L0pht Hackers are Back after a Decade with HNN

by

After a decade of being offline they are back again, this time with geeky video reports about security,  Hacker News Network.

Hacker News Network, HNN, is one of the projects of the Boston-based hacker. The Project is known as L0pht Heavy Industries.
Why Am I talking about them?
Well it’s pretty much justified:
They’re the guys who famously once told the U.S. Congress that they could take down the Internet in about 30 minutes. They helped inventing the way that could help computer companies drill out security bugs in  most things on Internet.
The L0pht was powered by eight active members who used to be solid hackers, back in the days in 1990s. But something wrong happened, most of them had faded, even as they’ve watched a cottage industry of security research firms sprout up based on many of the disclosure techniques they pioneered. The L0pht dissolved after it sold out to consultancy @stake in 2000, and its members gradually watched their dream of being paid to do cutting-edge hacking and security research wither and die.

But over the past few months, the L0pht has been getting back together.

Out of Eight, Six of members re-united last year at a Security conference, and in May this year, members of the group released the first update to their most popular auditing/recovery tool L0phtCrack password audit tool since 2005. I remember the days of windows 2000, and 2003 when I used to play around with LC5. Breaking Windows/Active directory passwords were so easy. Ofcourse, we didn’t used to have PCs as powerful as they are today, still 128bit NTLM and MS HASH based passwords used to go off in a time of 80hours max (if password is lengthy).

Today, with LC6, they have added support for Multicore and x64. I wonder how easy it is do break awindows password with a Quad core x64, maybe within couple of hours.

What are they upto?

Last month the L0pht Web site went back online, and the demo version of Hacker News Network is set for an official launch on Jan. 11, 2010. The date 01-11-10 is a binary number. The L0pht Web site will give members a single place to link to their current projects. Peiter Zatko, aka Mudge, says he’d like to use it as an archive of the group’s historic security advisories. More projects may evolve. The group acquired the rights to its AntiSniff network monitoring tool from Symantec and is toying with the idea of reviving that as well.

“We’re still trying to figure out what the ultimate goals are,” said Joe Grand, aka Kingpin. “But I’m just happy that we can be in touch on a personal level and not have to deal with business, not have to deal with politics, and just have a place to do stuff. Business and company politics pretty much killed the L0pht”.

The Good thing:

They are not the bad guys. Their historic work has proven they do it for ethical reasons.

History:

They had sold off L0pht, their biggest mistake, as per one of the members. They say it took a few years of negotiations with Symantec — which bought @stake in 2004 — to get back control of L0phtCrack and several other L0pht properties. The core members sold their business to @stake in the hopes that with a deep-pocketed corporate sponsor, they would be free to do hacking projects that really interested them, such as drawing attention to important security problems that were being ignored by software vendors.

Mudge describes the L0pht’s early security advisories as

“Very much a Rachel Carson-meets-Consumer Reports sort of attempt.”

Carson was a biologist who advanced the environmentalist movement in the ’60s. Initially, the group tried to apply that neutral Consumer Reports model to its @stake work, refusing to take money or free products from vendors.

“It drove the venture capitalists nuts because we’d be turning down the money,” said Mudge.

But in the end, corporate pressures trumped what was not expected. Within six months, Space Rogue, the only member who remains anonymous, was fired from his job in the company’s PR department.

“I didn’t fit in at all; they were a bunch of clueless idiots,” Space Rogue remembers

And gradually other members drifted away, often in dissatisfaction and frustration.

“We went there to become researchers,” said Christien Rioux, aka DilDog. “Unfortunately the research part didn’t generate enough money to fund the consulting part, It stopped being fun,” said Joe Grand, who said he left after being pressured to do consulting work instead of the research he loved.

Today Grand runs his own electronics design company, Grand Idea Studio.

Some members stopped talking to each other, angry with the way things had gone. The only L0phter with Symantec today is Paul Nash. But bad feelings between the members have softened with time. Though many of them live in different cities now, they still get together whenever they can, at conferences or when they happen to be passing through the same city.

“I don’t think we could ever recapture the magic of what the L0pht was,” said Space Rogue, who is now an IT staffer in Massachusetts. “But I think we’re at the point now where we can rekindle the friendship. It’s L0pht again, but different.”

They’re back, its good for the Industry and the Internet. We need more Ethical Hackers than the bad guys. Hey HNN, you are welcomed.

Sources: NetworkWorld, HNN, L0pht

GD Star Rating
loading...
GD Star Rating
loading...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.