Jun 6, 2019

Lessons from history's great hacker groups

Illustration: Axios Visuals

The best way to solve today's unprecedented problems in cybersecurity is to learn from the problem-solving hacker groups of the late 80s and 90s, according to Joseph Menn, author of the just-released "Cult of the Dead Cow," a chronicle of one of the most legendary of those groups.

The big picture: The Cult of the Dead Cow (cDc) began as a group of mostly Texans, mostly teenagers, communicating over telephone-based bulletin boards in an era before the web existed, becoming pioneers of hacking in the public interest. Menn's book covers the heyday of the group and some of its contemporaries, including The L0pht and W00W00 (note the zeros in place of Os).

Details: "They were critical thinkers. They didn't give up when the problems were bigger than they thought," Menn told Axios.

  • Menn had access to communications between group members in writing the book, and he explores the group's real-time debates over how best to solve ethical problems they came across.
  • Working on the fly, the cDc and L0pht groups solved some of the fundamental problems of cybersecurity ethics in lasting, practical ways — with an innovative, sometimes dangerous spirit Menn hopes can be applied to today's problems.

So why write about the cDc now? "We need to celebrate the good things that happen in infosec [information security] — there aren't a lot of them — and celebrate the things that can be emulated," said Menn.

  • There are any number of books that cover the looming dangers of cybersecurity — Menn wrote one of them himself.
  • "Since then, there've been a ton of books — we're screwed in this way, we're screwed in that way. I didn’'t want to do that again," he said.

Between the lines: Here's just a sample of the broad impact of cDc, The L0pht and W00W00.

  • Members of cDc went on to run DARPA, and at least one held national office before recently announcing a run for president. Others became the prototypes for the ethical CISO as an ombudsman for the customer. A third group, cited as inspiration for Tor and the Citizen Lab, developed the ethical basis for hacktivism.
  • The L0pht developed the idea of responsible disclosure — disclosing vulnerabilities to a company, giving them the opportunity to fix a security flaw in a product before the researchers publicly released it at a predetermined date. Until responsible disclosure, and the threat of hackers seeing unpatched attack techniques, companies often ignored researchers.
  • cDc released the "Back Orifice" hacking tool in 1998, which marked a turning point in Microsoft starting to take operating system security seriously.
  • W00W00 hackers created Napster, and more recently, WhatsApp.

The bottom line: While factionalized hacker groups similar to those of the 80s and 90s don't exist anymore to take the mantle of the cDc, companies and nonprofits could adopt the same deliberative, ethical approach to problems.

  • "Some things have been lost in terms of these cross-cultural groupings, but there are more avenues. Facebook and Google are hiring ethicists," Menn said. "Companies need to look to cDc."
  • Startups and small organizations have opportunities to start with ethics from the ground up.
  • "It's hard to bolt on morality after the fact," said Menn.

Go deeper

In photos: India welcomes president with massive "Namaste Trump" rally

First Lady Melania Trump, President Trump and India's Prime Minister Narendra Modi attend the "Namaste Trump" rally at Sardar Patel Stadium in Motera, on the outskirts of Ahmedabad, on Monday. Photo: Mandel Ngan/AFP via Getty Images

President Trump was addressing a massive rally after arriving with members of the U.S. first family in Ahmedabad, northwest India, Monday for a two-day visit.

Why it matters: The countries are forging deeper ties as India’s location, size and economic growth making it the "obvious counterweight to China" for American policymakers, per Axios' Dave Lawler and Zachary Basu. Prime Minister Narendra Modi is demonstrating the importance of the visit by holding a "Namaste Trump Rally" at a packed 110,000-capacity Sardar Patel Stadium in Ahmedabad — the world's largest cricket venue.

Go deeperArrowUpdated 31 mins ago - World

Concern over coronavirus spread: Italy, South Korea and Iran report more cases

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The number of novel coronavirus cases in South Korea, Italy and Iran jumped on Sunday as infections in mainland China continued to grow, the latest figures show.

The big picture: As South Korea and Italy stepped up emergency measures amid rising case numbers, World Health Organization officials expressed concern about infections with no clear link to China. COVID-19 has killed at least 2,619 people and infected almost 80,000 others, with all but 27 deaths occurring in mainland China.

Go deeperArrowUpdated 4 hours ago - Health

Sanders reveals free childcare plan for preschoolers

Democratic presidential candidate Sen. Bernie Sanders speaks during a campaign rally on Saturday in El Paso, Texas. Photo: Cengiz Yar/Getty Images

Democratic presidential candidate Sen. Bernie Sanders announced on CBS' "60 Minutes" Sunday a new plan to guarantee free child care and pre-kindergarten to all American children from infancy to age four.

Details: In the wide-ranging interview, Sanders told Anderson Cooper he planned to pay for universal childcare with a wealth tax. "It's taxes on billionaires," he said.

Go deeperArrowUpdated 5 hours ago - Politics & Policy