Using a combination of trade tricks and clever programming, hackers have thoroughly compromised security at America Online, potentially exposing the personal information of AOL’s 35 million users. The most recent exploit, launched last week, gave a hacker full access to Merlin, AOL’s latest customer database application. As a security measure, Merlin runs only on AOL’s internal network, but savvy hackers have found a way to break in. The hack involves tricking an AOL employee into accepting a file using Instant Messenger or uploading a Trojan horse to an AOL file library. When the file is executed, the Trojan horse connects the user who launched it to an Internet relay chat server, which the hacker can use to issue commands on the targeted machine. This allows the hacker to enter the internal AOL network and the Merlin application. Merlin requires a user ID, two passwords and a SecurID code, all of which hackers obtain by spamming the AOL employee database with phony security updates, through online password trades, or by “social engineering” attacks over IM or the telephone. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.