Skip

Hackers Testifying at the United States Senate, May 19, 1998
July 9, 2013 3:45 AM   Subscribe

Here is L0pht Heavy Industries testifying before the United States Senate Committee on Governmental Affairs, Live feed from CSPAN, May 19, 1998. Starring Brian Oblivion, Kingpin, Tan, Space Rogue, Weld Pond, Mudge, and Stefan von Neumann. This is the infamous testimony where Mudge stated we could take down the Internet in 30 minutes. Although that's all the media took from it, much more was discussed. See for yourself. (59:04)
posted by Blasdelb (18 comments total) 21 users marked this as a favorite

 
Oh, man. L0pht Heavy Industries. That brings me back. I can't watch this here, but I'm glad that we haven't forgotten.

...also, I didn't realize that Mudge is now a program manager at DARPA. Hunh.
posted by Sticherbeast at 6:25 AM on July 9, 2013


He isn't anymore. He just moved to Moto/Google and is doing reverse engineering of phone stuff now.
posted by habeebtc at 6:30 AM on July 9, 2013


Oh, and for more time machine, L0pht Heavy Industries' stuff was featured way at the very beginings of metafilter from back when it was still functionally just matthowie's blog.
posted by Blasdelb at 7:25 AM on July 9, 2013 [1 favorite]


Man I didn't know they were so... White Hat.

Oh god, Fred Thompson, why do I magically see a Law and Order "Ripped from the Congressional Testimony!"
posted by symbioid at 7:36 AM on July 9, 2013


Yeah, L0pht. There's a great cultural history of hacking groups from the blue box to Anonymous just waiting to be written. It would be great. It would be filled with citations like "47. IRC chat log, 8/12/98, between XXCraXMaXterXX and bob"
posted by kiltedtaco at 7:36 AM on July 9, 2013 [1 favorite]


The origin of the name may be traced to the fact that Brian Oblivion and Count Zero two of the founding members of L0pht shared a common loft space in Boston with their wives, who ran a hat business on the other side.

There are glimpses of that hat shop in documentation of the history of L0pht, but no mention of the name. I really, really want that hat shop to be called "Black Hats, White Hats, and All Shades of Grey" or something equally punny.
posted by filthy light thief at 7:43 AM on July 9, 2013 [3 favorites]


The first real-deal perl script I ever wrote was to implement a Cisco password-cracker, thanks to an article by mudge. Thems were the days.
posted by jquinby at 7:44 AM on July 9, 2013


Also - it strikes me in some ways how much has changed in the intervening 15 years with regards to security and updates, and even how we view software. How "Open Source" is finally accepted by all parties, the FUDfest is long gone, I think... The whole way of thinking about how software should be done has changed. Well not the whole way. There's still so many proprietary ways of thinking, but. I don't know. Things have changed in good and bad ways, it seems.
posted by symbioid at 7:45 AM on July 9, 2013


Aw, this gives me a warm fuzzy feeling remembering the time my dad found L0phtcrack on his laptop and called me downstairs to have a super-serious talk about it.
posted by odinsdream at 7:46 AM on July 9, 2013 [3 favorites]


Holy shit I just realized that was 20 years ago.

dodder
posted by jquinby at 7:51 AM on July 9, 2013 [1 favorite]


Damn, I remember how cool I thought L0phtCrack was when it came out. I also remember reading Aleph1's "Smashing the Stack for Fun and Profit" as an impressionable teen. That white paper, more than anything else, is probably what made me decide to pursue a job in the technical field. I could've sworn he was affiliated with The L0pht, but he's not on their member roster.
posted by KGMoney at 8:07 AM on July 9, 2013 [1 favorite]


I was never any kind of hacker, but I got to visit the L0pht space a few times and never felt cooler. The guys were super nice too, even to an obvious groupie. One of my fondest memories from my early college years.
posted by nev at 9:33 AM on July 9, 2013


Root name servers? Everyone knew that, fucking Mudge gets famous.

Wonder if it is still possible with a big enough botnet.
posted by Ad hominem at 12:12 PM on July 9, 2013


Wonder if it is still possible with a big enough botnet.

A case study mapping the entire internet indicates significant maliciousness could be achieved.
posted by odinsdream at 1:46 PM on July 9, 2013 [1 favorite]


L0phtCrack saved my butt, once, as a system administrator. Guy left our project with all his files locked up on the local user side of his NT machine.

It was probably against every corporate policy six levels up....
posted by dhartung at 3:59 PM on July 9, 2013


The L0pht guys nearly all state in their opening statements and early testimony that they have come before Congress because they are particularly concerned about the lack of help, protection, and transparency given to everyday businesses and consumers who are stuck using faulty, insecure computer software. They are specifically pointing out to the Congressional committee how other more mature industries, such as the automobile industry, have consumer safeguards in place to proactively disclose problems with their products and to provide fixes -- and yet major computer software companies (o hai there Microsoft) simply did not do any of that, nor did they bear any liability for the inevitable and often quite serious problems that could result. One of the L0pht guys even mentions that he works at a help desk (although he uses somewhat fancier language) to explain how he sees these rampant security issues negatively impact regular people in everyday life.

And yet the only issues the congressmen on the panel seem to give a hoot about, and ask about repeatedly, are things like the possibility of rogue states "blowing up" computers by sending them too much power down the line (!) or illicitly transferring Federal Reserve funds or messing with airplanes' GPS signals, and so on. Nearly every question wound up probing for potential, and sometimes far-fetched, weaknesses in military, intelligence, and banking security -- and almost completely ignored the known and documented problems facing the small-time consumers.

If you want to see the most egregious example, skip to the back-and-forth at 42:00. The testimony is highlighting a problem with the computer industry's bad practices, lack of regulation, and negligence towards consumer and business protection, and yet the question that follows immediately after it has no bearing on the discussion whatsoever and is only concerned with "biggest danger" and "harm to our country" and "blow the computer" and "x-ray".

Oh, and don't miss the part where Senator Lieberman grandstands, calls them "modern-day Paul Reveres", and invokes Chernobyl.
posted by Asparagirl at 7:40 PM on July 9, 2013 [2 favorites]


And it's also so interesting to me how sprinkled throughout the testimony you can find such evergreen and important topics like open source vs. closed source software, the cost-benefit analysis of disclosing security flaws when fixes may not yet be available, the need for greater cryptographic usage in consumer and utility products (pagers, electrical meters, etc.), and so on -- and the senators are all just like "OMG terrorists" while all the greater and thornier issues just go sailing right over their heads like wheeeee!

Seriously, thanks for posting this.
posted by Asparagirl at 7:54 PM on July 9, 2013


Congressional testimony. 20 years. Even a DARPA gig.

You know what would have helped?

Actually taking the stupid internet down in 30 minutes.

The only way to fix anything is to actually make it less bother to just fix things than to continue to put up with them being broken.
posted by Xyanthilous P. Harrierstick at 12:49 PM on July 10, 2013


« Older Man see like, you don even know man   |   The body will be cremated and... Newer »


This thread has been archived and is closed to new comments



Post