mercury Center Web:></A><br>
<A HREF=Archives
SAVEgateway Document Delivery


Friday, September 8, 1995
Section: Business
Page: 1C

By: By MIKE LANGBERG, Mercury News Staff Writer

America Online Inc., the nation's largest on-line service, announced new security measures Thursday in an effort to stay ahead of increasing attacks by computer hackers trying to disrupt operations and even steal credit-card numbers.

In an electronic-mail letter to members, AOL President Steve Case said users will soon begin receiving an occasional reminder to change their passwords - the first line of defense against hackers.

''In case you don't see the notice, take a moment during this session and change your password,'' Case wrote. ''We suggest you change it on a regular basis, too. I change mine about four times a year.''

The letter also states ''there have been some cases where certain individuals are passing themselves off as employees or representatives of America Online and then asking members at random for their passwords. Please know that this is not our policy - under no circumstances will anyone from AOL ever ask you for your password.''

And Case said AOL ''recently installed new system software to fix some recent problems that were discovered'' with hackers. But Pam McGraw, a spokeswoman at AOL headquarters in Vienna, Va., said the company would not describe the specifics of the intrusion, the steps AOL has taken to counter the hackers or the impact on members.

''AOL has a security program in place,'' McGraw said. ''If an AOL member's account was ever tampered with, we would notify the AOL member.''

AOL revealed the stepped-up security measures on the same day it announced that membership has exceeded 3.5 million - cementing AOL's position as the largest on-line service. AOL is a partner with the Mercury News in the newspaper's Mercury Center electronic news service.

The rapid growth of AOL has also made the company a major target for hackers, whose efforts have ranged from juvenile pranks to possible criminal activity. The incidents also illustrate the potentially huge security problems in developing electronic commerce, where ordinary business transactions will be completed with nothing more than the exchange of electronic data over phone lines.

One of the more embarrassing problems for AOL is a program called ''AOHell,'' which offers several tools for attacking AOL and has been distributed through the Internet. The program was apparently created by a hacker who uses the name ''Da Chronic.''

For example, AOHell includes a ''ghost'' feature that will clear the screen in a ''chat room'' where groups of users meet to exchange messages - effectively allowing the user to shout over the electronic voices of the other participants.

AOHell also allows users to download large files without being charged for the time it takes.

Most damaging of all, AOHell includes a ''fisher'' that allows a user to pose as an AOL official and ask new members for passwords or credit-card numbers.

AOL has stated it will terminate the account of any member using AOHell, but it may be difficult for AOL to detect AOHell usage. That may explain why Case, in his letter to members, called for increased vigilance: ''While we're trying to eradicate the hacking incidents, I'd like to ask you, as an AOL 'cybercitizen,' to report any unusual or improper behavior that you see immediately.''

The San Jose Mercury News archives are stored on a SAVE (tm) newspaper library system from Vu/Text Library Services, a Knight-Ridder Inc. company.