May 20th, 1998
Hackers testify they can crash Internet service in a half-hour
By James W. Brosnan
SCRIPPS HOWARD NEWS SERVICE
A band of seven hackers from Boston told a Senate
Committee yesterday that they could bring down the
foundations of the Internet in 30 minutes.
Testifying under their Internet aliases -- Mudge, Brian
Oblivion, Space Rogue, Kingpin, Weld Pond, John Tan and
Stefan Von Neumann -- the hackers said that by interfering
with the links between long-distance phone carriers such as
AT&T and MCI they could disrupt Internet service for a
couple of days.
The hackers, known collectively as LOpht, opened a
series of hearings by Senate Governmental Affairs
Committee Chairman Fred Thompson, Tennessee Republican,
on the security of government and commercial computer and
telecommunication networks.
Mr. Thompson released a pair of reports by the
congressional General Accounting Office that said the State
Department and the Federal Aviation Administration's air
control system are highly vulnerable to hacking.
In a test, congressional investigators accessed the
travel itineraries of U.S. diplomats, employment records and
e-mail traffic and were even able to take control of the
State Department's computers. Much of the FAA report was
so scary it was classified.
Utilities, stock exchanges, the Federal Reserve and
taxpayer credit and medical records also are at risk, Mr.
Thompson said.
"It seems the more technologically advanced we've
become the more vulnerable we've become," he said. "Our
nation's underlying information infrastructure is riddled
with security flaws."
The LOpht hackers blamed the poor security on the
patchwork nature of the Internet networks, government
laxity and the indifference of makers of operating systems
and software to security concerns.
"Simple security measures are missing from almost
all the software sold to companies today," Mudge said.
For instance, while Microsoft claims its Windows NT
server for businesses is more secure than Windows 95 for
personal users, Weld Pond said hackers usually can break
into an NT system in less than a day.
Mr. Thompson predicted it is only a matter of time
before Microsoft and other software makers find themselves
being sued by a company whose system has been penetrated
through their software.
Not all the testimony was bleak. The hackers said it
is far easier to interfere with service than to change data
or issue commands. For instance, the Global Positioning
Satellite system used in military and some civilian aircraft
for navigation can be jammed, but it is unlikely a hacker
could move a satellite's position, the hackers testified.
Still, Space Rogue said, a determined group of hackers
could "wreck havoc in the country."
The LOpht hackers, who are in their 20s and 30s, meet
in a Boston loft after their day jobs to probe for weaknesses
in computer, cellular phone and other communications
networks. They then alert the targets about any weaknesses
and in some cases make the information public if the
targets do not improve security.
Copyright © 1998 News World Communications, Inc.
<__b.a.c.k.______