Home page logo

isn logo Information Security News mailing list archives

Hackers penetrate America Online's ICQ Web servers
From: InfoSec News <isn () c4i org>
Date: Wed, 27 Jun 2001 01:56:51 -0500 (CDT)


June 26, 2001

Two servers for the instant messaging service ICQ were cracked
yesterday, defacing at least one Web page.

Dulles, Va.-based America Online Inc., which owns the ICQ instant
messaging service, said the problem was quickly resolved and no user
data was compromised. The ICQ service is interoperable with AOL's
proprietary service, AOL Instant Messenger.

Security monitoring site Attrition.org posted: "On June 25, 2001, two
machines on ICQ's network were compromised and the Web pages defaced.
These defacements lead us to wonder if other parts of the network were
compromised, possibly allowing access to private ICQ messages,
subscriber database or more."

A hackers group called MiH, or Men in Hack, compromised the ICQ

"The first machine compromised was the ICQ homepage used to search the
ICQ network and user base," according to an Attrition advisory
released yesterday. "The second machine compromised serves an unknown
purpose. Originally defaced by MiH, the page is currently defaced by
Silver Lords and has no indication of the original content."

AOL, in an e-mail response to a query about the attack, said it was
aware of one community page on www.icq.com that had been altered,
adding that the defaced page was one of 20,000 pages. The problem was
resolved with a security patch, AOL said.

"There was no user account impact whatsoever, and no user information
was at any time compromised," AOL said in the statement.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
  • Hackers penetrate America Online's ICQ Web servers InfoSec News (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]