Hackers impersonate AOL users

According to a letter the hackers sent on Sunday to members of the technology press, they use the names "just for the pure joy of trying to ruin friendships by insulting friends who have no idea they are talking to a hacker and not the victim."

The hackers say they have contacted the media because AOL (NYSE: AOL) had not responded to their notification to them of the security hole.

An AOL spokesman, Rich D'Amato, said on Monday afternoon, "We are aware of the situation and are deploying security measures to defeat it. When hacker behavior crosses the line into illegal action, we'll certainly bring it to the attention of authorities."

D'Amato would not specify how many people had been affected or pinpoint the time line, saying those details could affect the investigation.

"AOL is so easy to abuse it's pathetic," said TangentX, who says he is 17 years old and, along with two others, found the security hole this fall. They discussed it, he said, in special private chat rooms on AOL for hackers and use of the so-called "exploit" spread. He estimates that 400 names have been stolen to date.

AOL press materials say that 45 million people have created AOL Instant Messenger screen names as of last August. The popular software allows online users to chat privately, almost in real time, with others who have the software. AOL also owns ICQ, another popular instant messaging program, which claims 50 million registered users.

TangentX says he and others have found several ways to make an instant message screen name into an AOL account without the password. One involves resetting a password for a screen name through a security hole. The other involves taking a screen name, creating an AOL account for it and then changing the password.

When he was given a screen name on Monday afternoon by MSNBC, TangentX was able to access the account and send an instant message from the name in a matter of minutes.