AOL - Breaking Spam News

David Cassel (destiny@wco.com)
Wed, 23 Oct 1996 15:49:54 -0700 (PDT)

CNN is reporting that today the FBI "hinted" they were close to making an
arrest in the child pornography spam. 

Stories have appeared in Reuters, the Associated Press, CNN, and the
Washington Post.  Reuters reported that AOL was "deluged" with complaints,
and said the FBI observed tips came to their offices "around the country". 
More interesting, an AOL officer told Reuters the account holders were not
the ones who sent the mail. 

Hackers have been boasting about the capability to access any AOL
account--without a password--since last spring.  Some speculate hackers
had moles in AOL's customer service department--when the editor of
Internet Underground magazine contacted hackers for a story, they offered
to recite his credit card number as proof.  In July the Florida Times-
Union reported AOL's Florida customer service building housed an employee
who helped "hijack" customer credit card numbers.  When arrested and
convicted, he implicated two other employees [7/7/96].  AOL caught 38 of
their own staffers in a June raid on the Warez chat room.  And to this
day, one hacker's web page contains screen shots of AOL's internal
software. (http://www.netvirtual.com/blank/aol/) 

Even Reuters has picked up on AOL's low-security climate.  Their story
noted that "Hackers have in the past established bogus America Online
accounts using stolen credit card numbers and the signup disks the service
widely distributes..."  The Washington Post reported 370,000 fake accounts
were created between March and June [9/16/96]). 

That lends an odd context to the child pornography spam.  Earlier this
year AOL's postmaster collected the tens of thousands of messages
Cyberpromotions sent to invalid addresses--then bounced them back, all at
once.  Cyberpromotions saw this as a vindictive prank, and took AOL to
court, but some netizens lauded AOL for their effective retaliation.

But today a University of Maryland graduate student told the San Francisco
Examiner he received ten pieces of spam advertising a program called
AKIMA--giving the same address in Jackson Heights.  The student said he
believes the child pornography mail was retaliation for the earlier spams
advertising AKIMA--a program which, ironically, allows mass e-mailing to
AOL subscribers.

This raises the question:  was the child pornography spam a variation of
the postmaster's prank, perpetrated by someone within AOL?  Their customer
service department's ties to the hacker community beg the question.  In
September, speaking about unwanted spam, Steve Case said "this is the
number one complaint we hear from our members." 

Either way, the event is being used to push pre-existing agendas.  In an
interview with the San Francisco Examiner, a federal law enforcement
official "said it is apparently not against the law to pull a hoax on the
Internet."  And CNN took this opportunity to link to their "related"
story, "Pedophiles stalk internet for victims".  In September they had
interviewed two customs agents, reporting that the two "said they become
suspicious when someone offers pictures of celebrities--often a code word
for child pornography." 

Coincidentally, CNN cites them as the agents who arrested Robert Green and
Richard Russell--the school teachers running the child pornography ring on
America Online (mentioned in a previous update).  The Customs agents told
CNN the teachers had "used computers to lure children to a certain
location, where they would be molested."  The Phoenix Gazette reported the
men would then produce videotapes of the children they met on America
Online.  One of the boys was 11, the other 15; they were paid $15 each.

Ironically, news of the account breach came from AOL's public affairs
officer William Burrington, who was last seen at the Philadelphia trial
for the Communications Decency Act, where Declan McCullagh's dispatch said
he characterized AOL "as a 'resort pool with lifeguards' next to the wild,
untamed ocean of the Internet".  Current events don't bear that out.  Part
of the problem is their resort pool offers an unlimited supply of fake
screen names--and apparently, the security on them isn't foolproof.  (Even
with the "lifeguards"...)

In 1995 Burrington also testified before Congress about AOL's child
pornography problems. He attributed the trafficking to "a very small
percentage of its customers."  An article in the Boston Phoenix, noting
Burrington's "wind-tunnel-resistant hair", suggested the obvious follow-up
question would be, "what percentage of members who traffic in child
pornography is acceptable to AOL?" 

Watch for a story about this in tomorrow's Netly News
(http://www.netlynews.com)


             Destiny
             More information - http://www.wco.com/~destiny/porndex.htm


~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~
Please forward with headers in-tact.

To subscribe to this moderated list, send a message to MAJORDOMO@CLOUD9.NET
containing the phrase SUBSCRIBE AOL-SUX in the message body.
~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~