On this #WayBackWednesday, our 8-Bit history lesson focuses on the early days of U.S. consumer online access… Back then, you got „easy“ online* access with an AOL (America Online) CD and a 28.8k modem.
In the early 1990’s, AOL’s software connected users to chat rooms that centered around specific topics. Curious and clever teenagers looking for different ways to test the limitations of the AOL software traded “tricks” (hacks) in these rooms. One such user, Da Chronic, worked with a few other users to release a bundle of tricks that could be installed on top of the AOL software called “AOHell”. This software bundle was so notorious, even Wired Magazine took notice.
The software came with a readme file that described the tricks bundled in. One trick was called “CC/PW Fisher”. It allowed the user to open a room, pose as AOL staff and then ask users for their passwords. According to phishing.org, the first time that term “phishing” was used was in 1996 in a Usenet group which referenced AOHell. https://www.phishing.org/history-of-phishing
We have come a long way since 1996. Since then, phishing has taken on many different forms, for example: spear phising, whaling, vishing, water holing, smishing, spoofing, quishing, business email compromise (BEC)… All of these techniques have a common, underlying theme: impersonation. These attacks lead the victim to believing that they are responding to a message from someone or some service that they can trust.
It used to be that it was “easy” to detect these types of attacks. It was common to look for flaws – misspellings, poorly formatted images or pages, etc. But, attackers are now starting to use AI to radically improve their approach and make their messaging more trustworthy. In BSides Munich 2018, Carl Schoeller predicted this evolution in his talk, “Social Engineering and Emerging Multimedia Technologies”. https://youtu.be/rUV5sBChHis
* It is interesting to note that the access provided by AOL was not necessarily Internet access. See: https://thehistoryoftheweb.com/postscript/aol-pretends-to-be-the-internet/
Wired Magazine Article: https://www.wired.com/1995/07/aohell
Interview with DaChronic: https://podcasters.spotify.com/pod/show/aolunderground/episodes/Da-Chronic–Creator-of-AOHell-and-Automated-Phishing-e1ic74b/a-a7tfsc3
BSidesMunich2024
BSidesMunich 8-Bit :: Forged by HI