[ISN] NY teen hacks AOL, infects systems

From: InfoSec News (alerts@private)
Date: Fri Apr 27 2007 - 01:33:22 PDT


http://www.infoworld.com/article/07/04/26/HNteenhackaol_1.html

By Juan Carlos Perez
IDG News Service
April 26, 2007

A New York teenager broke into AOL networks and databases containing 
customer information and infected servers with a malicious program to 
transfer confidential data to his computer, AOL and the Manhattan 
District Attorney's Office allege.

In a complaint filed in Criminal Court of the City of New York, the DA's 
office alleges that between December 24, 2006 and April 7, 2007, 17-year 
old Mike Nieves committed offenses like computer tampering, computer 
trespass, and criminal possession of computer material.

Among his alleged exploits:

* Accessing systems containing customer billing records, addresses, and 
  credit card information

* Infecting machines at an AOL customer support call center in New 
  Delhi, India, with a program to funnel information back to his PC

* Logging in without permission into 49 AIM instant message accounts of 
  AOL customer support employees

* Attempting to break into an AOL customer support system containing 
  sensitive customer information

* Engaging in a phishing attack against AOL staffers through which he 
  gained access to more than 60 accounts from AOL employees and 
  subcontractors

Nieves faces four felony charges and one misdemeanor charge. He was 
arraigned on Monday and remains detained, a DA's office spokesman said. 
His next court date is Friday for a procedural hearing to determine the 
next step in the case, the spokesman said. Nieves' attorney didn't 
immediately return a call seeking comment.

The alleged acts cost AOL more than $500,000. It's not clear whether 
customer data was stolen. AOL declined to comment. The DA's office 
spokesman said the investigation into Nieves' alleged acts continues. 
"It's too early to tell exactly what [data] he compromised or not," he 
said.

The complaint states that Nieves admitted to investigators that he 
committed the alleged acts because AOL took away his accounts. "I 
accessed their internal accounts and their network and used it to try to 
get my accounts back," the defendant is quoted as saying in the 
complaint. He also admitted to posting photos of his exploits in a photo 
Web site, according to the complaint.

One doesn't have to be a computer genius to carry out the alleged acts 
thanks to the free availability of multiple hacking tools, said Mark 
Rasch, managing director of technology at FTI Consulting. "Even a 
disgruntled kid working alone can throw a virtual tantrum and cause a 
significant amount of damage to a large technology corporation," Rasch 
said. "Welcome to the new world."

If the defendant was honest about his motivation in his reported 
confession, it's safe to assume that he wasn't interested in stealing 
data for financial gain, Rasch said. Still, it'll be interesting to find 
out what steps AOL is taking if customer data was in fact compromised, 
he said.

There aren't enough facts available to judge whether AOL could have done 
more to prevent the alleged intrusion. "We'll learn more as the case 
goes on," he said. "AOL has had pretty good security over the years."

Authorities arrested Nieves after AOL provided them with information 
from an internal investigation into the alleged acts. AIM subscriber 
information and IP address data involved in the acts led AOL to Nieves, 
whose address and phone number AOL had on file, according to the 
complaint.

The New York Post reported Thursday that Nieves lives in Staten Island 
and quoted his mother as saying that he is a special education student 
with behavioral problems. An anonymous source told the Post that Nieves 
has caused AOL problems for years.

A source close to the investigation told IDG News Service that Nieves is 
allegedly part of a "loosely coupled" group of hackers who have targeted 
AOL and other companies in recent years, but that Nieves focused 
specifically on hacking into AOL.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Fri Apr 27 2007 - 01:54:01 PDT