Wednesday, April 26, 2006

AOL - Hacker Heaven

Don't you just love AOL? They have some really cool features like multiple email addresses and included firewall and spam blocking, parental controls and a nice content layout. It's easy to use and they have phone numbers all of the world so you can access the system from just about anywhere when you travel...

Yeah it's great for hackers too! The thing about accessing it from anywhere is helpful if you're a spammer or hacker too. The IP address in the logs is the same for all.

AOL provides anonymity for hackers due to the fact that everyone is connecting to the same servers and accessing the Internet and sending messages in a way that is difficult to track back to the actual users. Additionally it is virtually impossible to block because if network admins try to block out the offending IP, they are basically blocking out a whole lot of valid (valuable) traffic from AOL users.

And have you ever tried to figure out how to report an attacker to AOL? Take a look at their web site and just try to figure it out. Impossible...

I have found this article which suggests an address but since it is not official AOL information and Wikipedia lets anyone update the content, who knows if it is accurate or has been hacked? For all we know using this information we could be feeding AOL hackers information that we are onto them and that helps them stay one step ahead:

http://en.wikipedia.org/wiki/Wikipedia:Dealing_with_AOL_vandals

The email listed in here currently to report hackers to AOL is: TOSgeneral@aol.com

If you go to spamcop.net you'll get this abuse email address to report spammers to AOL: abuse@aol.com

Who knows if these emails are valid and your message actually gets to AOL. I have made reports to them with no response, and hackers continue to hit my systems from the same IPS, and the information in McAfee still shows these odd hacker DNS records (more info in my first post on these):

AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
AOL.COM.IS.0WNED.BY.SUB7.NET
AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
AOL.COM

Interestingly an IP attempting to access my box right has high level domain information which does not match the typical information I see for AOL.

The IP is: 64.12.116.197

The information listed for AOL is:
Address: 10600 Infantry Ridge Road
City: Manassas
StateProv: VA
Email: domains@aol.net

If you look up aol.com IP which on my system resolves to: 207.200.94.2

You get:
OrgName: Netscape Communications Corp.
OrgID: NSCP
Address: 501 E. Middlefield
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

But also has this info in McAfee:
AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
AOL.COM.IS.0WNED.BY.SUB7.NET
AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
AOL.COM

IP Range: 207.200.64.0 - 207.200.127.255
Maybe they have two different offices registering IPs, who knows.

Interestingly when I look up AOL in another IP tracert tool I get:
Administrative Contact:
America Online, Inc.

22000 AOL Way
Dulles, VA 20166
US
Tel. 703 265 4670
Email: *******@aol.net

Technical Contact:
America Online, Inc.

22000 AOL Way
Dulles, VA 20166
US
Tel. 703 265 4670
Email: *******@aol.net

Domain servers:
dns-01.ns.aol.com
64.12.51.132
dns-02.ns.aol.com
205.188.157.232
dns-06.ns.aol.com
149.174.211.8
dns-07.ns.aol.com
64.236.1.107