³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #1 - Page 11 of 13 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Stalking/Harassing an Online Service ------------------------------------ by kleptic Nearly everyone has heard horror stories about the internet. Pornography abounds, mentally deranged perverts stalk innocent victims while posing as women or children, hax0rs lie in wait to steal your credit card numbers. Sounds scary, right? That's why so many families flock to online services instead. Unlike the freewheeling Wild West spirit of the internet, online services are more like private clubs. Although nearly anyone can get in, the online service enforces its own rules about what you can and cannot do. Break the rules and you risk being thrown out! If you detest censorship (like I do), avoid the online services. If you think that an online service's restrictions are great ways to protect your children, think again. -------------------------------- CENSORSHIP AND PEDOPHILES ON AOL -------------------------------- America Online, the most popular online service, prohibits its members from using obscenity or transferring pronography through its services. In theory, this sounds perfect for families with children. in practice, these rules are enforced as often as politicians take pay cuts. And it's precisely because AOL seems safe for unsupervised children that it has become the perfect online stalking ground for pedophiles. ----------------------------- HOW PEDOPHILES STALK CHILDREN ----------------------------- If you're horrified at the thought of a pedophile contacting your child on AOL, pull out your modem and cancel your membership now. Doing so will guarantee that no pedophile will find your child on AOL, but it will also deny your kid access to "AOL's many useful resources." You have other options. AOL offers a parental control feature that allows you to selectively block portions of the service from your child. However, unless you know what portions to block, this feature won't be of much use. Chat rooms, where members can type messages to one another in real-time, are AOL's most popular stalking round for pedophiles. Because talk in chat rooms happens instantaneously, without supervision, as soon as one kid in Boston types a message, children in Seattle, Houston, and Chicago can read that message and respond to it. But chat rooms are like costume parties-people often mask their identities, including age and sex, which means that the kid from Boston might be a middle-aged man. Typically, a pedophile will enter a chat room geared toward children, such as a homework helping chat, a teen chat, or even a teen sex chat room. After watching the conversations and perhaps typing a few messages of his own, he looks for a victim to target. At this point, the pedophile has no idea whether a particular nickname belongs to a real child or an adult pretending to be a child (wouldn't that be funny?). To find a suitable target, the pedophile directs a few innocent remarks toward several other chat room members. The responses can help identify which nicknames belong to adults and which belong to children (misspellings and simple language are the most common giveaways). After focusing on nicknames belonging to actual children, the pedophile is ready for the next step. Chat rooms offer two ways to communicate with others: public and private messages. Public messages appear on the screen for everyone in the chat room to read. Private messages can only be read by the person they are addressed to (for those idiots that dont already know that). Once a pedophile has identified nicknames belonging to children, he sends a private message to one or more of his chosen targets. Usually these private messages ask more personal questions, such as age, location, favorite foods, hobbies, stuff like that. During this stage, the pedophile tries to gain the child's trust and friendship. Eventually, the child may have to leave the chat, so the pedophile arranges another time when they can meet in the room again. Because many children think they have found a new friend, they often readily agree. As the pedophile gains the trust of the child, he'll start asking more personal questions to determine where the child lives, what his or her parents do for a living, and when they might be out of the house. After several weeks or months, the pedophile may suggest meeting in person, even if it means that the pedophile has to fly to another city to meet his victim. Because the child may still be unaware of his new "friend's" true intentions, he or she may give otu personal information such as a home address or phone number. Because pedophiles don't want to meet their potential victims parents, they'll play off a child's desire for secrecy. When arranging a place and a time to meet, they tell the child, "Don't tell your parents where you're going." Depending on the child's relationship with his or her parents, thie child may balk and tell his parents anyway, or he may go along with the pedophile's suggestions as a way to rebel against his parents. After all, the idea of a secret meeting with a new friend can be exciting. Of course, pedophiles rarely meet most of their intended targets. Either the child stops using AOL, gets bored with his new "friend," or becomes suspicious and breaks off the relationship. But pedophiles can be patient, and whether it takes one or one hundred tries, they're willing to continue stalking chat rooms for children-because they know that eventually they'll find one kid gullible enough to believe their sweet promises. ------------------------------------ PROTECTING YOUR KIDS FROM PEDOPHILES ------------------------------------ The best way to protect your child from pedophiles online is to supervise their online activities and turn on AOL's parental controls to block access to chat rooms. To help friends find one another online, AOL offers a "Buddy List." You list your friends in your list and the moment any of them come on AOL you're notified. Of course, online stalkers can also use this feature too. Once a pedophile has visited a few chat rooms, he can put all the names of his chosen victims in his own buddy list. That way if your child connects to AOL at the same time the ped is online, the pedophile's buddy list notifies him so he can send a message to your kid. By using a buddy list , a pedophile can stalk fresh victims in chat rooms while lying in wait for previously targeted victims as well. To further protect your kid from pedophiles, turn off the buddy list feature to prevent your child's nick name from being put on anyones list. Although this effectively prevents your kids friends from using the buddy list to contact each other, it also prevents any pedophiles from knowing when your kid is connected to AOL. (Just make sure that if you turn off the feature, your kid doesn't turn it back on. Kids are smarter then adults when it comes to computers.) ------------------- TRADING PORN ON AOL ------------------- AOL's rules state that you cannot transmit obscene or pornographic material through its services. Theoretically, this makes AOL safe for kids and familes to use. Realistically, expecting AOL to enforce its rule is hopeless. Connect to AOL 24 hours a day, seven days a week, and you'll be able to find chat rooms where people are engaging in cybersex or swapping porn files. Don't be fooled by AOL's public image as a family-oriented online service. People trade pron over AOL by visiting a chat room and asking "if anyone would like to swap pics." Once 2 members agree to trade, they simply e-mail the pictures to the other user. --------------------------- HARASSING AN ONLINE SERVICE --------------------------- AOL, and Prodigy have all made their share of blunders over the years. Besides AOL's history of censoring e-mail, CompuServe once pulled the plug on an entire internet newsgroup because the German government considered them obscene. In their earlier history, Prodigy censored e-mail as rigorously as AOL, causing widespread dissatisfaction among it's members. Given the constand, clumsy, and often unnecessary actions of online services in the interest of protecting their services from pron, obscenity, or just plain naughty words, it's no surprise that many people have lashed out against them. Here are a few examples. ----------------------------------- GENERATING FAKE CREDIT CARD NUMBERS ----------------------------------- One of the most popular ways to harass an online service is to create a bogus account using a fake credit card number. Because online services want members to sign up as soon as possible, the moment you type in a valid credit card number, you can start using the entire online service right away. One legal way to get a free account on an online service is to sign up with one credit card, cancel your account when your free trial period is over (typically one month or a fixed amount of usage, such as 50 hours), then sign back on to the same service with a different credit card number. This method works as long as you have different credit card numbers. Because most people don't have multiple credit cards, they do the next best thing and create their own credit card numbers instead. Credit card companies, such as Visa or American Express, create their credit card numbers using a mathematical formula. You'll note that credit card numbers are rarely similar, and you'll never find two people with credit card numbers that differ by only one number because of the possibility of erroneously charging one person for another persons purchases. Rather than try to gues the mathematical formula used to create valid credit card numbers, just use a special credit card-generating program. These programs create credit card numbers using the same mathematical formula used by your own credit card company. When you sign on to an online service with a credit card number created by a card generating program, the online service just checks to make sure the number is valid according to the credit card's mathematical formula. If the number is valid, the service lets you create an account. The service won't verify that the credit card number is valid for a day or two, so until the service catches on to yoru fake credit card number, you'll have rein-absolutely free! And, if you use a fake name address, and phone number, the service will never catch you-unless they trace your call. The moment the online service finds out that you're using a fake credit card number, they can ask the phone company to trace your call from their dial-up connection phone number to your home. As long as you use fake credit card numbers sparingly, the service probably won't take the time to follow up. ------------------------- CAUSING CHAOS WITH AOHELL ------------------------- Using an account created by a fake credit card number allows you to break the online service's rules with little risk of getting caught. As a result, many people who create fake accounts also use special harassment programs as well. Perhaps the most famous harassment program is one named AOHell. Written by ex-aoler member who calls himself Da Chronic, AOHell is designed to wreck havoc on AOL. AOHell works with AOL's software. Once you're connected to AOL, you load AOHell and up pops a floating window that lists its features in a simple push-button interface-features that range from the extremely useful to the downright illegal. You can use AOHell to encrypt your e-mail; send a mass e-mailing; e-mail bomb an account by flooding someone's mailbox; or automatically deliver a canned reply to instant messages. You can even use AOHell to block instant messages from particular individuals. If a particular person grates on your nerves in a chat room, yo ucan fight back with AOHell. Click one button and AOHell draws a gun pointing at a stick figure with the name of the person publicly displayed for all in the chat room to see. Click another button and AOHell scrolls an ASCII drawing of a raised middle finger. For another type of prank that borders on the illegal, AOHell offers a fake "forward message to" feature, specifically designed to let you send e-mail to AOL administrators, falsely claiming that someone is writing e-mail to you that violates AOL's rules. To give you an idea of this feature's capabilities, AOHell provides an example fake forwarding message that purports to be from AOL's president soliciting a user for shameful acts involving bodily fluids. Although users are repeatedly warned that they should never give out passwords or credit card numbers to anyone online, many people stil don't realize the danger. AOHell offers a password/credit card fisher that lets you take advantage of them. Just enter a chat room, click on the fisher button, and AOHell sends an official looking message to the person of your choice, claiming that AOL's billing department needs that person's password or credit card number. Obviously, this AOHell feature can be exploited for illegal use; but now that you know it exists, it should remind you never to give out important information like passwords and credit card numbers while online. Although AOHell was one of the first and most popular online harassment programs, copycat programs have popped up with names like AOIce, CompuDaze, ProdigyKiller, Apocalypse Now, AOTurkey, LameProd, CISHack, RIPPClaw, and America Flatline. Most of these programs offer similar features, although some require a password to use them. ------------------------------------------------------------- FINDING CREDIT CARD GENERATORS AND ONLINE HARASSMENT PROGRAMS ------------------------------------------------------------- Credit card generators and onlien harassment programs can be found on a hacker web site; but because AOL and other online services frown on their distribution, these hack sites tend to disappear with alarming regularity. Most manage to last for a while before AOL (or another online service) threatens the web site with legal action. To read and write messages to others interested in using, harassing, or criticizing an online service, browse through one of these Usenet newsgroups: alt.aol alt.aol-sucks alt.oneline-service prodigy.classic ------------------------------------------ WRITING YOUR OWN ONLINE HARASSMENT PROGRAM ------------------------------------------ Rather than use an online harassment program written by someone else, many hackers prefer to write their own. The most popular programming language used to write online harassment programs is Microsoft Visual Basic. Not only is VB inexpensive, but it allows ANYONE with little programming experience to write a Windows program quickly and easily. Once you have a copy of VB, you need to know how onlien harassment programs work. Most online harassment programs use two special VB Commands called AppActivate and SendKeys. The AppActivate command loads and runs another program. In the case of an online harassment program, the AppActivate command is used to load the communication program for AOL or Prodigy. The SendKeys command mimics a person typing at the keyboard. For example, the SendKeys command can type a phrase, press CTRL-X, or choose menu commands from any program defined by the AppActivate command. The combination of the AppActivate and the SendKeys command lets you write a VB program that can type keystrokes into another program as if you were typing them yourself. At the simplest level, an online harassment program is nothing more than a fast, automated typist that lets you raise havoc on the online service of your choice. If you were a fast typist, you could harass an online service just by typing insults or commands yourself; but because most people can't type at the speed of light, they let an online harassment program do the typing instead. That way they can quickly pop in and out of various forums or chat rooms on the online service, cause havoc, and disappear just as quickly as they arrived. As a result, online services can never defend themselves against an online harassment program. The only way to prevent an online harassment program from working is to prevent legitimate users from typing on their keyboard while using an online service. Many companies sell commercial and shareware add-on programs designed for AOL. These add-on programs use the same features as online harassment programs, but instead of letting you type insults or e-mail bomb another member, add-on programs automate other features for your convenience, such as deleting e-mail quickly or responding in a chat room with a prewritten response. If AOL implemented a way to prevent online harassment programs from working, it would also keep these AOL add-on programs from working. Once you understand that an online harassment program is nothing more then a program that automates typing in another program for you, you're ready to write your own online harassment program. But rather than create something from scrath, programming (like homework) is always easier when you copy and modify somebody else's work instead. Of course, online harassment programs rarely offer their source code. If you find a particular online harassment program that you want to emulate, your best bet is to decompile the program, wich can recover the actual VB source code. To decompile a VB program, you can by a program called the VB Decompiler. This program dissects any program created by VB and generates the source code for you to examine. By using the VB Decompiler, you can decompile your favorite online service harassment programs, such as AOHell, to see how the program works. Once you ahve generated the VB source code, you can copy or modify the source code and create your own online harassment program for your own use. (But if anyone asks, you didn't hear that from me.) -------------------------------------------- PROS AND CONS OF HARASSING AN ONLINE SERVICE -------------------------------------------- If an online service catches you harassing its members, their reaction can be as simple as cutting off yoru real (or fake) online service account, or as drastic as having you arrested for credit card fraud, illegal computer use, and whatever else. But don't think that harassing an online service is just for bad guys trying to spoil other people's fun. Many self-proclaimed online vigilantes haunt online services specifically to stalk online stalkers such as pedophiles. The moment they find a pedophile trying to recruit a child in a public chat room, they use an online harassment program to send a warning to the offender, send a mail bomb to flood the offender's e-mail box, or just boot the offender in the ass. An online harassment program is a tool. Abuse it and you can make the lives of legitimate online service members miserable. But use it to defend children against pedophiles, and you may be considered a hero. The End