Steve Case's April 1996 letter to all members... may have noticed that we recently added new "alert" text on the Instant Message and e-mail forms reading: "Reminder: AOL Staff will never ask for your password or billing information :-)." This is the first in a series of efforts we will roll out over the next few months to [attempt to] put an end to "password fishing" -- the practice where computer hackers prey on new users by impersonating AOL staff and soliciting passwords and credit card information.

...certain individuals try to take advantage of others. Since our community has more than 5 million members, it's like a large city, so we have to [try to] take action together to put an end to inappropriate or illegal behavior. Remember my monthly motto: Do not give out your password to anyone, whether it's online or even on the phone.

If AOL had acted earlier, Case could probably have adopted a different monthly motto.

Instead, last year AOL's Kathy Ryan told staffers:
...we understand that our aggressive distribution of both software and certificates can result in 'throwaway"' accounts. We have made the business decision that the benefits in this case outweigh the disadvantages...
And Chip Douglas told the Terms of Service staff the following:
Many times we (AOL) are caught between a rock and a hard place debating over the importance of our 'community' while still trying to be as open to new members as possible, and NOT scare them away with needless (?) warnings about PW scammers, etc."
In December of 1995, Steve Case sent an "ALERT" to all members on "Password Security". "I want to raise your awareness about an issue that affects us all," Case wrote: "the importance of never revealing your password."

Attributing these problems to "computer hackers", Case calls password-fishing "an illegal act" which "hinders our ability to conduct business" and, also, to "ensure a safe online community."

Apparently addressing criticisms of AOL's heavy-handed legal threats, Case added "AOL will pursue all legal action and law enforcement protection within our right to protect the security of our service."

At the time, Case added that AOL would use a kind of "neighborhood watch" program to "help crush hacking".

Corey Bridges, Netscape's Security Documentation Manager, forwarded the entire letter to the Cypherpunks mailing list, commenting "Looks like AOL is being dragged, kicking and screaming, into the world of security."

Hacker War

Return to Main page