They are the elite of hackers, whose notoriety brought them before Congress a year ago.
On May 19, 1998, Sen. Fred Thompson (R-Tenn.) of the Senate Government Affairs Committee asked L0pht members, “I’m informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?”
“That’s correct,” one L0pht member responded. “It would definitely take a few days for people to figure out what was going on.”
The L0pht’s workspace is not much to look at. There are a lot of circuits, old keyboards and odd tributes to the information age.
What they do is try to break into programs we’re led to believe are secure.
They refer to each other by nicknames. By not revealing their real names, they protect themselves from lawsuits by companies and individuals. They have perfected ways, for example, to crack passwords, those secret letters or numbers we enter assuming they protect our privacy.
When asked how long it would take to crack, one member quickly replied, “minutes … seconds.”
But L0pht doesn’t just “bypass passwords successfully.” On their Web site, they show the world which software has vulnerable security, then they give instructions on how to break in. It’s an open invitation to other hackers. But L0pht says it’s meant to embarrass companies into better protecting our privacy,
“Well, if we can find it,” says Space Rogue of the L0pht, “somebody else can find it.”
Why not just tell the companies that they have a problem?
“We initially tried doing it that way,” says Dr. Mudge of the L0pht. “We’ve found if we don’t take it a step further nobody pays attention to it.”
Creating ‘More Security Breaches’
They accept that they might have created, through their work, more security breaches.
“Sometimes you have to kick up the hornets’ nest a little to get it to settle in a better way,” says Dr. Mudge.
And it usually works. Lotus, which makes a popular office and e-mail program, credits L0pht with flagging a potential security issue in some of its software.
But not all of L0pht’s work is as constructive. Some members of the group claim they can target any computer system and try to shut it down. They say it’s to remind us how we’ve become reliant on computers for more than just communicating; they help run our power systems and are the backbone of the military, two potentially dangerous targets for hackers.
Are they legitimizing destructive behavior?
“We don’t think we are,” Dr. Mudge says. “I don’t know who deserves to get that information. … We don’t suppose to know who the good guys or the bad guys are.
In that same morally ambiguous way, the members of L0pht see what they do as neither good nor bad. More akin to Robin Hood, whose merry band of outlaws used unorthodox ways to help.
“We feel we’re actually making a difference,” says one L0pht member.
But like Robin Hood, one person’s hero, can be another’s rogue