Hacker group L0pht makes a comeback, of sorts

The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.

This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security.

Slideshow: 10 of the worst moments in network security history

Hacker News Network is one of the side projects of the Boston-based hacker collective known as L0pht Heavy Industries. They're the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.

The L0pht's eight members were hacker gods back in the '90s, but most of them have faded from the limelight, even as they've watched a cottage industry of security research firms sprout up based on many of the disclosure techniques they pioneered. The L0pht disbanded after it sold out to consultancy @stake in 2000, and its members gradually watched their dream of being paid to do cutting-edge hacking and security research wither and die.

But over the past few months, the L0pht has been getting back together, kind of.

Six of the eight members reunited last year at a Boston security conference, and in May 2009, members of the group released the first update to their L0phtCrack password audit tool since 2005. They say it took a few years of negotiations with Symantec -- which bought @stake in 2004 -- to get back control of L0phtCrack and several other L0pht properties.

Last month the L0pht Web site went back online, and the demo version of Hacker News Network is set for an official launch on Jan. 11, 2010. (Chosen because the date 01-11-10 works as a binary number.)

The L0pht Web site will give members a single place to link to their current projects. Peiter Zatko, aka Mudge, says he'd like to use it as an archive of the group's historic security advisories.

More projects may evolve. The group acquired the rights to its AntiSniff network monitoring tool from Symantec and is toying with the idea of reviving that as well.

"We're still trying to figure out what the ultimate goals are," said Joe Grand, aka Kingpin. "But I’m just happy that we can be in touch on a personal level and not have to deal with business, not have to deal with politics, and just have a place to do stuff."

Business and company politics pretty much killed the L0pht, according to some members. The core members sold their business to @stake in the hopes that with a deep-pocketed corporate sponsor, they would be free to do hacking projects that really interested them, such as drawing attention to important security problems that were being ignored by software vendors.

Mudge describes the L0pht's early security advisories as "very much a Rachel Carson-meets-Consumer Reports sort of attempt." (Carson was a biologist who advanced the environmentalist movement in the '60s.) Initially, the group tried to apply that neutral Consumer Reports model to its @stake work, refusing to take money or free products from vendors. "It drove the venture capitalists nuts because we'd be turning down the money," he said.

The IDG News Service is a Network World affiliate.