One day in August, Glaubman was using his Windows program to do a little multi-tasking -- writing a letter and using a spreadsheet -- when he stopped to demonstrate America Online (AOL) to a visitor. He logged on as usual, clicking the appropriate icons to access a chat room, when suddenly his computer stopped responding to his commands. Within seconds a large, official-looking message flashed on the screen, bearing the familiar triangular AOL logo. "The accounting department is having a problem locating your password," it read. "Please enter your password again to continue."
Glaubman remembered being warned by AOL not to give out his password under any circumstances. Figuring he'd simply log off, have his modem redial the service, and sign in again, he tried to exit the program. Nothing happened. Finally, in part because he didn't want to switch off his computer and risk losing the work he had left unstored elsewhere in Windows, he complied with the unusual request. The message disappeared, and Glaubman continued showing off the service's features to his guest. Minutes later, as he was preparing to sign off, the accounting department's message reappeared, again locking up his screen. This time, fed up with the hassle, Glaubman restarted his computer instead of obeying the request, though it cost him his letter and his work on the spreadsheet.
He forgot the incident until a friend gave him a call the next day. "Rod, what's the matter?" the man asked. "What do you mean?" Glaubman replied, whereupon his friend informed him that he'd become concerned when he received the following AOL e-mail message, with Glaubman listed as the sender: "Don't ever fucking write me again, or I will kill you and your children and chop you into little pieces."
"It's not the kind of thing you expect to read in your e-mail, and certainly not from Rod," says Glaubman's friend, who asked that his name not be published. "I knew right away that someone had taken over his machine or used his identity. It sent shivers up my spine. I know it's not him, but what happens if they're sent to people he's doing business with?"
Glaubman guesses that the hacker either accessed his e-mail address file or intercepted messages sent to his electronic mailbox and created vulgar responses. Only two people told him they'd been sent nasty mail, but he fears there may have been others.
He was also afraid that the perpetrators might have breached his hard drive and its business database, which contains 8000 contact names and numbers, including those of stars such as Gloria Estefan and Rod Stewart. Other private information -- business accounts, credit card numbers -- was stored in files on his computer, as well.
Glaubman's apprehension mounted when he attempted again to log on to AOL: His account had been canceled. When he reached an AOL rep at the service's toll-free number, Glaubman recalls, "She got very indignant and told me I'd been canceled for using vulgar language and stealing passwords." The operator told him he'd been electronically detected using obscene language in a variety of on-line meeting places. When he tried to explain what happened, she referred him to the "terms of service" department, which handles violations of AOL rules. Despite repeated phone calls and faxes to that department, he didn't hear back.
"Now am I logged into their records as a thief and a vulgarian?" he wonders.
Glaubman's paranoia and frustration peaked a few days after the hacking incident, when his computer began to malfunction. Repairs, including a new hard drive, cost him about $500. (Patrice Rapalus, director of the Computer Security Institute, a San Francisco-based group of information-security professionals, says it's extremely unlikely that a hacker could harm -- much less access -- a person's hard drive merely by being connected through an environment such as AOL.)
Having familiarized herself with Glaubman's experience at the request of New Times, America Online spokeswoman Pam McGraw concedes that perhaps the company made some errors. "The terms-of-service department didn't act promptly," she admits, adding that the company now intends to write off the bills (about twenty dollars' worth) apparently run up by the hackers and give Glaubman a ten-dollar credit toward future use. His membership has been reinstated. "It appears that the hacker created the terms-of-service violation, so the member is not held accountable," McGraw concludes with admirable logic.
Though McGraw says she knows of only "a handful" of such incidents, the scenario has been grave enough to warrant a special warning from AOL president Steve Case in a special electronic letter posted on the service. "There have been some cases where certain individuals are passing themselves off as employees or representatives of America Online, and then asking members at random for their passwords," the message reads. "Under no circumstances will anyone from AOL ever ask you for your password." Case also suggested that users change their password regularly. McGraw won't divulge what, if any, other action has been taken, although she does say that the 3.5 million-member service generally refers hacker violations to law enforcement authorities. Case's letter also noted that an AOL security team has installed new software to thwart hackers.
For his part, Glaubman plans to be extra cautious when traipsing around on-line from now on. "It looks like a great eight-lane highway," he reflects, "but they don't tell you that if you try to dance across it, you could get nailed.