Taking down the internet in 30 minutes?

[cmnoop]

----

They are the elite of hackers, whose notoriety brought them before Congress a year ago.
On May 19, 1998, Sen. Fred Thompson (R-Tenn.) of the Senate Government Affairs Committee asked L0pht members, “I’m informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?�
“That’s correct,� one L0pht member responded. “It would definitely take a few days for people to figure out what was going on.�
The L0pht’s workspace is not much to look at. There are a lot of circuits, old keyboards and odd tributes to the information age.
What they do is try to break into programs we’re led to believe are secure.

Avoiding Lawsuits
They refer to each other by nicknames. By not revealing their real names, they protect themselves from lawsuits by companies and individuals. They have perfected ways, for example, to crack passwords, those secret letters or numbers we enter assuming they protect our privacy.
When asked how long it would take to crack, one member quickly replied, “minutes … seconds.�
But L0pht doesn’t just “bypass passwords successfully.� On their Web site, they show the world which software has vulnerable security, then they give instructions on how to break in. It’s an open invitation to other hackers. But L0pht says it’s meant to embarrass companies into better protecting our privacy,
“Well, if we can find it,� says Space Rogue of the L0pht, “somebody else can find it.�
Why not just tell the companies that they have a problem?
“We initially tried doing it that way,� says Dr. Mudge of the L0pht. “We’ve found if we don’t take it a step further nobody pays attention to it.�

Creating ‘More Security Breaches’
They accept that they might have created, through their work, more security breaches.
“Sometimes you have to kick up the hornets’ nest a little to get it to settle in a better way,� says Dr. Mudge.
And it usually works. Lotus, which makes a popular office and e-mail program, credits L0pht with flagging a potential security issue in some of its software.
But not all of L0pht’s work is as constructive. Some members of the group claim they can target any computer system and try to shut it down. They say it’s to remind us how we’ve become reliant on computers for more than just communicating; they help run our power systems and are the backbone of the military, two potentially dangerous targets for hackers.
Are they legitimizing destructive behavior?
“We don’t think we are,� Dr. Mudge says. “I don’t know who deserves to get that information. … We don’t suppose to know who the good guys or the bad guys are.
In that same morally ambiguous way, the members of L0pht see what they do as neither good nor bad. More akin to Robin Hood, whose merry band of outlaws used unorthodox ways to help.
“We feel we’re actually making a difference,� says one L0pht member.
But like Robin Hood, one person’s hero, can be another’s rogue

Is it physically possiable to bring down the internet in 30 min?

What do you think?

[ntsa]

Mudge was the guy who wrote netcat, so I'd be prepared to believe that if it [em]was[/em] possible, he and the rest of l0pht would be the people to do it. Conversley l0pht have never been adverse to publicity of their exploits, and my own view is that this may be case in point.

The internet was designed with the express purpose of enabling communication between points a and c when point b is a smoking pile of rubble. The de-centralised nature of the net would make a system wide hack very difficult.

Therefore what is being discussed here (to bring down the entire internet in 30 mins) is not very likley unless you could identifly points of mutual vulnerability for all of the participating Telcos/network providers. As I said - not very likley. Even an attack on the atlantic pipe would not cut communications via the australasian pipe and visa versa.

Perhaps a combinaton of hacks, aimed at different targets but orchestrated similtaniously and against some very well placed routers... Possible? maybe. Likley? Not really.

[Guus]

Hmm, I'm not sure, but that's mainly because I think on a completely different level than those guys. What's incomprehendable to me, is clear as sky to them, and that's what scares me.

What if they found some bug in widely-used routers? What if they released an undetected worm, making xx % of the computers online a potential DDoS tool? What if they constructed some virus which will spread Ã* la LoveLetter, and deletes all info on the computers it travels through?

Then again, most of those guys are as addicted to the internet as you and me, so they'll probably keep the thing online, if only to feed their addiction

[JCHostingAdmin]

On May 19, 1998, Sen. Fred Thompson (R-Tenn.) of the Senate Government Affairs Committee asked L0pht members, “I’m informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?�

Well, notice the article was from 1998 and from what I know, alot has changed since then. I am doubtful they can do that, and computer security, hacking, and computers in general have changed since 1998.

[detoxsmurf]

When the Code Red worm first appeared it just sucked up all the bandwidth on the internet. Logs files blew up to unmanageable levels and CPU usage on servers jumped. I remember we had a lot of customers that were unable to reach our (linux) web servers because of the bandwidth reason. My guess is they would have to go that route to bring down the Internet. I'm sure the idea is being thrown around in some laboratory over in china.

[4MidgetHitmen]

May sound stupid but couldn't it be done by hacking the telco's at the same time and shuting them down? I know there are a lot of telco's but could it be done in that way?

[Terr]

I remember that once some small ISP misconfigured their router so that it believed it served all addresses, and it somehow advertised that, making a big slowdown somewheres.

[aj67my]

I agree with ntsa, takeing down the entire Internet would be very unlikely.

The internet is constantly growing ever since it was started in 1969 as the ARPA NET.

With the cisco routers being capable of handleing 320 billion bits of information per second and, when fully loaded with boards, move as many as 60 million packets of data every second.

It would be extreamly dificult, and even then, punishment for even trying such a task would be something of high order.

And as mentioned why would they take down the net when they spend their days and evenings online and have become a net adict.

[doktorf00bar]

Mudge & co. are masters of self promotion. If they thought you'd believe it, they'd tell you all about how they could fly and walk through walls. I'm not saying that they don't have some "skillz" but the main one is their nose for creating hype. Like ntsa pointed out, the 'net is designed to be resistant to any one thing crippling it. Even as far back as the gulf war, the US couldn't shut down the Iraqi command network by Physically blowing the crap out of their routers. This is 10 years later. With the diversity of proocols and OS's running the 'net today, and the octopus-like network of redundant routes, there is no way to kill it. This isn't 1988, there are more'n 3 OS/architectures and a few thousand machines online, so I don't worry about the next Morris worm. Netcat (created by Hobbit of l0pht, I believe) may be a great tool, mostly for its practicallity, but is more a product of good common sense and need then ev0l h4x0r genius.

[indolent]

One thing you must keep in mind is who they were talking to. Congress isn't exactly the most technically knowlegable group.