Cult of the Dead Cow (cDc) is the tale of the oldest, most respected, and most famous American hacking group of all time. Although until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers.
They also contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced U.S. security without injuring anyone.
With its origins in the earliest days of the Internet, the Cult of the Dead Cow is full of oddball characters — activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current Presidential candidate Beto O’Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.
Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.
Our man on the street Matt Stephenson spent some time at Black Hat with Cult of the Dead Cow’s author, the respected reporter Joe Menn:
About Joe Menn
Joe Menn (@josephmenn) has been a professional journalist for three decades, specializing in technology stories since 1999. His most recent book, Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World, was published in June 2019. The New York Times Book Review said, “the tale of this small but influential group is a hugely important piece of the puzzle for anyone who wants to understand the forces shaping the Internet age." An adaptation of the book for Reuters revealed that Beto O'Rourke had been a member of the enormously influential group, and it drew the most engagement on Reuters.com in its history.
Previously, Joe wrote Fatal System Error: the Hunt for the New Crime Lords who are Bringing Down the Internet, the first serious journalism accusing the Russian intelligence agencies of working with organized cyber criminals. It also exposed Gambino crime family investments in Internet gambling operations, and was cited in that context by the Miami Herald and McClatchy Newspapers in their Pulitzer Prize-winning coverage of the Panama Papers money-laundering leaks.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast. Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.
Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.
Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Apple Podcasts, Spotify, Luminary and all the rest!
MATT: Hey, welcome back to Insecurity. I’m Matt Stevenson. We are still at Black Hat 2019 as you can see, but we had to go a little classy this time because we have Joe Menn here. He's a Reuters investigative reporter, but more importantly, he’s the author of the definitive book on Cult of the Dead Cow, which… (to Joe) its name is so long. I'm going to leave it up to you.
JOE: So, the big title is, "Cult of the Dead Cow, How the Original Hacking Supergroup Might Just Save the World."
MATT: And of course we're going to have all of that in subtitles so you can know where to look on Amazon for this. You have gone back and done some exhaustive research on some of the most important people (in cybersecurity), a lot of the people in the world have never heard of. But literally shifted some tectonic plates in technology, which as a result changed education, economy, all kinds of different things. What have you been doing with this week? Who's here? Who have you gotten to be working with?
JOE: So, this is really exciting. This is a homecoming for a lot of this group. They launched Back Orifice 2000, one of their great hits, which embarrassed the heck out of Microsoft 20 years ago at DEFCON. And some of them actually have not been back since a couple of years after that.
MATT: Oh wow.
JOE: And I brought them back. I'm doing a panel at Black Hat with Mudge, Dil-Dog, and Death Veggie, whose actual names I will give you if you need them.
MATT: I'd prefer that those are their actual names.
JOE: And then same crew at DEFCON but we’re adding Omega, who actually coined the term "Hacktivism." So a lot of history and a lot of fun, because I've been getting together with not just these sort of underground hacker, innovator types, but founders of Unicorns now. So the founders of Duo Security, Dug Song. A fellow traveler, back in the day. And both founders of Vericode, who did panel with them yesterday.
MATT: So all these are people that when they were kids, the gym teacher said "You'll never amount to anything, if you never go outside." And here we are today, some of the biggest, brightest, shiniest booths we have at the trade show, it's coming out of the Cult of the Dead Cow.
JOE: That's right. And it's cool that it's kind of about the roots, returning to the roots. And, I think you have multi-hundred-millionaires hanging with their old-skool hacker friends, because they share a lot about the same values. Knowledge, sharing of knowledge, and helping people. And that's kind of been lost in a lot of the sort of security money chase and the hype and it's all compartmentalized now. So you don't have as many folks that are hardware guys learning from software guys, learning about political science and how the media works.
And Cult of the Dead Cow was this amazing now-35-year-old group where they learned to deal with the media and with Congress and all this stuff to try and advance security. Sometimes that meant founding companies, sometimes it meant working for the government. And they were willing to adapt, and you don't see that as much anymore. The industry's kind of atrophied a bit.
MATT: Now, when you come to Black Hat, to DEFCON with this group, it's got to be like going to ComicCon with The Avengers. And I don't mean the actors, I mean like the actual Avengers, because these are the people that did the thing.
JOE: Yeah. It's really cool to see come up, walking around the halls with these guys, huge fans from like when they were teenagers, you know, when people were teenagers, who now might have big titles at big companies, but they turn into kids again when they see people like Death Veggie. Death Veggie spoke at DEFCON in ‘94 - he's six foot five, and he used to hold people by the ankles and shake the coins out of their pockets. And it was an honor to have that happen to you. So it's really cool to see all the fancy titles fall away, and these are heroes.
MATT: In a way, it feels that security has evolved. If that happened at a big show today, not only it would be an HR violation, but then the guy who lost the change could expense it, and just submit it to the corporate account.
One more Avengers analogy. Bear with me, this will make sense. You, since publishing the book, you've been doing all kinds of interesting stuff. You've done TV before, and working with these people, it almost feels like this is the culmination to the Avengers movie, as you've done some individual things with different folks and then now here we are. Am I accurate on that or am I just starting to Fanboy a little bit because they're all here in the same place?
JOE: No, this is a big culmination of it. So couple of hours, I've got a panel with Mudge, who ran cybersecurity at DARPA for years. Did secret projects at Google. Founder of The Front Man Of The Loft, and founder of Leader Of At Stake. I mean it's the first time I'll actually be on a panel with him. Obviously, we've spoken a lot, but this is exciting. This is like bringing it all together. Like people who haven't seen each other since the book came out, and the book has brought a lot of people together. It's really sweet.
MATT: Well that's the beauty of it. I mean it's all the work they did to change things. You do in the work to kind of bring them back together. And then all of the people who have not met them, weren't aware of them, here we are.
JOE: And we're reaching the young generation. People who barely heard of these guys, or maybe they heard about them because of Beto O'Rourke, and now they're getting the whole story about how it's like Beto O'Rourke is just the beginning. It's about something much deeper.
MATT: I remember when that story broke. "He was a hacker. Oh my God." And a couple of months in, it's like "Wow. He was a hacker. That's awesome."
JOE: So, I don't know if you know, at the ponies last night, the CDC and Psychedelic Warlord, alias Beto O'Rourke, were nominated for a Pony, for epic achievement. Which was pretty cool. They didn't win, but-
MATT: It's just an honor to be nominated.
JOE: We certainly haven't had our presidential candidate nominated for a Pony before.
MATT: Yeah, we're not going to touch that one at all. Shameless plugs. Like I said, you are everywhere. Nearly omnipresent. For those of you who have not stumbled across you somewhere on the Internet, where can they find you? What you up to?
JOE: I'm at @JosephMenn on Twitter. And Cult of the Dead Cow is available wherever fine books are purveyed.
MATT: I love it.
JOE: My day job's at Reuters. You can read me there too.
MATT: Oh, that's right. Oh, and by the way, an incredibly prolific and respected reporter, investigative journalist. Which will we go with that? Reporter? Journalist?
JOE: Doesn't matter.
MATT: Yeah, we just want to be pretentious.
JOE: Reporter is more down to earth. I'm cool with Reporter.
MATT: We also have a great podcast with Joe, where we go a little deeper into it. We don't talk about sandwiches as much, which is kind of a bummer now that I think about it, but you can find that in the rest of our good stuff at threatvector.cylance.com.
MATT: On Twitter, we are @CylanceInc, at @BlackBerry. I am Matt Stephenson. You'll find me @PackMatt73. this might be it. I think this is what we can close Black Hat with, and I don't think anybody would be disappointed. See you next time.