Even “MacGyver” is no match for an AOL security breach

A computer security consultant loses his Instant Messenger account to a hacker, who finds the screen name too good to give up.

Topics: AOL,

Habeeb Dihu chose the name “MacGyver” for his America Online instant messaging account because, like the TV detective, he was adept at tinkering with equipment. But on Feb. 8 the Chicago computer security consultant encountered a problem even the real MacGyver would have a hard time solving.

“I suddenly got a message saying my screen name was being logged off of AOL Instant Messenger because I’d logged in elsewhere,” he says. Two weeks had passed since AOL said it had plugged a security hole which allowed unauthorized access to AOL Instant Messenger (AIM) accounts, but someone was demonstrating that the hole was still open — and had claimed Dihu’s account.

For the next 17 days, Dihu, a senior principal at Diamond Technology Partners, confronted this fraudulent “MacGyver,” who identified himself as a teenage hacker. Dihu opened another AIM account and messaged his own MacGyver screen name, only to receive a reply moments later, which he says included the screen name of a friend whose messages the account thief had apparently received.

Dihu complains that he spent several hours on the phone with AOL support staffers trying to get his AIM identity restored — but to no avail. Making the situation worse: Dihu was consulting with major automakers on a deal for a new Web site. “It’s already causing chaos for me,” he lamented at the time, “as my business and personal associates try to reach me via my I.D., only to have the hacker politely respond.”

You Might Also Like

In late February TangentX, the hacker who first publicized the security hole, said via e-mail that the original hole that allowed people to take over others’ AIM accounts had “never stopped working.” But he declined to demonstrate it. “The AIM hack still works,” a second hacker added. Even the unauthorized holder of the MacGyver account, whom I messaged after Dihu had alerted me to his troubles, boasted of stealing other AIM identities.

The half-dozen calls I’ve made to AOL over the last month have gone unanswered. AOL spokespeople said they didn’t want to comment until they had spoken to Dihu directly. But Elias Levy, chief technology officer at SecurityFocus.Com, says that security holes often remain open after companies deploy patches. “It’s not unusual for a company to fix a problem and not fix it at its root. And then hackers find a way to go around the fix.”

Meanwhile, Dihu found that, unlike MacGyver, his technical expertise couldn’t bail him out. “I work with all sorts of organizations to assist them with their security,” he says, “but it’s irrelevant when you’re confronted with an outside force you can’t control, who won’t work with you to correct these things when they occur.” SecurityFocus’ Levy echoed his concerns. When asked what AIM users can do in a situation like this, he replied “Not much, really. It’s all in the hands of AOL to fix the software.”

Dihu even resorted to asking the thief in control of his account, “Now that you’ve proven your point, mind turning it back over?”

“Nope … Sorry,” came the reply. “Too much of a priceless name.”

Finally, after I had alerted the public relations office to the problem with all my calls seeking comment, AOL spokesman Rich D’Amato called Dihu on Feb. 25 to say the MacGyver account had been returned to him and “locked” to his e-mail address. “When I asked him if they found out what it was,” recalls Dihu, “he said they weren’t quite sure what happened, and that they were still looking into it.” Dihu is happy to have the account back, but he’s still not sure why TV’s MacGyver can disarm a missile with a paperclip, but despite his technical prowess he couldn’t hold onto his AOL Instant Messenger account.

David Cassel is an Oakland, Calif.-based freelance writer covering the Internet and popular culture.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    Martyna Blaszczyk/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 1

    Pond de l'Archeveche - hundreds thousands of padlocks locked to a bridge by random couples, as a symbol of their eternal love. After another iconic Pont des Arts bridge was cleared of the padlocks in 2010 (as a safety measure), people started to place their love symbols on this one. Today both of the bridges are full of love locks again.

    Anders Andersson/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 2

    A bird's view of tulip fields near Voorhout in the Netherlands, photographed with a drone in April 2015.

    Aashit Desai/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 3

    Angalamman Festival is celebrated every year in a small town called Kaveripattinam in Tamil Nadu. Devotees, numbering in tens of thousands, converge in this town the day after Maha Shivratri to worship the deity Angalamman, meaning 'The Guardian God'. During the festival some of the worshippers paint their faces that personifies Goddess Kali. Other indulge in the ritual of piercing iron rods throughout their cheeks.

    Allan Gichigi/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 4

    Kit Mikai is a natural rock formation about 40m high found in Western Kenya. She goes up the rocks regularly to meditate. Kit Mikai, Kenya

    Chris Ludlow/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 5

    On a weekend trip to buffalo from Toronto we made a pit stop at Niagara Falls on the Canadian side. I took this shot with my nexus 5 smartphone. I was randomly shooting the falls themselves from different viewpoints when I happened to get a pretty lucky and interesting shot of this lone seagull on patrol over the falls. I didn't even realize I had captured it in the shot until I went back through the photos a few days later

    Jassen T./National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 6

    Incredibly beautiful and extremely remote. Koehn Lake, Mojave Desert, California. Aerial Image.

    Howard Singleton/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 7

    Lucky timing! The oxpecker was originally sitting on hippo's head. I could see the hippo was going into a huge yawn (threat display?) and the oxpecker had to vacate it's perch. When I snapped the pic, the oxpecker appeared on the verge of being inhaled and was perfectly positioned between the massive gaping jaws of the hippo. The oxpecker also appears to be screeching in terror and back-pedaling to avoid being a snack!

    Abrar Mohsin/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 8

    The Yetis of Nepal - The Aghoris as they are called are marked by colorful body paint and clothes

    Madeline Crowley/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 9

    Taken from a zodiac raft on a painfully cold, rainy day

    Ian Bird/National Geographic Traveler Photo Contest

    National Geographic Traveler Photo Contest Entries

    Slide 10

    This wave is situated right near the CBD of Sydney. Some describe it as the most dangerous wave in Australia, due to it breaking on barnacle covered rocks only a few feet deep and only ten metres from the cliff face. If you fall off you could find yourself in a life and death situation. This photo was taken 300 feet directly above the wave from a helicopter, just as the surfer is pulling into the lip of the barrel.

  • Recent Slide Shows

Comments

0 Comments

Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>