http://www.infosecuritymag.com/articles/november01/people_mudge.shtml BY SEAN CORCORAN Information Security Magazine November 2001 It was supposed to be the year Peiter Zatko could finally step out from behind the digital curtain. Invited to a February 2000 photo op with President Bill Clinton in the White House Cabinet Room, he felt that he'd finally be able to reveal himself and receive the public recognition for security work he had done for the government. For more years than he's willing to admit, Zatko has been better known as Mudge, a computer hacker with a rock-star following. He always hated the label, but he looked the part. His hair fell well below his shoulders, and his goatee hung low off his chin. He used his alias, and he kept biographical details like his age and where he lived secret. As one of the founding members of the gray-hat hacker group L0pht Heavy Industries, Mudge, with his colleagues, developed and released defensive tools, including the widely used L0phtCrack password vulnerability software. In recent years, Zatko has morphed his underground celebrity status into a well-respected, oft-sought advisor to defending the digital frontier. He's consulted for everyone from the White House to the Pentagon to the FBI to Fortune 500 companies. But because of his somewhat shadowy background, his counsel has always come under the veil of secrecy--until February. "They said, 'OK, we can show you on this one,'" Zatko recalled of his White House appearance. "I was like, 'Finally, people will realize this is not a hacker thing.'" With Secretary of Defense Sandy Berger and Attorney General Janet Reno sitting between him and the president, Mudge came out last year as one of the government's chief cyberdefenders. But, to his disappointment, the White House press corps still fingered him as a secretive cyberstar. The Reuters news service called him "a long-haired hacker named 'Mudge'" in the second paragraph of its story, and didn't bother to quote him or elaborate on his contributions to government security. "The papers still grabbed it as 'ex-hacker' or 'reformed' hacker," Mudge says. Undaunted by his initial stumble into the public light, Zatko has undergone a complete image change. He cut his hair (donating it to a charitable foundation that makes wigs for children with cancer), adopted a clean-shaven look and traded his t-shirts for business suits. But Zatko insists he doesn't care about image. "I care about doing the right thing, whether it's for a customer or the government. To me, the motto is making a dent in the universe," Zatko says. Zatko doesn't shun his hacker past. Rather, he embraces the term's original meaning: "technophile." In endearing terms, he recalls how inventors and researchers throughout history--people such as Thomas Edison and Steve Jobs--were hackers in the truest sense of the word. He laments that popular culture has warped the meaning of hacker into someone sinister with malicious intentions. "It has become associated with criminal," he says. Throughout his career, Zatko has made his mark by sharing his IT secrets. Now that he has been recognized for his role in America's defense, from his position as chief scientist and VP of research and development at @stake (www.atstake.com), Zatko says he's about to do that again. "This next year is going to be really interesting," Zatko says teasingly. "Out of some of the divisions that I run here, we are going to announce a couple of things that are going to change the landscape." Along with his biographical background, Zatko won't say exactly what @stake has in the works--only that it's big. "We felt it was responsible of us to go and pre-brief most of the military and various intelligence agencies on the capabilities of these tools so they understood what was going to be out on the open market." Some of the new tools have already been put to the test. As the media became fixated with the Code Red worm in August, Zatko got a call about the Leaves worm, which the government was much more interested in. The worm appeared to be amassing an army of zombie systems, synchronizing the infected PCs' internal clocks. The question was, why? Zatko and his colleagues at @stake analyzed some of the worm information through their new tools, revealing everything from its propogation capabilities to its encryption algorithms. The creator wasn't a nation state, they told the government, nor was the worm created in a lab by someone with a college education. "I think (the government) was surprised that they were able to tap us and we were able to come back with that information in such a short amount of time," Zatko says. No matter what security tool he or someone else puts on the market, Zatko says security still must be specifically modeled and personalized to individual environments. "Unfortunately, a lot of places still believe that they buy the tool and they are secure," he says. "But it is really about how you deploy the tool, how you interpret the tool, what did you feed into the tool. In the future, you are going to see people really needing to go and personalize security for their organization." SEAN CORCORAN (seanandfeaat_private), a recent graduate of the Columbia School of Journalism's graduate program, is a freelance writer based in Massachusetts. Since becoming a professional journalist in 1995, he's covered Congress for the political newsletter Inside Congress and has worked as a reporter for several award-winning New England newspapers. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 06:34:17 PST