[Infowarrior] - Mudge goes to DARPA

Wed Feb 10 12:16:28 UTC 2010

Hacker 'Mudge' gets DARPA job
by Elinor Mills
http://news.cnet.com/8301-27080_3-10450552-245.html?tag=newsLeadStoriesArea.1
Peiter Zatko--a respected hacker known as "Mudge"--has been tapped to  
be a program manager at DARPA, where he will be in charge of funding  
research designed to help give the U.S. government tools needed to  
protect against cyberattacks, CNET has learned.

Zatko will become a program manager in mid-March within the Strategic  
Technologies Office at DARPA (Defense Advanced Research Projects  
Agency), which is the research and development office for the  
Department of Defense. His focus will be cybersecurity, he said in an  
interview with CNET on Tuesday.

One of his main goals will be to fund researchers at hacker spaces,  
start-ups, and boutiques who are most likely to develop technologies  
that can leapfrog what comes out of large corporations. "I want  
revolutionary changes. I don't want evolutionary ones," he said.

He's also hoping that giving a big push to research and development  
will do more to advance the progress of cybersecurity than public  
policy decisions have been able to do over the past few decades.

"Not much has changed" with regard to strengthening the U.S.  
cybersecurity position, he said. "As a society, we have a larger  
dependence on being wired in, yet the government only focuses on  
particular areas."

The connectedness of commercial, government, and military networks  
makes the situation even more dire, he said. "I'm going to argue that  
they're all pretty much intertwined now and we've seen how vulnerable  
some of those sectors are now. That's unacceptable," Zatko said. "I  
aim to fix that."

The current state of technology isn't working adequately, for the  
government or commercial companies, he said. For instance, the current  
defense mechanisms need to change so they can block attacks, instead  
of responding to them, he added.

"I don't want people to be putting out virus signatures after a virus  
has come out," he said. "I want an active defense. I want to be at the  
sharp pointy end of the stick."

Zatko cut his security chops as a teen-age hacker in the 1980s and  
managed to stay one step ahead of the law. He ran the L0pht hacker  
space during the 1990s, where he invented anti-sniffing technology  
that became the first remote promiscuous system detector used by the  
Defense Department. He also pioneered work on buffer overflows, which  
are a basis for many computer network attacks.

"L0pht turned the industry on its head," he said. "You didn't have  
security response teams at major organizations like Microsoft or Intel  
until we came along."

He started the corporate information security group at BBN  
Technologies in the 1990s, was chief executive at L0pht Heavy  
Industries when the hacker space decided to incorporate, and founded  
security consultancy @Stake, which was later acquired by Symantec.  
Since 2004, he's been back at BBN, working as division scientist and  
technical director for the company's National Intelligence Research  
and Applications department.

Zatko has also done his fair share of work for the government. He was  
appointed to the Information Assurance sub-committee out of the  
Executive Office of the President, named as a subcommittee member to  
the Partnership for Critical Infrastructure Protection and testified  
several times before Congressional committees. The main hacker  
character in the book Breakpoint by former U.S. cybersecurity guru  
Richard Clarke is believed to be based on him.

"I don't want people to be putting out virus signatures after a virus  
has come out. I want an active defense. I want to be at the sharp  
pointy end of the stick."
--Peiter "Mudge" Zatko, newly hired program manager at DARPA
He's not the first self-described hacker to embrace public service.  
Jeff Moss, founder of the Black Hat and Defcon conferences, joined the  
Homeland Security Advisory Council last summer.
One of the reasons Zatko decided to take the job is that the new DARPA  
director, Regina Dugan, is entrepreneurial and is looking to engage  
more with academics, following years of DARPA being closed to  
nongovernmental researchers for national security reasons, he said.  
"Now they are running more programs out of DARPA that are not  
classified beyond what they need to be, so it will enable more people  
to have visibility into them," he added.

Another lure of the job was the budget he will have. Zatko said he  
doesn't know exactly how much of the $3.5 billion a year DARPA spends  
to fund research he will oversee but said it's likely to be a "good  
chunk."

 From his many years doing penetration testing and working to break  
security systems, he understands what it takes to try to defend  
networks and how to come up with innovative solutions to break through  
barriers and get around obstructions.

"I've got a track record of doing novel things on both the offense and  
defense side," he said. "In the commercial world I wasn't able to take  
those to fruition because often the market drivers and the money  
drivers were at odds. You don't want to put yourself out of business.  
But now, I want to put myself out of business."

  Elinor Mills covers Internet security and privacy. She joined CNET  
News in 2005 after working as a foreign correspondent for Reuters in  
Portugal and writing for The Industry Standard, the IDG News Service,  
and the Associated Press. E-mail Elinor. 