LOpht’s warnings about the Internet drew notice but little action – Washington Post

But as @Stake struggled, Zatko developed severe anxiety, made worse by a bad reaction to medicine that was supposed to ease his symptoms, he said. Zatko ended up in a psychiatric ward for several days. None of the members of L0pht came to visit, a source of enduring frustration to him. (They say they didn’t know what was happening, only that he was missing from work.)

“The L0pht was my only family,” Zatko recalled. “It killed me. . . . It was absolutely atrocious.”

Though Zatko gradually recovered, the decline of @Stake continued. Space Rogue threatened a lawsuit to reclaim lost wages and his remaining share of the initial venture-capital funding. (He eventually settled with enough to buy a car, cover his lawyer’s fees and put a down payment on a condominium, he says.)

Perhaps an even lower point for @Stake came in September 2003, when the company fired its chief technology officer, the respected security guru Dan Geer, after he co-authored a study on how Microsoft’s dominance of the software industry undermined security. Geer learned of his dismissal through a news release issued by @Stake, according to news reports at the time.

When Symantec, a larger security firm, bought the remains of @Stake in 2004, it was a mercy killing.

“Everything we stood for had been nibbled away little by little by little until we were left with nothing,” Grand said. “We needed to be able to speak the truth about everybody. That didn’t last very long. . . . Eventually we just got on our knees for everybody.”

As L0pht was collapsing, security on the Internet took a turn for the worse. The waning days of the 20th century featured huge investments toward fixing the Y2K bug — based on the alarming possibility that programs designed to recognize years by only two digits, such as “99,” would suddenly crash when they saw “00.”

But the problems that would soon bedevil computing were not accidental, like the Y2K bug. The black hats were on the rise.

Among the first security disasters of the next decade, the ILOVEYOU worm, arrived in May 2000 and apparently was the work of a pair of computer programmers from the Philippines.

The virus exploited a feature in Microsoft Outlook to send malicious code to each new victim’s contact lists.

Soon, an estimated 10 percent of the world’s computers were infected, snarling networks for the Pentagon, the British Parliament and many private companies. Estimates of damage and cleanup costs topped $20 billion. Many other worms — with names such as Pikachu, Anna Kournikova and Nimda — also exploited flaws in Microsoft products.

On Dec. 8, 2000, one day after the anniversary of the surprise Japanese attack on U.S. Navy forces in 1941, Clarke — the National Security Council official who had once given L0pht a tour of the White House — appeared at a conference organized by Microsoft. He warned that if the government didn’t improve computer security, the nation might suffer a “digital Pearl Harbor.”


Write a Reply or Comment:

Your email address will not be published.*