In Depth
LOpht in Transition
Most of the '90s hacking group the L0pht - Mudge, Space Rogue, Weld Pond and others - have emerged in legitimate roles. Was their work ultimately boon or bane for security?
By Michael Fitzgerald
By late 1998, the L0pht was actively trying to attract venture capital and turn itself into a real business—it had pushed out Stefan von Neumann and a couple of other short-lived members, and hired Christien Rioux (known as Dildog) and Paul Nash (known as Silicosis) to support L0phtCrack and do custom work for companies like NFR. The L0pht was not the first group of hackers to offer professional services or tools, but even in the giddy late 1990s, hackers still had an unsavory reputation. Finally, @stake, a security consulting firm, came to the group with $10 million in VC money and told the L0pht it could continue its research. The members voted to join it.
Even so, that merger, announced Jan. 10, 2000, marked the symbolic end of the L0pht. Over the next few years, its members were fired or drifted away, and @stake itself was gobbled up by Symantec in 2004. The only member of the L0pht still there is Nash. The transition was particularly difficult for Zatko, who spent six months on disability and left @stake after just two years.
Today, Zatko’s office at BBN is a rest area for sundry things. There’s a dead computer on a chair, and a working circa-1940s polygraph machine on a table. In a corner are two fishing rods and an antenna, part of an impromptu communications experiment. There’s a guitar signed by one-time porn stars Barbara Dare and Jamie Summers. A bound copy of the L0pht’s testimony in front of the Senate is on a shelf. On one wall hangs a picture of him with President Bill Clinton and Vinton Cerf, in which Zatko’s light brown hair is still rock-star length. It’s short now, parted in the middle. He has a goatee and wears glasses. He’s sore from a boxing workout the night before, a reminder that he’s in his late 30s.
Zatko says he can’t talk about what he does at BBN, other than to say it’s security-related and for some unmentionable three-lettered government agencies. He also says he returned to BBN, which employed him in the 1990s, before the L0pht was his job, in part because BBN told him there could be no publicity about the projects he was working on. “That was attractive as hell,” he says.
But Zatko can’t seem to stay out of the spotlight. He is the obvious model for “Soxster,” one of the main characters in former cyberczar Richard A. Clarke’s new novel, Breakpoint (the L0pht itself appears as “the Dugout”). And he acknowledges that he still “wants to make a dent in the universe,” the old motto of the L0pht.
L0pht
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
