William Philpott/AP 'You'd be surprised how much stuff I can do on networks now,' said Mudge, left

By Rob Wells,  Associated Press

WASHINGTON — In a sober, methodical tone, a computer hacker known as "Mudge" described for a Senate committee how he could snoop on the computer activities of thousands of unsuspecting citizens.

"Let's say I have taken over MCI's network, which would not be a tremendously difficult thing to do," Mudge told the Senate Governmental Affairs Committee Tuesday. He described disrupting another major corporate computer network that he couldn't access, forcing its traffic to flow over lines he could monitor.

"Now I can learn everything they're doing, I can watch their movements, I can stop their movements, I can issue requests on their behalf," said the frizzy-haired computer consultant. "You'd be surprised how much stuff I can do on networks now."

The testimony of Mudge and six more of the nation's elite computer hackers — identified by their "hacker" names because of their sensitive activities — was the focal point of a hearing exploring weaknesses in the nation's computer networks.

Some Internet security experts were highly skeptical of some of the hackers' claims — Mudge boasted that within a half-hour, any of the seven could cripple the Internet in the United States.

But the hackers and new government reports raised troubling questions for some about security of the nation's public and private computer networks.

Sen. John Glenn, D-Ohio, said the testimony pointed to a threat to national security.

"If you look at this, in some ways it's a whole new way of making warfare," Glenn said, referring to attacks on sensitive computer systems. "I don't think that overstates it one bit."

The General Accounting Office, an arm of Congress, released two studies at the hearing critical of computer security at the State Department and Federal Aviation Administration.

"This work has revealed a disturbing picture of our government's lack of success in protecting federal assets from fraud and misuse, sensitive information from inappropriate disclosure and critical operations from disruption," Gene Dodaro of the GAO said in a statement to the panel.

A presidential commission reported in October that it found "no evidence of an impending cyberattack" but cautioned that "we have little defense against it." It also cited an "unprecedented national risk" because computer and telephone systems have linked the nation's public works, including power plants, rail lines and banking networks.

The seven Boston-area computer experts who testified belong to what's been described as the nation's leading "hackers think tank," known as LOpht (pronounced "loft"). They came dressed in business suits, some sporting pony tails, others crew cuts.

All said they hold day jobs consulting or working in the technology industry, and turn their after-hour efforts to exposing weaknesses in major computer networks or brand-name software, such as Microsoft's Windows NT. They publicize their findings as part of LOpht's public service mission to improve computer security.

"I'm informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?" asked the committee's chairman, Sen. Fred Thompson, R-Tenn.

"That's correct," replied Mudge. "Actually, one of us, with just a few packets," he added, referring to bundles of data that flow across the global computer network.

He went on to describe generally a process to separate "the different major long-haul providers," such as AT&T, so its network couldn't exchange information with other major networks, such as MCI.

"It would definitely take a few days for people to figure out what is going on," Mudge said. A telephone call seeking comment from an MCI spokeswoman wasn't returned Tuesday.

These findings were turned over "to the appropriate agencies," Mudge said. Microsoft Corp. reportedly made changes in its Windows NT software after Mudge discovered weaknesses in its password registry.

Some experts reacted to the group's claims with a chuckle.

"Hyperbole is good for the soul," said Scott Bradner, vice president for standards at the Internet Society. "It's not all that easy to take down the whole 'Net."

Bradner, senior technical consultant to Harvard University, said MCI and other corporations that provide the backbone to the Internet have private communications links with other companies that can't be accessed from public networks.

But he readily acknowledged security problems threaten portions of the Internet.

"There are certainly adequate demonstrations that concentrated efforts can make an impact in portions of the Internet," he said. "Just because you can create a really good traffic jam in Cleveland doesn't mean that Toledo is in trouble."