AOL Watch: AOL Assault

David Cassel (destiny@cloud9.net)
Mon, 19 Jun 2000 09:29:00 -0800

          

			A O L   A S S A U L T

~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~

Is AOL's merger with Time Warner in trouble? Early this morning the
European Commission announced a four-month anti-trust investigation,
according to Reuters. "News of the inquiry is likely to have big
repercussions in Europe and the U.S.," the London Times added.

  http://biz.yahoo.com/rf/000619/l19410358.html
  http://www.the-times.co.uk/news/pages/tim/2000/06/19/timbizbiz01013.html

AOL appears concerned about the merger's chances.  They hired New Jersey
telemarketers to work round the clock phoning AOL's 100,000 shareholders
asking them to support the merger, according to the Washington Post. (Even
the telemarketing firm's Vice President conceded the move was "definitely
outside the norm.")  But AOL also mailed 3 million glossy brochures,
according to the Post, and sent peppy e-mails to their share-holding
employees. The Post believed AOL's "unusually aggressive tactics"  were to
counter obstacles to the merger which included a large drop in AOL's stock
price "and persistent questions from regulators on both sides of the
Atlantic."

    http://www.washingtonpost.com/wp-dyn/articles/A1206-2000Jun15.html

But there's an additional force that stands in AOL's way. Friday AOL faces
a vote at their shareholders meeting on whether the merger will happen.
The Post reported the unique way AOL's stock has been distributed means
that "public shareholders as a block have the power to derail AOL's bid to
buy Time Warner" -- and it's not just a hypothetical scenario. The Post
notes that the only comparable communications merger, between Lycos and
USA Networks, was blocked last year by just such a shareholders vote.  
And many AOL investors don't like the idea of acquiring Time Warner.
Business Week quotes one AOL shareholder who says "I feel betrayed."

	http://www.businessweek.com/2000/00_04/b3665006.htm

Ballots mailed to shareholders already default to a 'No' vote if they
aren't returned, and one shareholder response firm told the Washington
Post that when the vast majority of people receive their ballots, "they
look it over and throw it away." It could be as simple as that.  An
industry analyst told the Post the possibility that the merger would be
delayed is "very real."

But AOL's legal troubles don't end there. Friday Erroll Trobee, a former
AOL staffer, received the go-ahead from an Arkansas judge for his
breach-of-contract suit against AOL. Trobee filed his charges against AOL
in 1993. ( http://www.aolwatch.org/parker.htm )  A settlement was reached
-- after AOL was found in contempt of court -- but now Trobee says AOL
isn't honoring the terms!  Trobee filed new motions, and he told AOL Watch
the judge approved a pre-trial hearing in August with a trial scheduled
for October.

AOL also paid a $3.5 million fine in May over SEC regulations.  AOL had
"violated the reporting and books and records provisions of the federal
securities laws," according to an SEC press release -- listing eight
reasons why AOL's business model didn't justify the practice!

	  http://www.sec.gov/news/press/2000-63.txt

But there's one threat that AOL's executives can't seem to address:  
hackers.  Several hundred screen names have been compromised, according to
two AOL watchdog web sites.
	
		http://observers.net/crisreply.html
		http://www.inside-aol.com
	
AOL told the Washington Post that they'd only learned about the breach
when the Observers.net web site published a report on it. And Sunday night
Kelly Hallissey, one of the site's staffers, told AOL Watch that she
believed hackers were still accessing the database.

	http://washingtonpost.com/wp-dyn/articles/A9476-2000Jun16.html
	http://www.observers.net/insideview.html

Reuters credited the attack for "highlighting the vulnerability of even
the world's largest Internet services provider to the threat of hacker
attacks."  One hacker told the Post that for anyone who digs behind AOL's
pretty interface, "there is a lot of stuff you can compromise."

	http://cnnfn.com/2000/06/16/technology/wires/aol_wg/
	http://news.cnet.com/news/0-1005-200-2091566.html
	http://www.zdnet.com/zdnn/stories/news/0,4586,2589679,00.html


AOL's spokesperson told MSNBC they were "taking steps" to eliminate the
hole. ( http://msnbc.com/news/421768.asp ) But this may be a concession
that the problem isn't fixed yet -- at least, judging from one earlier
incident. In January hackers discovered a way to access any AOL Instant
Messenger account (if it didn't have a corresponding AOL account.) AOL
immediately told reporters at Wired News, C|Net, and MSNBC that they were
deploying patches to fix AIM security problems.
	
	http://news.cnet.com/news/0-1005-200-1530654.html
	http://www.wired.com/news/business/0,1367,33881,00.html
	http://www.thestandard.com/article/display/0,1151,9111,00.html

But they didn't.  In February a Chicago computer consultant lost control
of his AIM account to a malicious attacker.  And another webmaster says
the same thing happened to him in April.

	http://www.salon.com/tech/log/2000/03/27/aim/index.html
	http://www.kenton.org

Ironically, the account in the April incident belonged to a user who had
himself posted an unreleased 6.0 version of AOL's software on his web site
-- "to point out to AOL and its users how weak its security is."  After
C|Net reported on the leak, the software was removed from the site, but
the page now points users to two sites with additional information. "In
another massive security lapse, by America Online Inc., we now have AOL
6.0 Beta," the second one claims.

	http://www.openaol.com/
	http://www.techpages.com/aol6.htm

	http://news.cnet.com/news/0-1005-200-1956865.html
	http://news.cnet.com/news/0-1005-200-1980986.html
	http://www.kenton.org/nomore.htm

Critiques of AOL's security have even worked their way into AOL's content.  
U.K. subscribers playing a Football Manager game in their sports area
discovered a surprise when checking on their team's standings on May 26.  
They found that ranked #5 was a team called "How secure is AOL?"

The #4-ranked team was named "AOL is nothing but kiddie porn."

	http://www.aolwatch.org/football.htm

Three weeks later, the area hasn't been repaired.  Instead, AOL has
replaced it with an announcement that the rankings are "temporarily
unavailable." Clicking on the "Current Rankings" link at
aol://4344:845.ytbtop.7315005 brings up the announcement -- along with
pictures of two angry men, one holding his head in his hands.

The ongoing security problems are fostering suspicion among some users.
"About two weeks ago I was called by buy.com about a $1,000 purchase made
with my credit card that only AOL had," one AOL Watch reader wrote Sunday.
"I denied the purchase and immediately cancelled the card. I also left AOL
the next day."

But hackers have been hitting AOL in various ways for the last five years.  
In 1995 a hacker told the Wall Street Journal hackers had been
distributing customer credit card numbers they'd accessed in AOL's chat
rooms.  It was also in 1995 that hackers first accessed AOL's "CRIS"
customer database, according to Nicholas Ryan, who served a six-month home
sentence for writing a program which granted unlimited free access to AOL.  
"I actually used 'Online Cris' to determine if anybody was a narc who hung
out in 'Mac warez'," Ryan remembered in 1997.

	http://www.wired.com/news/culture/0,1284,3309,00.html
	http://www.aolwatch.org/list/0051.html

In 1996, the Florida Times-Union reported an AOL customer service staffer
pleaded guilty to grand theft -- and implicated two other AOL employees.  
Bogus online messages had conned AOL users out of their credit card
numbers, which were then used to purchase over $30,000 in computer
equipment.

	http://www.aolwatch.org/ccaol2.htm
	http://www.aolwatch.org/list/0033.html

In 1997 a security hole allowed hackers to view any subscriber's credit
card number if they'd obtained the subscriber's AOL password -- though
AOL's security chief had originally insisted this was impossible. In 1998
C|Net reported AOL's customer service representatives were surrendering
accounts to "social engineering" hackers who'd provided only the name and
address of an AOL account-holder.  Even rock star Trent Reznor complained
that a female fan had hacked his AOL account.

	http://news.cnet.com/news/0-1005-200-329662.html
	http://www.aolwatch.com/list/0095.html
	http://news.cnet.com/news/0-1005-200-329685.html
	http://www.mtv.com/news/headlines/980601/story3.html

In fact, by May of 1998 the Village Voice had reported that using stolen
passwords, "teenagers illegally accessed the accounts of thousands of
unsuspecting AOL customers as well as employees of the online giant."
Recently one webmaster claims to have infiltrated a ring of professional
spammers operating with stolen AOL accounts -- and in so doing, "I also
recovered over 1300 usernames and passwords stolen...from customers of
AOL."

	http://belps.freewebsites.com/TheStory.htm
	http://premier.cluelessfucks.com/

AOL Watch has confirmed that since 1997, hackers have altered at least 35
AOL areas.
	
	http://www.wired.com/news/technology/0,1282,9932,00.html
	http://www.aolwatch.org/hacks.htm


But millions of AOL's former subscribers may find themselves affected by
another set of mistakes that have already sparked legal actions on several
fronts.  It stems from a very common activity:  cancelling your AOL
account!
	
AOL Watch editor David Cassel discovered how tough that was in January:
AOL's outgoing message simply announced no operators would take the call;
then it hung up. Users report receiving the same response as far back as
November, and the Boston Herald's Robin Washington had the same experience
in March.  In addition, "I've had literally dozens of responses from
consumers saying they experienced similar problems," Washington told AOL
Watch in March.

	http://www.BusinessToday.com/techpages/buy03142000.htm

It's not just annoying; the practice also violates an agreement AOL signed
in 1998 with 44 state attorney generals. "We're going to be investigating
exactly what is happening," Connecticut Attorney General Richard
Blumenthal told the Herald in March. "If there has been a breach of the
agreement, it would constitute an unfair trade practice carrying a penalty
of $5,000 for each violation, plus possible restitution for the consumers
that have been harmed."

	http://www.bostonherald.com/bostonherald/lonw/aol03152000.htm

Even after users reach AOL's operators and cancel their accounts, many
report that AOL simply continues billing them!  Blumenthal told AOL Watch
he'd received several dozen complaints, and though he's succeeded in
resolving most of them, "we'd be prepared to look into other complaints if
we're made aware of them... Anyone who has knowledge of problems should
contact my office or the attorney general in their state."

Blumenthal can be reached by phone at (860) 808-5314 -- or via e-mail at
Richard.Blumenthal@po.state.ct.us.  AOL Watch editor David Cassel --
destiny@aolwatch.org -- is also collecting stories from users who've had
problems cancelling their AOL accounts.  And last week Massachusetts
Assistant Attorney General Michael Herring also gave his office's hotline
to the Boston Herald, stating that "We take any allegations that AOL is
violating the assurance seriously."  
( http://www.bostonherald.com/news/local_regional/buy06122000.htm ) 
A class action suit was also filed on June 8 by a California attorney,
seeking restitution and punitive damages for California customers "for the
time and money they expended" trying to get their money back.  "AOL
deceives the public into believing that it will cease charging
subscribers' credit card and bank accounts upon cancellation of their
subscriptions," the suit states, "when in fact AOL has a practice of
continuing to impose such charges after the subscriptions are cancelled."

AOL places a quota on the number of cancellations their operators are
required to dissuade -- and in at least one internal document, AOL
acknowledged the possibility that employees might intentionally mis-report
their results.  ( http://www.aolwatch.com/list/0091.html )  Whatever the 
reason, the billing problems have been going on for over four years,
attorney Ken Richardson told USA Today. 
( http://www.usatoday.com/life/cyber/tech/jk061300.htm ) "Our claim
certainly is that this is a deliberate practice,"  Richardson told AOL
Watch.  To speak to him about his suit, phone (510) 451-6770, FAX (510)
451-1711, or e-mail KPR@marionsinn.com.

Richardson also challenges AOL's Terms of Service contract, which
specifies lawsuits against AOL must be litigated in Virginia. "The
inclusion of this unconscionable provision in the subscription agreements
constitutes an unlawful and unfair business practice," his suit argues. In
an interview last week with The Standard, Richardson states that a
subscriber might have a claim for a very small amount, and "AOL is telling
them, if you want to sue us, you have to hike all the way across the
country to Virginia."

	http://www.thestandard.com/article/display/0,1151,15952,00.html
	
But it's just one of four class actions currently pending against AOL. A
February suit charges that version 5.0 of AOL's software disables many
users' ability to connect to the internet with any other service. ("First
it was Time Warner, now it's your computer," read one newspaper's subhead,
under the headline "Upgrade of Death.")  The Standard reported class
actions had been filed by lawyers in California, Washington, New York,
Arizona, New Jersey and Oregon.

        http://www.thestandard.com/article/display/0,1151,15952,00.htm
	http://www.the-times.co.uk/interface/insight/archive/story86.html
	http://www.internetnews.com/isp-news/print/0,1089,8_216641,00.html
	http://www.wired.com/news/business/0,1367,34584,00.html

A Florida attorney filed a separate class action in February because AOL's
software defaults to a toll call for many subscribers without telling
them!  The suit accuses AOL of "using unfair trade practices, fraud and
misleading advertising," according to the Kansas City Star. (The paper
reports that an 11-year-old in Kansas City ran up $3,190 in phone charges
in one month!)  Subscribers have been complaining about the problem since
at least 1995 -- and it appears to be widespread. According to the Star, a
Southwestern Bell billing manager in Topeka "said the company has too many
complaints from AOL customers to waive charges."  

Last year in New England AOL tried to shift the blame to phone companies
-- but both Maine and New Hampshire public utilities officials challenged
AOL's position.

        http://www.usatoday.com/life/cyber/tech/ctd719.htm

Lance Harke, the attorney who filed this class action, can be reached at
1-888-823-8220.

Meanwhile, a fourth class action lawsuit filed on behalf of AOL's remote
staffers moved into depositions in May, according to one of the plaintiffs
-- and the Department of Labor began investigating AOL's relationship with
those volunteers in 1999.

	http://www.observers.net/cas_details.html
 	http://www.observers.net/insight.html
        
But ultimately AOL deserves all the legal action its gets, according to a
recent column by ZDNet's Jesse Berst. "The world will be a better place if
we all sue AOL. As soon as possible.  There's ample evidence that Steve
Case and AOL are bullies."

	 http://www.zdnet.com/anchordesk/story/story_4467.html

Berst explained his reasoning in a March 7 editorial, citing the
Department of Justice's long struggle to wrest concessions from the
Microsoft corporation.  "Microsoft proved bullies don't reform until taken
to court," Berst argues.

"So I say sue AOL now.  Let's not wait 20 years for the Department of
Justice to figure things out."

       	

THE LAST LAUGH


Fielding phone calls about hackers apparently caught AOL's technical
support staffers off guard.  "I've been seeing on the news that hackers
have compromised AOL accounts," one customer asked.  "Is that true?"

The staffer replied, "I think so.  Yeah."  

Then he hung up.

  
 David Cassel
 More Information - http://www.aolwatch.org
   http://cbs.marketwatch.com/archive/20000616/news/current/commentary.htx
   http://www.upside.com/Chris_Nolan/393e88320_yahoo.html
   http://www.macnelly.com/editorial_images/macnelly_edtoon050200.html
   http://www.news.com/Perspectives/Column/0,176,127,00.html
   http://www.suck.com/daily/96/08/14/

~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~

    Please forward with subscription information.   To subscribe to this
    list, type your correct e-mail address in the form at the top of
    the page at http://www.aolwatch.org/list -- or send e-mail to
    MAJORDOMO@AOLWATCH.ORG containing the phrase SUBSCRIBE AOLWATCH 

    To unsubscribe from the list, send a message to MAJORDOMO@AOLWATCH.ORG
    containing the phrase UNSUBSCRIBE AOLWATCH.

~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~



David Cassel webmaster@aolwatch.org
Copyright © 2000 David Cassel, All Rights Reserved.
Web service provided by Cloud 9 Internet