In a sober, methodical tone, a computer hacker known as "Mudge" described for a Senate committee how he could snoop on the computer activities of thousands of unsuspecting citizens.
"Let's say I have taken over MCI's network, which would not be a tremendously difficult thing to do," Mudge told the Senate Governmental Affairs Committee on Tuesday. He described disrupting another major corporate computer network that he couldn't access, forcing its traffic to flow over lines he could monitor."Now I can learn everything they're doing, I can watch their movements, I can stop their movements, I can issue requests on their behalf," said the frizzy-haired computer consultant. "You'd be surprised how much stuff I can do on networks now."
The testimony of Mudge and six more of the nation's elite computer hackers - identified by their "hacker" names because of their sensitive activities - was the focal point of a hearing exploring weaknesses in the nation's computer networks.
Some Internet security experts were highly skeptical of some of the hackers' claims - Mudge boasted that within a half-hour, any of the seven could cripple the Internet in the United States.
But the hackers and new government reports raised troubling questions for some about security of the nation's public and private computer networks.
Sen. John Glenn, D-Ohio, said the testimony pointed to a threat to national security.
"If you look at this, in some ways it's a whole new way of making warfare," Glenn said, referring to attacks on sensitive computer systems. "I don't think that overstates it one bit."
The General Accounting Office, an arm of Congress, released two studies at the hearing critical of computer security at the State Department and Federal Aviation Administration.
"This work has revealed a disturbing picture of our government's lack of success in protecting federal assets from fraud and misuse, sensitive information from inappropriate disclosure and critical operations from disruption," Gene Dodaro of the GAO said in a statement to the panel.
A presidential commission reported in October that it found "no evidence of an impending cyberattack" but cautioned, "We have little defense against it." It also cited an "unprecedented national risk" because computer and telephone systems have linked the nation's public works, including power plants, rail lines and banking networks.
The seven Boston-area computer experts who testified belong to what's been described as the nation's leading "hackers think tank," known as LOpht (pronounced "loft").
All said they hold day jobs consulting or working in the technology industry and turn their after-hour efforts to exposing weaknesses in major computer networks or brand-name software, such as Microsoft's Windows NT. They publicize their findings as part of LOpht's public service mission to improve computer security.
"I'm informed that you think that within 30 minutes, the seven of you could make the Internet unusable for the entire nation. Is that correct?" asked panel chairman, Sen. Fred Thompson, R-Tenn.
"That's correct," replied Mudge. "Actually, one of us, with just a few packets," he added, referring to bundles of data that flow across the global computer network.