Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Software to Defraud AOL Sold in Moscow

Illegal software designed to create fake accounts on America Online, the world's largest Internet service provider, has been openly traded in Moscow computer markets for as little as $6 per copy for the past several weeks.

As a result, AOL shutdown its access numbers in Russia on Dec. 14 due to "major fraud."

"As Steve Case [president of AOL] quotes in his new user letter, they have over 5 million users," the creator of the program, an American hacker who identifies himself as "ARK," wrote in the introduction to the program on the CD. "Do you think he has the budget for 5 million tracers?... In other words, they will probably never catch you, so happy hackin'."

The program, entitled "AOL.Crack," is a refinement of the computer fraudster's bible, "Credit Master 4.0," a system which generates credit card numbers and a state/zip code/telephone area code combination designed to fool computer credit checking systems. A user guide details how to use the information generated by the program to obtain free access to AOL services.

"AOL.Crack" is widely available on PC CD-ROM in Moscow's pirate CD markets as part of a package of pirate programs marketed as "Office 97." The CD is manufactured in Bulgaria or China, according to CD sellers at Moscow's Tsaritsino market, and has been on sale since mid-October for around 30,000 rubles. The CD-ROM, which also contains pirate versions of popular software such as Microsoft Office, Photoshop and Quark X-Press, has been one of the top-selling products of the last two months, according to anecdotal evidence from the Tsaritsino vendors.

"ARK's Fake Account Creator" circumvents AOL's credit checking system by generating three- to six-digit "bank index prefix numbers," which form the first digits of any credit card. The AOL computer checks the prefix number against the state/zip code/area code combination, verifying the address but not contacting the credit card company directly. Once the check is run, a new AOL account is opened in a fake name, and the charges are billed to a non-existent credit card account.

The program has thousands of bank index prefix codes and addresses stored in its memory, allowing a fraudulent user to change his virtual "identity" as soon as a fake credit card number is discovered and disconnected.

AOL shut down its Russian access numbers because of a "sudden surge" in use by fraudulent subscribers who were not paying for their online time, said Tatyana Gau, vice president of Integrity Assurance at AOL.

"The surge was flagged, and we shut down [local access numbers] so that we could take a closer look into the fraudulent accounts," said Gau. "There is no time frame for reconnection; the review is very data intensive."

"AOL.Crack" appears to have originated in North America, judging by the author's slangy teenage language and poor spelling skills. 'ARK' also notes in his guide to using the program that even if AOL detects the fraud and tracks down which local access number has been used, "they can only narrow you down to about 100,000 people in the area," an AOL user density found only in the United States.

How the program got into the hands of pirate CD-ROM producers in Eastern Europe remains a mystery.

Despite AOL's attempt to cut off potential fraudsters by shutting down Russian local access numbers, AOL can still be accessed via the Internet, using a different local server, such as Russia Online, Glasnet, or Matrix. The potential for wider-scale fraud is also high, because the fake credit card identities generated by "AOL.Crack" can also be used to order goods or services by telephone or via the Internet.

"We are looking into ways to maybe introduce more registration checks for customers dialling in from Russia," said AOL's Gau. "We'll first have to assemble all the evidence before contacting any law enforcement organization."