SPACE ROGUE

Book Review: This Machine Kills Secrets
By: Andy Greenberg
Penguin Group 2012
ISBN 978-1-101-59358-5

*Page references have been taken from the electronic iPad version

I’ll admit I haven’t finished the whole book yet but the way the book portrays some events I was involved in differs from my own memory. I wanted to highlight those sections, especially since I am quoted in the book more than once. In general Greenberg has done an excellent job in describing the L0pht and some of the events that took place around it but I take issue with some of the descriptions of places and things, while not inaccurate, Greenberg’s choice of adjectives describes settings in entirely different lights than how I remember them.

“exploring the dark corners of the Internet and charting the back doors in labyrinth alleys” (pg. 203)

I have never understood this type of definition of the early Internet. The mid nineties Internet was small, it was unbelievably tiny compared with today. There were no “labyrinth alleys”, it was not a dark and foreboding place at all, at least not to me. To me it was just the opposite, the Internet helped to shine bright lights on subjects I knew little or nothing about at the time and not just technological topics. In the mid nineties the net was a wealth of information with easy access to experts on any subject. It was free from advertisements or sites just looking for page views. There was nothing really dark or labyrinth about it at all. Describing it as such two decades later makes for great reading though.

“where Mudge was often regarded as the most visible and brilliant member.” (pg 203)

This sentence implies that I, and the rest of the L0pht, thought Mudge was the most brilliant of all of us. Was he the most visible? Absolutely, and that was mostly by design. But was he the most brilliant? No, none of us were. All of us had our own strengths, our own areas of brilliance, including Mudge. The L0pht is the only organization I have ever been involved in that came as close as you can to a true egalitarian structure, a meritocracy, where no one was any more brilliant than any one else. We all had individual strengths, each strength complimented each others weaknesses, a lot of those strengths over lapped, but to imply, as Greenberg has, that Mudge was considered the most brilliant by the other members of the L0pht is woefully inaccurate.

“It was a young male scene drawn from an online bulletin board called the Works, where Zatko had made a name for himself under the pseudonym “Mudge.” (pg. 232)

First the board was known as The Works, a minor nitpick for sure, and it wasn’t 100% male but women were definitely outside the norm. By the time Works Gatherings were occurring everyone pretty much new Mudge anyway. Other boards such as ATDT East and Black Crawling Systems where considered much more ‘elite’ than The Works. The Works was more of a social hangout and info repository while other boards took the technological lead. That is why it fell onto The Works to have these in the flesh get-togethers known as Works Gatherings. This was long before 2600 meetings started happening in Boston, which the Works Gatherings eventually morphed into. But to say that Mudge or anyone made a name for themselves on The Works shows a lack of understanding of the dynamics of the early 90s BBS scene in the 617 area code. Such an understanding would probably take a lot longer to explain than the one sentence Greenberg gives it or the one paragraph I am giving it here.

“In later incarnations, the L0pht would add a PC with web access rigged to the toilet for convenient web browsing.” (pg. 232)

Yes, we had an old terminal in the bathroom. No, it was not rigged to browse the Internet or anything else. If I remember correctly it was either an early POS terminal or something used at an airline, I don’t remember, either way as far as I remember it did not work and you could not surf or do anything else on it. Even if it did the screen was about five inches diagonal and monochrome so who would want to?

“Space Rogue, a former army soldier with close cropped hair, hosted the Mac Whacked Archive, an FTP download site with the worlds largest collection of Apple hacking tools.” (pg 233)

It was the Whacked Mac Archives! I am going to blame this on Greenberg’s editors because I gave him an interview for this book and I know I didn’t give him the wrong name. Come on Andy, a simple Google search by your fact checker should have found this one. And another minor nitpick, it hosted Macintosh tools, not Apple. These days Mac and Apple pretty much mean the same thing but even as late as the mid nineties Macintosh software and Apple software were two completely different things.

“The first night Mudge entered the L0pht, the elite group of hackers were struck by his technical genius…” (pg 233)

Oh please, we were not, or at least I wasn’t. Greenberg is making it sound like some deity had descended from the heavens to walk among us mere mortals. Greenberg paints a very radiant picture here that would make a great movie scene but the reality is much more mundane. Very very few people were ever invited into the L0pht that we didn’t know, either in person or online, beforehand. So when Mudge first entered the L0pht we already knew him, who he was, and what he knew and he already knew, or knew of, us. The first meeting in the L0pht was mostly to discus L0pht logistics, like how much each person payed in rent, were he would sit, when we had meetings, etc… It was not an introduction. Were we impressed by his technical genius? Only so much as it matched our own. Mudge definitely has his own reality distortion field; his own cult of personality and that was definitely something that the L0pht needed at the time.

“But Count Zero was going through a messy divorce that kept him away from the L0pht for months at a time, long enough for Mudge to stake his claim.” (pg 233)

This reads like Mudge engineered some kind of coup to oust Count Zero and take control and that is absolutely NOT what happened. I will admit this episode was messy and handled about as well as a bunch of socially inept computer geeks could handle it but to imply that Mudge came in, kicked out Count Zero and took over is just flat out plain wrong.

“They sold T-shirts, attracted groupies…” (pg 234)

OK, how come no one told me about the groupies? Are there any left?

“At the next Black Hat security conference in Las Vegas, the software megalith’s executives took the L0pht out for an expensive dinner…” (pg 235)

This meeting did actually take place, I don’t remember if it was in conjunction with Black Hat or not, I seem to remember that it was not. Greenberg implies that the whole L0pht was present, we were not. Mudge was there, of course, and I think someone else might have attended but it definitely was not the whole L0pht as Greenberg implies.

“Eventually, several of the L0pht’s members would be hired to work for Microsoft as security consultants.” (pg 235)

As far as I know this is false, none of us were hired by Microsoft directly. I’ll admit I haven’t kept up with everyone’s employment history over the years so it is possible that maybe one of us did a few days or weeks of consulting but as far as I know that was not the case. What did happen sometime in the early 2000s is that Microsoft went on a massive security hiring binge, scooping up all the laid off talent from the security industry implosion after the dot com bubble burst. Many people who worked at @Stake, Guardent, Foundstone, etc ended up at Microsoft, some of them are still there but as far as I know no one from L0pht worked there in any capacity.

“…high level cabinet official travelled alone to clandestine meetings with digital miscreants.” (pg 241)

This sentence annoys me, especially the use of the words clandestine and miscreants. The meeting described here was not clandestine, I am sure it was on Clarke’s official travel schedule, and its not like we met in a dark alley or anything. In fact I’m not entirely sure this meeting happened exactly as it is described. I distinctly remember meeting Clarke with other L0pht members for the first time at John Harvard’s, we both had the chicken pot pie. Now maybe Mudge had an earlier meeting with Clarke as Greenberg described that I wasn’t aware of, I don’t know. Greenberg’s description of this cloak and dagger meeting seems more like a setup for a movie deal than something that actually happened. And what’s with the use of the word miscreant, the definition of which is depraved or villainous, come on.

“For a moment, Clarke huddled with his NSC colleagues in private conversation.” (pg 242)

The meeting Greenberg describes includes the L0pht, Clarke and four NSC guys but that is not how I remember it. At most there were two other guys with Clarke but I am pretty sure there was only one other guy with Clarke. I don’t remember most of the rest of this paragraph either. What I do remember took place in the parking lot outside the L0pht. Clarke was huddling with the other one or two NSC guys who were there, when Mudge standing of to the side with the rest of the L0pht guys yelled over to them, “Hey, we opened the Kimono and showed you ours, what are you guys talking about?” To which Clarke responded that he was very surprised by what he had witnessed at the L0pht and that up until that point he had always assumed that to do what we had been doing would take the support of a nation-state or other large organization, and not seven guys in a rented space in some warehouse. So Greenberg’s version has the same gist to it, just not exactly as how I remember.

“On the way they stopped at the NSA’s Cryptologic Museum and accidently drove past the guards into the agencies secure facility, before timidly backing out.” (pg 242)

If you have ever been to the Cryptological Museum you know that as described this isn’t really possible. The museum is public and open to anyone, however on the drive down we missed the exit off the highway for the museum, so we took the next exit. We found a place to turn around but before we realized it we were passing the NSA guard shack. Imagine a large Ford Econline van with out of state plates, at least four antennas on top and heavily tinted windows. We didn’t know if we should stop or keep going, the guard saluted us, we saluted back and the guard waved us through so we kept on driving. There really wasn’t anything timid about it. Once inside we quickly turned around, left and went back to the Museum. In fact if you ever go to the Cryptological Museum and look in the guest book back to 1998 you will see an entire page that we signed as “L0pht World Tour”

“and ended their trip hanging out with Secret Service agents at Archibald’s, a nearby strip club.” (pg 243)

Umm, no. We did not hang out with Secret Service agents at a strip club or any other type of club. I have no idea where Greenberg got this. It would definitely play well if Greenberg sells the movie rights to this book but it didn’t happen. I remember hanging out in the hotels Irish bar, having one glass of Guinness and then going to bed.

None of the items I have listed here are really all that egregious or detrimental to the story. However, since I was there, and I remember things slightly differently than how they have been portrayed by Greenberg I thought it important to illustrate those differences here. I think the biggest thing I have issue with is the tone Greenberg uses in certain sections, he accurately describes the physical L0pht as a technological clubhouse but then describes clandestine meetings and labels us as miscreants. The description of the L0pht and the events surrounding it only make up a few pages of the over all book but considering the inaccuracies and or liberties Greenberg has taken to describe this one small section I have to wonder what other parts have been slightly embellished or possibly misremembered from his other sources throughout the rest of the book.

On the other hand I am impressed by just how much Greenberg has gotten right. There have been numerous attempts over the years to accurately describe the L0pht and some of the events that surrounded it, despite the inaccuracies I have listed, this is as close as anyone has come. It is obvious that Greenberg put a lot of work into this book, or at least this section, and gathered information from a lot of sources.

Given the topical subject matter I would not be surprised at all to see this book optioned to a movie. Unfortunately a movie will only be two hours long and I don’t see how you would be able to fit this one chapter, let alone the entire book, into two hours without cutting out large chunks and glossing over the many details that took Greenberg so long to gather.

If publishing unsourced emails claiming to be from Iran is a newsworthy event then I guess we should all copy Mikko and do the same thing.

A few years ago I received a chain of emails from ‘Michael’ that started out as the normal ‘teach me to hack’ emails I receive on an almost daily basis but this email chain went on longer than usual and took several turns I don’t usually see in such emails. I thought they might be good for a laugh or a tear depending on your viewpoint.

TL;DR

The emails start in May of 2009 and go through to December, I have not included them all and have edited some for brevity.

Things start out simple enough saying how he is a 20yr old Iranian and is a fan of the L0pht. Pretty straight forward. I responded as I usually do to emails that are at least half way intelligent. I admit I don’t always get emails from Iran with a verifiable Iranian IP address.

Then comes the first turn, ‘Micheal’ asks me to teach him to ‘hack’ specifically so he can change his grades at University. For me thats a big no no right there. If you ask me to do, or teach you to do, anything even remotely illegal in email thats where I stop. I will no longer respond. I don’t want to be considered an accessory or an accomplice or be put in an un-winnable Adrian Lamo type situation. Not to mention the whole assisting a foreign power angle. So I just stopped responding.

But Michael wouldn’t give up, he sent me an email every day for weeks, then slowed down to a few times per week. Eventually he reached out other old L0pht members, those whose email address he could find, asking them if I was OK, saying he feared for my safety since I was not responding to emails. I will admit I felt a little bad at this because who knows maybe people just disappearing like that in his country is a sign of something sinister happening. I don’t know. My remorsefulness did not last long however.

Next came the names and the threats. ‘Michael’ called me a raciest and threatened to ‘destroy my life’ and that despite my lack of assistance he was going to become the worlds greatest hacker anyway and he was going direct his efforts at me. Then he was going to hack his University, graduate and travel to America to prove to me in person that he was a great hacker and that he did it all without my help.

I had a good laugh and a tear at the time, 2009, but as I read over these emails again and place them into the context of the ongoing ‘cyber’ cold war they really take on a different meaning. How many other people in Iran have similar motivations? I wonder if Michael ever made it through University, or maybe he got caught and ‘disappeared’? I will probably never know.

Email exchange with Michael from Iran

Back in the nineties, the glory days of Hacking, just after the golden age of the late eighties, many companies were starting to get into the whole Internet Security thing. Everyone and their brother had an Internet Security company and VC were just crawling over each other to give them money. One thing most of the early companies had in common was a staunch refusal to hire ‘hackers’. They would give speeches at conferences and say ‘We hire only the best security experts, but no hackers’ They would issue press releases that said the same thing. I remember reading these and laughing because all the hackers I knew worked at these very same companies. (The ISS XForce said this all the time, and everyone who worked there was a hacker.)

At the time this was a brand new industry that basically took shape over night. There were so many security startups you literally couldn’t through a rock without hitting one. Foundstone, Guardent, @Stake, and those are just the big names that I remember off the top of my head, there were dozens of other smaller firms all vying for a piece of the pie and for the ever decreasing pool of talent. Basically if you knew what a war dialer was, could run a file of hashes through L0phtCrack and knew how to clear your browser cache you were hired as a Security expert at a 100K a year. It was that easy.

So what did all us hackers do? Well, we got jobs naturally. We got jobs at the very same companies who said “We don’t hire hackers”. Very very few of us actually had criminal records and those who did usually had them sealed due to a juvenile status at the time. So when it came time to fill out the employment history on the job application you filled it out truthfully, Landscaper, Burger King, Tech Support, and now Security Expert. Nowhere did you write down ‘Hacker’. When we went into the job interview we did not wear a big sign around our necks that said ‘Hacker’.

At some point after @Stake acquired the hacker think tank L0pht Heavy Industries this whole ‘we don’t hire hackers’ thing started to change. A lot of companies saw that it added to their credibility to say that they had a hacker or two on staff or if they didn’t actually publicize it they definately didn’t make assinine statements like “We don’t hire Hackers”.

Well, I guess things have come around full circle. Because Enrique Salem over at Symantec has stated that “You always worry about [grey hats]. Symantec has a standing policy that we don’t hire anyone to be a part of our company who has done any kind of known hacking,” he said. “We will not employ hackers.”

Enrique has been at Symantec for 16 years now but maybe he was to busy doing whatever is was he was doing before he got the CEO job in April to realize that his company does hire hackers. Or at least they did ten years ago when they bought @Stake and its old L0pht (and CDC) members. (OK, so I guess technically they bought them and didn’t actually hire them but semantics.)(Hey, always wanted to make that pun, hehe) At least one of the old L0pht folks was still working there up until a few years ago.

But even now there are more people than I can count on one hand who I know personally that work at Symantec who are publicly well known hackers. They speak at Hacker cons, are known by their handles and call themselves hackers. They don’t go around advertising where they work but its not a big secret to those of us in the community. I don’t think they have criminal records and I doubt they go around breaking into other peoples computers but then hacker does not equal criminal.

If you want to go around and say “We don’t hire hackers” that’s fine, just realize that there aren’t going to be very many people left to hire and you sound like an idiot when you say it. (Hey, DHS, are you listening?)

L0phtCrack, the original and still the best password auditing tool for MS windows based systems, will be re-released at Source Boston by the original authors! That’s right Mudge, Dildog and Weld Pond have required the rights to the original L0phtCrack and plan to release a new version at the upcoming conference. The new L0phtCrack will have support for 64-bit windows and upgraded rainbow tables. Woohoo! Details on potential additional new features, and pricing have not yet been released but you can bet that it will be better than Symantec’s.

Source Boston 2009
L0phtCrack.com

In February of 1676 Sir Issac Newton wrote in a letter to Robert Hooke “If I have seen a little further it is by standing on the shoulders of Giants.” implying that while he may have come up with the final idea he was only able to do so because of the work of those that had gone before him.

Weld Pond (Chris Wysopal) accurately points out that this also applies to security researchers. Seldom is a major security flaw discovered that isn’t related to the previous work of an older technology. His case in point is the recent flaw patched by Microsoft of a almost decade old vulnerability. The original vulnerability has been widely credited to Sir Dystic (Josh Buchbinder) but Dystic’s research was based in part on work by DilDog (Christien Rioux). Dildog wasn’t the first to find the flaw either as it was mentioned in a earlier paper by Dominique Brezinski. Weld argues that this is why credit for security research is so important.

On a completely unrelated note Mudge (Peiter Zatko) was recently quoted by Mass High Tech (again) on the subject of voting machine security.

Former L0pht member, Defcon Badge Designer, Triathelete, new father, and urban clothing designer Kingpin (aka, Joe Grand) can now add yet another title to his resume, TV Star! The premier of the Discovery Channel’s new show Prototype This! debut’s Wednesday October 15 at 8PM. Sort of a cross between Junkyard Wars and Myth Busters Kingpin acts the groups electronics wizard. For the first episode the team builds a mind controlled car. Be sure to check your local listings!

Hope someone throws this up on the Bay ’cause I don’t get cable.

About eight years ago a media story broke about how some “hackers” took over a British Ministry of Defense Satellite and were holding it for ransom. Anyone who knew anything about Command and Control systems for satellites knew this would be almost impossible especially for a military satellite. That didn’t stop Newsbytes, Yahoo News, ZDNet, even Reuters from running the story and sensationalizing the crap out of it. None of the ‘legitimate’ media questioned the story at all. They just reran the original Sunday Business story. The only website that I know of that questioned the story at the time was The Hacker News Network.. It was the questioning of that story that prompted Brock Meeks of MSNBC to label HNN as “the voice of reason”. As it turned out no confirmation of the original story was ever obtained, the Ministry of Defense flat out denied the event ever took place and the Sunday Business never revealed where the story came from.
So? Big deal? What’s the point of this walk down memory lane? Well, here it is eight years later and the same crappy media is republishing the same bullshit story as truth and fact. Evidently Corinne Iozzio over at PC Magazine, nor her (his?) editors can be bothered to do basic journalism, simple research or check facts. No, can’t let facts get in the way of a good headline and increased page views and ad impressions. So now this supposed ‘hack’ that as far as I can tell never actually happened, is the second most mysterious unsolved cyber crime. I suppose, on the Internet, if you repeat something enough times it magically turns into fact?

For reference here are the old HNN pages from March 1, 1999 and March 2, 1999. Unfortunately the chrome is gone and none of the links work anymore but the content is unchanged.

UPDATE: Thanks to Google’s 10th Anniversary Archive from 2001 and the Internet Archive a few quick searches help to confirm that the original story was fake. (Hey, Corinne, this took me all of about ten minutes.)

ZDNet – via Internet Archive “Our Satellites are Hack Proof”
Geek.com – via Internet Archive “Satellite hack is impossible, says UK”
Reuters Retraction – via Shmoo.com “British Defense Ministry Dismisses Hacker Report”

So I get into work this morning and grab my snail-mail and throw it on my desk and go grab my morning oatmeal and glass of water. I get back to my desk and start eating my oatmeal as I go through my mail. Things like fake domain name renewal bills, pleas from wireless phone companies to switch services, a copy of Information Week, the normal crap that finds it way into the IT Managers inbox. Then I get to this weeks (August 22-28) copy of Mass High Tech and oatmeal spews out of my nose! Why? Freaking a big ass above the fold picture of Mudge’s fat smiling face staring back at me. Seriously his face takes up like half the damn page.

The online version is much smaller. Here is a scan of the front cover [PDF]. Just make sure you have finished your oatmeal before you open it.

Oh, the story? It is about finding security holes in heart defibrillators. Which is important I guess, and I suppose I would find it more interesting if I or someone I know actually had one of these implanted. Personally I can’t wait until someone starts looking at wireless utility meters.

So The Last HOPE is over and while I am still here in New York (the reason why I’ll save for another day) I have been contemplating the events of the weekend. All in all I thought the con ran extremely well which is a bit unusual in my experience for HOPE. While there were a few excellent talks that I mentioned in my previous post I found many of the talks to be… elementary. But hacker cons are sooo much more than just the talks and presentations, they are time to reconnect with old friends, friends you only see at cons and online. Time to drink bears and retel old war^h^h^h hacking stories. The fact that this is the “Last” HOPE and that 2600 the book has just been released I have been reflecting on my own travels through this underground maze. From my first real introduction to hacker culture at HoHo Con ‘92 held in Houston Texas to the ‘last’ Pump con in Philadelphia just a few years ago. In ‘92 the internet did exist but getting access to it was a bit more difficult. I remember making a modem call from my HP95LX from my hotel room to post news from HoHo con back on the hometown BBS. By the time of the first HOPE in 1995 the Internet was much more prolific but still new and shiny. The First HOPE captured that excitment of newness and the possibilities that it presented. Here at The Last HOPE people are live twittering (tweeting?), disecting talks and heckling in real time from behind keyboards. Change is of course inevitable but I think what I am seing here is a change in the culture itself. Sure parents are now bringing their kids to the same cons they snuck out of the house to go to, but I think it is more than just the core population growing older. There is a definite shift in how people interact and react to each other and technology. I haven’t quite been able to put my finger on it but I have been feeling it all weekend. Much like the first HOPE opened a new chapter I got the feeling that this last HOPE is closing a chapter in hacker history and culture. It makes me wonder what comes next?

P.S. Rumour has it that the Hotel Pennsylvania will not be torn down due to the poor economy. In which case, if it is still standing, the next HOPE will be in 2010. (Eternal HOPE?, HOPE Pheonix?). Personally I think if this con continues they should come up with a new name. The era of HOPE is over.

After you attend more than a half dozen or so hacker cons you start to realize several recurring themes amoung presentation topics. Topics such as Freedom of Information Act requests, hacker spaces, or hacker history have been done several times at various cons. The Last Hope is no different as these topics have recurred here as well. The difference here is that the presentors of these topics have each taken a different more interesting slant and have actually presented new and useful information. The FOIA talk has actually motivated me to file a few requests myself. The Hacker Spaces presenation actually broke down many of the problems that we ran into at the L0pht and even some we didn’t have and actually codified them all with solutions creating almost a blueprint for anyone wanting to create thier own hacker space. And Sketch Cow’s talk on hacker history makes you stop and think when you realize that future historians may only have major media sources such as hollywood movies and copies of Newsweek to try to understand what all hacker culture was all about.

Looking forward today to talks on Phone Phreaking History, Copying High Security Keys, Honeypots for the Home User, and the premier of Hackateer.

Can’t be here and are missing all the action? Check out the Live twitter feed and the Flickr stream.