L0pht

The second character in its name was originally a slashed zero, a symbol used by old teletypewriters and some character mode operating systems to mean zero. Its modern online name, including its domain name, is therefore "l0pht" (with a zero, not a letter O or Ø).

The origin of the L0pht can be traced to Brian Oblivion and Count Zero, two of the founding members, sharing a common loft space in South Boston with their wives (Mary and Alicia) who ran a hat business in one half of the space and helped to establish an IRL communal work space. There they experimented with their own personal computers, equipment purchased from the Flea [http://w1mx.mit.edu/flea-at-mit The Flea at MIT | The MIT Radio Society] at MIT, and items obtained from dumpster diving local places of interest.{{cite book|url=https://books.google.com/books?id=abpeAAAAIAAJ&q=dumpster|title=L0pht dumpster diving cited in 24 Hours in Cyberspace by Rick Smolan and Jennifer Erwitt|access-date=2008-12-12|publisher=QUE Macmillan|isbn=978-0-7897-0925-7|author1=Smolan, Rick|author2=Erwitt, Jennifer|year=1996}}

Founded in 1992 the L0pht quickly became a location for its members to store their computer hardware and work on various projects.{{cite web|url=https://www.pbs.org/newshour/bb/cyberspace/jan-june98/l0pht_hackers.html|title=Online NewsHour: L0pht on Hackers|website=PBS |date=1998-05-08 |archive-url=https://web.archive.org/web/20000311135015/http://www.pbs.org/newshour/bb/cyberspace/jan-june98/l0pht_hackers.html |archive-date=2000-03-11}}{{cite news |date=7 Feb 2000 |title=Space Rogue |url=https://www.forbes.com/2000/02/07/penenberg_0207.html#2692fae510da |work=Forbes |location=USA |access-date=18 Dec 2017}} In time, the members of L0pht quit their day jobs to start a business venture named L0pht Heavy Industries, a hacker think tank. The business released numerous security advisories. They also produced widely used software tools such as L0phtCrack, a password cracker for Windows NT, a POCSAG decoder, and CD software collections.

In 1997, on August 8–10, Mudge, Brian Oblivion, Kingpin, Space Rogue, Stefan, Weld Pond, and John Tan of L0pht discussed recent projects and accomplishments, Windows NT, new projects, emerging trends and shortcomings in technologies, with Q&A session at Beyond HOPE at the Puck Building in New York City.Archived at [https://ghostarchive.org/varchive/youtube/20211211/IHhniy9zPoQ Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20141015153039/http://www.youtube.com/watch?v=IHhniy9zPoQ Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=IHhniy9zPoQ|title=Beyond HOPE: The L0pht (Complete)|last=mhzghz2|date=25 July 2012|access-date=24 July 2018|via=YouTube}}{{cbignore}}

In October 1999 L0pht was featured in a lengthy article in the New York Times Sunday Magazine.{{cite news

|url=https://www.nytimes.com/1999/10/03/magazine/hack-counterhack.html?scp=2&sq=l0pht%20heavy&st=cse

|archive-url=https://web.archive.org/web/20151016141033/https://www.nytimes.com/1999/10/03/magazine/hack-counterhack.html?scp=2&sq=l0pht%20heavy&st=cse

|archive-date=16 October 2015

|title=HacK, CouNterHaCk|date=1999-10-03

|author=Bruce Gottlieb

|work=The New York Times}} In the article Jeffrey Hunker, NSC's then Director of Information Protection, said about L0pht, "Their objective is basically to help improve the state of the art in security and to be a gadfly, so to speak."

In January 2000, L0pht Heavy Industries merged with the startup @stake, completing the L0pht's slow transition from an underground organization into a "whitehat" computer security company.{{cite web|url=http://www.infoworld.com/articles/ic/xml/00/01/07/000107icstake.html|title=Odd coupling links hackers with security firm|date=2000-01-07 |

archiveurl=https://web.archive.org/web/20041116162703/http://www.infoworld.com/articles/ic/xml/00/01/07/000107icstake.html |archive-date=2004-11-16}} Symantec announced its acquisition of @stake on September 16, 2004, and completed the transaction on October 8 of that year.{{cite web |url=http://www.symantec.com/press/2004/n041008.html |title=Symantec Completes @stake Acquisition |date=2004-10-08 | archive-url=https://web.archive.org/web/20041009230742/http://www.symantec.com/press/2004/n041008.html |archive-date=2004-10-09}}

In March 2006, Weld Pond and Dildog founded application security company Veracode as a spin out from Symantec. The Veracode static binary analysis technology was built at @stake, based on prototypes and ideas incubated at the L0pht.

On March 14, 2008, several members of L0pht sat at a panel at a standing-room-only group of infosec professionals at SOURCE:Boston. Present were Weld Pond, John Tan, Mudge, Space Rogue, Silicosis and Dildog.{{cite web

|url=http://www.sourceboston.com/blog/?p=27

|title=SOURCE:Boston L0pht Panel on the SOURCE:Boston blog

|access-date=2008-03-14

|url-status=dead

|archive-url=https://web.archive.org/web/20080621032722/http://www.sourceboston.com/blog/?p=27

|archive-date=2008-06-21

}}

On May 19, 1998, all seven members of L0pht (Brian Oblivion, Kingpin, Mudge, Space Rogue, Stefan Von Neumann, John Tan, Weld Pond) famously testified{{cite web|url=https://www.youtube.com/watch?v=VVJldn_MmMY|title=Hackers Testifying at the United States Senate, May 19, 1998 (L0pht Heavy Industries)|last=Joe Grand|date=14 March 2011|access-date=24 July 2018|via=YouTube}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/gCnfj0Y4imA Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200520000350/https://www.youtube.com/watch?v=gCnfj0Y4imA&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=gCnfj0Y4imA|title=How a hacker group came to Washington|last=Washington Post|date=2 December 2015|access-date=24 July 2018|via=YouTube}}{{cbignore}}{{cite web|url=https://www.theregister.co.uk/2018/06/18/l0pht_chris_wysopal_interview/|title='90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years|website=theregister.co.uk|access-date=24 July 2018}} before the Congress of the United States that they could shut down the entire Internet in 30 minutes.{{cite web

|url=http://hsgac.senate.gov/051998_summary.htm

|archive-url=https://web.archive.org/web/20110721062507/http://hsgac.senate.gov/051998_summary.htm

|archive-date=2011-07-21

|title=Weak Computer Security in the Government: Is the Public at Risk?

|date=1998-05-19

}} The Washington Post referred to the response as "a tragedy of missed opportunity".{{cite news|url=https://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/|title=A disaster foretold — and ignored|newspaper=Washington Post|date=22 Jun 2015}}

Four members of the original group Space Rogue, Weld Pond, Kingpin and Mudge{{cite news|url=https://www.politico.com/newsletters/morning-cybersecurity/2018/05/22/famed-hacker-collective-reunites-on-hill-today-225706|title=Famed hacker collective reunites on Hill today|date=2018-05-22|author=Tim Starks}} held a briefing entitled "“A Disaster Foretold — And Ignored” Revisiting the First-Ever Congressional Cybersecurity Hearing" hosted by the Congressional Internet Caucus Academy.{{cite web|url=https://www.netcaucus.org/event/a-disaster-foretold-and-ignored-revisiting-the-first-ever-congressional-cybersecurity-hearing/|title=A Disaster Foretold — And Ignored / Revisiting the First-Ever Congressional Cybersecurity Hearing|date=2018-05-24}} The briefing, held on May 22, 2018,{{cite web|url=https://www.eventbrite.com/e/revisiting-the-first-ever-congressional-cybersecurity-hearing-tickets-46110653205|title=Revisiting the First-Ever Congressional Cybersecurity Hearing|website=Eventbrite|access-date=24 July 2018}} was almost exactly 20 years after the original testimony and was streamed live via Facebook.{{cite web|url=https://www.facebook.com/cicac/videos/10155749587996559/|title=Congressional Internet Caucus Academy - Videos|website=Facebook |date=2018-05-22}}{{cite web|url=https://www.youtube.com/channel/UCegLKLUZVc7KwwmbQVB6xxg|title=Congressional Internet Caucus Academy|website=YouTube|access-date=24 July 2018}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/VJEty2LVFUw Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200221213922/https://www.youtube.com/watch?v=VJEty2LVFUw&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=VJEty2LVFUw|title=L0pht Hearing - Joe Grand|last=Congressional Internet Caucus Academy|date=25 May 2018|access-date=24 July 2018|via=YouTube}}{{cbignore}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/8eUgHU47DPM Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200224144036/https://www.youtube.com/watch?v=8eUgHU47DPM&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=8eUgHU47DPM|title=L0pht Hearing - Mudge|last=Congressional Internet Caucus Academy|date=25 May 2018|access-date=24 July 2018|via=YouTube}}{{cbignore}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/JpCB8fFquYY Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200225063732/https://www.youtube.com/watch?v=JpCB8fFquYY&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=JpCB8fFquYY|title=L0pht Hearing - Weld Pond|last=Congressional Internet Caucus Academy|date=25 May 2018|access-date=24 July 2018|via=YouTube}}{{cbignore}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/T8fSK7o8T-c Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200507065826/https://www.youtube.com/watch?v=T8fSK7o8T-c&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=T8fSK7o8T-c|title=L0pht Hearing - Space Rogue|last=Congressional Internet Caucus Academy|date=25 May 2018|access-date=24 July 2018|via=YouTube}}{{cbignore}}Archived at [https://ghostarchive.org/varchive/youtube/20211211/Z4xf8nlizcI Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20200420100118/https://www.youtube.com/watch?v=Z4xf8nlizcI&gl=US&hl=en Wayback Machine]{{cbignore}}: {{cite web|url=https://www.youtube.com/watch?v=Z4xf8nlizcI|title="A DISASTER FORETOLD — AND IGNORED" - Revisiting the 1st Cybersecurity Hearing|last=Congressional Internet Caucus Academy|date=24 May 2018|access-date=24 July 2018|via=YouTube}}{{cbignore}}

At the Defcon 26 hacking conference, held on August 10, 2018 in Las Vegas, seven of the L0pht members sat on a panel entitled "The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)".{{cite web

|url=https://www.defcon.org/html/defcon-26/dc-26-index.html

|title=The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)

|access-date=2018-09-19

|archive-url=https://web.archive.org/web/20180920011434/https://www.defcon.org/html/defcon-26/dc-26-index.html

|archive-date=2018-09-20

|url-status=dead

}}

Among other things the panel encouraged attendees to keep on hacking but stay on the side of the law that kept them out of jail.{{cite news

|url=https://www.esecurityplanet.com/threats/lessons-learned-at-def-con-26.html

|title=Lessons Learned at DEF CON 26

|author=Sean Michael Kerner

|work=eSecurity Planet

|access-date=2018-09-19

|archive-date=2019-02-23

|archive-url=https://web.archive.org/web/20190223225213/https://www.esecurityplanet.com/threats/lessons-learned-at-def-con-26.html

|url-status=dead

}}

The General Counsel of the National Security Agency, Glenn S. Gerstell quoted testimony {{cite web

|url=https://www.nsa.gov/news-features/speeches-testimonies/Article/1675727/keynote-address-by-glenn-s-gerstell-general-counsel-nsa-to-the-american-bar-ass/

|title=Keynote Address by Glenn S. Gerstell, General Counsel NSA to the American Bar Association 28th Annual Review of the Field of National Security Law Conference

|access-date=2018-11-21

|archive-date=2021-03-21

|archive-url=https://web.archive.org/web/20210321052817/https://www.nsa.gov/news-features/speeches-testimonies/Article/1675727/keynote-address-by-glenn-s-gerstell-general-counsel-nsa-to-the-american-bar-ass/

|url-status=dead

}} from the L0pht’s hearing during his keynote to American Bar Association’s 28th Annual Review of the Field of National Security Law Conference on November 1, 2018.{{cite web

|url = https://www.americanbar.org/events-cle/mtg/inperson/338390074/

|title = 28th Annual Review of the Field of National Security Law CLE Conference

|access-date = 2018-11-21

|archive-url = https://web.archive.org/web/20181121184644/https://www.americanbar.org/events-cle/mtg/inperson/338390074/

|archive-date = 2018-11-21

|url-status = dead

}}

As L0pht occupied a physical space, it had real expenses such as electricity, phone, Internet access, and rent. Early in the L0pht's history these costs were evenly divided among L0pht members. In fact, L0pht originally shared a space with a hat-making business run by the spouses of Brian Oblivion and Count Zero, and the rental cost was divided amongst them both. This was soon subsidized by profits made from selling old hardware at the monthly MIT electronic flea market during the summer.{{cite web|url=http://www.l0pht.com/~oblivion/|title=Brian Oblivion on "function and direction of the L0pht" in 1998|access-date=2008-12-12 |archive-url=https://web.archive.org/web/19980205065941/http://www.l0pht.com/~oblivion/ |archive-date=1998-02-05}}

Occasionally, shell accounts were offered for low cost on the L0pht.com server to selected individuals; while these individuals had access to the L0pht.com server they were not members of L0pht. One of the first physical products sold for profit by L0pht was a POCSAG decoder kit, which was sold in both kit and assembled form. Subsequently, the Whacked Mac Archives were transferred to CD-ROM for sale,{{Google books|ciE9AQAAIAAJ|2600 Magazine Vol 13|page=49|keywords=Whacked Mac Archives}} soon followed by CD copies of the Black Crawling System Archives. The command line version of L0phtCrack, the password cracker for Windows NT, was given away free, but the GUI version was sold as a commercial product. This was followed by the creation of the Hacker News Network website to host advertisements. However, even with these sources of income, L0pht barely broke even, and eventually began doing custom security coding for companies like NFR.{{cite web|url=http://www.infosecnews.org/hypermail/9903/1502.html |archive-url=https://web.archive.org/web/20070510014025/http://www.infosecnews.org/hypermail/9903/1502.html |url-status=dead |archive-date=2007-05-10 |title=NFR and L0pht to Deliver Improved IDS |work=InfoSecNews.org }}

{{cite web|url=https://www.thefreelibrary.com/NFR+Intrusion+Detection+Appliance+Version+4.0+Released.-a056284016 |archive-url=https://web.archive.org/web/20190516135529/https://www.thefreelibrary.com/NFR+Intrusion+Detection+Appliance+Version+4.0+Released.-a056284016 |url-status=live |archive-date=2019-05-16 |title=NFR Intrusion Detection Appliance Version 4.0 Released |work=thefreelibrary.com }}

{{cite journal

|url=http://www.csoonline.com/article/221192/LOpht_in_Transition/1

|title=L0pht in Transition

|journal=CSO

|date=2007-04-17

|last=Fitzgerald

|first=Michael

|access-date=2008-06-18

|archive-date=2016-03-05

|archive-url=https://web.archive.org/web/20160305043118/http://www.csoonline.com/article/2121870/network-security/lopht-in-transition.html

|url-status=dead

}}

In January 2009, L0phtCrack was acquired by the original authors Zatko, Wysopal, and Rioux from Symantec. L0phtCrack 6 was released at the SOURCE Boston Conference on March 11, 2009. L0phtCrack 6 contains support for 64-bit Windows platforms as well as upgraded rainbow tables support. On April 21, 2020 Terahash {{cite web|url=https://www.terahash.com/news/terahash-acquires-l0phtcrack.htm |archive-url=https://web.archive.org/web/20200421191549/https://terahash.com/news/terahash-acquires-l0phtcrack.htm |archive-date=2020-04-21 |title=Terahash Acquires L0phtCrack }} announced it had acquired L0phtCrack, details of the sale were not released. As of July 1, 2021, the L0phtCrack software is no longer owned by Terahash,{{cite web |url=https://l0phtcrack.gitlab.io/ |archive-url=https://web.archive.org/web/20220404073702/https://l0phtcrack.gitlab.io/ |archive-date=2022-04-04 |title=Changes for L0phtCrack |access-date=2022-04-29 |url-status=live }} LLC. It has been repossessed by the previous owners, formerly known as L0pht Holdings, LLC for Terahash defaulting on the installment sale loan. L0phtCrack has now been released as open source. Space Rogue had also published a book on February 24, 2023.

L0pht membership varied but included at various times:{{cite web|url=http://l0pht.com/members.html|title=L0pht Heavy Industries Home Page|access-date=2017-03-20}}

• Brian Oblivion (Brian Hassick){{cite news|url=https://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/|title=These hackers warned the Internet would become a security disaster. Nobody listened. - The Washington Post|newspaper=The Washington Post |access-date=2023-08-17}}
• Count Zero (John Lester){{cite web|url=https://duo.com/decipher/an-oral-history-of-the-l0pht|title=We Got to Be Cool About This: An Oral History of the L0pht, Part 1 - Decipher|date=6 March 2018 |access-date=2023-08-17}}
• Dildog (Christien Rioux)
• Kingpin (Joe Grand)
• Silicosis (Paul Nash){{cite news |last=Timberg |first=Craig |date=27 Jun 2015 |title=In 1998, these hackers said the Internet would become a security disaster. Nobody listened |url=http://www.dailyherald.com/article/20150627/business/150629234/ |work=The Daily Herald |location=USA |access-date=7 Dec 2017}}
• {{Anchor|Cris Thomas}}Space Rogue (Cris Thomas){{cite web|url=http://www.tenable.com/press-releases/space-rogue-from-l0pht-and-hacker-news-network-joins-tenable-network-security|title=Space Rogue from L0pht and Hacker News Network Joins Tenable Network Security|date=7 January 2014 |access-date=2014-01-07}}
• Stefan (Stefan Wuensch){{cite web|url=http://l0pht.com/~stefan/ |title=Stefan von Neumann|access-date=2008-12-12 |archive-url = https://web.archive.org/web/19990220064129/http://l0pht.com/~stefan/ |archive-date = 1999-02-20}}
• Weld Pond (Chris Wysopal)
• Mudge (Peiter Zatko) - later became a program manager at DARPA and worked for Google{{cite web|url=https://threatpost.com/cyber-ul-could-become-reality-under-leadership-of-hacker-mudge/113538/ |title=Cyber UL Could Become Reality Under Leadership of Hacker Mudge|date=30 June 2015 |access-date=2015-11-20}}
• tan (John Tan)

{{Reflist | refs =

}}

• [https://web.archive.org/web/20160203182502/http://l0pht.com/ Current L0pht homepage]
• [http://www.hackernews.com/ The Hacker News Network] {{Webarchive|url=https://web.archive.org/web/20000817062523/http://www.hackernews.com/ |date=2000-08-17 }}
• [http://www.l0phtcrack.com/ L0phtCrack homepage] {{Webarchive|url=https://web.archive.org/web/20120304124849/http://www.l0phtcrack.com/ |date=2012-03-04 }}
• [https://archive.org/details/cdrom-black-crawling-systems-archive Black Crawling Systems Archive CD]
• [http://www.spacerogue.net/ Space Rogue's Blog]
• [http://www.kingpinempire.com/ Kingpin Empire]
• [http://www.itsecurityguru.org/gurus/legacy-l0pht/ Legacy of the L0pht]{{dead link|date=January 2025|bot=medic}}{{cbignore|bot=medic}} April 9, 2014
• {{cite web |url=https://www.pbs.org/newshour/bb/cyberspace/jan-june98/hackers_5-8.html |title=Hacking Around |work=PBS NewsHour |date=1998-05-08 |archive-url=https://web.archive.org/web/19991012201545/http://www.pbs.org/newshour/bb/cyberspace/jan-june98/hackers_5-8.html |archive-date=1999-10-12|access-date=2015-04-01}}
• {{cite web |url=http://hsgac.senate.gov/l0pht.htm |title=U.S. Senate Press Release: Hearings Announced on Computer Security Failures in Government |work=US Senate |archive-url=https://web.archive.org/web/20110927215809/http://hsgac.senate.gov/l0pht.htm |archive-date=2011-09-27 |access-date=2015-04-01}}
• [https://securityboulevard.com/2018/06/the-l0pht-legacy/ "The L0pht Legacy" - Security Boulevard]
• [https://www.theregister.co.uk/2018/06/18/l0pht_chris_wysopal_interview/ '90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years - The Register]

{{L0pht Footer}}

{{Hackerspace}}

{{Hacking in the 1990s}}

Category:Hacker groups

Category:Organizations based in Boston

Category:Computer security organizations

Category:Hackerspaces

Category:Organizations established in 1992

Category:1992 establishments in Massachusetts

Category:Organizations disestablished in 2000

Category:2000 disestablishments in Massachusetts

Category:2000 mergers and acquisitions