ITBusiness.ca

‘Hacker gods’ reform infamous group

The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.
This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security.

Hacker News Network is one of the side projects of the Boston-based hacker collective known as L0pht Heavy Industries. They’re the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.

The L0pht’s eight members were hacker gods back in the ’90s, but most of them have faded from the limelight, even as they’ve watched a cottage industry of security research firms sprout up based on many of the disclosure techniques they pioneered. The L0pht disbanded after it sold out to consultancy @stake in 2000, and its members gradually watched their dream of being paid to do cutting-edge hacking and security research wither and die.

But over the past few months, the L0pht has been getting back together, kind of.

Six of the eight members reunited last year at a Boston security conference, and in May 2009, members of the group released the first update to their L0phtCrack password audit tool since 2005. They say it took a few years of negotiations with Symantec — which bought @stake in 2004 — to get back control of L0phtCrack and several other L0pht properties.

Last month the L0pht Web site went back online, and the demo version of Hacker News Network is set for an official launch on Jan. 11, 2010. (Chosen because the date 01-11-10 works as a binary number.)

The L0pht Web site will give members a single place to link to their current projects. Peiter Zatko, aka Mudge, says he’d like to use it as an archive of the group’s historic security advisories.

More projects may evolve. The group acquired the rights to its AntiSniff network monitoring tool from Symantec and is toying with the idea of reviving that as well.

“We’re still trying to figure out what the ultimate goals are,” said Joe Grand, aka Kingpin. “But I’m just happy that we can be in touch on a personal level and not have to deal with business, not have to deal with politics, and just have a place to do stuff.”

Business and company politics pretty much killed the L0pht, according to some members. The core members sold their business to @stake in the hopes that with a deep-pocketed corporate sponsor, they would be free to do hacking projects that really interested them, such as drawing attention to important security problems that were being ignored by software vendors.

Mudge describes the L0pht’s early security advisories as “very much a Rachel Carson-meets-Consumer Reports sort of attempt.” (Carson was a biologist who advanced the environmentalist movement in the ’60s.)

Initially, the group tried to apply that neutral Consumer Reports model to its @stake work, refusing to take money or free products from vendors. “It drove the venture capitalists nuts because we’d be turning down the money,” he said.

But in the end, corporate pressures trumped idealism. Within six months, Space Rogue, the only member who remains anonymous, was fired from his job in the company’s PR department (“I didn’t fit in at all; they were a bunch of clueless idiots,” Space Rogue remembers), and gradually other members drifted away, often in disillusionment.

“We went there to become researchers,” said Christien Rioux, aka DilDog. “Unfortunately the research part didn’t generate enough money to fund the consulting part.”
“It stopped being fun,” said Joe Grand, who said he left after being pressured to do consulting work instead of the research he loved. Today Grand runs his own electronics design company, Grand Idea Studio.

Some members stopped talking to each other, angry with the way things had gone. The only L0phter with Symantec today is Paul Nash (aka Silicosis).

But bad feelings between the members have softened with time. Though many of them live in different cities now, they still get together whenever they can, at conferences or when they happen to be passing through the same city.

“I don’t think we could ever recapture the magic of what the L0pht was,” said Space Rogue, who is now an IT staffer in Massachusetts. “But I think we’re at the point now where we can rekindle the friendship.”

“It’s L0pht again, but different,” he said.

Exit mobile version