David Cassel (destiny@wco.com)
Fri, 23 May 1997 21:11:27 -0700 (PDT)
B a d S p o r t s
~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~
"When I sign on each morning," Steve Case wrote in his April 1996
Community Update, "I go first to the headlines." And for sports
information, "I'll explore Stats, Inc. to look at specific statistics."
But if he'd visited the Stats area Saturday, he would've seen a message
from hackers.
"Island Krew owns you!" it read Saturday afternoon. The words "Island
Krew" also appeared on the hacked New York Times screen earlier this
month--referring to the regulars of a private hacker chat room on AOL.
"There is NO pirated warez trading," one of the room's denizens told the
AOL List. "Everyone there is pretty much strict on that." But
nonetheless, "AOL started TOS-ing people in their private room," another
source remembers.
So the hackers retaliated. "Give Island 55 back!" their on-line plea
continued. They'd included a six-line message, in blue letters, across a
3-1/2 inch window. "Recently AOL took our room away. They made it
restricted. Well, the Island Krew did nothing wrong. There was no reason
for you to make ISLAND55 restricted."
"We are now requesting you give it back!" it concluded--above icons
labeled "Customer Service," "Shop the Store," and "What's Hot."
(http://www.wco.com/~destiny/stathack.htm)
In the last six weeks hackers have hit a variety of targets -- The Hub,
AOL's GameWiz area (twice!), the New York Times, and the FTP sites of
several AOL employees. Alert users also noticed that the glossary below
AOL's member services menu includes an additional entry -- the hacker term
"warez" -- mysteriously appearing at the end of the A - E section.
(http://www.wco.com/~destiny/glosshak.htm)
Screen-shots of the other incidents appear at the following URLs:
http://www.wco.com/~destiny/nythack.htm
http://www.wco.com/~destiny/hubhack.htm
http://www.wco.com/~destiny/gwhack.htm
http://www.wco.com/~destiny/ftphack.htm
http://www.wco.com/~destiny/stathack.htm
http://www.news.com/News/Item/0,4,5712,00.html
The problem appears to be getting worse. After the first hack on March
30, the director of Business Development at The Hub applauded AOL's
response time of less than half an hour. "What's amazing is how quickly
we took steps to identify it, stop it, rectify it, and create a safer
system," she told the AOL List. After five more high-profile hacks, that
response time has declined--the hacked "Stats" page lasted nearly 48
hours, and the hacked glossary, as of this writing, has been on-line for
over two weeks...
The attack on the Stats page prompted damage control. Monday afternoon,
AOL removed the hacker text from the shopping area--and added this message
to their exit screens. "Shopping at AOL is guaranteed; Security & 100%
satisfaction." But adopting a black-is-white strategy may only work so
long. "It certainly sounds like there's been some high profile
incidents," Mark Mooradian, Group Director on Consumer Content at Jupiter
Communications, told the AOL List. He issued a warning about hack attacks
just eight days before the incident. "If this reaches some sort of
frenzied pace on the service, that could affect content partnerships, as
well as consumer trust of the service." Though he doesn't expect the
problem to get out of hand, "If it really reaches a frenzied pace, and
they can't succeed in shutting down the people that are doing it, it
absolutely becomes problematic." Users are already skeptical. "I find it
funny how simply people can get an overhead account with Rainman access
and edit a major keyword," laughed "Weed" -- the user who captured the
screen shot-of the hacked New York Times area.
Mooradian pondered an incident first reported on the AOL List -- for
several months, hackers with a user's password could obtain the user's
credit card number. "That's about as bad as it gets," he conceded. "That
is a worst case scenario--when you're using a service and you could
potentially lose your credit card number." He remained confident that
users would find some recourse. "If AOL is the customer-friendly service
that they purport to be," he noted, "they're going to keep you covered if
something like that happens."
But Michael Sigler disagrees. "The motto that AOL lives by is 'We are
happy to take your money, and glad not to provide friendly service'." The
Seattle resident phoned AOL to cancel his trial account in 1993. Four
years later, he found that his bank statements had been going to the wrong
address--and that AOL had been billing him every month since.
"I am on disability," he points out, "and don't have much money to spend
in the first place." But though he hadn't even completed using his ten
free hours, AOL offered him a refund for just two months of charges.
Sigler quickly formulated a response. "I don't believe in waiting for a
lawyer to solve my problems--I have a more direct approach." Karma would
be re-paid: "Since America Online makes their money using the internet, I
want them to also lose their money using the internet." He's encouraging
net users to forward his story to AOL's subscribers--"so they know what
America Online does"--and is encouraging AOL's users to switch to an
internet service provider. "This can happen to you also."
( His story appears on-line at http://www.wco.com/~destiny/probwith.htm )
But he's not the only one organizing against the company. Newsbytes
reports that a Houston attorney is calling for a boycott of AOL's Barnes
and Noble site (and the book-vendor's web site) in response to "abusive
litigation tactics" against Amazon.com. SEC guidelines prohibited Amazon
from publicly addressing Barnes and Nobles' charges because they were
issuing stock on Wall Street--which meant AOL's book partner could could
make unchallenged attacks against their rival. (The Houston attorney
called this tactic "childish".)
And more discontent came Wednesday from a focus group about Barnes and
Noble. When asked about the company's on-line offerings, one participant
responded that "you couldn't get into it with a Mac for over a month."
(http://www.wco.com/~destiny/barnes.htm) AOL's security protocols strike
again....
But in an apparent attempt to cover-up security lapses, legal threats
appeared recently against the teenaged author of AOL World.
(http://www.aolworld.com/legali.htm) "I think their playing me," he told
the AOL List, "thinking I'm a teenager." In 1995 an AOL staffer backed
down from similar threats against James Egelhof, the 16-year-old author of
the "Why AOL Sucks" page (http://www.aolsucks.org/webcens/)--but
"copyright infringement" threats were later made against hackers
publishing embarrassing screen-shots of AOL's internal software.
(http://www.hookup.net/~mwry/main.html)
Those hackers instead created mirror sites of the incriminating images
(http://www.netvirtual.com/blank/aol/)--and the clamp-down on their
information failed. AOL World has adopted a similar strategy. "This site
is backed up in four locations - you can not destroy it," he warns AOL on
his main page. "If you are dumb enough to do this again, I will simply
advertise a backup site."
In fact, the extra notoriety could be helpful. The webmaster of the "Why
AOL Sucks" page found that the number of readers of his page increased
from 20 a day to over 360 after the the AOL threats. The AOL World
webmaster is already capitalizing. "See why AOL Legal staff member
Elizabeth deGrazia Blumenfeld wanted this site down," his page boasts.
"PLUS see AOL Legal's sloppy manner in handling this situation." Questions
had lingered over the authenticity of the legal department's e-mailed
complaint. "Even today after two requests for her to verify herself she
has not." The hacker took it on himself--and posted the staffer's phone
number and even her location in the AOL building.
Yesterday the Washington Post uncovered more trouble in Virginia--police
reports show that a laptop computer was stolen from "an office at a
business" on the 22000 block of AOL way. (AOL's building occupies the
entire block.) This was the second computer to disappear in a five-week
period, according to the Post's reports--and another was stolen December
12. (Four days later, several rolls of cable disappeared...) One staffer
points out that some AOL employees disregard in-house warnings about
storing their passwords on the laptop's AOL software--which would mean the
thieves could potentially access AOL content meant only for in-house
accounts.
But ultimately it's not clear whether AOL's worst enemies are outside the
company--or within it. "I would like to take a minute to remind everyone
that there is a policy in place regarding communications with the media,"
a desperate in-house AOL memo pleaded last Friday -- 24 hours after the
AOL List published staffer complaints. But they kept coming Saturday.
"I'm extremely unhappy with AOL right now, and the way they've been
treating their employees," one employee griped.
Other in-house sources point out that the staff of AOL's Community Action
Team is "relocating" to Oklahoma--and AOL is also shutting most of their
customer service facility in Herndon Virginia on August 29. ("Herndon
Control Desk Operations will be moved to Tucson," reads last Wednesday's
memo.) "That is also the day for EVERYONE IN THE COMPANY to have their
salary review," a staffer noted pointedly. "New policy as of January."
The staffer--who forwarded the memo--paints a picture of a stingy company
hiding their true intentions behind in-house PR. "[T]here will be key job
opportunities for the Herndon employees who are being affected," the
in-house memo claimed. "More B.S. within AOL," the staffer concluded.
"100+ employees are given the option of trying to go to the Network
Operations Center, which has 18 positions open... It also doesn't mention
that there is a hiring freeze and all positions previously posted for
Herndon are no longer available."
And cost-cutting measures could get more drastic. "Their internal
computing support staff were given the option of paying for their own
training by August 29th, OR ELSE...." Will the money-saving measures
affect AOL's operations?
Time will tell.
THE LAST LAUGH
Yet another staffer came forwar, to remember a morale-boosting effort
that backfired. "AOL employees were told that if we reached X number
million members by January 1, 1996, we would each receive AOL jackets... "
they told the AOL List.
So how was the jacket? "I never got mine. Never even heard from them."
David Cassel
More Information - http://www.wco.com/~destiny/time.htm
~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~
Please forward with subscription information and headers. To subscribe
to this list, type your correct e-mail address in the form at the bottom
of the page at www.aolsucks.org -- or send e-mail to MAJORDOMO@CLOUD9.NET
containing the phrase SUBSCRIBE AOL-LIST in the the message body.
To unsubscribe from the list, send a message to MAJORDOMO@CLOUD9.NET
containing the phrase UNSUBSCRIBE AOL-LIST.
~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~