Back in 1998 when I was 13 years old I got heavily involved in the AOL hacking scene, originally building add-on software called progs (Revolution, Meridian), publishing code libraries called bas files (Alpha32), and later co-founding AOL-Files.com (where I went by the hacker alias Tau), which became a massive community and educational resource for folks interested in that scene.

These experiences got me hooked on programming and building products which has had a huge impact on my life that continues to this day.

Recently Steve Stonebraker, creator of the AOL Underground podcast, reached out to see if I was interested in being interviewed about that time period. I jumped at the chance.

For anyone interested in hearing me reminisce about the good ‘ol days of AOL hacking, you can listen to the full interview here: Tau – Co-creator of AOL-Files.com. We cover how I got started building progs, co-founding AOL-Files, many of the major exploits that followed, and much more.

Back in 1999 I cofounded AOL-Files.com, which eventually grew into the largest AOL hacking site of its kind.

One of the primary methods we used to discover exploits in the AOL software was by writing our own script’s using AOL’s Form Definition Order (FDO) programming language. From the AOL-Files FAQs on FDO:

FDO stands for Form Definition Operator. AOL communicates using this programming language. For example, after clicking any icon or button in AOL, FDO code is sent by the AOL system and interpreted by your AOL to create a window. So, the FDO language is the language used to describe forms on the AOL client. This site has focus on learning how to program in FDO and provides a surfeit of examples and tutorials for those who want to learn.

When BMB, Rob, and I started AOL-Files, FDO was all but unknown outside of the AOL development teams.

We did not have any official documentation, but through lots of experimentation we were able to figure out how FDO worked and eventually how to use it to discover holes in the AOL software and service.

Here, for example, are three tutorials I wrote back in the day as an introduction to FDO91 (the version of FDO in use at the time):

• Lessons 1: Streams, Atoms, and Tokens 
• Lesson 2: Basic Atoms
• Lesson 3: Command Buttons

To give you an idea of how much we sought after an official manual, I wrote this in the first lesson:

FDO tutorials are unheard of. I have heard rumors that very few people at AOL have the FDO91 Manual. I will pay money for any professionally written, extensive, and full tutorial. Name your price.

A little dramatic maybe, but we really did want the official manuals. Rather than reverse engineer it through experimentation, an official manual would tell us exactly what did what and with that information we could discover exploits at a much faster rate than ever before. Alas, we never got ahold of one and had to make due with figuring it through trial and error.

Why mention all this now? A friend recently pointed me to this photo on Flikr by Joe Loong:

We have:

• Building an Online Service
• New Building User’s Guide
• Editorial Plan
• FDO91 Manual – Volume 1
• FDO91 Manual – Volume 2
• Information Provider’s Guide
• Bringing Information Online Using Rainman (more info on Rainman here)
• FDO88 Manual

Wow. Only 12 years too late :)

I love running into folks that remember AOL-Files:

To be honest, my Dad gets the nod for buying me a VB book that included VB5 back in 5th grade (1997). But, I’ll have to say that you (with that AOL-Files.com site) and this guy named “Oogle” inspired me with the “hacker” curiosity by about 6th grade. In this case it was all black-hat though =)

From a HacherNews post about how folks got started in programming.

Good times.

Adrian Lamo, the hacker who turned in Bradley Manning, a 22 year old Army Specialist who submitted classified documents to Wikileaks, used to be heavily involved in the AOL hacking scene many years ago.

Here’s his AOL-Files.com profile when he went by the name Magus:

Inverview taken on: 1/12/01

What is your primary handle? I’ve gone by Magus since I first started using online services – at the time, bulletin board systems – in the early 90’s.
What are your current AIM screen names? Line Trace
What is your e-mail address? adrian@adrian.org
Do you have a web site? inside-aol.com, terrorists.net, securid.org
What is your real name? Adrian Lamo. . if you want to be technical, its the Doctor Reverend Adrian A. Lamo, Ph.D . . Doctor of Divinity and minister through the Universal Life Church, the grandma of all diploma mills everywhere. . .i don’t take those seriously, and don’t expect anyone else to, but i put them on my resume and my business cards to make a point of my disdain for the certification and educational process.
Where do you live? i move around alot .. i like to travel, and have lived on both coasts, and spent a couple years in south america. . i’m in transit right now. . but am based out of San Francisco.
How old are you? 19
What are your hobbies? i like to break and explore. breaking things is integral to the progression of technology. . people accuse me of being directionless, but i think its important to drop dynamite into the pond sometimes, to see what floats up. in my copious free time, i like to explore abandoned buildings and sewer systems, as well as exploring occupied buildings – its amazing how many security guards will escort you up to the roof of a skyscraper if you only ask, or won’t even stop you if you look like you know where you’re going. . urban exploration is definitely a big passtime. one of the reasons i like to travel, too., i used to be involved in local activism and whatnot. . worked with the city government, stuff like that. . i’m massively disinterested in politics now though.
How would you describe your physical appearance? scrawny geek ; )
What do you hope to do as a profession? same as i do now. . short term, interesting contracts for worthwhile places. i’ve been working since i was 16, and have run through a pretty big variety of jobs and contracts. . most of them designed to be short term .. i did a 3 month security audit for a fortune 500 company once, that was probably the most interesting. . but i’ve worked for everything from nonprofits to law firms to private investigation firms. . i set up a Netzero account for one of kevin mitnick’s former attorneys at one of them, of all the ironic things. . thats the sort of thing i want to keep doing. i don’t want to be stuck behind the same desk all my life, working at the same place until i have too much invested in what i’m doing to be able to do anything to risk it.
How long have you been on AOL? used the service briefly when i was younger, when it was known as Quantum Link, and i was playing around with my commodore 64. . but i didn’t start to really use it til the mid-90’s. . i used AOL 1.6 for DOS/GeoWorks for the longest time, and actively resisted going over to the Windows version until they started disabling features one by one. .they eventually sunsetted it altogether in June of 1999. So. .something like 7 or 8 years now.
How much time do you think you spend online each day? it varies. . .depending on where i am and what i’m doing. sometimes, if i’m interested in something, i’ll spend days online nonstop. . sometimes i’ll spend days without touching a computer. on a really average day, anywhere between 4 and 12 hours ;x
What programming languages are you familiar with? i don’t really program. the only languages i’ve worked with are x86 assembler and OPL for the EPOC16 palmtop OS.
What do you spend most of your time online doing? breaking and exploring -=)
Who are your good friends online? They know who they are.