[tptacek]

Peiter was talking about BGP. In 1998, you had to be somewhat diligent to get to a vantage point from which you could inject bogus BGP, and the Venn diagram between those people and "nihilistic assholes" is not that scary. In 2015, you can still technically fuck up BGP, but probably not for very long, and not without burning a lot of assets. Why would anyone bother?

The hunting and taxidermy of corrupted BGP advertisements is basically what got the NANOG crowd out of bed every morning; it's a pretty big chunk of the job. I always felt like the alarmism over BGP was a bit tone-deaf. Certainly, nothing Peiter said came as any surprise to anyone who'd ever managed default-free peering.

[vezzy-fnord]

Further, I recall several of the L0pht members were heavily interested in TEMPEST and van Eck phreaking at the time. Really played it up in an ominous tone.

[roel_v]

Well, that sort of scaremongering was part of the PR aspect of the whole thing. Back then (I've been out of the scene for a decade and a half now, I don't know if it's still as bad) the amount of money you could sell your 'company' (read: two guys in a basement) for, was directly correlated to the scariness of the stories you could get into the press.

[tptacek]

I think this happened right before @stake "acquired" L0pht, but I'm not sure how lucrative that really was for them.

[na85]

What would you have to do to fuck up BGP in 2015? Is it more or less the Autonomous-System version of ARP cache poisoning?

[tptacek]

That's a reasonable way to look at it, I think. Except imagine an ARP where there were thousands of very highly paid network engineers constantly monitoring the tables.