Hacker Group L0pht Making a Comeback

angry tapir writes "The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from 'space.' This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. Hacker News Network is one of the side projects of the Boston-based hacker collective known as L0pht Heavy Industries. They're the guys who famously told the US Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies."

Are they relevant?

[BadAnalogyGuy]

Once upon a time these guys were the baddest of the badasses. But nowadays Russia, China, and North Korea have become real threats.

What can a group of guys in Boston do that could rival Russian hackers?

Re:Are they relevant?

[Anonymous Coward]

What can a group of guys in Boston do that could rival Russian hackers?

tea party?

Re:Are they relevant?

[hedwards]

Tea bagging?

Re:

[Macfox]

If I had mod points, you'd get them.

Re:

[laejoh]

Pfff, they'd reply with a lemon party... Then what?

Re:Are they relevant?

[Anonymous Coward]

Mate, Bostonians are what you get when you mix pirates and ninjas. Chuck Norris is scared of Boston. Last time they threw a Tea Party they instigated the overthrow of the largest empire in history! A few blokes from Boston are enough to wipe out the Third Reich, Mossad, Chuck Norris and the SBS all in an afternoon.

Regards,
      Phil

Re:Are they relevant?

[sharkey]

Baloney. Chuck Norris knows Boston's fatal weakness! [headinjurytheater.com]

Re:

[FredFredrickson]

Hilarious.

For those who don't get the reference.. This link [fredrickville.com] will help.

Re:

[pikine]

Consider that they were the black hats forefathers who inspired the hackers in Russian and China, I think their limit is not whether they can do it or not, but it's what they end up doing that matters.

North Korea? WTF???

[sgt_doom]

W(here)TF did you come up with North Korea? Oh yeah, that memo passed you buy about the source of that last I-net run against gov sites originated in the United Kingdom? It was those scumball pols who claimed it originated in North Korea....you know, that SecDef Robert Gates, who used to boil cats when he was in his teens, and the guy with the father who also occupied the Secretary of Defense position. WTF ever happened to social mobility in the US of A, anyway?????

Re:

[Profane MuthaFucka]

Aqua Teen Hunger Force.

I can't recall any Russians who were able to paralyze an entire city in fear with nothing but an amusing comic book character. It rivals something Chuck Norris could do.

Or maybe the Boston PD is a bunch of scared little pussies. Naaah, nobody would believe THAT.

Re:

[theillien]

I love how people like to cite this as a means to insult Boston and its citizens. Because, ya know, *everyone* knows who the Mooninites are and should just assume that unidentifiable objects with their likenesses are all safe and fluffy. And god forbid the city from where flights of 9/11 took off be fucking paranoid of something like that happening again.

Re:

[Profane MuthaFucka]

Wow, another dumbass from Boston who can't tell the difference between a cop and a citizen.

Just for you, I'll expand my criticism, which if you could read you would notice was directed towards the Boston PD, to the entire populus of the Boston metropolitan area.

Every person in Boston is a dumbass, afraid of the blinking lights.

If I'm going to get accused of generalizing about the entire city, I may as well make the generalization. If there's one thing I hate, it's being wrongly accused.

Re:

[Profane MuthaFucka]

And just to rub it in...

http://www.liquidmatrix.org/blog/wp-content/uploads/2009/06/screencap.png [liquidmatrix.org]

Apparently Boston can't tell if it's a computer virus or a tornado. It must be the same effect that causes them to believe that their women are good looking.

Re:

[Fred_A]

http://www.liquidmatrix.org/blog/wp-content/uploads/2009/06/screencap.png [liquidmatrix.org]

Apparently Boston can't tell if it's a computer virus or a tornado.

What if it's a virus that makes your computer bomb ?
(I don't think you can still get the Mac to display the bomb thingie though)

Re:

[Crysm]

Yes, because no one has yet invented DNS caching.
...
Oh wait.


Yes, those servers are important, but they don't handle every single DNS lookup directly. They wouldn't be able to withstand that. Taking down those servers would only inconvenience people by temporarily preventing them from contacting domains that weren't in their DNS server's cache.

A more effective target would be to attack IXPs and prevent the traffic from flowing between Internet carriers. There are quite a lot of those, though, and i

Sung to the theme, "Welcome back Kotter"

[slicenglide]

Welcome back... welcome back... Wel-come BAAAACK!" -Cha!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ImYourVirus]

The Moon?

Re:Hmmm...

[Eternauta3k]

that would be neigh to impossible.

And yet I can't see where the horses come in

Re:Hmmm...

[tcr]

Heh.. the Russians might just be out for revenge.

Interesting article [techradar.com] about how the CIA took advantage of the fact that the USSR had given up on domestic computer systems development, and had taken to cloning IBM and Dec gear.
From examples spiked with malware....
Excerpt:
 
 

In the early 1980s, the Russians were constructing a trans-Siberian oil pipeline, and needed an automated system to properly manage it. Softening attitudes allowed them to legitimately purchase older models of computers on the open market. They then approached the American authorities for permission to buy the necessary software. When the US refused, the KGB stole the application.

However, the software they stole had been doctored to go haywire after a while. It would open valves unexpectedly and set pressures too high for the pipeline's welds. When the explosion came, US seismologists measured the blast at three kilotons.

Re:

[tibman]

Stories like those make me love the US gov. How cool is that, seriously? To plan something like that? That's Dr. Evil's genius plans being paid for by the US gov and aimed at other nations. As long as the plans are are targeted at problems and not just for evil's sake, i'd say keep it up!

Re:

[nashv]

I am going out a limb here, but could it be 'conscience' ? Hackers, even black hats, will attack only that which they see as evil. I think there is a pretty good consensus that the internet as a whole, is not evil - in fact, it is the most liberating force in our times. Hackers owe their existence to it, and could be observing a self-preservative moral code. Or it could be simply that its too easy. Hackers seek a challenge, and if , as they claim, all it takes them is 30 minutes, perhaps its not worth all

Re:Hmmm...

[Sigma 7]

I am going out a limb here, but could it be 'conscience' ? Hackers, even black hats, will attack only that which they see as evil.

More like they're not willing to attack a target they perceive as critical to their operation.

For example, a hacker may find it funny to send something via the Border Gateway Protocol to disable access to Youtube; other hackers might consider this good, since it encouraged productivity. If he instead disables the entire Internet via BGP, he cripples himself and can't do much until the problem is recovered. Said hacker won't be able to brag about taking out the Internet, since no computer enthusiast likes critical infrastructure being taken out.

If a hacker accidentally took out an internet when trying to demonstrate something believed to be harmless (e.g. the Morris Worm), then that's okay. We all make mistakes and gain experience not to do it a third time.

Re:

[ahabswhale]

lol...can't track them with a dead internet (besides the fact that they wouldn't be stupid enough to do it from their own machines in the first place). If they could pull it off, they could easily get away with it unless they were stupid enough to brag about it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Celeste R]

There's how many Evil Scientists bent on destroying the world around?

Most people just want money; money that keeps coming.

Re:

[hedwards]

As opposed to the system we have now where they all do what various law enforcement agencies want?

My hat's kind of brownish...

[argent]

Maybe you could call it "tan" or "dun", I don't know. Keeps the sun out of my eyes, anyway. Isn't that what matters?

Re:

[augahyde]

Assuming these guys are 'white hats', and they are not _necessarily_ the most able or l337 hax0rs out there, then why has someone not already attempted to take the internet down in 30 minutes already? For, say, 1 million dollars? I call hubris..

The statement was made in 1998 [senate.gov] when security was extremely lax with a majority of the hacking community residing in the west.

Re:

[theillien]

Probably because even when talking in front of Congress, hackers are going to prone to puffing their chests out in order to make themselves seem more 1337 than the next group.

Re:

[Hurricane78]

Because usually, this gets you shot. And I think you can be as cool a l33t h4x0r as you want. If you are a stain on the walls, it does not matter, does it? ^^

I say, if the government would sign something, stating that they would get away with it, with some UN guarantee backing it... *Then* you could see people attempting this.

Oh, and back when they said it, the security of the internet was a complete joke compared to now. One botnet trojan/virus from today could wipe the whole net from back then without pro

Conficker, Slammer, Mytob and other M$ technologie

[SgtChaireBourne]

Because usually, this gets you shot. And I think you can be as cool a l33t h4x0r as you want. If you are a stain on the walls, it does not matter, does it? ^^

I say, if the government would sign something, stating that they would get away with it, with some UN guarantee backing it... *Then* you could see people attempting this.

Oh, and back when they said it, the security of the internet was a complete joke compared to now. One botnet trojan/virus from today could wipe the whole net from back then without problems. :)

Not if you add "with a computer" to the activity. Look at a group we see injecting code known to be unsafe into airports, hospitals, schools and military sites. Not even an eyebrow is being raised, let alone a rifle scope. The military has been sitting on its hands while this group brings the infrastructure and parts of the economy to its knees. MSFT racketeering causes billions of dollars of damage each quarter.

Re:

[lorenlal]

Because how do you make money off of it? You just take everything down and... profit?

Let's face it. The internet is much more profitable for your hacker group if you keep it running and allow your bots, and spam generators, and everything else to communicate with each other and report back your earning reports.

Now, some yahoo could go ahead and launch the attack, but that would require use of one of those botnets, and then you'd have to answer to a lot of angry Russians. Last I checked, they don't have t

Hackers NEED the internet

[djdevon3]

If they took down the internet what is there to hack (or forcefully provide incentive for code improvements)? Hardware and social engineering crap again? Not to mention all the completely inept script kiddies that depend on actually skilled coders to do their work for them. There's no way they would shoot themselves in the foot. D...U...H...

Anti-Sec

[improfane]

The Anti-Sec folks won't like this!

I reported a MySQL security bug to a recent Slashdot front page and got a 'Thanks - looking into it'. Not sure it has been fixed yet. This gives me no right to publish it anywhere if you ask me. Not yet anyway.

Re:Anti-Sec

[Darkness404]

But you -do- have that right, you just don't feel like using it. That is what happens with freedom, even though I have pretty much every right to fill this post with random links to Goatse, penis jokes and conspiracy theories about how 9/11 was planed by Jewish people, I choose not to. Same with you, you have, and should have every right to publish it, you just choose not to.

Re:

[Anonymous Coward]

9/11 was planed by Jewish people

The WTC was planed. 9/11 was *planned*.

Re:

[fedxone-v86]

The Antisec guys just have a problem with "security experts" who earn their living by doing nothing but posting exploits (without contacting anyone but Secunia) and generally spreading fear.

I haven't really understood their views on non-disclosure but my guess is they'd rather have no disclosure at all than the farce that is full disclosure.

Re:

[_Sprocket_]

I haven't really understood their views on non-disclosure but my guess is they'd rather have no disclosure at all than the farce that is full disclosure.

My guess is that they don't want people ruining their fun. It's a lot easier to have a bag of tricks if people aren't aware of what said tricks are.

Re:

[fedxone-v86]

But what's more dangerous, the bag of tricks in the hands of a few skilled people or an open bulletin board with 0day-exploits for everyone?

What makes this question even more complicated for me is that Secunia, the people who protect us from exploits if we pay them, is sponsoring this practice.

Re:

[_Sprocket_]

But what's more dangerous, the bag of tricks in the hands of a few skilled people or an open bulletin board with 0day-exploits for everyone?

What makes this question even more complicated for me is that Secunia, the people who protect us from exploits if we pay them, is sponsoring this practice.

The bag of tricks in the hands of a few - hands down. What we're talking about here is carte blanc access in the hands of a select few. We have to trust that the motives of these few strangers will fall in line with ours. And then we have to trust that the "select few" will remain few. Eventually they won't in both cases. Individuals will use these exploits to cause damage. And knowledge of these exploits will spread until even the least trusted in the underground has access to it.

We ran this gambit i

Pioneers of the glamourous geek lifestyle

[Beefpatrol]

Those guys also were probably among the first to make it publically obvious that computer skills were not simply vehicles for the personal amusement of the socially inept. The press at the time always discussed how they had one apartment for themselves, and one next door for their gear. They made money being hackers, (in the old sense of the word -- not crackers.) I imagine that a substantial part of the sudden increase in society's respect for geeks, (maybe mostly their potential incomes,) was due to the glamorous press exposure l0pht received at that time. Perhaps Slashdot should thank them -- I'm not really sure. It will be interesting to see what this new l0pht is like.

Re:Pioneers of the glamourous geek lifestyle

[Beefpatrol]

You're right that computer skills became more in demand because computers became more entrenched in society. My main point was that geeks gained substantial social respect because the media published a bunch of stuff that glamorized geekdom. I didn't mean to imply that (social respect == ability to command more income). Geeks were already making money and their skills were already valuable. A lot of people didn't realize that at the time though. The prototype geeks the media used at the time were the l0pht guys. I think it mattered that they were independant -- they weren't working for a corporation or anything like that.

Re:

[maxume]

That's clearer. Still, I expect Bill Gates has been much more of an ambassador (If I asked the 50 people that I am most closely related to what 'lopht' was, they would first think I was talking about a thing you put a bed on and then not have heard of the group, but most of them would know who Bill Gates is), and that much of the rest of it has been due to a simple increase in numbers of people who write software (and other similar tasks that go beyond the uses that the majority has for computers).

Re:

[Beefpatrol]

You make a good point. People knew about the Microsoft millionaire phenomenon probably before l0pht. Perhaps I should say that the press coverage of l0pht inspired me more than Bill Gates. I've known quite a few people that did the "bunch of guys hacking on the same stuff in the same apartment which also happens to be where they live" thing. One group of people that I knew actually lived in the apartment next door to the hacking apartment. One of them is even famous, (for a geek,) for having done some

Re:

[_Sprocket_]

I imagine that a substantial part of the sudden increase in society's respect for geeks, (maybe mostly their potential incomes,) was due to the glamorous press exposure l0pht received at that time.

Or maybe it's that whole Internet thing that was popping up around that time. The geeks became attractively rich. The tech stopped being black boxes hidden in white-floored, air-conditioned caves and became vehicles for wealth and ubiquitous services. And did I mention the geeks becoming attractively rich?

I doubt "society" in general paid much attention to L0pht (beyond the attention the mysterious hacker "whiz kid" usually gets). There was already about a decade of exposure to the microcomputer and the [time.com]

Re:Pioneers of the glamourous geek lifestyle

[Hurricane78]

Doesn't get me laid, though, does it?

literature request

[Trepidity]

Since I like history and dead-tree, anyone have a suggestion for a good book covering the history of these 1990s hacking/security/blackhat/whitehat/grayhat groups, and what you might call the fragmentation/dissolution of the underground? There's good material on the 80s, but much less on the 90s, it seems, despite a decade having passed.

The only one I know of with more than a passing mention is a 20-page overview in Ch. 3 ("Hacking in the 1990s") of the book Hacker Culture [amazon.com] (2003). Others?

Re:literature request

[Darkness404]

The book The Best of 2600, a Hacker Odyssey is pretty good. http://www.amazon.com/Best-2600-Hacker-Odyssey/dp/0470294191 [amazon.com] . And while it might not have the scope you are looking for on the groups themselves, it does seem to give mention to every major event in hacker history since 1984 when the magazine was published. Plus its pretty recent being published just in July of 08.

Re:

[fat_mike]

Here:

Out of the Inner Circle [wikipedia.org]

And here:

The Hacker's Handbook [wikipedia.org]

I have both of these and they are excellent. The Bill Landreth book is the better one though.

Re:

[Trepidity]

While those look like good suggestions, they were both published in the 1980s, so I'm guessing they don't cover very much of the 1990s. =] I'll take a look at them for the 80s content, though; thanks.

Re:

[sean_nestor]

Since I like history and dead-tree, anyone have a suggestion for a good book covering the history of these 1990s hacking/security/blackhat/whitehat/grayhat groups, and what you might call the fragmentation/dissolution of the underground? There's good material on the 80s, but much less on the 90s, it seems, despite a decade having passed.

The only one I know of with more than a passing mention is a 20-page overview in Ch. 3 ("Hacking in the 1990s") of the book Hacker Culture [amazon.com] (2003). Others?

Masters of Deception: The Gang that Rules Cyberspace [amazon.com] comes to mind.

Re:

[strat]

It's centered around Kevin Mitnick's story, but Jonathan Littman's "The Fugitive Game" does cover a pretty interesting swath of both eras. It's considerably less histrionic than certain other works by people whom I wouldn't necessarily regard to be disinterested parties. It's well written and the depth of some of Mr. Littman's research warmed my heart.

Suelette Dreyfus' "Underground" covers a fair amount of the 1990's as well. It's on Project Gutenberg, but worth owning a copy of if you want some perspective

Nice and all...

[Thelasko]

but can they record the thing in a room that doesn't have the acoustics of a tin can?

Re:

[NeMon'ess]

I'm sure they could, but the audio fits with the space-station backdrop. It also reminds me of the 1994 game Burn:Cycle.

Just like your parent's timers

[uberushaximus]

30 minutes should be more than enough for anyone!

First impression..

[Seth Kriticos]

I watched the last news video of them. Here is my impression:

* They recreated the feel of the 80's hacker optic mixed with matrix in an endless loop
    (no, that was not a compliment)
* 20 % of the show was advertisement (maybe more)
* The news are mostly a summary on what you read here on security.slashdot.com
* The tone of the show gets boring.. well, immediately

The basic idea is nice, but the actual show is not that impressive. Could get better though..

L0pht history

[Animats]

L0pht Heavy Industries went corporate [securityfocus.com] in 2000, and became "@Stake", which was acquired by Symantec in 2004, and disappeared into the Symantec empire.

L0pht, founded in 1992, was itself a descendant of the Cult of the Dead Cow [cultdeadcow.com], founded in 1984 and still around, more or less.

There have been various spinoffs and buybacks along the way, but it's been a while since cutting edge work came from that crowd.

Re:

[inode_buddha]

ISTR this also... good times, back then. Another one that I was interested in was +ORC (fravia). Slightly outdated nowdays, but still very educational.

Re:

[SpyPlane]

First thing I thought about when I saw this article was the CODC "The Cow"! I can remember staying up late reading the hundreds of text files they had on their site. Everything from phone phreaking, to atm hacking, to religion slamming, to top ten lists of humor. I think it is about time to go spend some time reading those texts again.

Wow!

[sharkey]

First L0pthcrack Rises Again [slashdot.org] and now L0pht themselves are back?!?! Such amazing times we live in.

circa MMIX ...

[nitroyogi]

Did anyone notice ... HNN's website has nicely formatted Google ads?!

Wish they could bring back

[Anonymous Coward]

I wish they could bring back the fine articles Sercrity Portal used to have, in particular, "Ask Buffy, by Buffy Overflow". Great stuff there.

Re:

[strat]

I think the term is "social skills."

Remind me again...

[icebike]

Why in the world would one visit the web site?

I try to avoid getting my oil changes at Joe's ChopShop and Used Parts emporium, and I avoid banking at Webegone Bank and Trust.

Oh, sure, I'm sure these are the "whitehats".

Re:

[strat]

Well knowing some of these folks personally (count the digits in my slashdot ID if you're wondering for how long)... perhaps because they have credible insights into the industry and technology, and secondarily because given some of their day jobs, it's exceedingly unlikely they'd choose to be affiliated overtly with a site that was malicious?

Just a thought.

bbs.l0pht.com

[ubungy]

a comeback is logging into bbs.l0pht.com via p23. a comeback is chatting with razer or dark dante on darkcartel.com... a comeback is beigeboxing on ess. nostalgia is great, i live for it. but as for l0pht there is no 'comeback'. only born anew as something worthy to this 'generation'. what you got up your sleeve now?

Re:

[killthepoor187]

Count Zero, IMO

Re:

[uberushaximus]

They're out in the pool, on the roof.