WE'RE IN!

Space Rogue on L0pht Heavy Industries, 90s Infosec Lessons and “Gray Hat” Hacking

Episode Summary

Hacker Cris Thomas – better known by his old bulletin board system handle Space Rogue – has witnessed the infosec community grow from a hodgepodge network of hacking collectives to a multibillion dollar industry. Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World. In the latest episode of WE’RE IN!, Space Rogue shares his side of the story from L0pht’s influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day.

Episode Notes

Hacker Cris Thomas – better known by his old bulletin board system handle Space Rogue – has witnessed the infosec community grow from a hodgepodge network of hacking collectives to a multibillion dollar industry. 

Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World

In the latest episode of WE’RE IN!, Space Rogue shares his side of the story from L0pht’s influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day. 

--------

Tune in to hear more from Space Rogue on: 

* Tales from early meetings of the famous hacker quarterly 2600 

* The value of college versus certifications for anyone seeking to launch an infosec career

* The fragility of the modern internet

Episode Transcription

 

Blake: [00:00:00] Thank you so much for joining us on the program Space Road. Really appreciate having you here, and I wanted to jump right into it. First question I'm sure is top of mind for many of our listeners, what's in a name? Where does the name Space Road come from?

Space Rogue: Uh, if I had known I would be using Space Rogue for 30 plus years, uh, I probably would have chosen something a little different. it has some interesting parts to it. Um, I was just looking for a new name, a new handle to log into a bulletin board system, a dial up system.

Uh, and on this particular system, it, it requested that you use a handle that you have not used before. Uh, the idea being that nobody would bring the luggage or the baggage that they carry with their old handles to this new. Bulletin board and nobody would know who anybody else was. Uh, a good idea in theory, uh, doesn't work out that well in practice because once you read people's typing, you tend to figure out who's who pretty quickly.

But anyway, I needed a new handle and so I was like trying to figure something out and, uh, free associating with, with names and stuff that [00:01:00] were in my room or general vicinity at the time. And one of the books that I was reading, um, was, uh, Katie Hafner's, uh, cyber. Not a book I recommend, but, uh, I was like, Ooh, cyber, maybe that's a good name.

I was like, oh wait, cyber's a bad word. Uh, unlike today where everything is cyber, back then cyber was a very bad word. Uh, but I started free associating with that and I hit on cyberspace and I was like, oh, space. Yeah. Ooh, space rogue. Um, and so I, I kind of s picked that and went with it. Uh, and it wasn't until years later when I'm at the local corner or computer store digging through the discount software bin, uh, when I find the.

Space Rogue, uh, and I'm like, uh, this is not good. Uh, but even by that point, I had already developed a persona around that handle, and it wasn't really, uh, conducive to changing. Uh, so I stuck with it and kept it, and it was fine because nobody remembered the game. It was totally irrelevant. Nobody played it.

It was a one hit wonder, so to speak. And until [00:02:00] Steam comes along, uh, and puts it on steam and then everybody's playing it, everybody's, now everybody asks me if the name comes from the game. And I'm like, no, it's the other way around.

Blake: Did you, did you add that game to your STEAM account? Are you a bonafide expert now because of the name, or did you get, get a chance to play it a little bit?

Space Rogue: I did, I did buy the version that I found at the, uh, computer store on the corner, but I did, I don't, I don't do steam, so I don't have the version on Steam. Uh, and I think the version I bought, uh, was for Apple two, and I didn't even, I still, I didn't even own an Apple two at the time, so I don't think I've ever actually played the game.

So, but I have it somewhere on my shelf somewhere here.

Blake: Well, you, you mentioned actually in, in recounting that story, this, uh, this notion of, of, uh, uh, a Bs and in the, in your book, uh, space Rogue, how the hackers known as Loft changed the world. You, you talk a lot about some of the, uh, early BBBS files and having this sort of aura or mystique of forbidden knowledge.

And I guess for those of us who had to Google what, what PBS was, uh, what can you share about Hacking's early days and, [00:03:00] and uh, and what that is.

Space Rogue: Uh, yeah, I mean, everything was, was bulletin board systems, right? You, you would, you would use your phone, uh, and a modem and a, and a personal computer, and you and the computer would, uh, connect to the modem and connect that on the phone lines, and you'd dial a number and it would connect to another modem, which would connect to another computer on the other end.

And it was one computer to one computer. And so you would interact with that software on the other computer and you would read messages left by other people and you would post your own messages, uh, and people would write files or text files or t files, uh, and try to share knowledge that way through these files.

Of course, the source was always questionable. You didn't know where it came from or who wrote it, and it was on various different topics, whatever anybody, uh, thought felt like writing about that day. And so, uh, and, and yeah, it was forbid knowledge because a lot of. The bulletin boards would have, uh, secret sections or hidden areas that only certain people were allowed into.

And you're like, Ooh, I wonder if this board has one of those. I wonder if I'm cool [00:04:00] enough to get into that area. Uh, you know, and, and or a lead enough as the, as the term we used. Uh, and so, and now when you've found some of this information, Especially technical information. For me, it wasn't like you could go to the library and look this up because it, it, the libraries didn't have this stuff.

Uh, and so this was really the only source of that information. So for me it was readily kind of forbidden knowledge, you know, uh, very special wizard type stuff that you would find. And like, you can only find it on, on bulletin board systems.

Blake: How did it feel kind of digging through that? Was it like you get the dopamine hit? Was it like a treasure hunt kind of situation or what, what, what were those early days like?

Space Rogue: Uh, yeah, I mean, I would just like, uh, download tons of stuff on, on. I still have some of those files, uh, on my hard drive, uh, information on all kinds of different things and some, a lot of times the stuff was boring, uninteresting. Totally written by Crackpots you who had no knowledge of what they were really writing about or poorly written to the point where it was unreadable.

Uh, but every now and then you would [00:05:00] find, uh, a nugget, right? Uh, at, at one. Piece that you could really sink your teeth into is like, oh my goodness, this is really, really interesting. Wow. Uh, and it would be, uh, eye-opening and, and mind blowing. And, and, and you would try to dig deeper. Um, and like, like you mentioned, there was no Google, uh, there was no Alta Vista.

I, I mean, uh, There was no internet really that was a accessible to regular people. Um, at that point, the internet did exist, but it was mostly, uh, academics and defense contractors. Uh, and it wasn't even until a few years later that commercial entities started to get, uh, access to the internet.

Blake: That's really interesting. And I know those, there were some early meetings hosted, I guess by the Hacker Magazine, 2,600, uh, named after the long-distance telephone signaling frequency of 2,600 Hertz. And, you know, the, the Bs that whole system reminds me of the early connection between your phone line and your access to this wider knowledge base.

I, I guess, what were those meetings like with the, with the early 2,600 crew?

Space Rogue: Well in Boston, uh, [00:06:00] physical meetings really started with a board called the Works, uh, ran run by Jason Scott, who now works for the internet archive. Um, and he wasn't the first cis up of the works, it's just he was there when I was there. So I associate one with Hi him, you know him with that. Uh, and so the works had these things called gatherings, uh, on a.

Ad hoc, semi-regular basis, uh, and works gatherings eventually morphed into 2,600 meetings. Uh, and 2,600 as you mentioned, is the 2,600 magazine. Uh, and their name is pulled from that frequency, uh, they used in the telephone switching system. Uh, and so 2,600 meetings were a chance to actually meet the people that you were interacting with on bulletin board systems and you would, uh, meet with them in person and it was all kind of, Surreal.

Like you've read everything this person's written, and you sort of think you know them, but you've never really met them. Uh, nowadays we take this sort of thing for granted because th this is a lot of interaction where we have people online with Facebook and Twitter, uh, Instagram, other [00:07:00] social media, uh, where we sort of interact with people who we've never met and we feel like we know them.

But in, you know, the mid nineties, early nineties, this was a, a new, a new thing and everybody was. Sorta, uh, a little hesitant to sorta release or, or reveal a lot of personal information about each other. And so we'd often still use the handles even when we're talking to each other in face-to-face, uh, and in person.

And in Boston, we would meet in Harvard Square, uh, and then eventually it moved to the Prudential Center. Uh, after they opened the new Prudential Center in Boston, and, uh, they had a big food court there. Uh, and so in the summertime we'd be out on the patio, uh, and then in the wintertime we'd go inside where it was warm, uh, and uh, sort of huddle in one corner of this big, huge monsters food court.

Blake: So tell me a little bit more about the development of Loft. It was, it was really fascinating to read about how it developed around that physical space. You mentioned these meetups and how hardware hacking was such an important component of the group's growth. And I, I, I'm wondering, you know, how, how would you describe that dynamism and [00:08:00] the early development of this, of this Now, legendary, of course.

Uh, hacking collective.

Space Rogue: Well, I think it was, uh, it was really, I think, um, Brian Oblivion who sort of grabbed everybody together. Uh, Brian and Count Zero, uh, were living in South Boston and they had, their apartments were full of computers. Uh, and there was a w old warehouse building right around the corner, uh, and. It was easy to sort of rent the space in this warehouse building that was, had been turned into loft, uh, sort of artist lofts, right?

Uh, and so there's other people painting and, and, uh, sculptors and woodworkers and whatnot in the building. And so this space came available and they're like, you know what? We'll rent this space. We'll just put all our computer stuff in there. And, uh, so Brian sort of grabs everybody, uh, else to sort of join them myself.

Well, pond kingpin. and he only, uh, Brian pretty much only picked people who he, uh, had called on to his bbs and that he had met in person. Uh, so it was rather [00:09:00] specific, uh, criteria to sort of get invited, if you will. Um, granted you also had to be able to afford your part of the rent. Um, uh, cuz we split everything, uh, to pay the rent and the electric and the phone.

at the beginning it was really just a storage space, right? We wanted a place to put all this stuff, all these computers that we've collected over the years. Uh, and then once we had all this stuff in the physical space, we started plugging it in and networking it we're like, you know, maybe we should play some doom or something.

And so we played games. and eventually the internet was starting to grow at the same time. We're like, well, we, we want a network connection. We need a network connection. Let's get a dial up modem and we'll, we'll, uh, make a connection. Uh, and we're like, well, now we have an internet connection. Let's put up a website.

And so loft.com became one of like the first 10,000 websites on the internet,and it was different from almost every other website out there because every other website was a university or a research center or a government contractor. Um, there weren't a lot of, uh, other entities that weren't [00:10:00] those on the internet, and so we started to attract a, a following early on.

Blake: In my mind's eye, I'm sort of picturing this like artist collective and soho gathering together, making art, making music, uh, , I guess what was the equivalent?

Space Rogue: we were doing technology

Blake: Right? Right. And I'm like, what was the similar output? Right? Like, are you just, are you just, you know, , what, what is, what does hacking mean in those days?

Space Rogue: Well, I think in the, in the early days we were all just kind of doing our own thing, right? Um, I started, uh, put together something called the Whack Mac Archives, which had a collection of Mac hacking software. Uh, I think, um, uh, Brian was. Working on porting his bulletin board, his t files, his text files from his old bulletin board system onto the loft.com website.

Uh, kingpin was busy tinkering with different hardware pieces. Um, you know, count Zero is doing his thing. Uh, white Knight and Gogo 13 we're doing their things. Um, you know, wild Kim's in and he's messing around. Everybody's doing their own thing. Uh, [00:11:00] and it wasn't until, you know, probably a year or two after we're sort of there and we're already getting media attention.

when we realized, uh, or I wouldn't say we realized it wasn't like a conscious decision. We started posting things to our website, security vulnerabilities, things that we had found at our job, uh, that we were trying to get fixed. And for whatever reason, the companies we were dealing with wouldn't fix them.

And so we're like, all right, well, we have a moral obligation now to tell other people about these problems because other people are running the same software. It has the same vulnerabilities for them. Uh, they need to be aware so that they can protect themselves. Uh, and so we would publish these vulnerabilities on our website and that's sort of when, uh, the whole security thing sort of starts taking off for us.

Uh, and people start getting more and more attention, uh, through publishing of these vulnerabilities. And then it sort of snowballs from there.

Blake: Right, and I know, I mean, it's still controversial, right? I mean, in those days it was just starting out of publishing vulnerabilities, how to navigate this notion of radical transparency, of trying to get things fixed. You know, you might [00:12:00] come at it from a, from a well-meaning perspective, but then turn around and get hit by threats or lawsuits or whatnot.

Now, I noticed that renowned cyber anthropologist, Bela Coleman, actually helped with some aspects of this book and reviewing it, it sounds like. . You know, one thing that I found really interesting about some of her analyses of how cybersecurity shifted from this sort of underground, again, radical transparency, this sharing this information, I'll call it gray hat.

I know people call it different things model into the, you know, this hugely profitable industry that's still booming to this day, and you were really on the front lines of that transition. So I, I guess what was it, what was it like that shift? Is there a moment that sticks out where it was like, We're onto something really big here that's more than even just our bulletin board systems.

Space Rogue: Yeah, so first a comment. I mean, B Coleman did some excellent research, uh, in that area and I, I think I was one of her many, many sources there. Uh, and she helped proofread the book and added some, some insight to, to, to the book as well. So that was, Very much [00:13:00] thanks to Biella for, for assisting there. Um, as, as, and as you mentioned, like we were on the forefront of this whole disclosure debate, right?

Um, we weren't really sure. We didn't, there was no responsible disclosure. Um, there was no full disclosure. There was no, there was just, You do what you do. We didn't have a name. Uh, and shortly after we started releasing things and that debate started to, uh, come about, uh, a person named Rainforest Puppy released the first vulnerability disclosure policy, uh, that, uh, the industry sort of started to notice. then responsible disclosure came about and uh, we realized, well, if there's responsible disclosure, is there also is everything else irresponsible? And we didn't like that. So, uh, and I say we in a very large

Blake: Reckless disclosure,

Space Rogue: Yeah. Reckless disclosure. So, uh, people came up with coordinated disclosure, uh, which was a little bit better term.

Kind of meant the same thing. Uh, and you mentioned the term gray hat, um, [00:14:00] which is a term that is sometimes attributed to the loft, to coining, but it was, we didn't coin it. We did use it a lot. Uh, we definitely found ourselves in that sort of middle area. Uh, but it was, it is not a term that was attributed directly to us.

Someone else actually created the term. Um, and now I'm rambling and I forgot the original question.

Blake: No, I, I think, I think you, I think you answered it well in the sense that this is really about, Uh, creating something out of nothing when it comes to vulnerability disclosure. Right. And it sounds like the way you were doing it was just to do it and just here they are, and then figure out what happens next, which is, hey, that's one way to, one way to handle it.

Space Rogue: Yeah. You mentioned, I, I think I remember now you mentioned the transition from sort of hacking to business. and, uh, when we, later on, many, many years later, when we got finally, uh, get to venture capital from at stake, uh, we were very concerned that we would get labeled as like sellouts or something. And we did, we had a lot of a large voices, uh, in the community kind of saying, oh, loft sold out.

They took the money and, and, and this [00:15:00] is the end of that. Which, well, it was the end of that. Uh, but that wasn't really the case. And, but it was interesting to see that dichotomy happen where there were a lot of security people in the industry trying to get a piece of that venture capital pie at, in the late two, early two thousands, late 90 nines.

Um, and, uh, some people who resisted and other people who welcomed that. So, uh, definitely an interesting period in.

Blake: Do you see any parallels between the.com era and today?

Space Rogue: Uh, there's still, yeah, there are parallels. Uh, there's a lot of companies, um, I mean, I, I, I actually give a talk sometimes to, to some of the interns at IBM in our inforce, uh, about the history of the information security industry. And I have a slide in that talk that that's a, basically a NASCAR shot is what, you know, if you.

Ever built slide decks. You're familiar with the NASCAR slide with logos all over it. Uh, and it's basically every, every security company I could find, uh, was founded in 1999 or early 2000. It was like 18 companies, right? Uh, all within that one year period. [00:16:00] Uh, almost none of which anybody remembers today.

Um, And it, it's similar today, like there's a ton of startups out there do pitching security products or, or services or, or new ways of doing things. And a lot of them you're never gonna hear about again. And a lot of them will get bought, uh, and a lot of them will flame out and crash and burn. Uh, and that's, I think just the nature of the startup, uh, economy, the startup ecosystem.

Uh, and so in that case, in that, you know, that looking at it that way, there's definitely a lot of, uh, similar.

Blake: Well, you mentioned briefing some, uh, I B M interns. You know, you've worked at various companies, tenable Trustwave. What would your career tips be for, you know, any of our listeners who may be trying to break into this industry?

Space Rogue: Uh, that's interesting because the interesting when I started the industry when I started is completely different than it is today, right? So today you can go to a, a, a, a very reputable, well known school and get a degree in cyber. Um, you could barely get a computer degree, uh, in the [00:17:00] mid nineties. Uh, that security degrees definitely did not exist at all, let alone a cyber degree.

Uh, I mean, they used to be called information InfoSec degrees and now they're cyber. Everybody wants a cyber degree. Um, but tips and trips for somebody to, that's coming up and, and trying to, to break into the industry. Uh, I know there's a still a big argument against, uh, or for and against college versus certifications.

Um, I, I try to recommend both. If you can go to college, go to. Why? Because it's gonna make your life a lot easier. Uh, there are ways to do it cheaply and inexpensively if you can't afford a high level school, but try to get a degree. If you can't, then yeah, go get the certs. Um, but even if you, regardless of which avenue you, you pick, the big key thing is trying to get a large number of things to put on the resume.

Don't just go get a degree and think, oh, I'm gonna get a job. Be and, and listen to all the hype about the shortage of workers. that only applies that shortage of workers really only applies [00:18:00] to mid-level and senior people. There are a ton of entry level people. For example, we have 10 slots and um, for our, uh, IBM X-Force red intern slip every year, it varies one or two either way, depending on budget, whatnot.

But we have roughly about 10. We get well over a thousand resumes for those 10 slots. Uh, that gives you a one in a hundred chance of getting. You've really gotta stand out on your resume to get noticed. And the way to do that is by having additional extracurricular things on your resume. Things like competitions like say Cpt C, ccd.

C uh, CyberPatriot, things like bug bounties, things like, um, Capture the flags, uh, volunteering, like all that. You know, if you, if you volunteer at a BSides conference, put that on your resume. Uh, if you have a home lab where you're putting stuff together in your home lab for security, put that on your resume.

All those little things are things that when we look at resumes, stand out to us and we're like, , okay. We know [00:19:00] this person's going to the school and they're getting that degree. They're the same as everybody else. What else do they have that sets them apart? And it's pretty much the same as in any industry, right?

You want to be a little bit different. And if you're go on the cert route, same thing. Get the certs, add in more stuff other than just the certification. Um, if you had, uh, if you volunteer at your local church and help them set up their wifi and, and implement w. Put that on a resume. Uh, it really, there's no limit to what you can put on.

Uh, and the more you put on the easier, easier chance or better chance you're gonna have of landing that position.

Blake: How about if you have a resume item, say, testified before Congress, uh,

Space Rogue: I don't know where that goes. That's actually not on my resume. Um, maybe I should put it on there.

Blake: Well, I did wanna talk about that because you devote a section of the book to this, you know, to loft members really groundbreaking congressional testimony back in 1998. Um, you know, it's, it's, it's, it's become quite a well known little facet of hacker history. And I shouldn't even say little because it [00:20:00] obviously did have quite an impact.

And I'm wondering for listeners unfamiliar with that episode, if you can kind of walk through the. That that moment had and what it was like being there, uh, to testify on something that the world didn't really understand just yet.

Space Rogue: Yeah, it was really, it was interesting. Um, I mean, we got approached to, to testify, um, and how that came about is up for debate. Uh, but they, uh, Senator Thompson's office, uh, reached out to us and said, Hey, we're releasing some reports. Uh, we want to get somebody in, uh, to, to make, generate some press around these reports and we think you'd be a, a perfect.

Point for that. And so we're like, yeah, that sounds like a good idea. Um, you know, we'll come down and, but we have to do it under our handles. Like we're not ready to reveal the, the given names yet. Uh, and so, uh, for some reason they agreed to that. I don't know why, uh, or how that came about, but, uh, they agreed to let us testify under our handles.

So, uh, we go down to DC and uh, we didn't tell anybody we were gonna go down beforehand cuz we didn't really know [00:21:00] what to expect or what was gonna happen. Um, a lot of people think we were the first hackers to testify in front of Congress, and that's actually not true.

Uh, Emmanuel Goldstein of 2,600 Magazine was first and before him, uh, Susan Thunder, if you know her at all, uh, she was there. But Emmanuel Goldstein didn't have a very good time. Uh, he was. Basically label the criminal in front of, uh, you know, while he's sitting there trying to testify and, and, uh, so we didn't know what to expect.

We, like, once you get in the. , like they can say anything they want and there's not much you can do about it. So, uh, we didn't tell anybody before we went down. Uh, and we figured we'd wait until after and we're like, if it goes good, we'll we'll say something. And if it doesn't go good, then we'll just keep quiet and pretend it didn't happen.

Uh, thankfully it went well. Um, and the senators were very appreciative and very friendly and asked a lot of great pointed questions. Um, the, the, uh, video of the testimony is up on YouTube, so if you're still interested, you can watch it and it's interest. And, and I still get these comments. Uh, now it's [00:22:00] interesting how many of the topics that came up 25 years ago, which is a 25 year anniversary of this may, uh, how many of those topics are still relevant and still an issue today?

Uh, you know, and, and, uh, the impact that, that had, I think is what, what the other part of your question was, was, uh, I don't think I realized what, how important it was was then, or how important it has been over time. And I definitely didn't think I was gonna be talking about it 25 years later or write a book about it.

Blake: What were some of those long-lived issues that you see coming up again and again through the decades?

Space Rogue: Uh, you know, there's just, uh, network configuration, weak passwords, uh, weaknesses in gps, for example. I remember Senator Glenn was very concerned about that as a pilot. Um, and so we, we talked a lot about that. Uh, we talked about, um, cascading vulnerabilities that can, uh, travel from one to the other. I mean, that was the.

The big, the, the, the 32nd soundbite that, uh, came out of the testimony was, uh, Mudd announcing that, uh, anyone, I dunno, of us could take down the internet in 30 minutes. Uh, and, and it was a, it was an, a vulnerability in [00:23:00] BGP border gateway protocol, uh, which had already been patched by the time of our, uh, testimony.

But, uh, the fact that even now, like probably about once a year we have this major issue with BGP still. Um, and so it's just interesting that you still have to see the same issues come up over and over again.

Blake: So that's not just hacker bravado. Then there actually were some pretty fundamental risks to the internet, uh,

Space Rogue: Interesting story, like after the testimony, people would come up to us and be, they'd be like, Hey, uh, so this take down the internet thing in 30 minutes, were you guys talking about this thing where you do X, Y, Z and this other thing? And we're like, no, that's not what we were talking about at all. But that would work And so we ended up with like four or five different ways to do what we claim to do with just one. And we're like, wow, this is all bubblegum and baling twine. Uh, it really, really is fragile.

Blake: Well, I, I remember, uh, the Log four J vulnerability. One of my favorite headlines to emerge from that was just quote, the internet is on fire. And it does feel like we periodically get these big moments that just shake everybody to [00:24:00] their core and really, uh, rattle something that we've just as a society grown so dependent upon.

But, uh, so I guess thinking about covering events that, you know, happened a fairly long time ago, uh, when you're so vividly describing specific scenes in the book, I guess, how did you do that? Did you get, like, did you use sort of the shared memory of the Loft Collective or, you know, where did you tap into, uh, those memories

Space Rogue: So, uh, a couple of things. Uh, I did not actually consult any other loft members when I was writing the book for, for a couple of reasons. Uh, one, I wrote it as a memoir, so it was my memory of the events. Uh, and so I, I didn't wanna, uh, pollute my memory with other people's memories. Uh, and two, uh, I wasn't sure how everybody else would feel about me writing.

Uh, and I wasn't sure if that was gonna be a positive response or not. And so since I wasn't clear, I'd be like, you know what, I'm not. Not gonna poke the bear, I'm just gonna do it. And then we'll see. They can be upset about it later. [00:25:00] Uh, so I went ahead and, and wrote the book that way. The, the, I think the big thing was that I did not have access to my old male spool.

Like, uh, so when I was fired from at stake. Like by the time I got home from the office that day, my loft.com mail was gone. I didn't have access to it. Um, and I didn't, it was a rude awakening cause I didn't think that. You know, I, I sort of understood when you leave a job, they, they kill your email, but loft.com was separate from@stake.com.

And so I was thinking I would still, but no, as soon as I got home, boom, everything was shut off. Uh, and I've never been able to get that mail back. So when I was writing the book, I wasn't even able to refer to my old mail. Uh, and basically I only had whatever. Files I had left over and Google. Uh, so most of the footnotes in the book, uh, uh, like all a hundred of 'em are all me trying desperately to find stuff via Google.

And it's amazing. It's both amazing how much stuff is still there and how much stuff is gone. Uh, just completely gone. And like, I remember this article, I know it [00:26:00] existed. I'm allowed to look for it. It's gotta be here somewhere and it's gone. Like it just does not exist. The publication's gone. Uh, the person who bought the, the company that bought the publication is.

Um, I remember I was trying to find a, I wanted to use a picture from the cover of an EE Times magazine, uh, and I could not get in charge of, find anybody who still had that picture on file anywhere. Um, I, I contacted the photographer, I got a hold of him. But he was like, yeah, I don't own the copyright.

They, they, they bought the picture. I, I can't give you permission. I'm like, and so there, there was a great picture of all of us on the cover of ve times that what I think would've been great in the book, and I, I couldn't get the rights to it, so I couldn't use it, which also is why the cover is the way it is.

Um, , there is a very famous picture of the seven of us testifying in Congress. Uh, a picture that we often refer to as the loft supper. Uh,

Blake: the Loft

Space Rogue: the long hair. Yeah. Right. Uh, and

Blake: it hanging in Milan?

Space Rogue: the big, long. So, uh, [00:27:00] I was gonna, I really wanted to use that picture on the cover.

Uh, but it's, uh, I went to, uh, the, the, the online site that has it, and I found it. Uh, but they wanted 1500 bucks to put it on the cover of the book. I'm like, I don't even know if I'm gonna sell that many copies. Like, I, I can't, can't afford $1,500 for one picture. Uh, and so I'm telling my, my book designer this, and I'm like, you know, this is my idea for the cover, but I can't use the picture.

So I don't know what else you can come up with. Well, I can just take the picture and make it a line drawing. Okay. Uh, and I actually think it works much better than the actual photo, so, um, that's why the cover is the way it is

Blake: Hey, you know what? Make deal with what you got. Work around it, figure it out. And now you got a great cover. Now it, it's interesting you mentioned digging up old articles. You know, you've described the press as kind of this, uh, quote double-edged sword in, in, in the book.

And I can certainly relate to that having, you know, come from a, a journalism background myself. Um, you know, you recounted some negative moments, obviously with MTV in particular, kind of doing maybe what some. Classify as a hit piece to some extent, or at [00:28:00] least a nonsense piece. Um, I'd just be curious as a former cyber editor and reporter myself, uh, and you working on, on our Read Me security cybersecurity publication here at cac, what's your experience been like building out this Hacker News Network?

Which, uh, or the voice of reason, as you describe it in hacking community in the early two thousands, what was that like?

Space Rogue: Uh, so Hacker News Network came about because, loft.com was getting a ton of traffic, right? It was one of the early first websites on the internet, uh, getting tons and tons of traffic. And we're looking around the internet, we're seeing a lot of people getting rich off banner ads, right? Uh, and we're like, geez, it'd be really great to get some of that money to pay our electric bill.

Uh, put a banner ad up on loft.com. It would be awesome. And, but we're also like, well, you know, then we're, we're beholden to the advertis. Bmk, right? We don't want that to influence our voice or, or be beholden to that in any way. So we didn't put any ads up on loft.com. And so I'm sitting here racking my brain trying to figure out, well, how can we still get a piece of this little pie?[00:29:00]

Uh, and I'm like, well, why don't we just create a different website and we'll put ads on that? Uh, and so I had been collecting. Uh, news links anyway, and sharing them via email to anybo everybody, uh, in the loft. And, and I, I went to one of our loft meetings one week and we had meetings every week and I'm like, Hey, here's an idea.

I'm gonna create a new website. I'm gonna put this email that I'm sending you guys up on the website every day, uh, and we'll get tons of hits and we'll make tons of money, uh, and all kind of laugh at me. I mean, they didn't actually laugh, but I could tell they were like, yeah, all right. Crazy space shuttle's got another crazy idea.

Uh, and they're like, you know, domain name's only 15 bucks or whatever it was. Probably 35 at the time. So we'll spend 35 bucks, we'll make Space Road happy and he can go play on his, his website. Uh, so we did that and, uh, I started posting, uh, the news up every day. And it took a while. Uh, it took like a year, year and a half, but it started to get really popular, uh, to the point where it was actually paying the electric bill, uh, from the banner ads, uh, and the t-shirt sales, uh,[00:30:00]

So, um, And I would just, every day I would, I would gather news sources, uh, write a little blurb, put a headline on it, write up the html by hand and post it, uh, every morning trying to get it out by 9:00 AM in the morning. So I'm getting up early in the morning, driving to the loft, researching the news for three hours, and then writing the HTML and posting it.

So, uh, did that for a couple of years until at Stake. Bought it, uh, until we, you know, we became part of At Stake. And at Stake. Didn't really know what to. with h and n, they're like, this is not part of our core business. Um, we don't really know what to do with it. And so I'm writing out, I wrote up a business plan for h and n.

I'm like, look, with a little bit of investment or a real webmaster, uh, we can make this much money in a year, uh, blah, blah, blah. And they're like, well, that's not, that's small potatoes. I'm like, what do you mean it's small potatoes? It's, this is a lot of money. Uh, and like, yeah, but we want millions of dollars, not hundreds of thousands.

I'm like, whatever. Hundreds of thousands pays my salary. Like what's the, what's the. Um, uh, so they, you know, after I got fired, they kind of [00:31:00] shut down h and n rather quickly because it was just sucking resources and they didn't see the vision. Um, and so several years later, uh, tan from the loft, he calls me up and he's like, dude,

And I'm like, dude, uh, and he is, uh, we need to do H and N again. Uh, and I'm like, no, we don't And he's like, yeah, yeah, yeah, yeah, we'll do it as video. I'm like, I don't know anything about

Blake: Ah, the pivot to video, the pivot to video.

Space Rogue: Right. Uh, YouTube was starting to be big, uh, but YouTube had a 10 minute limit for anybody who remembers early YouTube.

Uh, and I was producing a 20 minute show. I don't know how Tan convinced me to do this, but I borrowed a, a video camera from work, uh, filmed a pilot episode and I'm like, yeah, this is, yeah, yeah. This is, bring back some memories. Let me, let me get into this. So we did the video, uh, but I couldn't host it on YouTube because of their 10 minute limit.

So we're over on, uh, uh, a hoster called BLIP tv. Uh, and after two years of that, I was just, I was putting 40 hours, 50 hours a week into making this video, which anybody who's done a podcast before, especially a scripted one, knows how much work, [00:32:00] uh, that sort of thing is. And I'm still trying to do a 40 hour week job on top of that, and I'm just like, burnt out.

I can't do it anymore. And so I'm just like, all right, this has gotta end. Uh, and so it was rather abrupt ending boom over, and I think like three months later, YouTube lists their, their 10 minute line. If we, if I just hold a held on for a few more minutes, you know, I would've been able to ride that YouTube wave and have a million subscribers now and have a, a play button on the wall.

And, um, but yeah. So that was the end of H n n

Blake: it's, it's not too late. It's not too late to get on the YouTube train. All you gotta do is have somebody to make some really catchy thumbnails with like your, your eyes big and your expressions exaggerated. Yeah, exactly. With like three cool tips from Space Rogue. No, that's right. That's right.

Actually, yeah. Maybe we can, we can work with that. It's a a now, now, now we're talking. We're onto something. So, But looking ahead for a minute, aside from YouTube plans, which now I'm glad that we're, we're, we're, we're holding you to that. Uh, I, I know you're still on the, uh, the cutting edge of cyber trends and [00:33:00] analysis over at ibm.

Uh, one quote from the book really caught my eye is being a little alarming, uh, which is that, uh, quote, hackers no longer explore networks and computer systems from parents' basements if they ever did. Now, it is often about purposeful destruction at the bequest of governments. That purposeful destruction line, uh, certainly jolted me awake.

Uh, what do you see as the biggest threats facing us today?

Space Rogue: Uh, I mean, the internet has become a major tool in, uh, international relations, um, both pro and con. Uh, and, you know, you only have to look at the current conflict, uh, in the Ukraine to, uh, see that on both sides. I think Ukraine just announced a, a measure or an effort to legalize their civilian cyber hacker army, uh, in the last few days.

And, and Russia, of course has been, uh, attacking their critical infrastructure for years, uh, taking out the power in Ukraine and, and, uh, launching [00:34:00] other critical, uh, crippling attacks. Um, we look at Saudi Ramco attack, we look at the, the Sony attack. Uh, these are all 

a, uh, government, uh, sponsored event, uh, taking place on the internet, uh, to further the goals of international relations, um, whatever those relations have to be.

And so, you know, I don't know if I would classify all of that as. Threat to the internet as it is become a tool used, uh, uh, for those purposes. Um, just like other tools. But it's definitely a far cry from where we started 25 years ago or 30 years ago or earlier, where we were upset that somebody was putting an ad for a green card on a Usenet.

Posting. Um, and, and, and to look at that and, and the, the furor that happened over that, uh, versus what's happening on the internet today, uh, is definitely a major difference between the two.

Blake: I'd be curious to hear your thoughts on some of the Biden administration's actions [00:35:00] recently, especially, you know, hearkening back to your early congressional testimony and whatnot. Um, you know, from the cyber security and infrastructure security agency to the new national cyber security strategy, where do you see us going from a policy perspective?

Space Rogue: Well, I, I like the work that CIS is doing. Uh, cyber Information Security, security Agency, you know, his name's so

Blake: lots of security. It's in there twice. So you Yep. You know you're

Space Rogue: uh, and I'm sure everybody makes that joke every time

Blake: Yep. Uh, no. No. I love it.

Space Rogue: but they're doing, they're, they, they actually seem to be resonating with, uh, small business and big business and, and even individuals, uh, and getting the message out, uh, and being able to communicate that message appropriately so that people are actually paying attention and listening, uh, and not sounding tone deaf or out of touch or, uh, you know.

Totally not with it, as most government cyber messages tend to be or have been in the past. Uh, so CIS is really, I think, uh, taking a step forward there and advancing, uh, the Biden administration's agenda, uh, [00:36:00] in regards to cyber. Uh, and now, uh, speaking of which the Biden administration has. Recently released, uh, some new cyber guidelines, which I haven't really delved into a lot yet.

Uh, but what I've heard so far, I'd like, um, is definitely seems to be some steps in the right direction. Uh, and hopefully it will continue to be so. Um, I know, uh, the government has tended to lag behind, uh, when it comes to, uh, cyber. I mean, it's, we were there 25 years ago and we're still seeing a lot of the same problems today.

So there's a 25 year lag there at least. Right. Um, and we've had a couple of adminis. Uh, over that timeframe, just kind of punt the ball down the road and be like, eh, well, you know, we'll let somebody else deal with it. Well, now it's down the road and I'm glad to see Biden doing something. Uh, and from what I've seen so far, most of it seems to be, uh, uh, in the positive direction, uh, in the, in, in, in help furthering security as a whole.

Blake: That's great. Well really appreciate you coming on the show. The book is, uh, is, is really interesting. Uh, [00:37:00] definitely some fascinating windows into some of the early interactions there. 

Um, so finally, I, I, I wanted to ask you something. We ask all of our guests here on, uh, we're in, which. What's something we wouldn't know about you? Space Rogue? Just by looking at your LinkedIn profile.

Space Rogue: Well, there's not a whole lot on my LinkedIn profile. Uh, I will say that it's still, it's if you're just looking at my LinkedIn profile, you might not know my real name. Uh, my given name is not on there, uh, which I'm, I'm kind of curious how long it's gonna stay up because, uh, there's supposedly this, uh, uh, effort at LinkedIn underway.

Maybe I shouldn't say anything to get rid of fake profiles. Uh, my profile's real, uh, it's just under Space Road. It's not under my given name,

Blake: So you're saying you haven't legally changed your name to Space Road.

Space Rogue: I have not yet, uh, I'm thinking about it. Um, and then I'll, I'll have Chris Thomas as the handle, right, um, , and then nobody will know who I am. Um,

Blake: it up a little bit. I like it.

Space Rogue: But, uh, yeah, there isn't actually a whole lot on my LinkedIn profile. [00:38:00] You might not know, like there's some early jobs, like I used to work at Burger King. You wouldn't have that. That's not on there. Um, I used to work the drive through at Burger King late at night.

Blake: Well, uh, no. Nowhere to go to get a, uh, get a whopper.

Space Rogue: there you go.

Blake: Well, thanks again, space Ro for, for joining us. This was, uh, a really great conversation. Definitely encourage our, uh, listeners to check out the book Space Rogue, how the Hackers known as Loft Changed the World. And that's Loft L zero PhD, by the way, not just any loft.

So, uh, so thanks again and, uh, hope The Hope the book tour goes well.

Space Rogue: Uh, it should be at rsa if anybody wants to, uh, try to catch me at the, either the IBM or Veracode booths.

Blake: Heard it here first. All right, thanks So,