Cover copyright 2019 Hachette Book Group, Inc.
Hachette Book Group supports the right to free expression and the value of copyright. The purpose of copyright is to encourage writers and artists to produce the creative works that enrich our culture.
The scanning, uploading, and distribution of this book without permission is a theft of the authors intellectual property. If you would like permission to use material from the book (other than for review purposes), please contact permissions@hbgusa.com. Thank you for your support of the authors rights.
Published by PublicAffairs, an imprint of Perseus Books, LLC, a subsidiary of Hachette Book Group, Inc. The PublicAffairs name and logo is a trademark of the Hachette Book Group.
The publisher is not responsible for websites (or their content) that are not owned by the publisher.
ISBNs: 978-1-5417-6238-1 (hardcover); 978-1-5417-6237-4 (ebook); 978-1-5417-2442-6(international)
For pulmonologist Dr. Tze-Ming (Benson) Chen, who saved my life after Def Con 2014
T ECHNOLOGY IS DECIDING the fate of the world, and we are everywhere in its chains. Electronic surveillance, cyberwarfare, artificial intelligence, and manipulated social media are on the brink of pushing societies beyond a point of no return. Even those of us who saw this coming did not think it would get this dire this fast, and definitely not in this way.
For the past two decades Ive covered the tech industry as a journalist, and I have been drawn most often to the issues of security and privacy. They immediately cross lines from business to politics and challenge our ideas about safety, freedom, and justice, and it has been fascinating to watch and occasionally participate as governments, companies, and civic-minded people grapple with the fast-changing ramifications. Security is about power. And it has been getting increasingly complex since the moment the internet escaped from its controlled university environment in the 1980s.
As I worked on my first book out of Silicon Valley, about the rise and fall of Napster, I began to grow more concerned about computer security, or the lack of it. Shawn Fanning was one of the first hackers to be admired by the public at large, and he got early help from a more experienced crew, including some people I kept in touch with and who appear in this volume. Though the record industry would beg to differ, most of Fannings group were the good guys, tinkering in order to learn, not to be malicious. But all of the trends they pointed me to were bad.
As the state of security deteriorated and the stakes rose, I devoted my next book to the topic. Fatal System Error showed the scale of the danger, looking especially at how organized crime and some of the worlds most powerful governments were collaborating to leverage inherently flawed technology, the failure of the market for security products, and minimal regulation. At the heart of that book was a true tale of Russian intelligence collaborating with criminal hackers, a scenario that went from shocking at the time of publication in 2010 to widely accepted today.
Since then, many books have tackled the military-internet complex, intelligence gathering, and cyberwarfare, together with WikiLeaks, Edward Snowden, and the 2016 US election. Missing in all of them has been a compelling account of the people dedicated to information security who are out of the spotlight or even in the shadows, fighting to protect our personal data and freedom as well as our national security. In many cases, these people are more colorful than their adversaries. That is especially true of the people whose tale is told in this book: key members of the Cult of the Dead Cow, who have played a role in all of the major issues cited above. While their more overt antics drew attention in the past, until now no one has heard their real story, and some young hackers havent heard of them at all. Yet the Cult of the Dead Cow is a skeleton key for the whole saga of modern security, especially the struggle to sort through what is ethical. cDc stands in here for many others who are doing heroic work well away from public view.
Fatal System Error was a dire warning during a time when many were oblivious. Now, in a time of wider moral crisis in technology, this book is a rare message of hope and inspiration for tackling worse problems before its too late.
Joseph Menn
Cult of the Dead Cow
Kevin Wheeler / Swamp Rat
Bill Brown / Franken Gibe
Psychedelic Warlord
Carrie Campbell / Lady Carolin
Jesse Dryden / Drunkfux
Paul Leonard / Obscure Images
Chris Tucker / Nightstalker
Dan MacMillan / White Knight
Misha Kubecka / Omega
John Lester / Count Zero
Luke Benfey / Deth Vegetable
Sam Anthony / Tweety Fish
Peiter Zatko / Mudge
Laird Brown / Oxblood Ruffin
Josh Buchbinder / Sir Dystic
Christien Rioux / Dildog
Adam ODonnell / Javaman
Jacob Appelbaum / IOerror
Kemal Akman / Mixter
Patrick Kroupa / Lord Digital
cDc Ninja Strike Force
Chris Wysopal / Weld Pond
Window Snyder / Rosie the Riveter
Limor Fried / Lady Ada
Legion of Doom
Chris Goggans
Scott Chasin
Masters of Deception
Elias Ladopoulos / Acid Phreak
Mark Abene / Phiber Optik
@stake
Alex Stamos
Rob Beck
David Litchfield
Katie Moussouris
evening in October 2017, three dozen friends and acquaintances gathered in the San Francisco townhouse of security engineer Adam ODonnell for a political fundraiser. Though a boom in Bay Area real estate put the hillside place in Glen Park out of the reach of most Americans, it was modest by local standards. There werent nearly enough chairs for those who came to the dinner party, and the guests made their own tacos and drank wine from plastic cups as they stood. Adam was no swaggering Silicon Valley executive. The Philadelphia native had bought the property before the latest housing boom, using money from the sale of a security company where he had worked to Cisco Systems. Adam had joined the target company when it bought the start-up he had cofounded in 2009, which had been early to take advantage of what became known as the cloud, protecting computers from viruses more quickly than rivals. Adam now moved nervously through his home, thanking guests for coming and redoing the math in his head in hopes that the $250-per-head minimum would make it worth the candidates plane trip.
At Cisco, Adam was working on a rare joint effort with Apple to help companies protect employee iPhones. It wasnt particularly glamorous. His most exciting work was something he didnt talk about. Under the handle Javaman, Adam was a longtime member of the oldest, best-known, and most important hacking group of all time, the Cult of the Dead Cow. Walking in Adams front door, some old-school hackers saw the cow skull hanging in the foyer and got the reference. If not, Adam didnt explain.