The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Historic Hacks of the 1990s, Part 2

We've come a long way since the era of hacks that required the unwitting participation of postal services. GoCertify begins a tour through past cybermalfeasance by hopping back in time to the 1990s.

Note: This is Part 2 of 2. To read Part 1, click here.


AOL's relentless mailing of free CDs got one hacker angry.We're back to continue GoCertify's tour through the most notorious hack attacks of the 1990s.


AOHell 1994


If you checked your mailbox more than once or twice during the 1990s, then you doubtless know (or knew) of a company named “America Online” (AOL), the world’s largest online internet provider. Even if you weren’t paying attention, you were probably still aware of their promotional CDs offering 10 hours of free internet access.


More noticeable was how these disks were seemingly inserted into every nook and cranny imaginable. As PC World so appropriately wrote, "(Y)ou couldn't open a magazine or your mailbox without an AOL disk falling out of it."


The flood of these disks sparked protests from a number of environmental and other groups. One entity in particular was No More AOL CDs, which asked people to send them their AOL disks. The goal was to collect one million disks and mail them back to AOL. Eventually the group pulled the plug on the effort after having collected an impressive 410,176 CDs.


Some protestors took things a step further. A 17-year-old hacker from Pittsburg known as “Da Chronic” created a Windows app named AOHell, touting it as, "An all-in-one nice convenient way to break federal fraud law, violate interstate trade regulations, and rack up a couple of good ol' telecommunications infractions in one fell swoop."


Da Chronic claimed he was mad at AOL for the company’s refusal to shut down sites harmful to children and the app more than lived up to its name.


AOHell included a fake-account generator enabling anyone to establish fully functional AOL accounts, a phishing tool that utilized automated social-engineering to steal passwords and credit card information, and even an e-mail-bombing option to send hundreds of electronic mail messages to a user’s inbox and fax machines.


You could even send an instant message to another user that would log them out, or pose as AOL’s founder Steve Case in chat rooms.


Aftermath – AOL spent a great deal of effort and money fighting the app. The company’s efforts to identify and delete accounts created using AOHell didn’t work, as soon as one account was cancelled, another arose. Their best solution was to release a new version, AOL 2.5, which wasn’t compatible with Da Chronic’s creation.


AOHell was a gut punch to the company’s reputation, and some experts argue that it never fully recovered.


Lesson Learned — Internet providers improved protections for user accounts, such as by offering protocols for double verification of new accounts. There also began to be regular policing of user activity on their sites, particularly when it might involve children. In AOL’s case, the company provided a command enabling users to make certain chat-rooms off limits to children.


Corporations also began paying close attention to their public images, realizing that doing something — or not doing something — had the potential to bring the wrath of a hacker upon their heads.


Solar Sunrise 1998


In January 1998 the Middle East was in a turmoil. Saddam Hussein had evicted United Nations weapons inspectors from Iraq and, in response, the Pentagon was gearing up for an anticipated strike on Saddam’s military.


In the midst of preparations, automated security monitors detected outside electronic intrusions into systems on a number of U.S. military installations. The intruders hacked through a .edu site and installed sniffer programs to capture passwords and establish a backdoor access.


Although none of the systems were classified, military and government officials feared it was Iraqi hackers spying on the Pentagon’s attack preparations. The intrusion was given the code name Solar Sunrise and it set off a massive multi-agency effort involving the Army, Navy and Air Force along with an alphabet soup of government agencies including the FBI, NASA, CIA and the NSA.