Click here for Part I
Click here for Part II
Click here for Part III
Click here for Part IV
While the art downloads...
From the hacker archives of the
AOL Security Page,
currently under attack by AOL Legal.
Posted on: America Online (using WAOL 2.5)
The situation started at 18:16 when I recieved mail from Guide Fox at Zen Tos
"We have a guide with a possible hacked account, that was just signed online,
and now it is the guide online (I know, he's sitting behind me) He is being
IM'd by an screenname "Security" Is this name legit?"
I looked up the Security account and saw that it was internal and IMed guide
fox asking for more info. The following is that conversation:
Guide FOX: Here's what happened...Derek tried to sign on and his account was
already signed on and in a private room....I IM'd him to see if I got an
answer and boom the guy signed off...Derek got on on his name and the
Security guy IM'd him to ask what happened...
Guide FOX: Now I'm getting pagers about someone hacking a guide account &
being in private room "MacWarez" :/
Zen TOS: what is the guides screen name?
Guide FOX: Guide WOW
Zen TOS: is guide wow signed on now ?
Guide FOX: Yes.
Zen TOS: has he changed the passwords?
Guide FOX: Not yet.
Zen TOS: make sure that he does or i will have to can the account ....
Guide FOX: Yeah, he will....
Zen TOS: were there any screen names mentioned in the pager from macwarez?
Guide FOX: Guide WOW & Security, the pager was sent from DHacker2
Zen TOS: Was security in macwarez?
Guide FOX: That's what I understood.
Zen TOS: Did guide wow see security in mac warez?
Guide FOX: No, he was just IMing him. He was in a private room but not in
there....he's offline now.
Zen TOS: does he have a log of the chat ?
Guide FOX: No, it happened right as he signed online. :( I did see it happen
Zen TOS: what did security say to the best of your recollection?
Guide FOX: Exactly what he said is "What happened? Where'd you go?" Derek
thought it was a legit name, he said "I just got my account hacked" Security
said "Oh, I see." and he never IM'd back
Zen TOS: okk thanks i will be in touch :)
Guide FOX: Okie. Man, I don't need this :/
During this conversation we began to look into the histories of TOSAdvisor,
Security, and Guidewow. This is when we noticed that all accounts had their
password info accessed by Tosadvisor. The times the accounts were accessed
are: Steve Case-1500, GuideWow-1603 and Security-1609. We asked Jack if he
had been on Tosadvisor and he said he had been on it from 14:30-16:30 and had
only signed off for a short time to switch computers and had not taken any
breaks so no one else had access to the account during this time. At this
piont I called NOC and talked with Pete Silva and told him everything that we
knew, he said he would look into it. I then tried to call Kim and also paged
her. There was no answer at her house and she did not call us. Pam then
called Charles and he came in (he arrived around 19:30). When Charles came
in he changed all the TOS accounts passwords. We talked with Pete at NOC a
few more times but found nothing else out about who had done this or for sure
how it was accomplished.
Things settled down a bit and then Jack(who was signed on to TOSAvisor)
recieved an Im from TOSAdvisor which stated:
TOSAdvisor: nevermind i'm going to warez or something
This Im was recieved sometime between 20:30 and 21:00.
I promptly called NOC and talked with Pete, I told him what was going on and
we also called Charles over to look at it also. Pete hung up to see what he
could find out and in a few minutes called back and setup a conference call
with several other people that had been working on the cloaking and morphing
problems. This call lasted for almost an hour and during this call at 21:31
I sent them a copy of the IM. I explained in detail both situations and near
the end of the converstion was asked for your phone number which I looked up
on your account and gave to them.
This is basically what happened to the best of my recollection. I am also
sending you all the mail and IM's regarding this situation. If you have any
further questions or comments you will see me at work or you can call me at
home or page me at 703-612-2409.
Comic courtesy of a hacker who wishes to remain unnamed
Return to Main Page