For this group of old friends, assembled for an impromptu reunion, the venue would feel familiar: an online chat room running on a secure private server. Each were former members of the elite hacking group “w00w00” and they had reconvened that afternoon to celebrate and share in the success of one of their own. In some ways it was just like old times.
But rather than success being the discovery of a new software exploit or penetration of a computer network, this was something more extraordinary. One of the group’s former members had just sold their company for $19 billion.
His name is Jan Koum (known to the group simply as “yan”) and his startup is WhatsApp, the messaging app acquired by Facebook. “Is there a minimum net worth to be in here now?” quipped one of the chat room’s participants.
However, what makes this story more remarkable is that Koum isn’t the first former w00w00 member to achieve entrepreneurial success or the fame that often comes with it. Nor is he necessarily the first from the group to have become a billionaire.
Napster co-founder Shawn Fanning (“napster”) is known to have been a member of w00w00, along with a number of other early employees of the pioneering music file-sharing service. Meanwhile, although not universally recognised by the group, Sean Parker (“dob”), Napster’s other co-founder and the ex-president of Facebook, is said to have been present at the beginning of w00w00’s formation.
Everyone talks about the PayPal mafia, but nobody talks about the w00w00 mafia.
Many other former members of this elite hacking crew have become leaders in the Internet security and related industries, founding or working in senior roles at companies such as Cloudmark, Duo Security, Hotmail, Google, Yammer, Veracode, CloudVolumes, Symantec, SecurityFocus, Immunet, and Sourcefire.
“Everyone talks about the PayPal mafia, but nobody talks about the w00w00 mafia,” says a person familiar with the group, comparing the impact its participants have made on the tech industry to the much-publicised successes of ex-PayPal employees and founders.
Formed sometime around 1996 and still active until the early 2000s, not a huge amount is known publicly about w00w00 or its precise activities. Its online footprint consists almost entirely of the security tools and advisories issued by various participants of the group and media coverage garnered through the discovery of such software exploits.
The official website — or what remains of it — vaguely describes w00w00 as “the largest nonprofit security team in the world,” which at one point included 30+ active participants and spanned 12 countries on five continents.
“w00w00 is, at its core, a social collective of people who are, or were at one time, interested in computer security,” founding w00w00 member Jonathan Bowie (“jobe”) tells TechCrunch. “It was also created out of the acknowledgement of a bunch of teenage whiz-kids that we needed a platform for social networking with people we’d consider our peers.”
w00w00 is, at its core, a social collective of people who are, or were at one time, interested in computer security.
At the age of 17, taking inspiration from stories he had read about Xerox PARC, Bowie started the “#!dweebs” channel on EFNet and invited other like-minded hackers to join. But eight to nine months into the chat room’s existence, some of its participants decided a change of name was required. Jokingly, Matt Conover (“shok”), currently founder and CTO of CloudVolumes, suggested they call the channel “w00w00” and the name stuck.
Although they mainly congregated online, Bowie says w00w00 members would sometimes meet in-person at local “2600″ events or at major security conferences. “There were also pockets of the group that were working for the same companies,” he says.
Contrary to our use of the term “members” to describe those who have gained entry into the group, the w00w00 website explicitly states “there are no ‘members,'” only participants, since to a certain extent membership remained informal. Framing it that way also likely protected the autonomy of its participants, many of whom already worked for major security companies.
“I believe at one point in the late 90s/early 2000s we had representative membership with ties to every major security consulting firm, hacker think tank, and security team on Wall Street,” says Bowie.
Another aspect of w00w00’s implicit mission was to be more open than other hacker groups and the “somewhat closed-off world of black hat research.” New members of the group were vetted simply by requiring that they be invited to the channel by an existing w00w00 member and that they could demonstrate a level of technical curiosity and expertise.
“You just had to be invited… w00w00 was a really friendly and open group and a lot of the people in w00w00 were also part of other groups,” former member Anthony Zboralski (“gaius”) tells TechCrunch. The other hacker groups active at the time included “HERT,” “TESO,” and “ADM.”
That didn’t stop people attempting to join w00w00 without an invitation. In one story I came across, a hacker from Denmark tried to gain entry to the group’s private chat room by exploiting a weakness in the original IRC protocol. In retaliation, a member of w00w00 attacked the intruder’s box and retrieved his home phone number. They then called him up and asked him to explain in 20 words or less why he wanted to join w00w00.
His answer: “I want to change the world.”
An Exchange Of Ideas
In an interview with BME Online’s “HYPE,” published sometime in 2000, a w00w00 representative likens the group’s activities to a security conference, but one that runs 365 days of the year and takes place online. “Acceptance into the group is based on technical knowledge and not reputation,” explains the representative.
“We would spend hours exchanging ideas and crazy thoughts about everything, mostly computer hacking and security stuff but also business, life…” says Zboralski.
The base ideology for the group was encouraging positive collaborative research in ways that not only benefited the community, but also could act as a launching pad for the success of the individual members.
In one chat log seen by TechCrunch, the young hackers discuss the age-old topic of matters of the heart and getting laid. “I have in quotes ‘love != productive,'” says one participant. “Lack of sex makes it hard to work,” counters another.
“We liked to tinker with things,” says Bowie. “We liked to create, manipulate and, most importantly, discover technology. We researched everything from discovering and exploiting software vulnerabilities, security tools ranging from password analysis to packet generation to exploit platforms.
“The base ideology for the group was encouraging positive collaborative research in ways that not only benefited the community, but also could act as a launching pad for the success of the individual members,” he says.
That dichotomy of collaboration and individualism caused some tensions within the group, as it found itself caught up in the “antisec” debate relating to how much information to disclose after discovering a vulnerability.
But it also created an environment that would set the seeds for members of w00w00 to pursue their own entrepreneurial endeavours, individually and in collaboration.
The Writing Is On The Wall
An early example was the creation of Napster in the late 90s when Shawn Fanning recruited a number of other w00w00 members to help develop the music file-sharing service. They included system architect Jordan Ritter (“nocarrier’), who played a key role in helping Napster scale and is sometimes credited as a co-founder, and server admin Evan Brewer (“dmess0r’). Ritter has since co-founded multiple companies including Cloudmark and Servio.
Members of w00w00 were also some of the first users of Napster after initially reverse-engineering various aspects of the service in protest of Fanning’s refusal to allow them to inspect the source code. “This is, in our opinion, the greatest tool for finding MP3s in the world,” a cached version of the w00w00 website reads.
“It’s safe to say without w00w00, the world would’ve never gotten Napster,” says Bowie.
We were young, smart, ambitious and crazy; we could do things that few people thought were possible.
Other notable w00w00 alumni include Dug Song (co-founder of Duo Security and co-founder of Arbor Networks), Michael A. Davis (CTO of CounterTack), David McKay (early employee at Google and AdMob), Josha Bronson (Director of Security at Yammer), Joshua J. Drake (Accuvant Labs), Andrew Reiter (Researcher at Veracode), Simon Roses Femerling (ex-Microsoft Research), Gordon Fyodor Lyon (creator of Nmap Security Scanner), Adam O’Donnell (co-founder of Immunet), Mark Dowd (co-founder Azimuth Security) and Tim Yardley (researcher in critical infrastructure security), to name but a few.
Talking to a number of former w00w00 members, what’s striking is that none seem particularly surprised at the success that they and other members of the group have seen, including Jan Koum’s multi-billion-dollar home-run with WhatsApp — even if one member confessed to not knowing that “yan” was the Jan until news of the acquisition broke.
“The only surprise is that we didn’t all end up in jail,” joked one w00w00 participant.
“We felt the world was ours to take,” says Zboralski, who is currently founder and CEO of Belua. “We were young, smart, ambitious and crazy; we could do things that few people thought were possible. A lot of us had a ferocious sense of entitlement.”
Adds Bowie: “We all thought great things would happen; we all saw the writing on the wall.”
Illustration by Bryce Durbin