Hacktivism

cDc: an anecdote from the history of disinformation

Walter Scheirer

Contemporary concerns about disinformation largely center on social media, but there has always been a much larger playing field when it comes to online fiction. Ever the predictors of unconventional uses of technology, computer hackers began asking questions about the veracity of digital information at the dawn of the dotcom era: What forms of communication can be manipulated through the Internet? Who can control the narrative? And what might the objective of an online disinformation campaign be? Answers to these questions would swiftly surface and, retrospectively, have something to teach us about today’s threats to the truth.

Released in 1999, the short documentary “Disinformation” by filmmaker Joshua Backer captures the mood of the computer underground as it faces a globe newly interconnected via an information network of unparalleled scope. The video chronicles the emerging (and prescient) perspectives on a media transformed by interconnectedness from a hacker collective that specialized in the media itself. The Cult of the Dead Cow (abbreviated cDc), speaking through its members who were residents of the early hackerspace New Hack City, showcases new offensive hacking capabilities while musing on how they might be deployed in the near future. With a stated goal of “global domination through media saturation” the group at this time sought to synthesize its long-standing creative textfile writing operation and its more recent software development effort in what would later be termed hacktivism. But where, exactly, was it all going?

Interviewed at a Chinese restaurant, Tweety Fish provides his perspective on the vulnerability of the mainstream news media. A recent high-profile website defacement had targeted the New York Times, then, as now, one of the web’s most prominent and trusted news sites. That defacement had been committed by a group calling itself H4CK1NG F0R G1RL13Z, whose members have never been identified, and served to highlight and protest the imprisonment of hacker Kevin Mitnick. Tweety Fish, not impressed by the overtly visible defacement but still intrigued by certain elements of the incident, points to an insidious possibility: “I think more subtle ways of doing it are better, like the New York Times hack, if they’d fucked with an article.”

Remarkably, something like this actually took place two decades later. In 2020, WIRED reported that content management systems belonging to news services in the Baltic states had been compromised. Stories were then planted that were intended to discredit NATO and provide a pro-Russian perspective to a politically volatile region. Even as the computer security firm FireEye investigated this series of incidents, they could not ascertain the provenance of the attacks. None of the identified fake stories had any apparent impact on the public, and all were swiftly removed, but the fact that it happened highlights the risk raised by Tweety Fish.

Back at New Hack City, FreqOut picks up on this same idea. Skeptics, he notes, would allege that if a database of new stories were altered, “whatever showed up, like, would obviously be absurd, and like, anyone would notice.” But there is a certain type of content that could be successfully targeted. He notes that the timing of the Times defacement coincided with the release of the Starr report, which included salacious details related to President Bill Clinton’s conduct during his time in office. FreqOut goes on: “Like, they could have changed the Starr report, and would it have seemed absurd?” There is a certain absurdity to the truth when celebrity culture is blended with politics. This effect was accelerated in the 1990s, when public figures like Clinton acted like celebrities, leveraging the news media to stay in the conversation through sensational behavior, while setting a template for others to emulate. We see this with many politicians today who thrive on exaggerated behavior. If somebody changed some of the conspiratorial elements of a speech delivered by President Donald Trump, would anyone notice?

The film also serves as a promotional vehicle for then newly-released remote administration software “Back Orifice,” including a walkthrough of its capabilities. Back Orifice would become infamous as a trojan horse program and gain the cDc a tremendous amount of press. But why does it appear in a film about disinformation? One particularly interesting feature of the software was that an operator could use it to send false dialogue boxes to other computers, directly targeting users. Tweety Fish issues a call to arms to other hackers, imploring them to make good use of this form of information control to force the world’s power centers to react: “What we really want is for people with skills to actually start going out there and doing stuff, like finding out shit.” The cDc achieved success in this regard, as Back Orifice, among other pieces of hacker software of that era, demonstrated fundamental weaknesses in Microsoft’s ubiquitous products that put their users at risk, and forced the company to react in a way that benefited the public.

These same strategies are available to anyone today–for good and bad purposes. But with the Internet now serving as the primary source of information for everyone on the planet, the stakes are much higher than they were in the 1990s.

Walter J. Scheirer is the Dennis O. Doughty Collegiate Professor of Engineering at the University of Notre Dame and author of A History of Fake Things on the Internet (Stanford University Press, 2023).

Joshua Backer. “Disinformation.” 1999. YouTube Video, 11:47. Posted June 2006. https://www.youtube.com/watch?v=Vvlr8nVVmlU

Back to Hacktivism

Decoding the Cultures of Hacking