- This topic has 0 replies, 1 voice, and was last updated 23 years, 6 months ago by
.
-
Posts
-
Wired News
September 24, 2001
Users of America OnlineŒs popular Instant Messenger Service may actually be communicating with malicious hackers.
Hackers say itŒs easy to take over AIM accounts and pose as the user whose account has been commandeered, using several hacking programs that are in wide circulation on the Internet.
America OnlineŒs Instant Messenger program allows users to send instant text messages and transfer files to each other. Most AIM users create a “buddy list,” a personal directory of their friends and family who use the service. Hackers who take over an account have full access to that accountŒs buddy list.
Accounts that have been taken over can then be used to distribute viruses by sending infested files from a “buddy.”
Hackers who are familiar with the program said that hundreds of AIM accounts have been “stolen,” and claim that America Online (AOL) is aware of the problem, but has not fixed the programming error that allows the attack.
Instead, they charge AOL has focused most of its attention on pushing to have the websites that house the hacking program taken offline, relying on temporary and ineffectual fixes to plug the security hole.
AOL spokesman Nicholas Graham responded to a request for comment on whether AOL was aware of and had any plans to permanently fix the hole with a statement that read: “AIM 4.7 is the most secure version we have provided to the over 100 million worldwide users of the AIM product. We constantly make upgrades and improvements to the AIM product. We are aware of the issue, and we continue to assess this report.”
There are several applications that allow malicious hackers to hijack AIM accounts. Two of the best known are “AOLThief” and “AimThief.”
The applications allow users to create fake accounts using the screen name of an existing AIM account. The accounts are then used to access AOLŒs account management system, which allows the hacker to change the real account holderŒs AIM password.
Once the password has been changed, the real account owner is locked out of the account, but the account is still active.
Tests conducted with the permission of several AIM users proved that the programs work.
AOLThief and AimThief use the new account sign-up certificates that AOL uses in its advertising and promotions, and stolen credit card numbers to create fake accounts. The certificate and a credit card number are included in some versions of the hacking application; other versions require users to supply the numbers themselves.
Requests for comment on what AIM users should do to protect themselves against this exploit went unanswered by AOL.
Hackers suggest that AIM users change their screen names to include more than 10 characters, since only instant messenger accounts with user screen names containing 10 characters or less are vulnerable to this hack.
The first AIM hacking program is credited to a hacker known as “Hypah,” who created a PC version of AOLThief that no longer works. But other hackers continue to update the application.
A hacker known as “Mancow” recently released an altered and very capable version for the Macintosh hacker community, according to Nicholas Raba from SecureMac, a Macintosh security site.
Mancow said Hypah had included some “protection” features in the original program that allowed Hypah to access details of all AIMThief user activities, along with details about the usersŒ own Internet accounts.
“IŒm a hacker, IŒll say that point blank. But I do not like any kind of program that spies on me,” Mancow said. “Therefore I performed some disassembling of the program, carefully analyzed the packets it sends out with a packet-sniffer, and altered the program to block the protection schemes.”
Mancow said he then released the most recent version of the program to a “syndicate of AOL enthusiasts” several months ago and later publicly made the program available on two websites.
America Online representatives then e-mailed the owners of those websites and their Internet access providers in an attempt to have the product pulled off the websites, threatening legal action if they did not comply, Mancow said.
[Discuss]
- You must be logged in to reply to this topic.