at forum - where Russell Handorf still contributes using his "grey hat hacker" handle "satanklawz" - suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being "friends" with Handorf but still won't answer any real questions; Chet Uber offers to have Lamo "interview" me - Neal Rauhauser, who claims he has nothing to.....