AOHell

AOHell
	The splash screen of AOHell, depicting Steve Case in Hell
Developer(s)	Da Chronic, Rizzer, The Squirrel
Initial release	1994
Final release	3.0 beta 5
Operating system	Windows
Available in	English
Type	hacking, script kiddy

Last updated July 24, 2024

AOHell was a Windows application that was used to simplify 'cracking' (computer hacking) using AOL. The program contained a very early use of the term phishing. It was created by a teenager under the pseudonym Da Chronic, whose expressed motivation was anger that child abuse took place on AOL without being curtailed by AOL administrators.

History

AOHell was the first of what would become thousands of programs designed for hackers created for use with AOL. In 1994, seventeen year old hacker Koceilah Rekouche, from Pittsburgh, PA, known online as "Da Chronic",^[1]^[2] used Visual Basic to create a toolkit that provided: a new DLL for the AOL client, a credit card number generator, email bomber, IM bomber, Punter, and a basic set of instructions.^[3] It was billed as, "An all-in-one nice convenient way to break federal fraud law, violate interstate trade regulations, and rack up a couple of good ol' telecommunications infractions in one fell swoop". When the program was loaded, it would play a short clip from Dr. Dre's 1993 song "Nuthin but a G Thang".

Most notably, the program included a function for stealing the passwords of America Online users and, according to its creator, contains the first recorded mention of the term "phishing".^[4] AOHell provided a number of other utilities which ran on top of the America Online client software. Though most of these utilities simply manipulated the AOL interface, some were powerful enough to let almost any curious party anonymously cause havoc on AOL. The first version of the program was released in 1994 by hackers known as The Rizzer, and The Squirrel.

Features

A fake account generator which would generate a new, fully functional AOL account for the user that lasted for about a month. This generator worked by exploiting the algorithm used by credit card companies known as the Luhn algorithm to dynamically generate apparently legitimate credit card numbers. The account would not be disabled until AOL first billed it (and discovered that the credit card was invalid). The generator could also generate fake addresses and phone numbers, resembling on their surface legitimate personal information. One example of a fake account generator was a Macintosh One-click based piece of software called Fake Maker written by a user known as McDawgg within the AOL Macwarez community. This software ran in parallel with the AOL program to create fake accounts based upon generated legitimate credit card account numbers. This software ultimately released three versions and helped to create thousands of fake accounts before AOL weakened its ability through more expedient account verification.
Phishing tools. The program included a "fisher" tool in 1995^[5] that enabled hackers to steal passwords and credit card information through automated social engineering. The program would barrage random AOL users with instant messages like:

Hi, this is AOL Customer Service. We're running a security check and need to verify your account. Please enter your username and password to continue.

A punter (IM-bomber), which would send malicious Instant Message(s) to another user that would sign them off.
A mail bomb script which would rapidly send e-mails to a user's inbox until it was full.
A flooding script that would flood a chat room with ASCII art of an offensive nature, such as the finger or a toilet.
An 'artificial intelligence bot', which did not really contain artificial intelligence, but had the ability to automatically respond to a message in a chatroom upon identification of keywords. (For example, a 'profane language' autoresponse was built into the program.)
An IM manager, which provided facilities to automatically respond to or block IMs from certain users.
A Steve Case cloak, which allowed users to pose as AOL founder Steve Case in chat rooms.

Motives and legacy

The existence of AOHell and similar software even allowed AOL to develop its own warez community. Lurking in secret chat rooms with names such as 'AirZeraw', mm, cerver, 'wArEzXXX', g00dz, 'punter', 'gif', 'coldice', 'GRiP', and 'trade', AOHell created bots, often referred to as 'servers', which would send out a list of warez (illegally copied software) contained in their mailbox.^[6] Simply messaging the bot with the titles of the desired software packaging would result in those packages being forwarded to one's mailbox. Since the data merely had to be copied into another user's mailbox (while still residing on an AOL server), the piracy was only limited by how fast messages could be forwarded, with AOL paying for all the cost of the bandwidth. One additional limitation included an allotted number of email messages which could be sent per day by a particular user account. Botters were able to circumvent this limitation by signing up for a white-list account which was subjected to an unknown probationary period where AOL administrators monitored the account.

The existence of software like AOHell provided a parallel 'lite' version of the hacker underground that had existed for years before, based around bulletin board systems. Programs like AOHell played an important part in defining the 'script kiddie', a user who performs basic cracking using simple tools written by others, with little understanding of what they are doing. These types of programs had a tendency to have AOL accounts banned; and so most users were logged on to accounts they had acquired illicitly, either by phishing or a fake account generator.

In the manual, the creator of AOHell claims that he created the program because the AOL administrators would frequently shut down hacker and warez chatrooms for violation of AOL's terms of service while refusing to shut down the pedophilia chat rooms which regularly traded child pornography.^[7] "Da Chronic" claimed that when he confronted AOL's TOSAdvisor about it, he was met with an account deletion:

AOL constantly closed the "Hackers" Member room, but refuses to do anything about all the pedophilia rooms. I once IMed TOSAdvisor and asked him why he closes the Hacker room, but does not close the kiddie porn rooms. He did not reply, instead he cancelled my account. I guess we see where AOL's priorities lie.

He also stated that his goal was:

[To have] 20,000+ idiots using AOHell to knock people offline, steal passwords and credit card information, and to basically annoy the hell out of everyone.

The program was last compatible with AOL version 2.5.

Related Research Articles

Warez is a common computing and broader cultural term referring to pirated software that is distributed via the Internet. Warez is used most commonly as a noun, a plural form of ware, and is intended to be pronounced like the word wares. The circumvention of copy protection (cracking) is an essential step in generating warez, and based on this common mechanism, the software-focused definition has been extended to include other copyright-protected materials, including movies and games. The global array of warez groups has been referred to as "The Scene", deriving from its earlier description as "the warez scene". Distribution and trade of copyrighted works without payment of fees or royalties generally violates national and international copyright laws and agreements. The term warez covers supported as well as unsupported (abandonware) items, and legal prohibitions governing creation and distribution of warez cover both profit-driven and "enthusiast" generators and distributors of such items.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to- security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticized frequently as many have stored the passwords in plaintext, allowing hacking attempts.

<span class="mw-page-title-main">Private message</span> Mode of electronic communication

In computing, a private message, personal message, or direct message refers to a private communication sent or received by a user of a private communication channel on any given platform. Unlike public posts, PMs are only viewable by the participants. Though long a function present on IRCs and Internet forums, private channels for PMs have recently grown in popularity due to the increasing demand for privacy and private collaboration on social media.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority. This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. Social hacking is most commonly associated as a component of “social engineering”.

Infostealers are a form of malicious software, a type of trojan, created to breach computer systems for the purpose of stealing information. They extract a range of data such as login details, session cookies, financial information, and personally identifiable information, and then transmit it to a remote server managed by cybercriminals. This data is often traded on illicit markets to other threat actors. While primarily used by cybercriminals for financial gain, infostealers can also be employed by state-sponsored actors for espionage purposes.

References

↑ Garfinkel, Simson L. (1995-07-01). "AOHell". Wired. ISSN 1059-1028 . Retrieved 2019-11-01.
↑ Stonebraker, Steve (January 2022). "AOL Underground". aolunderground.com (Podcast). Anchor.fm.
↑ Garfinkel, Simson (1995-04-21). "Illegal program troubles America Online" (PDF). The Boston Globe. Retrieved 2022-05-31.
↑ Rekouche, Koceilah (2011). "Early Phishing". arXiv: 1106.4692 [cs.CR].
↑ Langberg, Mike (September 8, 1995). "AOL Acts to Thwart Hackers". San Jose Mercury News.
↑ Armnet, Marco (2014-04-19). "Flashback to 1995: AOL Proggies" . Retrieved 2016-01-31.
↑ "AOHell Documentation". Da Chronic. Retrieved 2016-01-31.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Garfinkel, Simson L. (1995-07-01). "AOHell". Wired. ISSN 1059-1028 . Retrieved 2019-11-01.

[AOLUnderground-2] Stonebraker, Steve (January 2022). "AOL Underground". aolunderground.com (Podcast). Anchor.fm.

[3] Garfinkel, Simson (1995-04-21). "Illegal program troubles America Online" (PDF). The Boston Globe. Retrieved 2022-05-31.

[4] Rekouche, Koceilah (2011). "Early Phishing". arXiv: 1106.4692 [cs.CR].

[5] Langberg, Mike (September 8, 1995). "AOL Acts to Thwart Hackers". San Jose Mercury News.

[6] Armnet, Marco (2014-04-19). "Flashback to 1995: AOL Proggies" . Retrieved 2016-01-31.

[7] "AOHell Documentation". Da Chronic. Retrieved 2016-01-31.

[1]

[2]

[3]

[4]

[5]

[6]

[7]