L0pht hackers to reunite at Source Boston event; Internet scared ---------------------------------------------------------------- By Brendan Lynch Monday, March 3, 2008 In 1998, hacker collective L0pht Heavy Industries told a U.S. Senate committee they could shut down the Internet in half an hour. Today, it would take about two-and-a-half hours, according to ex-L0pht member Peiter Zatko, known to hackers worldwide as "Mudge." "That's progress," Zatko said. Fortunately, hackers today need the Internet to commit their crimes, so shutting it down makes little sense, according to Christien Rioux, L0pht's "Dildog." "You don't poop in your own back yard," Rioux said. Now Zatko, Rioux and fellow L0pht members are going to be talking at another panel -- reuniting publicly for the first time in years -- at Source Boston, a March computer-security conference, where they'll participate in a panel on the security industry. Another L0pht member, Chris Wysopal, aka "Weld Pond," said hacking has changed since the '90s -- hackers now use the Internet mostly for theft, a far cry from the attention-grabbing attitude of the early Internet hackers. "(Hackers) were troublemakers," Wysopal said. "It was like grafitti: 'Look at me, I can make a worm.'" L0pht formed in the early 1990s in a South End loft. The members cased trash bins for computer components that software companies had thrown out, and then hacked the software on the discarded computers, rather than the company's network. L0pht members posted vulnerabilities on public mailing lists to force companies to fix them quickly. "Plenty of things might have been a little shady, but nothing illegal," Rioux said. Now the former rogue code jockeys are expected to discuss how things have changed and ways corporations can protect themselves. Rioux is chief scientist and Wysopal is chief technology officer of security-testing company Veracode Inc. in Burlington. Zatko said he's "keeping America's bits safe for democracy" as the technology director for BBN Technologies' national intelligence group in Cambridge. He said he just returned from California, where he cracked an undisclosed BBN project for the Defense Advanced Research Projects Agency. "I don't know if there'll be a Phase 2 (of that project)," he said with a laugh. Wysopal said the proliferation of software and connectivity -- on peer-to-peer networks, VoIP, widgets, handheld devices -- creates numerous points of attack. "Everything has become completely permeable," he said. "There's no inside and outside anymore. It's all one big network." Rioux focused on phones, for example. "The computer on my phone is more powerful than my computer was 10 years ago," he said. Zatko predicted a problem with the number of networked sensors used in buildings and roads -- which could, but likely won't be, mitigated by companies establishing protocols for the information the sensors relay in advance. "What if I can say the John Hancock Building is suffering structural problems when it's not?" Zatko said. "What if I can hide it when it is?" As long as people exchange information via telephone and e-mail, they'll have security problems, Rioux said. "We're going to be inventing new vulnerabilities for quite a while now," he said. http://www.masshightech.com/stories/2008/03/03/story8-L0pht-hackers-to-reunite-at-Source-Boston-event-Internet-scared.html