Online Exclusive News Opinion Arts & Entertainment Sports Et Cetera

Interview with a hacker

By Daniel Wilchins

Nicholas Ryan, DC '98*, is currently under house arrest. His crime? Hacking AOL as no one had ever hacked it before.

In June 1995, Nicholas Ryan released AOL4Free, a utility that allowed people to access AOL without paying hourly service charges. Ryan distributed the program in AOL chat rooms, and quickly became a hero on the Internet service.

But the authorities caught on to his exploits pretty quickly. That December, the Secret Service tracked him down and confiscated his computer. In January 1997, Ryan pled guilty to one count of computer fraud, and agreed to pay full restitution to AOL. He was sentenced to six months house arrest, with two years probation.

In April 1997, Ryan withdrew from Yale College. He is currently taking classes at the University of Rochester, and plans to apply for re-admission to Yale in Spring 1999.

Ryan spoke to the Yale Herald Online in a series of interviews from his home in upstate New York.

Yale Herald: I read the letter you sent to [Wired reporter] David Cassel, in which you described penetrating AOL. You did much more than show people how to get AOL for free; you gained complete control over the AOL system. You read [AOL CEO] Steve Case's email. You could log in as any user. You crashed celebrity chat sessions.
Nicholas Ryan: The thing with AOL is those guys started out with a small service, and as time went on, they kept getting bigger and bigger. They spent all their time expanding their capacity, not on increasing security. When they were small, they didn't need much security. But when they got bigger, they should have patched those security holes up. They ignored it till me and some other guys started hacking it.
Maybe they think that by busting just one guy, there's going to be an end to AOL hacking, but it doesn't work that way.

YH: So is AOL secure now?
NR: There are still big security holes. There're articles about them on David Cassel's web site. AOL executives don't care about security, because they're still raking in the money. That may not be the best moral decision, but that's not how executives think in these big companies.

YH: How did it feel to crack AOL?
NR: When I was doing it, it was really cool. Whenever I found a new hole, I'd say to myself, "These guys can't get any stupider," until I found another new hole, and I realized they could. Cracking AOL was like an addiction, like taking drugs. When I found an account hole that let me log in as any user on AOL, it was such a rush. We got total control over the system; it was the Holy Grail of Hacking. We didn't do anything destructive, but just having the power to [destroy] was a rush.

YH: When you say we, you mean...?
NR: There was a circle of four or five of us. I don't know their real names, and I wouldn't want to.

YH: You said hacking into AOL was cool when you were doing it. Do you regret having done it now?
NR: Yeah. I was taking money that wasn't mine, and I was wasting people's time while they were trying to do real jobs. They provide a service, to help new people get on the Internet. If people want to pay through the nose to do that, AOL has the right to accept their money. That's capitalism.
It was a big waste of my time, too, because instead of making software that could sell, or make computers more secure, I was hacking AOL. It was sort of like cocaine, a quick fix. You take coke, and it feels good, but it actually destroys you.

YH: What made you turn to hacking?
NR: I made a lot of the wrong choices freshman year. One of the things about my freshman year was that I was in Bingham, and it was really crowded. It was the worst dorm on campus when I was there. There were four of us in a really tiny room. I complained to my dean, and I got a single in Bingham. After I moved out of my suite, though, I didn't try to keep in touch with anyone, and I became lonely, so I turned to hacking instead. Sophomore year, I moved to the Taft, and I kept hacking.

YH: When did you first get into AOL?
NR: Second semester freshman year. I wanted to hack at the time. I knew I had two choices: I could be an internet hacker, like Mitnick, or do online services [like AOL]. I decided internet hacking was too much, so I looked for other opportunities. AOL seemed not to have too many hackers, so the possibilities were wide open.
Once I wrote AOL4Free, more AOL hackers came out of the woodwork, and we got to know each other.

YH: What about internet hacking was "too much"?
NR: Internet hackers had little cliques that were very tough to break into. People in these cliques know all the possible security holes in different Unix based systems, and use them to break into different companies' computer networks.
It's all documented, and there's not much creativity. You're just exploiting security holes that people know about. Not everyone knows about the holes, only the people in the elite hacker cliques. But once you get into a clique, you learn everything.
AOL was a pristine field. I was exploiting undocumented security holes. Nothing was known about AOL, and I had to learn everything for myself.

YH: So after you were convicted, did companies line up to offer you jobs?
NR: No. There's an established industry for internet hackers in helping companies find holes in their Unix systems. But there's nothing like that for AOL, because no one else uses AOL's system.
The company I'm working for now, I came to them with an idea. I pitched it to them, and they showed some interest, and gave me some money to develop it. I only told them about the conviction after they showed some interest.

YH: I read in Wired News in April that you were working on a program that encrypts the contents of your hard drive every time you shut down your computer. Is that what you're working on now?
NR: I have a deal with a company now, but they made me sign a non-disclosure agreement [NDA]. I have a pretty good deal with the company: they're giving me cool money and something to work on during this time. It'll be a commercial product, and should be out sometime next year. But I can't say what company it is, or what product it is, or how its doing, or anything like that.

YH: But it's interesting that you're still allowed to use a networked computer.
NR: My probation officer didn't want to let me use computers at all for the two years I was under probation. I basically told him that would suck, and how I could use computers to make a good living for myself. I wrote a document for him promising not to do anything hacking or anything illegal, and told him how he could check on me. My parents talked to him, too. He came around.

YH: Do you miss hacking?
NR: No. I'm programming a lot now, and I really like it. There's so much that's undocumented in Windows 95. A lot of the work I'm doing now is like hacking, but it's legal. I have to figure out what I want to do, and how to do it, and it's not described in any documentation. I like getting inside the system, and figuring out what makes it work.

*Although Ryan matriculated with the class of '98, he withdrew from Yale in April of '97.

Back to the front page...

[About the Yale Herald] [About Yale Herald Online] [This Week's Issue] [Search the Archives] [Online Features]
All materials © 1997 The Yale Herald, Inc., and its staff.
Got any questions, comments, or advice? Email the online editors at online@yaleherald.com.
Like to join us?