By Rob Wells
The Associated Press
W A S H I N G T O N,   May 19 — A Senate committee heard seven of the nation's top computer hackers claim today that they could cripple the Internet in a half-hour. Given more time and money, they boasted, they could interrupt satellite transmissions or electricity grids and snoop on the president's movements.
     While Internet security experts said such claims might be hyperbole, testimony before the Senate Governmental Affairs Committee raised troubling questions for some about security of the nation's public and private computer networks.
     Sen. John Glenn, D-Ohio, said the testimony pointed to a threat to national security.
     "If you look at this, in some ways it's a whole new way of making warfare," Glenn said, referring to attacks on sensitive computer systems. "I don't think that overstates it one bit."
     The General Accounting Office, an arm of Congress, released two studies at the hearing critical of computer security at the State Department and Federal Aviation Administration. The State Department's unclassified automated information systems "are very susceptible to hackers, (and) terrorists," the GAO said. The GAO also found weaknesses in physical security of FAA computer systems.
     "This work has revealed a disturbing picture of our government's lack of success in protecting federal assets from fraud and misuse, sensitive information from inappropriate disclosure and critical operations from disruption," the GAO's Gene Dodaro said in a statement to the panel.

'Unprecedented National Risk'
A presidential commission reported in October that it found "no evidence of an impending cyberattack" but cautioned that "we have little defense against it." It also cited an "unprecedented national risk" because computer and telephone systems have linked the nation's public works including power plants, rail lines and banking networks.
     The FAA, responding to the GAO report, said it is continually improving security but there is no evidence that computer attacks "have been anything other than common vandalism" and have not threatened the flying public.
     The hearing's focal point was the testimony of seven Boston-area computer experts, described by Sen. Fred Thompson, R-Tenn., chairman of the committee, as belonging to the nation's leading "hackers think tank," known as LOpht (pronounced "loft").
     The seven, dressed in business suits, identified themselves only by their hacker nicknames—Mudge, Space Rogue, Brian Oblivion—"due to the sensitivity of their work," Thompson said. "I'm informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?" Thompson asked.
     "That's correct," replied Mudge, a frizzy-haired computer security expert. "Actually, one of us, with just a few packets," he added, referring to bundles of data that flow across the global computer network.
     He went on to describe generally a process to separate "the different major long-haul providers," such as AT&T, so its network couldn't exchange information with other major networks, such as MCI.
     "It would definitely take a few days for people to figure out what is going on," Mudge said.
     These findings were turned over "to the appropriate agencies," he said, in line with LOpht's public-service mission to publicize computer flaws in order to strengthen security. Microsoft Corp. reportedly made changes to its Windows NT software after Mudge discovered weaknesses in its password registry.

Not So Fast ...
Some experts were highly skeptical of some of the group's claims.
     "Hyperbole is good for the soul," said Scott Bradner, vice president for standards at the Internet Society. "It's not all that easy to take down the whole Net."
     Bradner, senior technical consultant to Harvard University, said MCI and other corporations that provide the backbone to the Internet have private communications links with other companies that can't be accessed from public networks.
     But he readily acknowledged security problems threaten portions of the Internet.
     "There are certainly adequate demonstrations that concentrated efforts can make an impact in portions of the Internet," he said. "Just because you can create a really good traffic jam in Cleveland doesn't mean that Toledo is in trouble."