AOL: member accounts cracked

NEW YORK, 19 June 2000 - The attack appeared to use a Trojan Horse -- a program that seems useful, but an actuality has a secret mission. The attack resembles in some ways the "ILOVEYOU'' virus that temporarily paralyzed tens of millions of computers last month, penetrating networks in government and companies worldwide.

"A small number of member accounts may have been illegally viewed,'' AOL spokesman Rich D'Amato said. "We are aware of claims that a small number of member accounts were illegally accessed. We take these claims seriously,'' he said.

The perpetrators of the attack targeted AOL customer service representatives with e-mails containing a "Trojan horse'' attachment, that, when opened, created a connection to the sender's computer and allowed access to some AOL accounts.

D'Amato declined to say how many accounts were compromised or when the attacks occurred.

AOL's database untouched
He stressed that the hackers involved did not appear to have gained access to AOL's 23 million-member database of subscribers, or data on users of other services that include CompuServe, Netscape Netcenter, ICQ and other popular sites.

"We will continue to investigate these claims and will turn over what we learn to law enforcement authorities,'' D'Amato said. "We will take any and all opportunities to prosecute these hackers,'' he added.

The latest break-in appears to have affected at most several hundred AOL member accounts, according to a hacker familiar with the events.

The attacks came to light after "Inside AOL'' and ''Observers.net'' (http://www.observers.net), two Web sites critical of America Online's service, published details of the attack, said "ytcracker,'' a member of the Inside AOL group.

Ytcracker said no AOL member information had been made public. The attacks appeared to be a stunt to gain control of desirable screen names on the AOL service, not invade member privacy or steal credit card information for example, he said.

D'Amato said AOL has gone to great lengths to avert hacker attacks on its site and protect member information.

AOL appeared to be alone among major U.S. Internet sites in averting a shutdown of its services during a wave of attacks on major e-commerce Web sites in February. The spokesman said AOL had also seen minimal impact from the ILOVEYOU virus in May.

"We spend a lot of time and resources reminding employees and members never to download (e-mail) attachments. We were not significantly affected by the 'ILOVEYOU virus,'" he said.