Ben's Book of the Month: Space Rogue: How the Hackers Known as L0pht Changed the World


Posted on

When it comes to depicting hackers, Hollywood almost always gets it wrong. Movies such as Swordfish, Blackhat, The Net, and the like are high on drama and action, but rarely portray real-life scenarios. They often emphasize staying up late, wearing hoodies, and downing endless Mountain Dew, over technical prowess, coding abilities, and real-life.

 

That’s why Space Rogue: How the Hackers Known as L0pht Changed the World by Cris Thomas is such an enjoyable read. One of the founders of L0pht Heavy Industries, often dubbed The L0pht, Thomas is better known by his hacker name Space Rogue. The book is the story of one of the most successful hackers of our times, but also the story of what really goes on behind the keyboard, and in the mind of a hacker. And I think this may be the only autobiography of someone in the information security space.

 

For anyone who has been in technology or information security for a while, the book is like a walk down memory lane. In describing his trajectory into hacking and information security, Thomas mentions items like the once ubiquitous 3Com 3C509 Ethernet card, DEC VAX mainframes, the L0phtCrack (a password auditing and recovery tool), and many more.

 

In telling his story, Thomas is quite open and shares the many trials and tribulations he went through. While the L0pht and the associated website and email list The Hacker News Network had significant exposure, there were many months where the group struggled to make enough money to pay their rent.

 

The L0pht had its start in 1992 when Count Zero and Brian Oblivion started storing their excess hardware in a loft. Over time, it morphed into a Boston hackerspace that became the location for one of the most influential hacker groups in history.

 

While they ultimately became influential, their earlier days found them selling used hardware at the MIT flea market. Besides selling assorted hard drives and motherboards, they also sold a DEC MicroVAX II minicomputer at the flea market. And it was sold to none other than Window Snyder, who would later take on senior security roles at Microsoft, Apple, Mozilla, and other firms.

 

Thomas writes that he was attracted to Snyder. And in the world of Hollywood-portrayed stories, he would have succeeded in starting a relationship with her. But after he delivered and set up the MicroVAX at her apartment, nothing else, to his chagrin, happened. And the story ended there.

 

Thomas writes firsthand from being on the cusp of much of modern computer security history. He was there when the L0pht had meetings with Bill Gates about security. But even after meeting him at a 1990 security sit down, Mudge of the L0pht was not sure if Gates and Microsoft truly understood the repercussions of how insecure Windows truly was. And it would take another five years until Gates would pen his famous 1995 Trustworthy Computing memo, where Microsoft finally committed to taking Windows security off the back burner.

 

Even after testifying before Congress in 1988, the L0pht was not rolling in money. Many of the members, Thomas included, had other day jobs, and the money they made from L0pht activities was not enough to sustain them. Which is in part why they merged with @Stake in 2000.

 

The @Stake acquisition didn’t end on a happy note for Thomas, as egos and politics soon got in the way and he found himself laid off. He writes of the hurt he experienced and how he felt betrayed by the members of the L0pht who did not stick up for him. It would be years until he would reunite with most of the members of the L0pht, and Mudge apologized for that dark incident.

 

Today, vulnerability disclosure programs are part and parcel of information security. But it wasn’t that long ago it was naively considered irresponsible. The L0pht was at the forefront of responsible vulnerability disclosure and everyone owes a lot of gratitude to them for bringing that concept to light.

 

Yuri Diogenes of Microsoft has an interesting new book Building a Career in Cybersecurity: The Strategy and Skills You Need to Succeed. In many ways, that could be the title of this book. Thomas has written a fascinating, and at times, very raw memoir, of how he made it in the world of information security.

 

He certainly put in lots of hard work, and he ran into countless struggles and problems. Yet he persevered and became a legend in the process. The book is a fascinating read. It combines an interesting autobiography, with an equal amount of history. The L0pht set the trajectory of much of modern computer security. And to understand where we are today, you need to understand the history of the L0pht.

Hackers & Threats

secure coding hackers & threats risk & vulnerability assessment Patch Vulnerability / Configuration Management exploit of vulnerability

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs