Ten years ago I helped cofound AOL-Files.com, a website devoted to finding and exploiting holes in the America Online service. Together, Rob, BMB, and I grew AOL-Files into one of the most respected community of amateur hackers on the net.

Recently I started Googling for information about the site, to see if anything other than the archive on this site was still online. To my great surprise, the site is still talked about regularly on hacker forums.

Digital Gangster, the most notable of the lot, appears to be where a lot of the former AOL-Files crew migrated after it was taken down.

Here are a few excerpts:

yes I do, you used to hang with the aol-files crew we used to chat on rob’s irc server and talk about hax0ring the world

O0O, April 2007

O0O was a major contributor to the site and eventually one of the staff. The word “brilliant” comes to mind when I remember his work.

i edited my aim 5.1 by learning the hex offsets via tauville from aol-files

mx, July 2007

I went by the alias Tau back in those days — never heard the term tauville before, but I think he’s referring to some of the articles I wrote. Glad to help!

There was a long discussion in 2007 about an article that appeared on Wired about a hacker named Smokey, the “self-professed ringleader in the AOL hax0ring scene”. There’s a lot of discussion in the thread about AOL-Files while they try to determine the accuracy of Smokey’s claims. O0O sums it up pretty well:

The only Smokey I remember from back in the day was a coat-tail rider of some of the old AOL-Files crew. The guy was a young newb that knew less than Cam0.

There are also several threads dedicated to people posting their old AOL-Files profiles:

In March 2008, omer downloads AOL-Files from Archive.org and posts a link to it:

thanks to webarchive.org ive been able to get a lot of documents from aol-files.com from 2001. most important thing is that ive recovered A LOT of the FDO documents/tokens/keywords/arguements/SOFTWARE (which is already on my site ) and including the People’s list, (which im sure a lot of you readers can find your names/handles on there.) I know a lot of you will look at it and be like what the fuck? Thats okay because i think i did an okay job with at least in some perspective bringing it back to life. and i made it for fun so <^> . Enjoy!

Later in the thread there’s some discussion about when AOL-Files.com launched in relation to Observers.net. O0O sets the record straight again:

In April `99, Moo/Brat and other ex-CLs filed their Department of Labor complaint asking the US GOVT to rule that CLs should be paid a wage, that they weren’t really volunteers, but workers in a sweat shop. I never really agreed with them and their interpretation of the law, but went with it cause it gave AOL bad press. This got Observers alot of mainstream media attention, etc. It was also Kelly’s shining moment in the spotlight, her 15 minutes of fame. Over the next year, Kelly took over more control of Observers, by the end of the year she owned the domain, paid for the webhosting and all the original staff had left. She brought in her own lapdogs and slowly ran the website into the ground with overt censoreship of the forums, not letting anyone ever criticize here or exercise an opinion opposite of hers. Around that time aol-files sprung up and all the real deal hax0rs moved over to those forums and eventually their IRC.

and

The Obs forums died once Kelly started censoring them in late `99. Newriot wasn’t even around until late `99 if I remember correctly. That website was pretty fuckin stupid and the forums there were filled with script kiddies who thought they were badass cause someone taught them one of the 6 methods to jack an AIM. AOL-Files was the best website/forums ever regarding AOL shit.

Newriot…wow… memories.

and

Good times while it lasted, AOL-Files was way better though, definately the best of all sites and the best msg board for the scene.

In June 2007, a2 posts another link to the archive.org version of AOL People, which people nostalgically browse through and post their old profiles.

i forgot who was in charge of that but i think you just had to email the template filled out to like people@aol-files.com

Rather than create a form that let people post their information, I had everyone email it to me and then I manually went formatted them and created pages for everyone. What a major pain in the ass.

From March 2009:

aol-files is still up if you guys didn’t know matt kept most of the archive up and the members and the database of aliases oh don’t we miss them days

And in October 2008, after I post the AOL-Files archive on this blog, people discover more profiles. The common response when people see their old profiles is “wow, I can’t believe I wrote this”. I wholeheartedly agree.

Good times.

I recently received this email:

I was sitting here yesterday talking with a friend and remembering our own good ole days when Modal Tools by Tau got brought up. We talked about what a great program it was, but how impossible it is find anymore. i stumbled across your archive site and got a small thrill thinking that aol-files.com was actually in existance still/again. i quickly realized it was archived but had to keep reading for nostalgia.

I eventually came to a part that said “if you remember aol-files.com send me an email”. So, heres that email and a shout. And, a small request i hope you might be able to help with. While we may have stopped the childish games, Modal Tool 2.0 still has simple uses and we have been hoping we could find a copy. If you happen to still posess that, it would be great if you could email it to me or just link me to it somewhere. I would greatly appreciate it. And hey, thanks for giving us (once upon a time) aspiring aol hackers neat stuff to play with back in the day.

There was a certain type of window on AOL called a Modal or specifically, “_AOL_Modal”. They looked like this:

Whenever an AOL Modal popped up you had to act on it before you could do anything else with the AOL client. Most windows in the AOL class hierarchy fell under the “AOL Frame25” class, which was basically the entire AOL client. Modal’s were a different breed. They were a separate entity and they could not be moved, resized, or hidden. This is from a tutorial I wrote back in the day on AOL Class Names:

AOL Class Hierarchy circa 2001

Over time people figured out that you could do some interesting things with some of the modal windows.

For example, AOL did not charge you for the time you spent creating a new screen name. They simply disabled the rest of the AOL features until you were out of the area designated for coming up with new names. For people who had unlimited usage billing plans, this didn’t really matter. But at the time (1998ish), a lot of people still paid per hour. Someone figured out that if you simply hid the AOL Modal that was open when you were creating a new screen name, AOL still through you were in the create screen name area but you could still use AOL like normal.

Clever, huh? I seem to recall that AOL sued the guy who popularized this method of avoiding charges, but that may have just been a rumor.

Modal Tool was a small program written in Visual Basic that made it easier for people to figure out how to do things like that. It let you explore the contents of AOL Modals (they often had hidden controls), disable them, hide them, etc. I think it was a fairly widespread tool within the AOL hacker community at the time.

Here’s what it looked like:

Not sure if it works on newer versions of AOL (the last time I used it was around 2001), but you’re welcome to download it if you want to play around with it: Download Now.

PS – If you’re looking for a generic program that lets you explore the contents of any window (not just AOL Modals), I highly recommend Winspector.

Exploits Online was created on February 5, 2000 and put on the web on April 20, 2000, in hopes of providing AOL members with the information they never knew they wanted to know. Exploits will bring you up to date information on AOL exploits and information about the ensuing America Online version 6.0. With so many people on AOL, new exploits are being discovered daily. The goal of Exploits Online is not to harm AOL in any way; just to make it more interesting to its members.

Over the next few months I’m going to work on documenting some of my programming projects. The work, which ranges from about 1998 to the present, will be a portfolio of sorts. It’s not all glamorous and and not all great, but it’s led me to where I am today and for that I’m thankful.

My first website, Exploits Online, was dedicated to hacking America Online. I began it in early 2000 and it eventually evolved into what became AOL-Files. The site was located at ieetfools.com/tau and I’ve uploaded what I have of it here:

Exploits Online Archive

At the time, I was 14, which is both frightening and amazing to me now.  It’s terrifying because that work danced on legal and ethical line. One of the main objectives of our work was to acquire, often by deception, quality screen names. Also, if you check under the Collections link, you’ll see a screenshot titled “Invalid credit card number by Fila”. The screenshot shows Fila, who I don’t remember now, getting an account rejected because the stolen credit card he used had been terminated. A common practice, though one I never participated in, was to steal credit card numbers using phishing techniques and use them to create AOL accounts. The prospect of stealing a credit card number or using a stolen number, thankfully, mortified me.

There’s lot of interesting lines from this site, which I recall now with nostalgia:

This Friday, June 2nd, I will be leave for my dad’s place up in Conneticut and I will be staying there for five weeks.
…
While at my dad’s place I’m going buy some books on Java, CGI, and the ilk and will learn from them. So, when I have a domain the interface will include menus and some more advanced features than I currently know.
…
I wish you all the best over the summer and my advice to you is to get out and live your life. I doubt anything will change much while I’m gone. A recent study found out that 34% of teens are on the computer five or more hours a day. Thats scary. All of you into AOL exploits: what is your goal? At first I got into this because I wanted a two character screen name or an indent. But then I thought about it and who cares? It’s a nice thing to brag about but if you think about it, its not that great. I’m cutting back on online time. I started running too. I run one and a half miles a day now. It feels great. So, all of you need to get out; have fun.

That post implies that living life is something entirely distinct from the work we were doing. I realize now that this is not the case. Despite the words, I never really “got out” in the way I meant it there. I vividly recall being at my father’s apartment that summer and writing in a notebook the words for the About section for what would later become AOL-Files.

In fact, on every vacation I’ve been on since then I can remember brainstorming in a notebook about whatever project I was working on at the time. For example, after I graduated in 2007 I went to Europe with some friends… I brought along a book on Two Person Game Theory and probability for a poker bot I was working on. On my honeymoon earlier this year I brought Simply Javascript and Founders at Work. In a week when I go home for Christmas I’m bringing Agile Web Development with Rails, Here Comes Everybody, and Quick LLC. Creation, I have found, is what drives me, but that’s a story for another post.

Looking back at the exploits I wrote about, they range from really, really stupid (see How to Instantly Close AOL) to pretty good (see Screen Name Cloning Tutorial and AOL Class Names Tutorial). And the Thoughts section is a misnomer, since everything there is basically a poorly worded rant.

BMB first contacted me after he saw Exploits Online being advertised in a chat one day. We had common interests and eventually decided to make AOL-Files. Ultimately, that partnership proved to be the most important result that came out of this site.

O0O, a really sharp guy I met through AOL-Files, made a comment in a May 2007 post on Wired regarding a guy I knew well named cam0, who never really grew out of the childish hacking phase (this is the same cam0 that hacked Paris Hilton’s cell phone and LexusNexus). This portion of the post is great, not only because O0O gives BMB and me a head nod six years later (brag), but because it’s the same thing I feel when I hear about people still trying to hack AOL:

Ri, Smokey and whoever else still in the scene that is reading this. This crap aint worth it. At the end of the day you may look back at these days as alot of fun, but that’s only until you get caught or you realize that you wasted time that could have been spent chasing women or drinking beer with buddies.

I left the scene in 2002, I was 20 years old, and I haven’t looked back since then.

Its fun to think about the “good ole” days, but in my time we weren’t fighting over screen names. It was about exploring, information sharing and discovering something no one else knew. You guys sit around all night suspending each other, cracking “3r33t” sns and arguing over who is leeter.

I will tell you right now authoritatively that if your name isn’t one of the people I mentioned in my last post, you are nothing. You won’t be remembered by anyone unless you get arrested. No one cares about AOL or what you can or can not do. You aren’t finding anything new with the service that wasn’t already figured out ten years ago. You’re wasting your time and your effort. If you’re somehow getting a high off having a cat and mouse game with opssec, then God Bless you buddy for having absolutely no life.

Smokey for the record is not out hax0ring the world with BMB/Tau, etc. Ri, I don’t know who you are, based on some of your bad facts you can’t be too old in the scene, but I would hope you dont make AOL your full time hobby. To every other 15 year old reading this, telling a girl you own a 3chr aint going to get you laid.

Hacking the world… gotta love it.

The site’s modest traffic spiked a few days ago. Using Google Analytics I tracked down the incoming traffic to a site called digitalgangster.com, a community of online misfits (not unlike AOL-Files once was). Someone posted a link to their AOL People profile and asked everyone else who had one to do the same. Surprisingly, a lot of people on the forum seem to have been involved in the AOL-Files movement.

One poster, wrote the following after checking out his profile:

god damn, i barely remember this shit…what teh fuck was i thinking when i did this…lol

Amen to that.

I’m happy to see others enjoying the trip down memory lane —