Jun 6, 2019

Lessons from history's great hacker groups

Illustration: Axios Visuals

The best way to solve today's unprecedented problems in cybersecurity is to learn from the problem-solving hacker groups of the late 80s and 90s, according to Joseph Menn, author of the just-released "Cult of the Dead Cow," a chronicle of one of the most legendary of those groups.

The big picture: The Cult of the Dead Cow (cDc) began as a group of mostly Texans, mostly teenagers, communicating over telephone-based bulletin boards in an era before the web existed, becoming pioneers of hacking in the public interest. Menn's book covers the heyday of the group and some of its contemporaries, including The L0pht and W00W00 (note the zeros in place of Os).

Details: "They were critical thinkers. They didn't give up when the problems were bigger than they thought," Menn told Axios.

  • Menn had access to communications between group members in writing the book, and he explores the group's real-time debates over how best to solve ethical problems they came across.
  • Working on the fly, the cDc and L0pht groups solved some of the fundamental problems of cybersecurity ethics in lasting, practical ways — with an innovative, sometimes dangerous spirit Menn hopes can be applied to today's problems.

So why write about the cDc now? "We need to celebrate the good things that happen in infosec [information security] — there aren't a lot of them — and celebrate the things that can be emulated," said Menn.

  • There are any number of books that cover the looming dangers of cybersecurity — Menn wrote one of them himself.
  • "Since then, there've been a ton of books — we're screwed in this way, we're screwed in that way. I didn’'t want to do that again," he said.

Between the lines: Here's just a sample of the broad impact of cDc, The L0pht and W00W00.

  • Members of cDc went on to run DARPA, and at least one held national office before recently announcing a run for president. Others became the prototypes for the ethical CISO as an ombudsman for the customer. A third group, cited as inspiration for Tor and the Citizen Lab, developed the ethical basis for hacktivism.
  • The L0pht developed the idea of responsible disclosure — disclosing vulnerabilities to a company, giving them the opportunity to fix a security flaw in a product before the researchers publicly released it at a predetermined date. Until responsible disclosure, and the threat of hackers seeing unpatched attack techniques, companies often ignored researchers.
  • cDc released the "Back Orifice" hacking tool in 1998, which marked a turning point in Microsoft starting to take operating system security seriously.
  • W00W00 hackers created Napster, and more recently, WhatsApp.

The bottom line: While factionalized hacker groups similar to those of the 80s and 90s don't exist anymore to take the mantle of the cDc, companies and nonprofits could adopt the same deliberative, ethical approach to problems.

  • "Some things have been lost in terms of these cross-cultural groupings, but there are more avenues. Facebook and Google are hiring ethicists," Menn said. "Companies need to look to cDc."
  • Startups and small organizations have opportunities to start with ethics from the ground up.
  • "It's hard to bolt on morality after the fact," said Menn.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 6 p.m. ET: 6,804,044 — Total deaths: 362,678 — Total recoveries — 2,788,806Map.
  2. U.S.: Total confirmed cases as of 6 p.m. ET: 1,909,077 — Total deaths: 109,497 — Total recoveries: 491,706 — Total tested: 19,231,444Map.
  3. Public health: Why the pandemic is hitting minorities harder — Coronavirus curve rises in FloridaHow racism threatens the response to the pandemic Some people are drinking and inhaling cleaning products in attempt to fight the virus.
  4. Tech: The pandemic is accelerating next-generation disease diagnostics — Robotics looks to copy software-as-a-service model.
  5. Business: Budgets busted by coronavirus make it harder for cities to address inequality Sports, film production in California to resume June 12 after 3-month hiatus.
  6. Education: Students and teachers flunked remote learning.

George Floyd updates

Protesters in Washington, D.C. on June 6. Photo: Samuel Corum/Getty Images

Thousands of demonstrators are gathering in cities across the U.S. and around the world to protest the killing of George Floyd. Huge crowds have assembled in Washington, D.C., Philadelphia and Chicago for full-day events.

Why it matters: Twelve days of nationwide protest in the U.S. has built pressure for states to make new changes on what kind of force law enforcement can use on civilians and prompted officials to review police conduct.

Why the coronavirus pandemic is hitting minorities harder

Illustration: Aïda Amer/Axios. Photo: Mark Makela/Getty Images

The coronavirus’ disproportionate impact on black and Latino communities has become a defining part of the pandemic.

The big picture: That's a result of myriad longstanding inequities within the health care system and the American economy.