Space Rogue: How the Hackers Known As L0pht Changed the World

by Cris Thomas

The L0pht began as a storage area, evolved into a clubhouse, transformed into a full-on hacker collective that testified before Congress and became a rising star of the dot-com era, and, finally, evolved into an almost mythical part of history.

I think the real truth is in the mix. The L0pht story is similar. No single person knows the complete story.

reading school library books under the covers at night with my homemade flashlight.

What hackers saw as an overreach and overreaction by authority generated a culture of secrecy in the online world and began a long distrust of government rule.

Of course, the big downside was having to deal with the public, which is a negative with all retail jobs, I think.

While sharing might have been seen as a way to help someone it was often done as a way to prove “eliteness” to others within the social group—sort of as an electronic “look what I can do” exclamation, like a toddler seeking attention.

For the most part, we were all upper-middle-class, white males. There was little tolerance for newbs or noobs or newbies who hadn’t achieved the same level of knowledge of those who were leet.

This exclusionary aspect of the culture has been hard to change. Even now, some of the old guard thinks things were just fine the way they were. They still believe that things should be run by a strict meritocracy without mentioning which merits should be considered important. This mold has been difficult to change.

If you were one of the people I was an asshole toward, I apologize. Today I make a conscious effort not to do that and try to help where I can.

I saved a piece of that cable, and I still have it tucked away in a drawer as a reminder to always check the things you least suspect and that anything, even a lowly unsuspecting cable, can be the source of your problems.

In some ways the web of the mid-nineties was even faster than today. Web designers took great pains to make sure their web pages were small and svelte; the rule-of-thumb was that a page should download within seven seconds at 56k. Today, even with super-fast broadband, we have some web pages that don’t download in twice that time because they have been stuffed full of tracking cookies and ads, and are now a “multimedia experience.”

those early media pieces got us thinking and realizing just how powerful the media could be.

just basic flat HTML, mostly because things like Cascading Style Sheets (CSS) weren’t really a thing yet.

“If you choose not to decide, you still have made a choice.”

it is obvious that the naivete of hackers in the late ’90s and early 2000s didn’t last long. Hackers no longer explore networks and computer systems from parents’ basements (if they ever did); now it is often about purposeful destruction at the bequest of governments.

The Internet truly was—and still is—held together with bubble gum and bailing twine.

How in a few short years does a word go from a verb meaning to cut roughly and then change to a noun meaning a computer expert?

Criminal gangs who are running ransomware campaigns or are stealing credit cards are just that, criminals.

The argument, therefore, is that if you don’t disclose the vulnerability or give details about a patch, then the criminals won’t know where to attack. This is fanciful thinking.

At its core a zero trust architecture trusts no one, not users, not applications and not systems. Every interaction must be verified and authenticated. When properly implemented zero trust can make it extremely difficult for an attacker to reach their intended target.

Phishing is essentially a normal looking email that attempts to get the user to click on a bad link or download a bad attachment. Sometimes these emails are very obvious and sometimes it is nearly impossible to tell them apart from a legitimate email.

Even with all the advancements we have made over the last two and half decades the criminals are still right there with us matching us step for step.

Products are optimized for maximum revenue and sales, not for how secure they can be. That optimization can be something as simple as shaving a millimeter of plastic off the case or skimping on the software audit designed to catch flaws, assuming a security audit is even performed in the first place.

“You see there may be stories, apparently not consistent with each other, yet all of them true in their time and place, and so far as each actor is concerned.”101

Most readers will not seek other sources to corroborate or dispute a book’s contents. Books are absolute and once written can take on a certain mythological status, never to be challenged.