AOL4FREE Culprit Tells His Tale by David Cassel 5:02am 22.Apr.97.PDT Nicholas Ryan, a college junior convicted for authoring the original AOL4FREE program, will be leaving Yale University this June to start a six-month home sentence, and two years of probation. For 25 hours a week, he will be working at a special education program as a form of community service. But on off-hours, Ryan will be working on an encryption program for Windows 95, based on the Macintosh program that stumped the Secret Service agents who confiscated his computer. "It would be a mini-encrypted hard drive - every time you shut down the computer, all the information would be totally encrypted." Three weeks after his conviction, Ryan says he is ready to talk about his hacker past, and to share his experience of creating a program in 1995 that allowed hackers to use AOL without paying the hourly charge. Last week, Ryan came forward with a 30-KB essay explaining his motives and experiences to hacker sites. His confessions came the same week that the Department of Energy put out a warning against the AOL4FREE "Trojan horse," a file-destroying program that is masquerading as Ryan's original program. "I was an outlaw, a spy," Ryan boasts, "and I loved cracking the puzzle of AOL's system." During the days of US$2.95-an-hour pricing, AOL4FREE made Ryan, aka Happy Hardcore, a hero in hacker chat rooms. "When I entered a room, I'd immediately get dozens of messages asking about when my next version would come out, who I knew, and many just thanking me." His essay also includes anecdotes of hacking live chats and distributing AOL customer data. In a press release applauding his conviction, AOL conceded that hundreds used the program to gain free access to the service. Ryan's is the first federal felony conviction involving an online service, AOL claims. "AOL and the prosecutors decided they wanted it to strike a blow against the hackers and take me out as an example," Ryan said in an interview. "At one point they were even claiming that the damages were US$1.5 million." Ironically, Ryan had titled one section of the documentation for AOL4FREE "Can I get caught?" He even supplied a prescient answer: "A better question would be, 'Would they want to prosecute me if I'm caught?'" Ryan now claims he'd been reassured by internal memos forwarded by hacker friends that AOL would not go after him. "I assumed they were going after the AOL4FREE users. Kind of a dumb assumption.... The Secret Service knocked on my door in December." Of the latest AOL4FREE decoy, Ryan says there's nothing new in naming Trojan-horse programs after real ones. "I remember during 1995, way back then, there was an AOL4FREE program that was actually a Trojan horse. So this program may just be a couple of years old." Mixed in with the harrowing stories of his exploits, Ryan's confessional essay includes a disclaimer: "I stress that in no way did we EVER do anything to cause permanent damage using the tools or information that we found." He adds: "We could've taken down 500 file libraries. We could've massively wreaked havoc on the service. But it wasn't what we were there for. It was a puzzle of it, the challenge of it."