While previous attacks on AOL content pages often have left the graphics intact or changed just the text on the sites' title bar, today's attack wiped out all images and reduced the page to text proclaiming: YES HE DID!
AOL has since taken down the site, and will not permit access to users that type in "ACLU" as a keyword until the site is cleaned up, an AOL spokeswoman said.
Neither the ACLU nor AOL believe the hack was politically motivated. Instead, ACLU spokeswoman Emily Whitfield said the attack was more a "mischief hack" than someone expressing antipathy toward the organization.
"We will be looking into security measures in our AOL site and online site, and checking with our [service providers] to make sure they're doing everything possible to prevent security breaches," said Whitfield.
According to the AOL-critical newsletter AOL Watch, the ACLU today became the latest in a list of AOL sites that have been tampered with, including the New York Times, Business Week, and Reebok, among others. Many times, these hacks resulted in vulgarized text changes or the notification of the hacker's success.
Nonetheless, AOL said the incident was the result of a password compromise, which the company cites as the most common cause of hacks in its proprietary service. AOL explained that passwords can be harnessed by means of a so-called Trojan horse file. Trojan horses are files that are delivered to users via attachments that "masquerade" as help files, screen savers, and the like. When a user opens the attachment, it records the user's keystroke patterns and can record the user's password. Once the password is successfully recorded, it is sent back to the hacker, and the outgoing message is deleted from the victim's email out-box.
And how does AOL advise its members to be less susceptible to Trojan horses? "You shouldn't be downloading files from strangers," said Tatiana Gau, who oversees AOL members' security.
In the case of today's ACLU hack, AOL has not confirmed the presence of a Trojan horse, but it is expected to undergo an investigation to determine the cause of the password compromise. If a Trojan horse is detected, AOL plans to refer the matter to law enforcement.
Though the ACLU first began its online efforts on AOL's proprietary service, the organization does not seem to be overly anxious about the incident, since its Web sites outside the AOL network are running smoothly.
"In respect to the Trojan horse, it's pretty much safe to say that Troy has not fallen today," said Whitfield.