In Depth
LOpht in Transition
Most of the '90s hacking group the L0pht - Mudge, Space Rogue, Weld Pond and others - have emerged in legitimate roles. Was their work ultimately boon or bane for security?
By Michael Fitzgerald
Among those friends were Space Rogue and a teenage hacker and skateboarder named Joe Grand, who went by the handle Kingpin (named for the bolt that runs through the truck, or axle, of a skateboard).
Grand calls from the road. He’s often on the road, literally—he is a triathlete good enough to have a sponsor. He’s 31 now and runs his own San Diego design shop, Grand Idea Studio, which has designed RFID and GPS modules for Parallax, an in-game videocamera for Gamecaster, and his best design yet, a video game accessory that he has licensed but can’t talk about.
Grand, an electrical engineer, has also written two books on hardware hacking and is a technical adviser to Make magazine. If all goes well with a pilot he’s recently shot, this fall we’ll see him on an engineering show on the Discovery Channel. Yet he’s nostalgic about the L0pht.
“I’m having a really hard time with realizing that I’m twice as old as when I joined the L0pht,” he says. “We did so many great things—what can I do to top that?”
The L0pht originally built a network so they could play Doom against each other. But they got more serious in 1994 and 1995, shedding some members and adding others with specific technical skills that complemented the group. They moved to a larger space in Watertown, Mass.
Excepting Grand, who was still in high school, all of the L0pht held various day jobs, often working together at places like CompUSA, Massachusetts General Hospital or BBN Technologies, the fabled research lab (Weld Pond, Brian Oblivion, Mudge and Silicosis all worked there at some point). They kept their identities hidden, in part to keep their day jobs. Everyone in the hacking community knew Dan Farmer had been fired from his job for releasing the Satan network analyzer. But the group wanted to turn the L0pht into a day job.
The charismatic, long-tressed Peiter “Mudge” Zatko had emerged as the group’s public face, if not its de facto leader. He developed, along with Wysopal, L0phtCrack, a tool that revealed weak passwords. Released in 1997, it’s still available on some websites today. “Back then, the companies would pretend [vulnerabilities] weren’t real,” says Bruce Schneier, the noted cryptographer and CTO of BT Counterpane. Schneier says the L0pht’s ability to build tools like L0phtCrack forced vendors to address security problems. “That’s the reason we have more secure software today. If it wasn’t for that, Microsoft would still be belittling, insulting and suing researchers,” he says.
L0pht
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
