Ben's Book of the Month: Review of "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World"

Posted on by Ben Rothke

It’s 2019 and there still has not been a movie made about hackers, that is historically accurate and demonstrative of what hackers truly do. Should someone make Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World (PublicAffairs Books 978-1541762381) into a movie, and stay true to the story, it would make a most compelling, and possibly Oscar nominated movie.

Written by investigative reporter Joseph Menn, this is his follow-up to Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet, which detailed the cyber gangs who operate on the Internet.

When you have a fascinating story and a great storyteller, you know the output is going to be an engaging read, and Menn doesn’t disappoint here. He tells for the first time the full history of the legendary hacking group Cult of the Dead Cow (cDc). Formed in 1984, cDc was the most dominant and perhaps most important hacking group in history.

The biggest revelation in the book is that one of the early cDc members was Democratic presidential contender Beto O’Rourke. He was known as Psychedelic Warlord during his cDc tenure. In an interview elsewhere, O’Rourke said that “part of my success was being exposed to people who thought differently and explored how things work”. That observation perfectly encapsulates what cDc was all about. O’Rourke also credited the group with influencing his thinking in a number of ways that he had brought to bear already.

Menn details the rise and development of the group. From a software perspective, they created a number of first-generation security hacking tools. Their output included security tools including Back Orifice, BO2k, Whisker and many more.

During its early years, the standard response by Microsoft was that vulnerabilities in Windows were theoretical and didn’t have real world consequences. To which the cDc often brought them to their knees with such claims, by showing them how these vulnerabilities were quite possible.

When cDc released their Back Orifice tool in 1998, it enabled users to connect with a Microsoft Windows device remotely. While Back Orifice only ran on Windows 95 and 98; BO2k ran on Windows NT, 2000 and XP.

In this fascinating read, Menn tells the story of the cDc, and how they were the consummate hacking group. Menn details the group’s development, and both the good times and bad times within the cDc. This included their mission, but also internal strife, kicking out a member for his maleficence, and more.

cDc were the original hacktivist group and knew how to use the media to get their message across, most often against Microsoft. At the end of the day, the cDc was trying to make technology safer, and the world a better place.

The cDc was also a launching pad for some of the smartest minds in the industry, and from there a number of information security software firms emanated. cDc members included Christien Rioux and Chris Wysopal who founded application security service provider Veracode, Peiter Zatko, better known as Mudge, founder of @stake; and Window Snyder, former CSO at Mozilla, and many others.

In the early days of the cDc, their biggest moral issue was abusing long-distance phone calls. As they matured, they quickly became critical thinkers in an era where that skill was in short supply. They evolved and then led the development of internet security, and later went on to forge consensus on the issue of vulnerability disclosure. They showed the security software was an idea whose time had come. Menn details the tension within the group in how they had to deal with these and other issues, which at time caused conflict between the members.

The book also tells the story of some of the firms that were spawned from cDc, mainly @stake and Vercode. When trying to get Adobe to deal with the many Flash security issues, Menn quotes Christien Rioux, who echoes the sentiments of many in the information security field  when he said “I hate Adobe”.

The story of the cDc is in part the story of the internet and internet security itself. Menn has written an engaging book that captures the esprit de corps of the group, the challenges they faced, and the inner workings of one of the most legendary, and productive hacking groups in history. 

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs