When seven young men from Boston wearing borrowed or newly purchased suits walked into a Senate hearing room in May 1998 to talk about the emerging threats to the world’s computer networks, the Internet as we think of it today was just stumbling out of the cave on shaky legs, blinking at the bright lights. Few people--and almost none in Washington--understood the fragility and vulnerability of this network. But when those men walked out of the hearing a couple of hours later, it was painfully clear to everyone in the room that Internet and computer security needed to be a national priority.

The men who sat at the witness table in front of the Senate Committee on Governmental Affairs were members of the L0pht hacker group and they were not there on a lark. They appeared by invitation, driving down I-95 in a rented van, making an unscheduled and somehow-not-disastrous accidental pit stop at the NSA headquarters in Maryland. When they told the members of the committee that the Internet’s weaknesses were manifest and had serious national security implications, they spoke with the authority that comes from experience. They had probed, tested, and broken the software and protocols that ran the network and they knew what was possible.

They knew and they shared that knowledge, hoping it would make a difference.

“We were the hackers using our outsider, attacker perspective to try to make changes,” Chris Wysopal, CTO of CA Veracode and one of the L0pht members who testified that day 20 years ago, said during a panel in Washington Tuesday that brought four of the members back together: Cris Thomas, Wysopal, Peiter Zatko, and Joe Grand.

The problems that the L0pht members warned the senators about in 1998 were serious weaknesses with core protocols such as BGP and those that handle satellite communications. These protocols and systems could be abused in ways that could have painful, cascading consequences for the entire network, they said. Twenty years on, those warnings still hold true and also can be applied to several new generations of technology.

“We didn’t learn our lessons. We made the same mistakes with mainframes, then client-server, then desktops, then mobile, and now IoT,” said Thomas, known as Space Rogue.

All of those mistake-ridden platforms have been squished together to form the global network we call the Internet. It’s an amalgam of bits and pieces and patches and somehow it works. For the most part. But it’s far from ideal and it’s not much more secure than it was in 1998. It works just well enough.

“We have an Internet built on rock and roll and silly string,” said hacker Katie Moussouris, CEO of Luta Security and a longtime friend and colleague of the L0pht crew, who moderated Tuesday’s panel.

“We’re still building new technology on an old foundation that’s insecure. We keep building new things on an old infrastructure that never seems to change,” Wysopal said. “That’s why I feel my job still isn’t done.”