Welcome to Codebook, a strange newsletter — the only way to win is not to play.
Today's Smart Brevity: 1,454 words, ~5 minute read
Illustration: Axios Visuals
The best way to solve today's unprecedented problems in cybersecurity is to learn from the problem-solving hacker groups of the late '80s and '90s, according to Joseph Menn, author of the just-released "Cult of the Dead Cow," a chronicle of one of the most legendary of those groups.
The big picture: The Cult of the Dead Cow (cDc) began as a group of mostly Texans, mostly teenagers, communicating over telephone-based bulletin boards in an era before the web existed, becoming pioneers of hacking in the public interest. Menn's book covers the heyday of the group and some of its contemporaries, including The L0pht and W00W00 (note the zeros in place of Os).
Details: "They were critical thinkers. They didn’t give up when the problems were bigger than they thought," Menn told Axios.
So why write about the cDc now? "We need to celebrate the good things that happen in infosec [information security] — there aren’t a lot of them — and celebrate the things that can be emulated," said Menn.
Between the lines: Here's just a sample of the broad impact of cDc, The L0pht and W00W00.
The bottom line: While factionalized hacker groups similar to those of the '80s and '90s don't exist anymore to take the mantle of the cDc, companies and nonprofits could adopt the same deliberative, ethical approach to problems.
The Department of Homeland Security will re-evaluate potential election hacking in North Carolina, whose electronic poll books may have malfunctioned in 2016.
To be clear: The state may already have been through an investigation of the same issues. North Carolina's general counsel told the Washington Post that Homeland Security first audited North Carolina's systems 18 months ago.
The big picture: Former intelligence contractor Reality Winner, now in prison for leaking classified documents, was first to reveal that Russia hacked Florida-based electronic poll book-manufacturer VR Systems in the run-up to the election. It then used information from that attack to spear phish states using the firm's poll books.
Why it matters: If Russia did in fact cause long lines in North Carolina, it may be the first concrete example of a foreign nation materially affecting vote totals rather than just influencing public opinion. Long lines dissuade voters from voting.
In a previously unreported event demonstrating both the risks all organizations face from threats to the telephone system and how to mitigate them, an Arabic-speaking phone scammer tied up the nonemergency police call centers in Maryland's Howard County with a flood of calls over two days in August, briefly disrupting services.
Why it matters: The scam was against the phone company, not against Howard County, a target picked at random. So while the county didn't lose money, it briefly lost use of its nonemergency call center.
Background: Howard County normally gets between 300 and 400 calls a day to the nonemergency number. That's where citizens might be routed "if there's a cat stuck in a tree, but the cat's not on fire," said James Cox, the county's network-server team manager.
Howard County was fortunate. It had a relationship in place with a security group that could help mitigate and investigate the attack, in this case Cisco.
The intrigue: Cox will publicly discuss the event for the first time at the upcoming Talos Threat Research Summit on June 9. He says there are a few important lessons.
Doubts that an NSA tool was used in Baltimore: After the New York Times reported that a leaked NSA tool had been used in the Baltimore city government attack, one incident-response team and Maryland government officials both contradicted that report. (SC Magazine, CyberScoop)
Medical biller breach may affect millions: American Medical Collection Agency was breached last year, potentially affecting 11.9 million patients at its customer, Quest Diagnostics, and 7.7 million at another customer, LabCorp. (Axios, Krebs on Security)
IEEE reverses ban on Huawei: After an academic backlash, and receiving clarification from the Department of Commerce, the engineering research association IEEE reversed a ban on Huawei personnel being used as peer reviewers. (The Register)
"WarGames" circa 1983. Photo: Hulton Archive/Getty Images
Codebook will inevitably return next week.