From cloud9.net!owner-aol-list Fri Jun 13 11:58:45 1997 Return-Path: Received: from relay.ripco.com by RIPCO.COM with smtp (Smail RIPCONET) id m0wcZgS-00070hB; Fri, 13 Jun 1997 11:58:44 -0500 (CDT) Received: (qmail 18297 invoked from network); 13 Jun 1997 16:58:41 -0000 Received: from cloud9.net (?w6ga3AZcu+nM2JLtItOvMwkoG6QKF5Pv?@168.100.1.2) by relay.ripco.com with SMTP; 13 Jun 1997 16:58:41 -0000 Received: from localhost (majordomo@localhost) by cloud9.net (8.8.5/cloud9-1.1) with SMTP id MAA19152; Fri, 13 Jun 1997 12:58:21 -0400 (EDT) Received: by cloud9.net (bulk_mailer v1.5); Fri, 13 Jun 1997 12:50:23 -0400 Received: from shell.wco.com (root@shell.wco.com [199.4.94.16]) by cloud9.net (8.8.5/cloud9-1.1) with ESMTP id MAA16362 for ; Fri, 13 Jun 1997 12:50:20 -0400 (EDT) Received: from shell (destiny@shell [199.4.94.16]) by shell.wco.com (8.8.5/8.8.5/WCO-2jun97) with SMTP id JAA28566 for ; Fri, 13 Jun 1997 09:50:05 -0700 (PDT) Date: Fri, 13 Jun 1997 09:50:01 -0700 (PDT) From: David Cassel X-Sender: destiny@shell Reply-To: David Cassel To: The AOL-list Subject: The AOL List: Friday the 13th Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-aol-list@cloud9.net Status: RO F r i d a y t h e 1 3 t h ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ "Welcome to the Kids' Health & Development and Pregnancy & Childbirth chat area!" reads the screen in AOL's "Thrive" area. "News: Itch and Warp owns your ass!" It's Friday the 13th on AOL, and hackers have replaced the text in AOL's "Health and Development area." They switched the text in anticipation Thursday afternoon at 4 p.m. (PST). Eighteen hours later, it's still barking out its greetings, offering "a big fuck you to Shotgun, Power, and GLAZE!!!" and sending "Greetz" to 24 other hackers. (http://www.wco.com/~destiny/kidhack.gif) Selecting "Chat about it!" from the Kids' Health and Development menu in the "Health" section of Keyword "Thrive" currently pulls up the affected screen. (It can also be accessed directly be requesting keyword aol://4344:1209.chathost.9706892.537062691 ). The familiar heart icon in the window's title bar even allows the hacker's message to be added to a user's "Favorite Places". Across from the "fuck you" to Shotgun is a list of child-related chats. ("WED, 8pm: Kids' Behavior, THUR, 10pm: Online Ob-Gyn...") This is the latest of several high-profile hacks. The list lengthens: since early April, hackers have modified at least seven AOL areas. Affected content providers included: The Stats Store The New York Times The Hub GameWiz (twice) AOL Glossary the FTP sites of several AOL employees. Thrive In addition, C|Net reported that hackers attacked AOL's Court TV this November. (http://www.news.com/News/Item/0,4,5712,00.html) An index explaining all eight incidents and providing screen-shots has been placed at http://www.wco.com/~destiny/kidshack.htm A hacker named "Weed" notified the AOL List of the latest incident--but the attacks may be having a cumulative impact. Days after hackers altered the content in AOL's Stats Store, Intuit expanded their on-line banking operation from AOL to the internet -- suggesting that not all of AOL's partners are satisfied with AOL-only offerings. (http://www.news.com/News/Item/0,4,10828,00.html) Could other content providers follow their move to the web? Time will tell. THE LAST LAUGH AOL recently encountered another kind of security issue. The Atlanta Journal-Constitution's Art Kramer reported that Manuel Noriega had to cancel a scheduled on-line appearance on AOL. A spokesperson for the federal Bureau of Prisons pointed out to the on-line service that inmates aren't permitted to go on-line. The former Panamanian dictator is serving a 40-year sentence on racketeering and drug charges. David Cassel More Information - http://www.wco.com/~destiny/time.htm ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ Please forward with subscription information and headers. To subscribe to this list, type your correct e-mail address in the form at the bottom of the page at www.aolsucks.org -- or send e-mail to MAJORDOMO@CLOUD9.NET containing the phrase SUBSCRIBE AOL-LIST in the the message body. To unsubscribe from the list, send a message to MAJORDOMO@CLOUD9.NET containing the phrase UNSUBSCRIBE AOL-LIST. ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ From cloud9.net!owner-aol-list Thu Jun 12 19:49:47 1997 Return-Path: Received: from relay.ripco.com by RIPCO.COM with smtp (Smail RIPCONET) id m0wcKYk-00074KB; Thu, 12 Jun 1997 19:49:46 -0500 (CDT) Received: (qmail 22955 invoked from network); 13 Jun 1997 00:49:43 -0000 Received: from cloud9.net (?uXIt8SnNG2tWbVvZ4u8mMx3aInVcHGbs?@168.100.1.2) by relay.ripco.com with SMTP; 13 Jun 1997 00:49:43 -0000 Received: from localhost (majordomo@localhost) by cloud9.net (8.8.5/cloud9-1.1) with SMTP id UAA16396; Thu, 12 Jun 1997 20:48:56 -0400 (EDT) Received: by cloud9.net (bulk_mailer v1.5); Thu, 12 Jun 1997 20:36:43 -0400 Received: from shell.wco.com (root@shell.wco.com [199.4.94.16]) by cloud9.net (8.8.5/cloud9-1.1) with ESMTP id UAA12722 for ; Thu, 12 Jun 1997 20:36:39 -0400 (EDT) Received: from shell (destiny@shell [199.4.94.16]) by shell.wco.com (8.8.5/8.8.5/WCO-2jun97) with SMTP id RAA11988 for ; Thu, 12 Jun 1997 17:36:37 -0700 (PDT) Date: Thu, 12 Jun 1997 17:36:34 -0700 (PDT) From: David Cassel X-Sender: destiny@shell Reply-To: David Cassel To: The AOL-list Subject: The AOL List: Faces of Evil Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-aol-list@cloud9.net Status: RO F a c e s o f E v i l ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ Authorities entered AOL's Dulles, Virginia headquarters May 30. They located an AOL lawyer named Andrew Lewis Singer--and arrested him. "He seemed normal," one of his former co-workers told the AOL List. But three days earlier, Singer had left the building and driven to a nearby pond, where he paid an unexpected visit to a teenaged boy he'd met on America Online. The lawyer had created the screen name DCBOY83, and corresponded with the teenager via e-mail, investigators told the Washington Post. The AOL List confirmed the investigation with the Louden County Sheriffs Department. Press Information Officer Ed Pifer says that around 5 p.m. on May 27, AOL's lawyer had met his on-line acquaintance in Ashburn Farm -- then asked about an 11-year-old fishing across the lake. He went over to that boy, initiated a conversation -- and then committed a felony offense which included putting his hands down the boy's pants. http://www.washingtonpost.com/wp-srv/WPlate/1997-06/06/093L-060697-idx.html Singer apparently returned to work at AOL the next day. He continued working for the company until he was arrested in his office that Friday. The next week authorities told the Washington Post they'd begun searching the lawyer's computer records at America Online headquarters, as well as the lawyer's apartment--and AOL's spokespeople confirmed that he had been employed at America Online for nearly a year. Yet since the story broke in the Post, it's remained virtually unreported. The disturbing issue may spook the press--even though it corresponds with a long series of AOL-only incidents involving child pornography. The Cincinnati Enquirer obtained FBI records in 1995 showing that more than 3,000 members were suspected violators of federal child pornography laws (at a time when AOL had just 3 million subscribers.) "Thousands of subscribers to America Online have been viewing the illegal pictures and downloading them..." the paper reported -- citing the FBI reports. ( ftp://ftp.crl.com/users/de/destiny/aol/cinn1 ) Even worse, child pornography was being downloaded directly from AOL's file libraries. Faulty screening allowed users to upload illegal images directly into the shareware libraries -- and FBI records showed that "during one 25-minute span when an illegal photograph was made available...about 400 people nationwide downloaded the picture to their computers." Weeks later, the Associated Press determined that the FBI "has too few agents to handle the thousands of search warrants that authorities contemplated executing during a one-day crackdown." Instead, by September the FBI raided over 120 homes in over 60% of the nation's federal districts -- culminating a two-year undercover probe into America Online child pornography trading. (http://www.cnn.com/US/9509/cyber_porn) But in fact, the problem started in 1991. "One subscriber...posed as a 13-year-old homosexual boy last month and received pictures of what appear to be youngsters involved in sexual acts," Newsweek reported. (12/23/91) The problem has become wide-spread enough for AOL to ban the character strings "boy" in all AOL chat room names. But even though a filter now prevents any chat room from being created if its name contains the word boy, (http://pathfinder.com/@@BafpJAQAGSEf7Szw/Netly/daily/960918.html) it appears to have had little impact. In November--and as recently as March, " 'Teen Pix' was still a chat room name..." one observer reports. And so was " 'Under 15,' with x's in between the letters..." That observer is Brian Smith--a Florida attorney. In January he filed a lawsuit against America Online on behalf of a woman whose 11-year-old son appeared in commercial child pornography. The suit contends that the videotapes were sold in AOL's chat rooms -- and that AOL staffers witnessed the transactions, but allowed them to continue. (http://cgi.pathfinder.com/netly/editorial/0,1012,563,00.html) "In essence, AOL has created a home shopping network for pedophiles and child pornographers," the lawsuit notes. (http://www.wco.com/~destiny/flasuit.htm) When Smith publicly announced his suit, the AOL List contacted Barry Crimmins--a children's rights activist who'd investigated AOL's child pornography traders for six months in 1995, forwarding the information to the FBI's investigators. Asked if he'd ever seen AOL Guides witnessing the trading of child pornography without intervening, Crimmins responded "All the time." How responsive was AOL? "The most they ever did was close the room. Sometimes hours after I had complained to TOS about it." (http://www.aolsucks.org/list/0036.html) Friday, Smith's suit goes to a crucial hearing on a motion filed by AOL. Reached in West Palm Beach, he offered this observation. "It certainly doesn't look good when AOL's defending a child pornography suit to have one of their own employees, in-house, doing one of the very things they're accused of aiding." Indeed. When questioned by the Washington Post, an AOL spokesperson "would not say whether Singer's status as an AOL employee gave him access to information about subscribers, such as lists of children who use AOL chat rooms meant only for young people." AOL flatly denied subscriber information was accessed after an AOL technical services employee pleaded guilty to grand theft in 1996. A multi-state investigation followed the purchase of over $30,000 in computer equipment using stolen credit information--and investigations led to the arrest and conviction of the AOL employee who signed for the equipment. (The Florida Times-Union also reported that he then implicated two fellow AOL employees. http://www.wco.com/~destiny/ccaol2.htm) But oddly, AOL's come under fire for doing something similar at the corporate level. "AOL snoops into its subscribers' incomes and details of their children," another news story announced this week -- citing a watchdog report that AOL is "selling the information aggressively through a broker to third parties..." http://www.techweb.com:80/investor/newsroom/tinews/june/0609aol.html Privacy Times contends that AOL is selling advertisers address lists which "include lists of 248,000 children between the ages of 0-5, 354,000 children between the ages of 6-11 and 1,084,000 between the ages of 12-17." And the price is high. "These lists sell for $110 per thousand." But AOL also determines their members' income using data obtained from other services, Privacy Times reports -- a policy which Elizabeth Zitrin, deputy leader for AOL's ACLU Live forum, considered "scary". AOL's spokespeople refused to provide Privacy Times with figures on their profitability, but in a 1994 Community Update, Steve Case acknowledged AOL's motives. ("Why are we doing this? Primarily because it will be a source of additional revenue for us...") Privacy Times' Evan Hendricks notes that as a direct result of the policy, "AOL members increasingly are targeted by junk mailers." A group of hackers struck back. "Behind those computer monitors the staff is laughing at you," one told the AOL List -- so they installed a tell-all hacker web page...on AOL's PrimeHost service! "Making it on PrimeHost was an idea we had from the beginning," they told the AOL List, "to try and show how pitiful AOL's dedication to security is." AOL didn't discover the page for two months (until a rival hacker tipped them off). But the same day AOL shut the page, the hackers sneaked a change-of-address page into its previous location! ( http://www.wco.com/~destiny/lithnode.htm ) "Just another great example of poor AOL security," the page's author commented the next day. Safely ensconced in their new location, they proceeded to display sensitive in-house information, including the phone number for Tatiana Gau, AOL's Vice President of Integrity Assurance--along with a picture. (http://www.lithiumnode.com/aol/tatiana.html) But AOL continues their pose of responsibility. The same day the Washington Post reported the sexual assault charges filed against AOL's lawyer, Steve Case announced that AOL would host a conference about children's safety. Conceding that the omnipresence of the on-line life means "we need to take our civic responsibilities even more seriously," Case opines that children's safety is "one of the first issues that requires urgent attention," adding that "the reality is that we are confronting these issues every day..." (http://www.wco.com/~destiny/case-jux.htm) In fact, AOL's confronting other issues as well. An AOL web page recruiting for the Ku Klux Klan went off-line this morning--but it was accompanied by thousands of other pages. "Members.aol.com is unavailable," read an in-house system status report, stating that the problem started at 1 a.m. Thursday morning. "Estimated time of repair: 2:45 p.m." (http://www.wco.com/~destiny/sys-stat.htm) When the pages came on-line, the Klan page returned as well. AOL's commitment to civic responsibility rang hollow to an African-American who'd received taunting e-mail from the page's author the night before. It's message? "A victory for the Klan is a victory for all of America." THE LAST LAUGH AOL users pursuing minors looks like a wide-spread problem -- and they'll apparently go to great lengths, one user reports. A teenager who investigated AOL's "Teen Chat" chat area told the AOL List that "Within 20 minutes, someone offered me free tickets from New York City to Florida..." David Cassel More Information - http://www.wco.com/~destiny/frontend.htm http://www.wco.com/~destiny/time.htm ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ Please forward with subscription information and headers. To subscribe to this list, type your correct e-mail address in the form at the bottom of the page at www.aolsucks.org -- or send e-mail to MAJORDOMO@CLOUD9.NET containing the phrase SUBSCRIBE AOL-LIST in the the message body. To unsubscribe from the list, send a message to MAJORDOMO@CLOUD9.NET containing the phrase UNSUBSCRIBE AOL-LIST. ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~