Peiter Zatko

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Peiter Zatko during his tenure at DARPA

Peiter C. Zatko, better known as Mudge, was a member of the high profile hacker think tank the L0pht[1] as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow. In 2010 Mudge accepted a position as a program manager at DARPA where he oversaw cyber security research.[2] Mudge now works for Google in their Advanced Technology & Projects division.[3]


Born in December 1970, Mudge graduated from the Berklee College of Music and is an adept guitar player.[2]

Mudge was responsible for early research into a type of security vulnerability known as the buffer overflow. In 1995 he published "How to Write Buffer Overflows", one of the first papers on the topic.[4] He published several security advisories on vulnerabilities in Unix and was a leader in the full disclosure movement. He was the initial author of security tools L0phtCrack, AntiSniff, and l0phtwatch.

Mudge was one of the first people from the hacker community to reach out and build relationships with government and industry. In demand as a public speaker, he spoke at hacker conferences such as Defcon[5] and academic conferences such as USENIX.[6] Mudge has also been a member of Cult of the Dead Cow since 1996.[7]

He was one of the seven L0pht members who testified before a Senate committee in 1998 about the serious vulnerabilities of the Internet at that time.[8] When L0pht was acquired by @stake in 1999, he became the vice president of research and development and later chief scientist.[9]

In 2000, after the first crippling Internet distributed denial of service attacks, he was invited to meet with President Bill Clinton at a security summit alongside cabinet members and industry executives.[10]

After leaving @stake in 2002[11] he disappeared from the information security scene before resurfacing as a technical advisor to "insider threat" company Intrusic.[12]

In 2004 he became a division scientist at government contractor BBN Technologies,[13] where he originally worked in the 1990s, and also joined the technical advisory board of NFR Security.[14]

In 2006 he was one of the subjects of an article entitled Hoaxers, Hackers, and Policymakers: How Junk Science Persuaded the FBI to Divert Terrorism Funding to Fight Hackers, published in the March/April 2006 edition of Skeptical Inquirer magazine.

On 11 August 2007 he married Sarah Lieberman, a co-worker at BBN.[citation needed]

In February 2010, it was announced that he would be project manager of a DARPA project focused on directing research in cyber security.[15]

At DARPA he helped to create the Cyber Analytical Framework which drives the agency's investments in cyber defense, and he runs at least three DoD programs known as Military Networking Protocol (MNP), Cyber-Insider Threat (CINDER), and Cyber Fast Track (CFT).

Military Networking Protocol (MNP) - Provides network prioritization with full user-level attribution for military computer networks.[16]

Cyber-Insider Threat (CINDER) - Focuses on identifying cyber espionage conducted by virtual insider threats such as future variants of Stuxnet or Duqu. CINDER is often mistakenly associated with Wikileaks in the media.[17][18] This is possibly due to the confusion between DARPA programs focused on identifying human insider threat such as ADAMS [19] and the identification of future software espionage posed by malware in the CINDER program.[20] This issue was clarified by Mudge in his Defcon 2011 keynote at 46 minutes and 11 seconds into the talk.[21]

Cyber Fast Track (CFT) - Provide resources and funding to security research, including programs run by hackers, hackerspaces, and makerlabs. The program provides an alternative to traditional government contracting vehicles that is accessible to individuals and small companies that previously would be unable to work within the cumbersome and complicated DARPA process. It has a turn around time of within 14 days from receipt of proposal to contract.[22] The program was initially announced at Shmoocon during his 2011 keynote. In December 2011, he was named as one of the top 5 influential IT security thinkers of the year by SC Magazine.[23]

On 12 April 2013 Zatko announced that he would leave DARPA for a position at Google. [24]


External links[edit]