Click here for Part I
Click here for Part II
Click here for Part III
Click here for Part IV

While the art downloads...

From the hacker archives of the AOL Security Page, currently under attack by AOL Legal.

Posted on: America Online (using WAOL 2.5)


The situation started at 18:16 when I recieved mail from Guide Fox at Zen Tos

which stated:

"We have a guide with a possible hacked account, that was just signed online,

and now it is the guide online (I know, he's sitting behind me) He is being

IM'd by an screenname "Security" Is this name legit?"

I looked up the Security account and saw that it was internal and IMed guide

fox asking for more info. The following is that conversation:

Guide FOX: Here's what happened...Derek tried to sign on and his account was

already signed on and in a private room....I IM'd him to see if I got an

answer and boom the guy signed off...Derek got on on his name and the

Security guy IM'd him to ask what happened...

Guide FOX: Now I'm getting pagers about someone hacking a guide account &

being in private room "MacWarez" :/

Zen TOS: what is the guides screen name?

Guide FOX: Guide WOW

Zen TOS: is guide wow signed on now ?

Guide FOX: Yes.

Zen TOS: has he changed the passwords?

Guide FOX: Not yet.

Zen TOS: make sure that he does or i will have to can the account ....

Guide FOX: Yeah, he will....

Zen TOS: were there any screen names mentioned in the pager from macwarez?

Guide FOX: Guide WOW & Security, the pager was sent from DHacker2

Zen TOS: Was security in macwarez?

Guide FOX: That's what I understood.

Zen TOS: Did guide wow see security in mac warez?

Guide FOX: No, he was just IMing him.  He was in a private room but not in

there....he's offline now.

Zen TOS: does he have a log of the chat ?

Guide FOX: No, it happened right as he signed online. :(  I did see it happen

tho ;/

Zen TOS: what did security say to the best of your recollection?

Guide FOX: Exactly what he said is "What happened? Where'd you go?"  Derek

thought it was a legit name, he said "I just got my account hacked" Security

said "Oh, I see." and he never IM'd back

Zen TOS: okk thanks i will be in touch :)

Guide FOX: Okie. Man, I don't need this :/

During this conversation we began to look into the histories of TOSAdvisor,

Security, and Guidewow.  This is when we noticed that all accounts had their

password info accessed by Tosadvisor. The times the accounts were accessed

are: Steve Case-1500, GuideWow-1603 and Security-1609.  We asked Jack if he

had been on Tosadvisor and he said he had been on it from 14:30-16:30 and had

only signed off for a short time to switch computers and had not taken any

breaks so no one else had access to the account during this time.  At this

piont I called NOC and talked with Pete Silva and told him everything that we

knew, he said he would look into it.  I then tried to call Kim and also paged

her.  There was no answer at her house and she did not call us.  Pam then

called Charles and he came in (he arrived around 19:30).  When Charles came

in he changed all the TOS accounts passwords.  We talked with Pete at NOC a

few more times but found nothing else out about who had done this or for sure

how it was accomplished.

Things settled down a bit and then Jack(who was signed on to TOSAvisor)

recieved an Im from TOSAdvisor which stated:

TOSAdvisor: nevermind i'm going to warez or something

This Im was recieved sometime between 20:30 and 21:00.

I promptly called NOC and talked with Pete, I told him what was going on and

we also called Charles over to look at it also.  Pete hung up to see what he

could find out and in a few minutes called back and setup a conference call

with several other people that had been working on the cloaking and morphing

problems.  This call lasted for almost an hour and during this call at 21:31

I sent them a copy of the IM.  I explained in detail both situations and near

the end of the converstion was asked for your phone number which I looked up

on your account and gave to them.

This is basically what happened to the best of my recollection.  I am also

sending you all the mail and IM's regarding this situation.  If you have any

further questions or comments you will see me at work or you can call me at

home or page me at 703-612-2409.


Rob Behrenst

Comic courtesy of a hacker who wishes to remain unnamed

Part VI

Return to Main Page