Cult of the Dead Cow
Cybersecurity Canon Candidate Book Review: "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World,” by Joseph Menn (Published June 4, 2019)
Book Reviewed by: Rick Howard, October 2019
Bottom Line: I recommend this book for the Cybersecurity Hall of Fame.
I first became aware of Joe Menn after he published his 2010 book about the early days of cybercrime, “Fatal System Error.” The Cybersecurity Canon Committee nominated it as a Hall of Fame candidate in 2014. Menn has been a journalist covering cybersecurity since the Internet was young, and for the past eight years, he’s been working for Thomson Reuters. For this book, he chose to explore one of the more infamous hacktivists groups from early internet hacker culture: The Cult of the Dead Cow, aka cDc.
At first glance, the book "Cult of the Dead Cow" is a remembrance of a fascinating time in cybersecurity history, the early 1980s to mid-2000s, when the world transitioned from dial-up modems to the beginnings of what the internet is today, when the term “hacker” identified clever people who were interested in how the world works, and when Gen Xers were old enough to understand what their baby boomer parents did in the 1960s and were eager to see what they could do in the exponentially expanding digital age. If that was all the book was, it would be a worthwhile read. But Menn has something bigger in mind.
Menn points to what he sees as a missing element in “Big Tech” thinking, as companies like Google and Facebook have grown to dominate the world’s culture. He believes that the leadership in these companies don’t consider even basic ethics when they make decisions to drive the growth of their companies. He hopes that by describing the maturity journey of the cDc, from internet pranksters to seasoned and respected “graybeards,” that millennials – born between 1981 and 1996 – who are now in charge of “Big Tech” might use that journey as a blueprint to guide them in the future.
The cDc is probably most well known for orchestrating two big hacker moments: the development and marketing of a powerful hacking tool called Back Orifice and running probably the first “hacktivist” campaign centered around a fictitious Chinese hacker group called the Hong Kong Blondes. In fact, cDc member Misha Kubecka (aka Omega) invented the term “hacktivism.” But the book also covers many of the not-so-well known activities of the cDC membership. Many of these stories show how the cDc was trying to bring good into the world, but Menn doesn’t shy away from the cDc’s dark side either. There are lessons to be learned from both sides.
Menn writes that “the more powerful machines become, the sharper human ethics have to be. If the combination of mindless, profit-seeking algorithms, dedicated geopolitical adversaries, and corrupt US opportunists over the past few years have taught us anything, it is that serious applied thinking is a form of critical infrastructure. The best hackers are masters of applied thinking, and we cannot afford to ignore them. Likewise, they should not ignore us. We need more good in the world. If it can’t be lawful, then let it be chaotic.”
The last sentence in the quote above refers to the role playing game called Dungeons and Dragons and a character alignment system that shows where any particular game character sits on a two-dimensional scale of morality. The Y-Axis moves from Good to Neutral to Evil. The X-Axis moves from Lawful to Neutral to Chaotic. The alignment of any one character falls within the spectrum of that two-dimensional grid. For example, Captain America is the perfect example of Lawful Good while the Joker is the perfect example of Chaotic Evil. In the book, Menn weaves stories about cDc members that fill the entire space of character alignment. He chronicles actions that dance back and forth between lawful and chaotic, but remain, for the most part, moral. However, he does not avoid writing about the evil parts.
In other words, to make positive change in this digital world, endeavor to stay lawful but consider that sometimes you have to move to the chaotic side. It is an interesting idea and something that the leaders in “Big Tech” should at least consider.
We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!