Fun_People Archive
6 May
AOHell -- Hacking AOL


Date: Sat,  6 May 95 13:03:45 PDT
From: Peter Langston <psl>
To: Fun_People
Subject: AOHell -- Hacking AOL

Forwarded-by: bostic@CS.Berkeley.EDU (Keith Bostic)
Forwarded-by: Wendell Craig Baker <wbaker@splat.baker.com>

From: RISKS 17.10

From: simsong@acm.org (Simson L. Garfinkel)
Subject: AOHell

(C) 1995 Simson L. Garfinkel
Originally appeared in The Boston Globe, April 21, 1995
[Reproduced in RISKS with the author's permission]

It's 10:00 P.M. on a weekend night, and some obnoxious guy in the
America Online Chat Forum won't shut up.  What do you do?

You give them the finger, of course.  And if that doesn't work, you
can always shoot them.

Want everybody in the chat room to shut up so you can talk?  Just
click the button labeled "Ghost," and the screen will clear away
everyone else's comments, giving you space to make yourself heard.

You won't find these features on America Online's standard set of menu
options.  But they are part of a new anti-AOL program called AOHell
that's making the rounds on some electronic bulletin board systems.

AOHell can do more than make mischief in America Online's chat rooms:
the program has a number of devilish features that seem designed for
turning online lives into living nightmares.

Armed with AOHell, one user can send dozens, or hundreds, of
electronic mail messages to an unwitting victim in just a few seconds,
a technique known as "mail bombing."  AOHell can also mail bomb the
victim's fax machine and even his US mailbox.  And what if you really
don't like another subscriber?  Just click on the "Punt" command and
you'll abruptly log them off, thanks to an apparent bug in America
Online's operating software.

Why would someone develop such a program and give it away for free
over the Internet?

"I hate the staff on AOL for one, I hate most of the people on AOL for
another, and I wanted to cause a lot of chaos," explains one of the
anonymous authors of AOHell, who identifies himself only as Da
Chronic, in the program's instruction manual.

Indeed, AOHell's worst punches seem to be aimed directly at America
Online itself.

AOHell has a nefarious system built into it for generating fictitious
credit-card numbers.  According to users, the program can make free
accounts that last up to 10 hours of online time or one week,
whichever comes first.  For users with high bills for the nation's
second-largest online service, AOHell has the ability to let users
download files for free.

"Any member using AOHell will have their account immediately
terminated," says Margaret Ryan, a spokesperson for the company.

AOHell is a piece of software for engaging in illegal activities,
sometimes called banditware, which runs in conjunction with America
Online's communications software for Windows-based computers. It
appears to be the first time that such a program has been written to
directly attack one of the nation's large online services.

Some of the AOHell's abilities appear to exploit bugs in the America
Online system, while others, such as the ability to display a raised
middle finger in a chat room, seem to merely simulate an extremely
rapid typist. Ryan wouldn't say if AOL has any technical fixes in the
works that would prevent the program from functioning properly.

Indeed, Ryan doesn't even know who wrote AOHell.

Although AOHell's author has chosen to remain anonymous, a built-in
feature allows AOHell users to send bug reports to the program's
author.  Those reports get sent to a computer in Finland called an
anonymous remailer, which allows people on the Internet to exchange
electronic mail without knowing each other's identities.

"If you think AOH 2.0 is marvelous, wait until you see 3.0," wrote the
program's author, in response to an electronic mail message. "I'm
almost finished with it and it will make version 2 look like a
Commodore 64 program, to say the least."

NOTE: Nobody seems to know where a copy of AOHell can be found now.
      In particular, Peter Langston does not know (so don't even ask).


[=] © 1995 Peter Langston []