Book Review: This Machine Kills Secrets

Book Review: This Machine Kills Secrets
By: Andy Greenberg
Penguin Group 2012
ISBN 978-1-101-59358-5

*Page references have been taken from the electronic iPad version

I’ll admit I haven’t finished the whole book yet but the way the book portrays some events I was involved in differs from my own memory. I wanted to highlight those sections, especially since I am quoted in the book more than once. In general Greenberg has done an excellent job in describing the L0pht and some of the events that took place around it but I take issue with some of the descriptions of places and things, while not inaccurate, Greenberg’s choice of adjectives describes settings in entirely different lights than how I remember them.

“exploring the dark corners of the Internet and charting the back doors in labyrinth alleys” (pg. 203)

I have never understood this type of definition of the early Internet. The mid nineties Internet was small, it was unbelievably tiny compared with today. There were no “labyrinth alleys”, it was not a dark and foreboding place at all, at least not to me. To me it was just the opposite, the Internet helped to shine bright lights on subjects I knew little or nothing about at the time and not just technological topics. In the mid nineties the net was a wealth of information with easy access to experts on any subject. It was free from advertisements or sites just looking for page views. There was nothing really dark or labyrinth about it at all. Describing it as such two decades later makes for great reading though.

“where Mudge was often regarded as the most visible and brilliant member.” (pg 203)

This sentence implies that I, and the rest of the L0pht, thought Mudge was the most brilliant of all of us. Was he the most visible? Absolutely, and that was mostly by design. But was he the most brilliant? No, none of us were. All of us had our own strengths, our own areas of brilliance, including Mudge. The L0pht is the only organization I have ever been involved in that came as close as you can to a true egalitarian structure, a meritocracy, where no one was any more brilliant than any one else. We all had individual strengths, each strength complimented each others weaknesses, a lot of those strengths over lapped, but to imply, as Greenberg has, that Mudge was considered the most brilliant by the other members of the L0pht is woefully inaccurate.

“It was a young male scene drawn from an online bulletin board called the Works, where Zatko had made a name for himself under the pseudonym “Mudge.” (pg. 232)

First the board was known as The Works, a minor nitpick for sure, and it wasn’t 100% male but women were definitely outside the norm. By the time Works Gatherings were occurring everyone pretty much new Mudge anyway. Other boards such as ATDT East and Black Crawling Systems where considered much more ‘elite’ than The Works. The Works was more of a social hangout and info repository while other boards took the technological lead. That is why it fell onto The Works to have these in the flesh get-togethers known as Works Gatherings. This was long before 2600 meetings started happening in Boston, which the Works Gatherings eventually morphed into. But to say that Mudge or anyone made a name for themselves on The Works shows a lack of understanding of the dynamics of the early 90s BBS scene in the 617 area code. Such an understanding would probably take a lot longer to explain than the one sentence Greenberg gives it or the one paragraph I am giving it here.

“In later incarnations, the L0pht would add a PC with web access rigged to the toilet for convenient web browsing.” (pg. 232)

Yes, we had an old terminal in the bathroom. No, it was not rigged to browse the Internet or anything else. If I remember correctly it was either an early POS terminal or something used at an airline, I don’t remember, either way as far as I remember it did not work and you could not surf or do anything else on it. Even if it did the screen was about five inches diagonal and monochrome so who would want to?

“Space Rogue, a former army soldier with close cropped hair, hosted the Mac Whacked Archive, an FTP download site with the worlds largest collection of Apple hacking tools.” (pg 233)

It was the Whacked Mac Archives! I am going to blame this on Greenberg’s editors because I gave him an interview for this book and I know I didn’t give him the wrong name. Come on Andy, a simple Google search by your fact checker should have found this one. And another minor nitpick, it hosted Macintosh tools, not Apple. These days Mac and Apple pretty much mean the same thing but even as late as the mid nineties Macintosh software and Apple software were two completely different things.

“The first night Mudge entered the L0pht, the elite group of hackers were struck by his technical genius…” (pg 233)

Oh please, we were not, or at least I wasn’t. Greenberg is making it sound like some deity had descended from the heavens to walk among us mere mortals. Greenberg paints a very radiant picture here that would make a great movie scene but the reality is much more mundane. Very very few people were ever invited into the L0pht that we didn’t know, either in person or online, beforehand. So when Mudge first entered the L0pht we already knew him, who he was, and what he knew and he already knew, or knew of, us. The first meeting in the L0pht was mostly to discus L0pht logistics, like how much each person payed in rent, were he would sit, when we had meetings, etc… It was not an introduction. Were we impressed by his technical genius? Only so much as it matched our own. Mudge definitely has his own reality distortion field; his own cult of personality and that was definitely something that the L0pht needed at the time.

“But Count Zero was going through a messy divorce that kept him away from the L0pht for months at a time, long enough for Mudge to stake his claim.” (pg 233)

This reads like Mudge engineered some kind of coup to oust Count Zero and take control and that is absolutely NOT what happened. I will admit this episode was messy and handled about as well as a bunch of socially inept computer geeks could handle it but to imply that Mudge came in, kicked out Count Zero and took over is just flat out plain wrong.

“They sold T-shirts, attracted groupies…” (pg 234)

OK, how come no one told me about the groupies? Are there any left?

“At the next Black Hat security conference in Las Vegas, the software megalith’s executives took the L0pht out for an expensive dinner…” (pg 235)

This meeting did actually take place, I don’t remember if it was in conjunction with Black Hat or not, I seem to remember that it was not. Greenberg implies that the whole L0pht was present, we were not. Mudge was there, of course, and I think someone else might have attended but it definitely was not the whole L0pht as Greenberg implies.

“Eventually, several of the L0pht’s members would be hired to work for Microsoft as security consultants.” (pg 235)

As far as I know this is false, none of us were hired by Microsoft directly. I’ll admit I haven’t kept up with everyone’s employment history over the years so it is possible that maybe one of us did a few days or weeks of consulting but as far as I know that was not the case. What did happen sometime in the early 2000s is that Microsoft went on a massive security hiring binge, scooping up all the laid off talent from the security industry implosion after the dot com bubble burst. Many people who worked at @Stake, Guardent, Foundstone, etc ended up at Microsoft, some of them are still there but as far as I know no one from L0pht worked there in any capacity.

“…high level cabinet official travelled alone to clandestine meetings with digital miscreants.” (pg 241)

This sentence annoys me, especially the use of the words clandestine and miscreants. The meeting described here was not clandestine, I am sure it was on Clarke’s official travel schedule, and its not like we met in a dark alley or anything. In fact I’m not entirely sure this meeting happened exactly as it is described. I distinctly remember meeting Clarke with other L0pht members for the first time at John Harvard’s, we both had the chicken pot pie. Now maybe Mudge had an earlier meeting with Clarke as Greenberg described that I wasn’t aware of, I don’t know. Greenberg’s description of this cloak and dagger meeting seems more like a setup for a movie deal than something that actually happened. And what’s with the use of the word miscreant, the definition of which is depraved or villainous, come on.

“For a moment, Clarke huddled with his NSC colleagues in private conversation.” (pg 242)

The meeting Greenberg describes includes the L0pht, Clarke and four NSC guys but that is not how I remember it. At most there were two other guys with Clarke but I am pretty sure there was only one other guy with Clarke. I don’t remember most of the rest of this paragraph either. What I do remember took place in the parking lot outside the L0pht. Clarke was huddling with the other one or two NSC guys who were there, when Mudge standing of to the side with the rest of the L0pht guys yelled over to them, “Hey, we opened the Kimono and showed you ours, what are you guys talking about?” To which Clarke responded that he was very surprised by what he had witnessed at the L0pht and that up until that point he had always assumed that to do what we had been doing would take the support of a nation-state or other large organization, and not seven guys in a rented space in some warehouse. So Greenberg’s version has the same gist to it, just not exactly as how I remember.

“On the way they stopped at the NSA’s Cryptologic Museum and accidently drove past the guards into the agencies secure facility, before timidly backing out.” (pg 242)

If you have ever been to the Cryptological Museum you know that as described this isn’t really possible. The museum is public and open to anyone, however on the drive down we missed the exit off the highway for the museum, so we took the next exit. We found a place to turn around but before we realized it we were passing the NSA guard shack. Imagine a large Ford Econline van with out of state plates, at least four antennas on top and heavily tinted windows. We didn’t know if we should stop or keep going, the guard saluted us, we saluted back and the guard waved us through so we kept on driving. There really wasn’t anything timid about it. Once inside we quickly turned around, left and went back to the Museum. In fact if you ever go to the Cryptological Museum and look in the guest book back to 1998 you will see an entire page that we signed as “L0pht World Tour”

“and ended their trip hanging out with Secret Service agents at Archibald’s, a nearby strip club.” (pg 243)

Umm, no. We did not hang out with Secret Service agents at a strip club or any other type of club. I have no idea where Greenberg got this. It would definitely play well if Greenberg sells the movie rights to this book but it didn’t happen. I remember hanging out in the hotels Irish bar, having one glass of Guinness and then going to bed.

 

None of the items I have listed here are really all that egregious or detrimental to the story. However, since I was there, and I remember things slightly differently than how they have been portrayed by Greenberg I thought it important to illustrate those differences here. I think the biggest thing I have issue with is the tone Greenberg uses in certain sections, he accurately describes the physical L0pht as a technological clubhouse but then describes clandestine meetings and labels us as miscreants. The description of the L0pht and the events surrounding it only make up a few pages of the over all book but considering the inaccuracies and or liberties Greenberg has taken to describe this one small section I have to wonder what other parts have been slightly embellished or possibly misremembered from his other sources throughout the rest of the book.

On the other hand I am impressed by just how much Greenberg has gotten right. There have been numerous attempts over the years to accurately describe the L0pht and some of the events that surrounded it, despite the inaccuracies I have listed, this is as close as anyone has come. It is obvious that Greenberg put a lot of work into this book, or at least this section, and gathered information from a lot of sources.

Given the topical subject matter I would not be surprised at all to see this book optioned to a movie. Unfortunately a movie will only be two hours long and I don’t see how you would be able to fit this one chapter, let alone the entire book, into two hours without cutting out large chunks and glossing over the many details that took Greenberg so long to gather.

Emails From Michael In Iran

If publishing unsourced emails claiming to be from Iran is a newsworthy event then I guess we should all copy Mikko and do the same thing.

A few years ago I received a chain of emails from ‘Michael’ that started out as the normal ‘teach me to hack’ emails I receive on an almost daily basis but this email chain went on longer than usual and took several turns I don’t usually see in such emails. I thought they might be good for a laugh or a tear depending on your viewpoint.

TL;DR

The emails start in May of 2009 and go through to December, I have not included them all and have edited some for brevity.

Things start out simple enough saying how he is a 20yr old Iranian and is a fan of the L0pht. Pretty straight forward. I responded as I usually do to emails that are at least half way intelligent. I admit I don’t always get emails from Iran with a verifiable Iranian IP address.

Then comes the first turn, ‘Micheal’ asks me to teach him to ‘hack’ specifically so he can change his grades at University. For me thats a big no no right there. If you ask me to do, or teach you to do, anything even remotely illegal in email thats where I stop. I will no longer respond. I don’t want to be considered an accessory or an accomplice or be put in an un-winnable Adrian Lamo type situation. Not to mention the whole assisting a foreign power angle. So I just stopped responding.

But Michael wouldn’t give up, he sent me an email every day for weeks, then slowed down to a few times per week. Eventually he reached out other old L0pht members, those whose email address he could find, asking them if I was OK, saying he feared for my safety since I was not responding to emails. I will admit I felt a little bad at this because who knows maybe people just disappearing like that in his country is a sign of something sinister happening. I don’t know. My remorsefulness did not last long however.

Next came the names and the threats. ‘Michael’ called me a raciest and threatened to ‘destroy my life’ and that despite my lack of assistance he was going to become the worlds greatest hacker anyway and he was going direct his efforts at me. Then he was going to hack his University, graduate and travel to America to prove to me in person that he was a great hacker and that he did it all without my help.

I had a good laugh and a tear at the time, 2009, but as I read over these emails again and place them into the context of the ongoing ‘cyber’ cold war they really take on a different meaning. How many other people in Iran have similar motivations? I wonder if Michael ever made it through University, or maybe he got caught and ‘disappeared’? I will probably never know.

Email exchange with Michael from Iran

L0pht Hacker Space Visa

The L0pht was not the first hacker space, in fact at the time of its creation in Boston there were at least two other such spaces, Sinister House and Messiah Village, which later moved and became New Hack City, or simply New Hack. L0pht wasn’t even the cause of the recent explosion of hacker spaces across the globe. I like to think that as an early trail blazer L0pht had at least some influence in that explosion but I have no evidence to support it.

A few years ago I read about the Hacker Space Passport which I thought was a really cool idea except that my, and most peoples, do-it-yourself craft abilities are mostly sub optimal meaning that if I attempted to construct the Hacker Space Passport it would look like total crap. So I promptly forgot about it and went along with my day. But the idea was still sound, as you visit different Hacker Spaces or cons you would get a stamp in your Passport verifying your visit and giving you a sort of memento of your stay. Almost exactly like a real passport without the freedom grope, personal questions, and suspicious looks.

At some point when I wasn’t paying attention the Hacker Space Passport became somewhat popular. So much so that the online electronics store started by Lady Ada, who had visited the L0pht on several occasions, Adafruit Industries, has had some Hacker Space Passports professionally printed and is selling them for a whopping $2.95. As soon as I saw them I promptly ordered four. I am very impressed with the quality, almost exactly like my real passport, obviously without the RFID (although I am sure someone will find a way to hack one into it). It has multiple pages where people can get travel visa stamps for the hacker spaces they visit and a section in the front for identification, which is blank when you receive it. The visa pages have watermarked logos in the background of some famous hacker spaces and hacker cons. Trust me, it looks really cool, and I can’t wait to fill it with stamps from all over.

Of course the fact that the ID section of the passport was blank left me with a bit of a problem. I wanted it to look professional, which meant finding a typewriter to actually type my name into the passport. Umm, yeah, typewriters have pretty much fallen off the face of the planet and it requires much more effort than I am willing to expend on this project to find one. So I went to the arts and crafts store and picked up a .1mm fine art pen and wrote ‘SPACE’ and ‘ROGUE’ and ‘L0pht’ in the appropriate spots. I will print out my twitter avatar and stick it where the photo belongs. I also ordered some sticky hologram paper off eBay to cover the ID page to make it look all official.

On the Adafruit website Lady Ada has a video showing how your hacker space can create an official visa with a rubber stamp using a laser cutter. Which is cool and all, if you happen to have a laser cutter. I do not. So I spent $25 at one of those online rubber stamp companies and had one professionally made.

Now the L0pht doesn’t exist anymore, and hasn’t for over a decade, but in the eight or so years of its existence there were a large number of visitors, many of those visitors where from down the street and around the corner, some came from across the country or across the globe. Some came from government or big business. Most came to attend one of the L0phts legendary New Years parties, (always thrown on the absolute coldest day of the year) others came to just visit or talk about our latest research. To any of those people I say, get yourself a Hacker Space Passport, and I will stamp it with a historical L0pht visa to commemorate your visit. Now if you never had a chance to visit the L0pht and you have Passport, and really really want a stamp? We might be able to arrange something, especially if I am thirsty. (beer) I will carry the stamp around with me when I go out to cons so feel free to ask for stamp. I will be at Source, Thotcon, and YSTSCon as well as a few BSides in the next few months, catch me there and get your passport stamped!

L0phtCrack 6 to Be Released at Source Boston

L0phtCrack, the original and still the best password auditing tool for MS windows based systems, will be re-released at Source Boston by the original authors! That’s right Mudge, Dildog and Weld Pond have required the rights to the original L0phtCrack and plan to release a new version at the upcoming conference. The new L0phtCrack will have support for 64-bit windows and upgraded rainbow tables. Woohoo! Details on potential additional new features, and pricing have not yet been released but you can bet that it will be better than Symantec’s.

Source Boston 2009
L0phtCrack.com

HNN Archive Posted

I don’t really know who actually owns the Hacker News Network anymore. I own the domain now but the original content was part of the sale of L0pht to @Stake which was then sold to Symantec. At this point though I don’t really care anymore. If they want it they can come and get it and suffer the negative publicity as a consequence.

Therefore I am putting all of the old HNN files back online. I figure the files don’t do anyone any good wasting away on my hard drive. So if you want to check out the news from any day between September 10, 1998 and March 30, 2000 just click on one of those links and then change the date in the URL to the day you are looking for.

A couple of notes, these are just the raw news files, no pretty pictures or other chrome. If you find duplicate files, those were the weekends. I think I have all the days but some of them may be missing, I know the last few months are not there. These were all originally written in in raw html with no spell check, and my grammar ain’t no good neither. Almost all of the links will be broken (hey, its been ten years) but a few like CNN’s might still work.

On an unrelated note, WordPress is now at 2.6.3 (yeah, I know big deal) and you can now leave comments with your OpenID!

Standing on the Shoulders of Giants

In February of 1676 Sir Issac Newton wrote in a letter to Robert Hooke “If I have seen a little further it is by standing on the shoulders of Giants.” implying that while he may have come up with the final idea he was only able to do so because of the work of those that had gone before him.

Weld Pond (Chris Wysopal) accurately points out that this also applies to security researchers. Seldom is a major security flaw discovered that isn’t related to the previous work of an older technology. His case in point is the recent flaw patched by Microsoft of a almost decade old vulnerability. The original vulnerability has been widely credited to Sir Dystic (Josh Buchbinder) but Dystic’s research was based in part on work by DilDog (Christien Rioux). Dildog wasn’t the first to find the flaw either as it was mentioned in a earlier paper by Dominique Brezinski. Weld argues that this is why credit for security research is so important.


On a completely unrelated note Mudge (Peiter Zatko) was recently quoted by Mass High Tech (again) on the subject of voting machine security.

Mudge Cover’s Mass High Tech

So I get into work this morning and grab my snail-mail and throw it on my desk and go grab my morning oatmeal and glass of water. I get back to my desk and start eating my oatmeal as I go through my mail. Things like fake domain name renewal bills, pleas from wireless phone companies to switch services, a copy of Information Week, the normal crap that finds it way into the IT Managers inbox. Then I get to this weeks (August 22-28) copy of Mass High Tech and oatmeal spews out of my nose! Why? Freaking a big ass above the fold picture of Mudge’s fat smiling face staring back at me. Seriously his face takes up like half the damn page.

The online version is much smaller. Here is a scan of the front cover [PDF]. Just make sure you have finished your oatmeal before you open it.

Oh, the story? It is about finding security holes in heart defibrillators. Which is important I guess, and I suppose I would find it more interesting if I or someone I know actually had one of these implanted. Personally I can’t wait until someone starts looking at wireless utility meters.

Hackernews.com 10 Years Old Today

The registration info for hackernews.com says the domain was first registered on July 29, 1998. Ten years ago, today. wow. You know, long strange trip and all that. News wasn’t actually posted to the site until a month or so later but July 29th is as good day as any to celebrate. (or should that be commiserate?) HNN was only around for a little under two years but I like to think the site had a pretty big impact, not just on the hacker underground it reported on, but the security industry as a whole. Hell, at one point MSNBC claimed that HNN was “the voice of reason” amongst all the hype. When HNN started search engines were just starting to aggregate news, hell even Slashdot was new, by the end the ‘security portal’ was all the rage. The site existed during that formative stage of the security industry before which security was something seldom thought of and after which Venture Capitalist where throwing money at it.

For a walk down memory lane take a look at the first news day September 10, 1998 (Spelling mistakes and all, ahhh Spaceronics!) and the last day I posted the news June 16, 2000 (What is really amazing is that the links to CNN on the 1998 page STILL WORK! ten years later. Kudos to whoever built that site.)

Cyber UL – Reloaded

So about nine years ago Tan at the L0pht first wrote about the creation of a Cyber Underwriters Laboratory. Like the real UL the Cyber UL would be tasked with independently testing and evaluating software, specifically security related software without the influence of vendors. At the time no one paid much attention and the idea went pretty much nowhere. Since then, in the wake of broke non-secure USB drives and people still using XOR encryption, such luminaries such as Bruce Schneier and even myself have commented that such an organization is sorely needed.
Well Tan has now responded himself with a followup to his original paper. The new paper Cyber Underwriters Laboratories – Reloaded takes a look at the PCI compliance required by VISA as a possible starting ground or model for such an organization.
Lets hope that this time people realize that the importance of such software evaluations is critical not just to the future of online commerce but is critical to the future of simply being online.
 



Quickies and L0pht News

There have been a lot of things happening in the security world lately that I have wanted to write about like Geekonomics, the half million pictures pilfered from MySpace and the accompanying torrent file, how the NSA has wrestled control of the nations cyber-security away from DHS, how the recently proposed Protect America Act won’t, that Yahoo’s CAPTCHA has been cracked (not wide open but open enough), about Bruce Schnier’s excellent speech down under, how the Feds are getting rid of admin rights on XP boxes (about time) and of course about the CyberWar that wasn’t really. Like I said a lot of stuff going on recently to write about but I’ve just been to busy.

But what I really wanted to mention today was that the L0pht reuion I mentioned earlier seems to be becoming a pretty big deal. Did I mention the Pub Crawl?
 
P.S. Looks like the latest version of WordPress hosed some of my site. (Like the HNN archive) I’ll try to have it back online soon.