AOL Security Compromised by Teenager

Freaky_Friday wrote with a link to an InfoWorld article about a teenage kid accessing customer information at AOL. The alleged criminal trespass began late last year, and extended up through early April. According to the article, the guy used some 'off-the-shelf' hacking software he downloaded online to gain access to, and then transmit information from, AOL's systems. "The complaint states that Nieves admitted to investigators that he committed the alleged acts because AOL took away his accounts. 'I accessed their internal accounts and their network and used it to try to get my accounts back,' the defendant is quoted as saying in the complaint. He also admitted to posting photos of his exploits in a photo Web site, according to the complaint ... If the defendant was honest about his motivation in his reported confession, it's safe to assume that he wasn't interested in stealing data for financial gain, [Managing director of technology at FTI Consulting Mark] Rasch said. Still, it'll be interesting to find out what steps AOL is taking if customer data was in fact compromised, he said."

Re:Hmmm

Well there have always been tools out there to hack AOL, some of the more notorious were AOHell and WAAS (We are all sinners), LOFT even had a whole series of tools for AOL. Most of them just contained a lot of script kiddy stuff but there were some others that gave you shell access to the network about 10 years ago or so AOL was really like a pretty face over a custom IRC type network. If you could drop down out of the pretty face and get to the raw shell which was only really only protected by the fact that the pretty face was there and most AOL users were too dumb to realize that there was something going on under the AOL screen. You could peek around, but then once you got yourself an overhead account you really could run through the system at will. While I imagine it has improved over the years I am guessing a lot of the base code and concepts of the network are there still.