Hackers: Under the hood

Hackers: Under the hood

Summary: special report Adrenalin pumping through their veins as lines of code are crunched to perfection. Well, that's how it is in the movies anyway.

TOPICS: Security
Fifth profile: Peiter Mudge Zatko

Name: Peiter Mudge Zatko
Handle(s): Mudge, PeiterZ
Marital status: Single
Current residence: New England, USA
Job: Chief Scientist, Intrusic
First computer: Tektronix 4051
Best known for: Creating L0phtCrack
Area(s) of expertise: "Thinking outside of the box"

It's hard to tell if Peiter Mudge Zatko was born eccentric or whether he's just a stickler for privacy.

Take the response to ZDNet Australia's  request for his age as an example: "[I'm] not trying to be coy, but my age, race, religion, etcetera, are always items I try not to divulge. The rationale is probably quite different than what most people infer. It is as follows: without irrelevant information such as skin colour and the aforementioned items, people are stripped of data that normally would encourage functional fixation."

It seems Zatko's brain has been over-clocking from a very young age.

"When I was growing up, around the age of five or so, I couldn't wrap my head around 'life'.

"The notion of death being an accepted unknown without any further details drove me bonkers," he told ZDNet Australia.

Some may argue that existentialist dilemmas such as these belong to adults, or at the very least in the adolescent domain. But Zatko was introduced to a myriad of advanced concepts at an extremely tender age.

"In my crib, as an infant, my father sanded down the edges of early 60s-type computer components ... like the face plates of systems with glowing [amber] numeric 'vacuum tube style' readouts," he recalled.

The way Zatko speaks of him suggests that his father was his mentor in life.

"I asked my father what he believed in -- what his religious beliefs were. He refused to tell me. Instead, he started taking me to churches of different denominations each Sunday and would ask me what my interpretations were.

Zatko with Bill Clinton "Several years later I came up with my own 'codified' religious beliefs," Zatko said.

And he's fanatical about getting the job done. "Anything that I do, I must engross myself in totally," he said.

To Zatko, there's no distinction between work and personal life, and readily admits that his life knows no balance. "There's also no difference between business and personal relationships. When I decided to get into Golden Gloves Boxing and Muay Thai [boxing] it was to master them. When I deal with computers it is to entirely comprehend the socio-psychological interactions and weaknesses they introduce," he revealed.

His parents, while educated, came from fairly blue-collar backgrounds. He said his mother "experienced the depression" while his father grew up working on a farm. As a child, Zatko was given musical training, and was taught science and mathematics while maintaining a "respect for manual labour and living off the land".

He still holds dear to his heart the values his parents instilled in him while growing up. "I was intentionally given freedom and a feeling of independence at a young age. In looking back the rationale was obvious: learn decision making and life choices while you are still able to be protected paternally," he explained. "I watched people self destruct at the tail-end of high school and in college -- where it was obvious that that was their first taste of freedom."

In 2000, Zatko was invited to participate in a security summit chaired by former US President Bill Clinton. "I was afforded the rare opportunity to hang out with him afterwards and engage in some private conversations," he said. "I have tons of stories but they're too long."

Pieter Mudge Zatko As one of the founding members of grey hat outfit L0pht Heavy Industries -- which later became the foundation for security firm @Stake -- he was responsible for the creation of L0phtCrack, a product still sold by @Stake.

L0pht Crack is a simple product and a remarkably affective password cracker for Windows-based systems. Zatko insists he wrote it to prove a point and not for commercial reasons.

"When I first created and wrote it, one of the goals was to show that the Microsoft systems being deployed could not embody 'secure' encrypted passwords ... not that there were some passwords that were stronger than others.

"This didn't mean that people should not use Microsoft technology but rather they should understand where their security perimeters needed to be in order to take advantage of the [Microsoft] platform without exposing undue risk to infrastructures," he said.

"Is something like L0phtCrack still useful? Yes. Is this an example of people misinterpreting what a tool is showing them and potentially having a false sense of security because of it? Unfortunately, the answer is again yes," he added.

Zatko believes that example -- the misuse of a tool like L0phtCrack -- applies to many security products. He has some advice to help improve the situation, though: "Share, be open, communicate, ask questions to all, share the answers that help you with [everyone], do not think in black and white, do not hurt others or yourself. Improve the world, not your own self image -- the former is possible, and the latter is not accomplished without being a part of the former." -- Patrick Gray

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I think it would be wise to research a claim like, "Alder was the first woman to deliver a technical presentation at the famed DefCon hacker conference in Las Vegas." Many women presenters come to mind long before defcon9; susan thunder, gail thackery, netta gilboa, the presenter from gray areas (whose speech got stolen at 4 while she was giving it), jennifer grannick, hell even carolyn mienel.

    This is either a false claim by raven or (more likely) bad journalism on zd net's part. A very simple search of http://defcon.org/html/links/past-defcons.html would have cleared this issue up easily. This is one of the problems with internet journalism, statements are made wildly and taken as fact by the masses.
  • What bothers me with articles such as these is the implication that only so-called blackhats really understand computer-related security issues. It smacks of cheap sensationalism, and b-grade "hacker" movie scripts. The vast majority of skilled and competent security researchers never crack any system that doesn't belong to them, and they are generally far more knowledgable and experienced than a bunch of overgrown skript-kiddies. And they don't believe that it's necessary to wear black clothing at all times to be taken seriously.
  • Kudos to Raven for pointing out what some of us have known all along....too often a security solution is just window dressing, something to make the CEO/CIO comfortable. Many time I have seen companies purchase appliances and comprehensive suites only to install them out of the box with no configuration or on-going support, thinking themselves protected. Wrong!

    If you aare going to do security, do it correctly.
  • In response to the poster who started "What bothers me with articles such as these is the implication that only so-called blackhats..."-- exactly WHERE do you get the idea that the subject of the article, Raven Alder, is a blackhat?????

    It seems to me that she is a very accomplished security professional. Sorry that you don't like the attire she was photographed in, but I think it's a pretty far stretch to interpret the color of clothing in ONE photo to equal Ms. Alder believe it is "necessary to wear black clothing at all times to be taken seriously".

    I find your response to be sad, and I'm probably closer to your idea of a "security researcher". I'm employeed by a reputable firm, work in a computer lab, and rarely were black clothing. Ooops, I'm a male and have long hair-- does that risk me out of being a reputable security researcher?
  • It's great to see some 'human interest' in the computer world for once! I thoroughly enjoyed this and took it for what I feel it's worth - humanising computers.
  • I challenge Mudge at DefCon to a No Holds Barred no-gi 3 round (2 minutes each) demo.

  • Some very few hackers may be useful however the vast majority are at best unthinking children and at worst major criminals.
    Its not beyond the realms of possibility for some vital computer system to be taken down by hacking,so maybe one day its a bank who cares you say.
    Well next it could be air traffic control or a hospital computer system.
    I look forwards to the list of claim to fame reading Famous for getting 20 years in jail.
    Maybe I'm just getting radical in my views but causing untold misery is not fun.
    Mind you I have a special fate for Virus creators which make my views on Hackers almost paternal.
  • It wouldn't be nice or fair by any means something bad befalls "Adrian Lamo" because he wasn't a bad guy after all. We all know that he was a white collared hacker and not the black or the evil kind.

    I don't really have much time, I would have been more willing to say exactly all what I feel for thie great guy.
  • It wouldn't be nice or fair by any means something bad befalls "Adrian Lamo" because he wasn't a bad guy after all. We all know that he was a white collared hacker and not the black or the evil kind.

    I don't really have much time, I would have been more willing to say exactly all what I feel for thie great guy.