America Online Inc., the nation's largest online service, said Thursday it was fighting computer hackers causing problems on its service but <I><B>it would not say whether its network had been breached. </B></I>The San Franciso Chronicle reported Thursday that hackers have tampered with America Online's business and customer files and created a security breach that could affect the accounts of subscribers. A spokeswoman for AOL declined to discuss details in the report but said the online service was continuing to change its system software to combat AOHell, a hackers program. ``From time to time, we've encountered problems as it relates to AOHell,'' spokeswoman Pam McGraw said when asked to comment on the article. ``We're not going to provide details.'' Asked specifically whether hackers had breached the online service, she repeated the statement. McGraw said the company upgrades and fixes its system as needed to combat hackers. The Chronicle report came the same day that America Online said it had a total of 3.5 million subscribers and was the largest online service in the world. ``AOL's success continues to be largely attributable to the enthusiasm and support of our members, and we are very grateful to them that interest in AOL continues to grow,'' said Steve Case, President and Chief Executive of America Online. As the online industry explodes in growth, however, there have been mounting concerns about security, especially that of shopping and other business transactions carried out in cyberspace with credit card numbers. The Chronicle, citing ``sources associated with the company,'' said the hackers appeared to have obtained access to a wide variety of files, including the personal files of Case. The newspaper said the most recent incident came to light this past weekend, when unpaid leaders of various America Online forums <B><I>were told to change their passwords.</I></B> The newspaper also said it was unclear whether the break-ins were undertaken by AOHell. Asked if AOL encountered other hackers besides AOHell, McGraw said, ``The majority of the problems come from AOHell.'' The Chronicle said the hackers were able to find a main account at the online service which contains addresses leading to other areas inside America Online. The addresses include access to areas that have information about members' passwords, screen names by which they identify themselves on the service, and other information. To sign up for America Online, subscribers must submit a credit card number, which can be used for online purchases of products. ``<B><I>It was unclear whether the computer hackers could retrieve credit card information</I></B>,'' the article said. Reuter/Variety
- Note how AOL blaims its problems on an unrelated, well known, "hell" program which is mostly a set of macors used to make free accounts, scroll lettering in chat rooms, and handle other harassment text used to flood a person's mail box. AOHell. Also, America Online DID know that these hackers/trashers could retrieve Credit Card information. You will read basicly the same below, plus comments from unidetified staffers.
Rogue computer experts</I></B> have tampered with America Online's business and customer information files, creating a security breach that could affect the accounts of subscribers to the giant online service. A spokeswoman with the online service confirmed the company has had an ongoing security problem but would not disclose details of recent problems out of concern that any information could be used by hackers against the company's computer network. But sources associated with the company said the outside hackers appeared to have obtained access to a wide variety of files, including the <B><I>personal files of Steve Case</I></B>, the company's president and chief executive. America Online's spokeswoman would not confirm or deny that report. In response, however, the online service <B><I>has asked its staff to change their computer passwords</I></B>. This week, the company will begin <B><I>asking all of its 3 million members to periodically change their passwords for protection</I></B>. A user of an online service must type a short password in order to read personal electronic mail or buy products. America Online also has recently installed new security software to stay a step ahead of the intruders. The most recent incident, which came to light over the weekend when unpaid leaders of America Online forums were told to change their passwords, raises questions about whether an online service should <B><I>alert members every time there is a potential security breach. </I></B>The security breach has been a subject of discussion among members of America Online's volunteer force, who are concerned about their own security and distressed with the online service for not informing all AOL members. In the past several months, the company's service has been repeatedly attacked by a hacker program called AOHell. The recent attacks have involved AOHell, said Pam McGraw, an America Online spokeswoman. But forum leaders say <B><I>AOHell has not been a tool to hack into a computer but instead sends thousands of pieces of electronic mail repeatedly to people. </I></B>The alleged break-ins come at a time when the service, based in Vienna, Va., is growing rapidly in a competitive market with new entrants. In the past 12 months, America Online has tripled its membership. According to sources close to the company, the computer hackers were able to find a main account, called TOS Advisor, which contains addresses leading to other areas inside America Online. McGraw of AOL said the company would not ``get into specifics of accounts and online areas that have been affected.'' The addresses include access to areas that have <B><I>information about members' passwords, screen names (made-up code names), the number of people using the online service at any one time and billing information</I></B>. It was <B><I>unclear whether the computer hackers could retrieve credit card information</I></B>. Last spring, America Online connected to the World Wide Web, a growing collection of tens of thousands of sites containing text, graphics and even video and audio. The company has Internet addresses for its internal operations to make it easier for employees to move from the Internet to the company's public and private areas. But with knowledge of addresses, outsiders could slip into the company's confidential areas. ``I'm outraged,'' said a person who works for AOL as a volunteer and who asked not to be named. ``<B><I>I sincerely feel the members should be alerted so they should choose whether to cancel credit cards or alert banks on checking accounts, rather than AOL taking the attitude that they are willing to wait and see what happens</I></B>.'' ``<B><I>They are so protective of their image they refuse to inform membership of safety issues</I></B>,'' said another AOL volunteer. The possible tampering at AOL comes as many companies including Microsoft Corp., are entering the online world. Businesses have turned to the Internet as a way to communicate with employees or customers. In the past month, several arcane but notable computer viruses have cropped up on the Internet, either stored in documents sent as part of electronic mail or transmitted when a file is downloaded from a large computer. ``It shows how vulnerable we all are today,'' said Sandy Sparks, the manager of the U.S. Department of Energy's Computer Incident Advisory Capability, which is based at the Lawrence Livermore National Laboratory in Livermore. But it is not prudent to tell customers every time there's a security violation, Sparks said. ``Certainly I think that all of those companies recognize that protecting their clients is extremely important,'' Sparks added. ``But to tell every little break-in that happens even if it may not have a direct impact to customers is probably not a good idea.'' AOL's McGraw said its online service is as safe as any other service, such as banking or airline reservation systems. ``No system is foolproof, whether it is an online service, credit card company or a bank,'' she said.