The Internet itself, he added, could be taken down "by any of the seven individuals seated before you" with 30 minutes of well-choreographed keystrokes.
If this wasn't exaggeration, we should study the fortunate circumstances by which this calamity has been avoided for 17 years.
Peiter was talking about BGP. In 1998, you had to be somewhat diligent to get to a vantage point from which you could inject bogus BGP, and the Venn diagram between those people and "nihilistic assholes" is not that scary. In 2015, you can still technically fuck up BGP, but probably not for very long, and not without burning a lot of assets. Why would anyone bother?
The hunting and taxidermy of corrupted BGP advertisements is basically what got the NANOG crowd out of bed every morning; it's a pretty big chunk of the job. I always felt like the alarmism over BGP was a bit tone-deaf. Certainly, nothing Peiter said came as any surprise to anyone who'd ever managed default-free peering.
Further, I recall several of the L0pht members were heavily interested in TEMPEST and van Eck phreaking at the time. Really played it up in an ominous tone.
Well, that sort of scaremongering was part of the PR aspect of the whole thing. Back then (I've been out of the scene for a decade and a half now, I don't know if it's still as bad) the amount of money you could sell your 'company' (read: two guys in a basement) for, was directly correlated to the scariness of the stories you could get into the press.
That's a reasonable way to look at it, I think. Except imagine an ARP where there were thousands of very highly paid network engineers constantly monitoring the tables.
Well, it's somewhat exaggerated. But a bit of BGP hacking can take large areas offline for hours. Why not done more often? No lulz or money in it. Hackers want the net as a whole to stay up for the same reason as everyone else. It's specific sites that are targets for humiliation or extortion.
It wasn't an exaggeration. Remember this was 17 years ago, we've gotten way better at firming up stuff everywhere, even if it's not perfect.
Imagine someone using all of the advanced techniques from today (DNS cache poisoning, DNS/NTP amplification attacks, BGP hacking, SQL injection, and so on and so on) and taking them back to 17 years ago when the world was naive and unsecure.
Also, we've had calamities, we just got over them. Code Red and then NIMDA caused huge disruptions, so did sasser and SQL Slammer. And we've gotten used to a world where people will use DDoS to try to take down sites or services for a variety of reasons ranging from profit to spite to boredom.
No, the internet never completely fell over and was unusable for days or weeks at a time, but a lot of people have been affected and it's just sort of become background noise in our lives the way tuberculosis and smallpox used to be.
Maybe something about possible outcomes? If you're a bad guy with a super exploit, you could bring down the internet. You'll get a laugh for a few hours, but then the world will respond with enormous resources to find you and bring you to justice.
Or, alternatively, you could go after some smaller internet companies, demand extortion money, buy a nice car and treat your friends to drinks.
> If this wasn't exaggeration, we should study the fortunate circumstances by which this calamity has been avoided for 17 years.
Leaving aside the truth of their claims at the time–because it's irrelevant–your comment makes the fatal error of assuming conditions haven't changed at all in 17 years.
Assuming I'm not dead, ISTM "changed conditions" would be such a fortunate circumstance, although perhaps somewhat unspecific. How have conditions changed? Have all the hackers been eliminated? Do hackers have no interest in taking down the internet? Have previously vulnerable processes been made more secure? Have previously trusted parties been removed from positions of trust? Can you fill in the blanks for us?
If this wasn't exaggeration, we should study the fortunate circumstances by which this calamity has been avoided for 17 years.