Back to blog

Hacking Horror Stories Vol. 1 – AOHell

Aug 30, 2018 by Becci Velzian

With the proliferation of new technology and ‘Phishing Kits’ available on the Dark Web, people can commit greater crimes sat at home in their pajamas behind a computer screen than ever before. In this blog series, we want to educate our readers on: cyber-attacks, their overwhelming commonality, and our top tips for preventing these from occurring.

For many, security breaches are hard to discuss (beyond those required by regulatory actions, like GDPR) because some feel embarrassed, or feel their reputation will be jeopardized. Some simply want to minimize any unnecessary attention. We want to break those barriers to help more businesses improve their Office 365 security and defend themselves against criminals lurking online.

So, who you gonna call? Quadrobusters!


Hacking Horror Story Vol. 1 – AOHell

So, as this is the first of the series, I thought I would take it back to the start. Take a few seconds to cast your mind back to 1994. Perhaps you (like many) would rock up to work or school with a phone the size of your sneakers, listening to the latest Green Day cassette on your Sony Walkman, and sit down at a computer with no color that weighed more than a child.

You may also remember the email address that EVERYONE had supplied by America Online, which back then was the largest online internet provider, and the first phishing scam victim




What the AOHell is it?

A seventeen-year-old called “Da Chronic” from Pittsburgh created the first ever phishing kit called “AOHell”. It was created after he was infuriated by his favorite “ethical hacking pages” being shut down, but more so by AOL failing to shut down many sites harmful to the safety of children.

Consequently, he deviously built a program to annoy AOL, their founder Steve Case, and all its users which he fittingly called “AOHell”. The phishing kit users were hilariously greeted by Dr. Dre’s 1993 song “Nuthin but a G Thang” and Steve Case as the devil every time it loaded.

AOHell Screenshot

AOHell Screenshot

The Features in AOHell v3.0

Da Chronic created many features arming this program with some serious hacking weapons.

Free AOL

AOL, like many sites, had “free” and “billed” access areas. Da Chronic incorporated a “free” button, so when users went on to paid-for sites, they were able to obtain free access and hide all paid buttons. Many of AOL’s newsgroups were paid for, so this was a real financial nightmare.

Artificial Intelligence Bot & IM Manager

AI? In the 90s? Surely not. Da Chronic added a tool that recognized specific keywords in a chatroom and created auto responses, even with personalization. E.g.

Moron142: you all smell

You: Excuse me Moron142, I really don’t appreciate that. Get out of here!

Similarly, the “IM Manager” feature enabled you to autoreply to people you weren’t in the mood to talk to, but still allowed you to talk to others. E.g.

Moron142: Hey man, what’s up?

You: Sorry Moron142, I’m super busy right now. Why not drop me an email later and we’ll catch up?

This feature of AOHell allowed you to speak to others whilst just auto-replying to “Moron142” and, if someone other than the person you wanted to speak to messaged you, it could automatically destroy it before you even saw it. A real pain for AOL’s usability.

Mail the Room

Does what it says on the tin. AOHell users could mail the entire room anything they wanted, including personal details or rude messages. Another nightmare for America Online.

AOHell Fake Account Creator v1.0

This was the ultimate hacking feature, it enabled hackers to create fake credit card numbers and information in seconds which they used to set up thousands of fake AOL accounts. This had a huge impact on AOL’s ability to verify accounts.


A “punter” could knock another user off AOL by sending them HTML code which would then immediately log out or “punt” the other user off the system. This was incredibly annoying for the victim of this feature, as it meant they would have to keep signing in and out.

CC/PW Fisher

This is the first ever ‘phishing tool’ and mention of ‘fish’. In 1995, hackers were able to acquire usernames, passwords and credit card information by sending out IMs in chatrooms pretending to be AOL engineers, such as “Hi, this is AOL customer service. We need to verify your account for security. Please can you provide us with your username and password?”


Ghosting cleared everyone’s messages in the chatroom apart from the AOHell’s users, which was great if the hacker wanted to be heard to get credit card details e.g.:

AOL Admin: *clears the whole chatroom*

“We are conducting routine security checks, please could you confirm your username, password and credit card details or your account will be blocked.”

Finger & Shoot

Users hit this button to send everyone in the chatroom a very naughty middle finger, which took up the entire chatroom screen. In the same way, the “shoot” button sent an ASCII picture of a gun to the person you want to shoot in the head.

The Steve Case Cloak

Due to Da Chronic’s hatred towards AOL and its founder, he made an IM bot to pose as Steve Case in chatrooms to inevitably obtain information and trash the brand. E.g.:

Steve Case: Hi AOL users, want to get a free month of AOL? Drop me a message with your username, password and credit card details!

AOL’s comeback

As a result of receiving a tumultuous thrashing from the AOHell program, AOL needed a game plan to get rid of this attack forever. Their response was a new version, AOL 2.5, which wasn’t compatible with Da Chronic’s software. AOL also had to delete every single user found using AOHell, which wasn’t ideal. Essentially, the AOHell attack jeopardized the safety of AOL users, cost AOL a lot of time and money to recover lost trust, and brutally damaged their reputation.


In today’s world…

This kind of security breach occurred around 25 years ago; technology is far more advanced now, and we are more prepared and able to defend businesses from this kind of humiliation. That said, while we are more equipped, cyber-criminals are also more sophisticated, with access to the same technological advances.

Most impotantly, the best way to tackle the threat of any attack is to be proactive, and receptive to anomalies or changes in your environment. To do this in Office 365, you need to know what’s normal, and what’s not.

First of all, our advice is to stay on top of your daily, weekly, and monthly reporting, and use a security tool with sophisticated auditing and detailed filtering. Track trends, identify changes in activity or usage, audit the permissions you have configured regularly, and set alerts on vulnerable areas of your tenant to ensure your environment is protected against hackers and remains healthy.

Our SaaS-based Office 365 reporting tools, collectively known as Radar Reporting, are a powerful set of security and analytics applications, designed to optimize and protect your Office 365 environment. With Radar, you’ll gain visibility into: unknown logins, attempted breaches, devices connected to Office 365, mail flow, spam and malware traffic, and much more.

Sounds great right? Don’t get caught out by a millennial iteration of ‘Da Chronic’, take a 14-day free trial of Radar Reporting and see how the in-depth insights can help you drive adoption, maximize licenses and stay safe.