L0pht Heavy Industries (pronounced "loft") was a

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

collective A collective is a group of entities that share or are motivated by at least one common issue or interest, or work together to achieve a common objective. Collectives can differ from cooperatives in that they are not necessarily focused upon an ...

active between 1992 and 2000 and located in the

Boston Boston (), officially the City of Boston, is the state capital and most populous city of the Commonwealth of Massachusetts, as well as the cultural and financial center of the New England region of the United States. It is the 24th- mo ...

Massachusetts Massachusetts (Massachusett language, Massachusett: ''Muhsachuweesut assachusett writing systems, məhswatʃəwiːsət'' English: , ), officially the Commonwealth of Massachusetts, is the most populous U.S. state, state in the New England ...

area. The L0pht was one of the first viable

hackerspace A hackerspace (also referred to as a hacklab, hackspace, or makerspace) is a community-operated, often "not for profit" (501(c)(3) in the United States), workspace where people with common interests, such as computers, machining, technology, sc ...

s in the US, and a pioneer of

responsible disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible partie ...

. The group famously testified in front of Congress in 1998 on the topic of ‘Weak Computer Security in Government’.

Name

The second character in its name was originally a

slashed zero The slashed zero is a representation of the Arabic digit " 0" (zero) with a slash through it. The slashed zero glyph is often used to distinguish the digit "zero" ("0") from the Latin script letter " O" anywhere that the distinction needs emphas ...

, a symbol used by old

teletypewriter A teleprinter (teletypewriter, teletype or TTY) is an electromechanical device that can be used to send and receive typed messages through various communications channels, in both point-to-point (telecommunications), point-to-point and point- ...

s and some character mode operating systems to mean zero. Its modern online name, including its

domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...

, is therefore "l0pht" (with a zero, not a letter O or Ø).

History

The origin of the L0pht can be traced to Brian Oblivion and Count Zero, two of the founding members, sharing a common

loft A loft is a building's upper storey or elevated area in a room directly under the roof (American usage), or just an attic: a storage space under the roof usually accessed by a ladder (primarily British usage). A loft apartment refers to large ...

space in South Boston with their wives (Mary and Alicia) who ran a hat business in one half of the space and helped to establish an IRL communal work space. There they experimented with their own personal computers, equipment purchased from the Flea at

MIT The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the mo ...

, and items obtained from

dumpster diving Dumpster diving (also totting, skipping, skip diving or skip salvage) is salvaging from large commercial, residential, industrial and construction containers for unused items discarded by their owners but deemed useful to the picker. It is n ...

local places of interest. Founded in 1992 the L0pht quickly became a location for its members to store their computer hardware and work on various projects. In time, the members of L0pht quit their day jobs to start a business venture named L0pht Heavy Industries, a hacker

think tank A think tank, or policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governmenta ...

. The business released numerous security advisories. They also produced widely used software tools such as

L0phtCrack L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-forc ...

, a password cracker for

Windows NT Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems sc ...

, a

POCSAG Radio-paging code No. 1 (usually and hereafter called POCSAG) is an asynchronous protocol used to transmit data to pagers. Its usual designation is an acronym of the Post Office Code Standardisation Advisory Group, the name of the group that deve ...

decoder, and CD software collections. In 1997, on August 8–10,

Mudge Mudge is a surname. Notable people with the surname include: Politics * Dirk Mudge (1928–2020), Namibian politician * Geoffrey Mudge, English politician Religion * Enoch Mudge (1776–1850), first Methodist minister reared in New England * ...

, Brian Oblivion, Kingpin, Space Rogue, Stefan, Weld Pond, and John Tan of L0pht discussed recent projects and accomplishments, Windows NT, new projects, emerging trends and shortcomings in technologies, with Q&A session at Beyond HOPE at the Puck Building in New York City. In October 1999 L0pht was featured in a lengthy article in the ''

New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid d ...

'' ''Sunday Magazine''. In the article

Jeffrey Hunker Jeffrey Hunker (January 20, 1957 – May 31, 2013) was an American cyber security consultant and writer. Biography Hunker received his bachelor's degree from Harvard College and Ph.D. from Harvard Business School. He joined the Boston Consulting ...

, NSC's then Director of Information Protection, said about L0pht, "Their objective is basically to help improve the state of the art in security and to be a gadfly, so to speak." In January 2000, L0pht Heavy Industries merged with the startup

@stake ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initial core team of techno ...

, completing the L0pht's slow transition from an underground organization into a "

whitehat A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabili ...

" computer security company. Symantec announced its acquisition of @stake on September 16, 2004, and completed the transaction on October 8 of that year. In March 2006, Weld Pond and Dildog founded application security company

Veracode Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines. The company provides multiple security analy ...

as a spin out from Symantec. The Veracode static binary analysis technology was built at @stake, based on prototypes and ideas incubated at the L0pht. On March 14, 2008, several members of L0pht sat at a panel at a standing-room-only group of infosec professionals at SOURCE:Boston. Present were Weld Pond, John Tan, Mudge, Space Rogue, Silicosis and Dildog.

Senate testimony

On May 19, 1998, all seven members of L0pht (Brian Oblivion, Kingpin,

, Space Rogue, Stefan Von Neumann, John Tan,

Weld Pond Chris Wysopal (also known as Weld Pond) is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher. Chris Wysopal was ...

) famously testified before the

Congress of the United States The United States Congress is the legislature of the federal government of the United States. It is Bicameralism, bicameral, composed of a lower body, the United States House of Representatives, House of Representatives, and an upper body, ...

that they could shut down the entire Internet in 30 minutes. The Washington Post referred to the response as "a tragedy of missed opportunity". Four members of the original group Space Rogue, Weld Pond, Kingpin and Mudge held a briefing entitled "“A Disaster Foretold — And Ignored” Revisiting the First-Ever Congressional Cybersecurity Hearing" hosted by the Congressional Internet Caucus Academy. The briefing, held on May 22, 2018, was almost exactly 20 years after the original testimony and was streamed live via Facebook. At the

Defcon The defense readiness condition (DEFCON) is an alert state used by the United States Armed Forces. (DEFCON is not mentioned in the 2010 and newer document) The DEFCON system was developed by the Joint Chiefs of Staff (JCS) and unified and spe ...

26 hacking conference, held on August 10, 2018 in Las Vegas, seven of the L0pht members sat on a panel entitled "The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)". Among other things the panel encouraged attendees to keep on hacking but stay on the side of the law that kept them out of jail. The General Counsel of the National Security Agency, Glenn S. Gerstell quoted testimony from the L0pht’s hearing during his keynote to

American Bar Association The American Bar Association (ABA) is a voluntary bar association of lawyers and law students, which is not specific to any jurisdiction in the United States. Founded in 1878, the ABA's most important stated activities are the setting of acad ...

’s 28th Annual Review of the Field of National Security Law Conference on November 1, 2018.

Products

As L0pht occupied a physical space, it had real expenses such as electricity, phone, Internet access, and rent. Early in the L0pht's history these costs were evenly divided among L0pht members. In fact, L0pht originally shared a space with a hat-making business run by the spouses of Brian Oblivion and Count Zero, and the rental cost was divided amongst them both. This was soon subsidized by profits made from selling old hardware at the monthly MIT electronic flea market during the summer. Occasionally, shell accounts were offered for low cost on the L0pht.com server to selected individuals; while these individuals had access to the L0pht.com server they were not members of L0pht. One of the first physical products sold for profit by L0pht was a

decoder kit, which was sold in both kit and assembled form. Subsequently, the Whacked Mac Archives were transferred to CD-ROM for sale, soon followed by CD copies of the Black Crawling System Archives. The command line version of

, the password cracker for

, was given away free, but the

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

version was sold as a commercial product. This was followed by the creation of the Hacker News Network website to host advertisements. However, even with these sources of income, L0pht barely broke even, and eventually began doing custom security coding for companies like NFR. In January 2009,

was acquired by the original authors Zatko, Wysopal, and Rioux from Symantec. L0phtCrack 6 was released at the SOURCE Boston Conference on March 11, 2009. L0phtCrack 6 contains support for 64-bit Windows platforms as well as upgraded

rainbow tables A rainbow table is an efficient way to store data that has been computed in advance to facilitate cracking passwords. To protect stored passwords from compromise in case of a data breach, organizations avoid storing them directly, instead transfo ...

support. On April 21, 2020 Terahash announced it had acquired

, details of the sale were not released. As of July 1, 2021, the L0phtCrack software is no longer owned by Terahash, LLC. It has been repossessed by the previous owners, formerly known as L0pht Holdings, LLC for Terahash defaulting on the installment sale loan. L0phtCrack has now been released as open source.

Members

L0pht membership varied but included at various times: * Brian Oblivion * Count Zero *

Dildog Christien Rioux, also known by his handle DilDog, is the co-founder and chief scientist for the Burlington, Massachusetts based company Veracode, for which he is the main patent holder. Educated at MIT, Rioux was a computer security researcher a ...

* Kingpin * Silicosis (Paul Nash) * Space Rogue (Cris Thomas) * Stefan (Stefan Wuensch) *

- later became a program manager at

DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Adv ...

and worked for Google * tan (John Tan)

Name

History

Senate testimony

Products

Members

References

External links