L0pht hackers to reunite at Source Boston event; Internet scared
----------------------------------------------------------------
By Brendan Lynch
Monday, March 3, 2008

   In 1998, hacker collective L0pht Heavy Industries told a U.S.
   Senate committee they could shut down the Internet in half an hour.
   Today, it would take about two-and-a-half hours, according to ex-L0pht
   member Peiter Zatko, known to hackers worldwide as "Mudge."

   "That's progress," Zatko said.

   Fortunately, hackers today need the Internet to commit their crimes, so
   shutting it down makes little sense, according to Christien Rioux,
   L0pht's "Dildog."

   "You don't poop in your own back yard," Rioux said.

   Now Zatko, Rioux and fellow L0pht members are going to be talking at
   another panel -- reuniting publicly for the first time in years -- at
   Source Boston, a March computer-security conference, where they'll
   participate in a panel on the security industry.

   Another L0pht member, Chris Wysopal, aka "Weld Pond," said hacking
   has changed since the '90s -- hackers now use the Internet mostly for
   theft, a far cry from the attention-grabbing attitude of the early
   Internet hackers. "(Hackers) were troublemakers," Wysopal said. "It was
   like grafitti: 'Look at me, I can make a worm.'"

   L0pht formed in the early 1990s in a South End loft. The members cased
   trash bins for computer components that software companies had thrown
   out, and then hacked the software on the discarded computers, rather
   than the company's network. L0pht members posted vulnerabilities on
   public mailing lists to force companies to fix them quickly. "Plenty of
   things might have been a little shady, but nothing illegal," Rioux
   said.

   Now the former rogue code jockeys are expected to discuss how things
   have changed and ways corporations can protect themselves.

   Rioux is chief scientist and Wysopal is chief technology officer of
   security-testing company Veracode Inc. in Burlington. Zatko said
   he's "keeping America's bits safe for democracy" as the technology
   director for BBN Technologies' national intelligence group in
   Cambridge. He said he just returned from California, where he cracked
   an undisclosed BBN project for the Defense Advanced Research Projects
   Agency.

   "I don't know if there'll be a Phase 2 (of that project)," he said with
   a laugh.

   Wysopal said the proliferation of software and connectivity -- on
   peer-to-peer networks, VoIP, widgets, handheld devices -- creates
   numerous points of attack. "Everything has become completely
   permeable," he said. "There's no inside and outside anymore. It's all
   one big network."

   Rioux focused on phones, for example. "The computer on my phone is more
   powerful than my computer was 10 years ago," he said.

   Zatko predicted a problem with the number of networked sensors used in
   buildings and roads -- which could, but likely won't be, mitigated by
   companies establishing protocols for the information the sensors relay
   in advance. "What if I can say the John Hancock Building is suffering
   structural problems when it's not?" Zatko said. "What if I can hide it
   when it is?"

   As long as people exchange information via telephone and e-mail,
   they'll have security problems, Rioux said.

   "We're going to be inventing new vulnerabilities for quite a while
   now," he said.

http://www.masshightech.com/stories/2008/03/03/story8-L0pht-hackers-to-reunite-at-Source-Boston-event-Internet-scared.html