With the release of movies like Sneakers, The Net, and Hackers, cyber attacks became main stream media in the decade following the Morris Worm. Continuing our journey through cyber attack history, we arrive at the 1990s and an attack toolkit that was truly gangsta: AOHell.
In 1994, a seventeen-year-old from Pittsburgh known online as Da Chronic took cyber craft to the masses by releasing AOHell, a free toolkit that enabled budding attackers to disrupt and manipulate America Online (AOL) content and programs. According to a 1995 Wired magazine write-up, “America Online foe Da Chronic is the mastermind behind AOHell, an outlaw program designed to exploit bugs in the online service, making it easy to forge messages in chat rooms, download files for free, and even create pirate accounts. To keep his identity secret, Da Chronic hides behind an anonymous remailer in Finland. … AOL says it will close the accounts of anyone using AOHell.”
The program, which notably played a short clip from Dr. Dre’s 1993 song “Nuthin But a G Thang,” offered a buffet of features:
In perhaps the first recorded mention of the term “phishing,” the tool sent legitimate AOL users the following message: “Hi, this is AOL Customer Service. We're running a security check and need to verify your account. Please enter your username and password to continue.”
In the 25 years since AOHell launched, the cyber landscape has become incredibly complex and riddled with threats and risks. However, many of the same techniques that AOHell enabled are still being used by attackers today: phishing, flooding, identity theft. By exploring cyber attack vectors throughout history, organizations and their users gain insight into how attacks have evolved, better enabling them to identify and protect security vulnerabilities.