Great Rivalries in Cybersecurity: Legion of Doom vs. the Masters of Deception

Legion of Doom vs. the Masters of Deception


On January 15, 1990—Martin Luther King Day—millions of Americans picked up their phones to make perfectly routine long-distance phone calls only to hear a slightly hollow, ghostly recorded voice on the other end. “All circuits are busy now,” it said. “Please try later.”

But they were still busy later. For 9 hours, half of all long-distance calls attempted on the AT&T network—which carried over 70 percent of long-distance traffic at the time—failed.

It was a frightening outage that rang alarm bells in more places than just AT&T headquarters. Months earlier, the Secret Service had arrested a 16-year-old hacker nicknamed Fry Guy who had told them, under interrogation, that a hacker gang he was associated with had been planning to crash the system on a national holiday.

That gang, the Legion of Doom, was suddenly on the law enforcement radar screen in a big way. But they weren’t alone. The Texas-centric group was in the midst of an online feud with a New York-based rival, the Masters of Deception. LOD and MOD, as they were known, were at each others throats and the battleground happened to run through the phone switches and computer systems of America.

In Hacker Wars, Civilian Systems Are Weapons and Casualties

This case is unique in that it happened between two separate groups of black hat hackers, and not just between individuals. With participants with monickers like Phiber Optik, Acid Phreak, and Erik Bloodaxe, it sounds more like the plot from a comic book.

But the two groups were doing battle online through civilian computer systems that they had hacked and taken control of. The MLK Day outage was later traced back to bad code written by AT&T’s own engineers, a vulnerability that allowed the hackers to run rampant and unchecked through their systems.

LOD was the older group, a collective of sorts formed in 1984 that originally incorporated many of the ethos of the original hackers of the 1970s. Their exploits had the air of exploration and learning. The group published informational technical papers describing systems they had explored… although often without permission.

Yet hubris and greed came as the group grew larger. Hackers around the fringes, like Fry Guy, had fewer ethical constraints and used their technical skills to line their own pockets or damage systems. And personality conflicts forced others out… like Phiber Optik, a kid named Mark Abene, who was kicked out of LOD in 1989.

That bad blood carried over into the new group Optik started with some fellow New Yorkers: the Masters of Deception, or MOD.

The brash nature of the New Yorkers had always rubbed the more Southern LOD the wrong way, but it was some of that good ol’ boy language that really set the conflict off. On a conference call set up by LOD on a hacked phone company line, a MOD member nicknamed Corrupt suddenly joined in.

Not only did Corrupt not sound like one of the drawling LOD regulars on the line, he sounded like something else: a black kid from inner city New York, which he was. And one of the LOD members on the call instantly took offense and responded with a disgusting racial slur – that mother of all verbal bombs.

The conference bridge fell silent. War had been declared.

Tearing Both Houses Down

Corrupt, joined by his MOD allies, made it his mission in life to make life miserable for the LOD crew, particularly one member known as Erik Bloodaxe. Erik’s home phone would ring at all hours; his service would be switched randomly; MOD hackers would listen in on his calls.

Bloodaxe, in return, started slurring the MOD crew on BBS (Bulletin Board Systems) and in other conference bridges. The racial angle continued. The harassment of Bloodaxe’s phones also continued and spread to include his work lines.

Whether it was a case of throwing in the towel or feeling legitimately aggrieved, Bloodaxe finally called the FBI on his rivals.

The FBI was already interested. Phone company investigators had been investigating MOD and accumulating evidence. Nine days after the AT&T outage, the FBI and Secret Service served warrants on several MOD members, including Corrupt and Phiber Optik. In December, shortly after Bloodaxe’s call, they were arrested and charged with computer tampering and trespass, to which all plead guilty.

LOD declared victory, but in truth didn’t fare much better. Many members had been picked off by Federal authorities within the same timespan, caught up in the general sweep of illegal hacking activity. Others took the arrests as a sign and quietly dropped off the radar screen, or went white-hat entirely. The group all but ceased to exist, enjoying a Pyrrhic victory over MOD at best.

A Legacy of Information Warfare

Erik Bloodaxe, whose real name was Chris Goggans, was raided by the Secret Service in March 1990 but was never charged. He went on to form his own computer security firm and remains in the industry today.

Perhaps unsurprisingly, Mark Abene also went into information security work after his release in 1994. In 2001, he went into business with several former LOD members, building new bridges with former rivals

Corrupt, whose real name was John Lee, stayed away from technology after he was released from prison. Today, he makes documentary films and has directed music videos.

Many of the people involved in the LOD/MOD feud have downplayed it as a series of pranks rooted more in personality conflicts than as any major battle between the two groups. In the historic record, compared to today’s conflicts between nation-states and shadowy criminal groups that take in millions of dollars in stolen information, the LOD/MOD war seems quaint even at its most bloodthirsty.

But it’s also easy to see it as a precursor to today’s conflicts. Servers and personal computers belonging to innocent third parties are co-opted into massive bot-nets used to strike at hacker’s targets of choice, just as phone systems were repurposed for that use before. Eavesdropping and combing systems for information that could be used to strike at enemies is just as useful today as it was in 1990.

If anything, the LOD/MOD conflict taught hacker groups to stay more under the radar and stay out of the sights of law enforcement. The prosecutions that came from those investigations were seen as a warning sign among many in the hacking community, and those who were able to preserve their anonymity largely remain out of sight even today.