AOL Busts Staten Island Hacker
An idiot teenager tried to hack into AOL because the company suspended his account. Mike Nieves foolishly tried to penetrate the security of AOL without realizing that the network is one of the best protected in the world. And then he posted photographic evidence of his crimes on Flickr. And as a former account holder, AOL was able to tell the cops exactly where he lived.
From Infoworld here:
A New York teenager broke into AOL networks and databases containing customer information and infected servers with a malicious program to transfer confidential data to his computer.
17-year old Mike Nieves committed offenses like computer tampering, computer trespass, and criminal possession of computer material.
Among his alleged exploits:
- Accessing systems containing customer billing records, addresses, and credit card information
- Infecting machines at an AOL customer support call center in New Delhi, India, with a program to funnel information back to his PC
- Logging in without permission into 49 AIM instant message accounts of AOL customer support employees
- Attempting to break into an AOL customer support system containing sensitive customer information
- Engaging in a phishing attack against AOL staffers through which he gained access to more than 60 accounts from AOL employees and subcontractors
Nieves faces four felony charges and one misdemeanor charge. He was arraigned on Monday and remains detained, a DA’s office spokesman said.
The alleged acts cost AOL more than $500,000.
Nieves admitted to investigators that he committed the acts because AOL took away his accounts. He also admitted to posting photos of his exploits in a photo Web site.
Authorities arrested Nieves after AOL provided them with information from an internal investigation into the alleged acts. AIM subscriber information and IP address data involved in the acts led AOL to Nieves, whose address and phone number AOL had on file.
Nieves is part of a “loosely coupled” group of hackers who have targeted AOL and other companies in recent years, but that Nieves focused specifically on hacking into AOL.
Its really quite stupid to do half-a-million dollar’s worth of damage to a network and then leave an easy-to-follow digital trail of bedcrumbs back to your home. So Mike Nieves, get yourself a soap-on-a-rope. Those big guys in prison will really like your soft hacker’s body.
Quick comment…
If Mike Nieves is a stupid kid, and if AOL is among the best protected networks in the world, then how did some “stupid kid” hack into the “best protected network” so easily?
Just Wondering….
Also, no jailtime
Phishing accounts is not the same as penetrating a network using weaknesses, Drew. His stupidity is evident because of his flagrant flaunting of his criminal activity.
A corporation as large as AOL should not allow its customers’ credit card and payment information to be so easily discovered by a simple phone call where somebody says they are somebody else.
I know Mike personally, and I also work tech support in a call center for a large cable internet provider, and the company I work for is very prepared for such calls and prepared against social engineering.
Obviously, the charges against mike was a little more than just “phishing accounts,” in your terms sounds like he just got a couple member usernames. Mike is charged, according to the article, with gaining access to about 50 employee accounts.
Please explain the difference, Pat, between a weakness in a network, and the ability for somebody to social engineer their way to customer financial information. In my opinion, social engineering is the most real form of hacking there is, and the lack of attention that companies put to that aspect of hacking IS quite a large gap in network security.
Drew,
I only know what the article is telling me. From what I read, I infer that Mike used trojans and targeted emails to phish the accounts of AOL employees both at corporate headquarters and at the call center. This was not done over the phone.
And Drew, phishing I dont think is “most real form of hacking there is” like you say. But I do think that when all else fails, phishing still works and it works quite well, as your friend Mike demonstrated. And yes, it is a huge gap in network security. Lots of manhours and technology are being focused at the problem trying to fix it with stronger authentication, etc. But with dumb employees still in the loop, its a huge uphill battle.
So what is the latest on your friend Mike? I tried a Google search but didn’t manage to find much. Was he released? Charges dropped? and thanks for sharing your thoughts!