Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Group L0pht Making a Comeback

Posted by Soulskill on from the getting-the-band-back-together dept.

angry tapir writes "The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from 'space.' This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. Hacker News Network is one of the side projects of the Boston-based hacker collective known as L0pht Heavy Industries. They're the guys who famously told the US Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies."

11 of 110 comments (clear)

  1. Hmmm... by Colourspace · · Score: 4, Insightful

    Assuming these guys are 'white hats', and they are not _necessarily_ the most able or l337 hax0rs out there, then why has someone not already attempted to take the internet down in 30 minutes already? For, say, 1 million dollars? I call hubris..

    1. Re:Hmmm... by Colourspace · · Score: 2, Insightful

      l0pht may well be intelligent enough to realise that very fact, which is very true. But it might not mean the same to a bunch of North Korean/Chinese/Russian hackers, who might not have anything to lose and want to cause maximum disruption. Hell, they might even think they are so good/out of jurisdiction of the relevent authorities they don't care about anything except maximum disruption. What's your point again?

    2. Re:Hmmm... by augahyde · · Score: 3, Insightful

      Assuming these guys are 'white hats', and they are not _necessarily_ the most able or l337 hax0rs out there, then why has someone not already attempted to take the internet down in 30 minutes already? For, say, 1 million dollars? I call hubris..

      The statement was made in 1998 when security was extremely lax with a majority of the hacking community residing in the west.

    3. Re:Hmmm... by theillien · · Score: 3, Insightful

      Probably because even when talking in front of Congress, hackers are going to prone to puffing their chests out in order to make themselves seem more 1337 than the next group.

    4. Re:Hmmm... by Sigma+7 · · Score: 4, Insightful

      I am going out a limb here, but could it be 'conscience' ? Hackers, even black hats, will attack only that which they see as evil.

      More like they're not willing to attack a target they perceive as critical to their operation.

      For example, a hacker may find it funny to send something via the Border Gateway Protocol to disable access to Youtube; other hackers might consider this good, since it encouraged productivity. If he instead disables the entire Internet via BGP, he cripples himself and can't do much until the problem is recovered. Said hacker won't be able to brag about taking out the Internet, since no computer enthusiast likes critical infrastructure being taken out.

      If a hacker accidentally took out an internet when trying to demonstrate something believed to be harmless (e.g. the Morris Worm), then that's okay. We all make mistakes and gain experience not to do it a third time.

  2. Pioneers of the glamourous geek lifestyle by Beefpatrol · · Score: 5, Insightful

    Those guys also were probably among the first to make it publically obvious that computer skills were not simply vehicles for the personal amusement of the socially inept. The press at the time always discussed how they had one apartment for themselves, and one next door for their gear. They made money being hackers, (in the old sense of the word -- not crackers.) I imagine that a substantial part of the sudden increase in society's respect for geeks, (maybe mostly their potential incomes,) was due to the glamorous press exposure l0pht received at that time. Perhaps Slashdot should thank them -- I'm not really sure. It will be interesting to see what this new l0pht is like.

    1. Re:Pioneers of the glamourous geek lifestyle by _Sprocket_ · · Score: 2, Insightful

      I imagine that a substantial part of the sudden increase in society's respect for geeks, (maybe mostly their potential incomes,) was due to the glamorous press exposure l0pht received at that time.

      Or maybe it's that whole Internet thing that was popping up around that time. The geeks became attractively rich. The tech stopped being black boxes hidden in white-floored, air-conditioned caves and became vehicles for wealth and ubiquitous services. And did I mention the geeks becoming attractively rich?

      I doubt "society" in general paid much attention to L0pht (beyond the attention the mysterious hacker "whiz kid" usually gets). There was already about a decade of exposure to the microcomputer and the concept that it would change our lives. And we had already seen ample exposure of the hacker to pop-culture (i.e. the movie War Games and T.V. show Whiz Kids). Mainstream society seemed sort of curious but not entirely impressed with the geek behind the curtain.

      But when the Internet dot-boom era began, money got everyone's attention. Suddenly the geek behind the curtain got much more interesting.

  3. literature request by Trepidity · · Score: 3, Insightful

    Since I like history and dead-tree, anyone have a suggestion for a good book covering the history of these 1990s hacking/security/blackhat/whitehat/grayhat groups, and what you might call the fragmentation/dissolution of the underground? There's good material on the 80s, but much less on the 90s, it seems, despite a decade having passed.

    The only one I know of with more than a passing mention is a 20-page overview in Ch. 3 ("Hacking in the 1990s") of the book Hacker Culture (2003). Others?

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  4. Re:Anti-Sec by Darkness404 · · Score: 4, Insightful

    But you -do- have that right, you just don't feel like using it. That is what happens with freedom, even though I have pretty much every right to fill this post with random links to Goatse, penis jokes and conspiracy theories about how 9/11 was planed by Jewish people, I choose not to. Same with you, you have, and should have every right to publish it, you just choose not to.

    --
    Taxation is legalized theft, no more, no less.
  5. L0pht history by Animats · · Score: 4, Insightful

    L0pht Heavy Industries went corporate in 2000, and became "@Stake", which was acquired by Symantec in 2004, and disappeared into the Symantec empire.

    L0pht, founded in 1992, was itself a descendant of the Cult of the Dead Cow, founded in 1984 and still around, more or less.

    There have been various spinoffs and buybacks along the way, but it's been a while since cutting edge work came from that crowd.

  6. Re:Anti-Sec by _Sprocket_ · · Score: 2, Insightful

    But what's more dangerous, the bag of tricks in the hands of a few skilled people or an open bulletin board with 0day-exploits for everyone?

    What makes this question even more complicated for me is that Secunia, the people who protect us from exploits if we pay them, is sponsoring this practice.

    The bag of tricks in the hands of a few - hands down. What we're talking about here is carte blanc access in the hands of a select few. We have to trust that the motives of these few strangers will fall in line with ours. And then we have to trust that the "select few" will remain few. Eventually they won't in both cases. Individuals will use these exploits to cause damage. And knowledge of these exploits will spread until even the least trusted in the underground has access to it.

    We ran this gambit in the 80s. Exploits would become known within the underground. The most elite would share the knowledge amongst other inner-circle personalities. Eventually the exploit would slip to wider and wider distribution. Vendors would either be oblivious to the exploit or completely unmotivated to fix it. The general public would be oblivious to it or unmotivated to invoke any fixes a vendor might have provided. Until some amateur will do something damaging (intentional or not) with the information.

    An interesting thing to note is the nature of computer crime over the years. A good deal of it was the activities of the stereotypical exploring hacker / phreak. And there was always the insider looking for revenge or manipulating data to steal. However, there were also "classic" hackers making money manipulating systems to steal equipment. And the Mafia was a consumer of Blue Boxes.

    Today, the computer crime scene has expanded to provide ample opportunities to tempt the first individual willing to hand over an exploit. You can question Secunia's motives if you want. But you should be aware that there are others just as driven with much more sinister motives.

    I agree that 0day exploits on public bulletin boards breeds chaos. But it's very visible chaos. Many more people are aware of the issues presented by a publicly published vulnerability. And that gives it a better chance of being addressed and its effective life shortened.

    It would be better, of course, if the vulnerability never existed. But they tend to exist. There are 0days right now waiting to be discovered. The question is how long until they are discovered, by who, and how will they be used?