This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners unmasked."
Download it now to read this article plus other related content.
Security by the Book
by Herman Mehling
Senior security engineer and researcher
University of Washington's Center for
Information Assurance and Cybersecurity
Stress Reliever: Enjoys photography, mountain biking, rock climbing and ski mountaineering volcanos.
Favorite geek site: www.techbargains.com, to check out toys.
As the first person to identify the source code for distributed denial of service (DDoS) attacks and raise awareness of them, Dave Dittrich has star billing in the world of computer security. And rightly so. Dittrich now works tirelessly to teach others how to fight DDoS intrusions on individual, host and network computers.
He identified and gave name to DDoS in 1999 when he was a Unix support engineer at the University of Washington. He recalls getting reports from outside organizations complaining that university computers were the source of traffic flooding their sites. Dittrich discovered that the Trinoo attack program had infected dozens of UW's Solaris systems and traced the program to European hackers using U.S. computers to target Internet Relay Chat (IRC) servers.
Nowadays, Dittrich is a senior security engineer and researcher for UW's Center for Information Assurance and Cybersecurity and its Information School. He is also a member Seattle's influential Agora security group and the Honeynet Project, a nonprofit organization dedicated to improving the security of the Internet by providing cutting-edge research for free.
Dittrich is published widely, is recognized across the industry and is a much-sought-after speaker. Yet, in spite of his stellar reputation, he remains at heart a low-key guy who loves, as he says, "being an applied researcher." He talks modestly about his many accomplishments, giving the impression that discussing them is monotonous. Rather, he says, his "passion" is solving new security problems. "I need the challenge of solving something new, then I move on to the next one."
Passion is a quality Dittrich's friends and colleagues ascribe to the soft-spoken researcher.
"Dave has a tremendous zeal for protecting the whole Internet infrastructure," says Ivan Orton, Sr., deputy prosecuting attorney in the Fraud Division of King County, Wash. "He is a visionary type who sees things before most of us do. I pride myself on being a fairly technical guy who stays informed, but Dave always tells me stuff that I have never heard about."
Others call him an innovator. "Dave tends to know more about security than anyone else, but the cool thing about him is that he is very self-effacing," says friend Joshua Pennell, president and CEO of IOActive, a Seattle-based computer security services company.
Dittrich is also a fine communicator, says Orton. "He does a great job of conveying his visions to others less technical than him so we can develop practical solutions."
As a researcher, Dittrich is currently studying "active defense" issues under a grant from Cisco Systems and pursuing solutions to the growing sophistication of hackers who create attacks using IRC-DDoS bots.
"What the hackers do is use a small bot, or piece of code, to compromise an unprotected computer, which they can later infect with more sophisticated programs," Dittrich says. He explains that those programs can then transmit traffic in DDoS attacks that jump from IRC to IRC, making it difficult to track which computers are involved.
"I don't want to sound too pessimistic, but these botnets are a huge problem," he says. "They are the work of hackers scanning literally thousands of systems at a time, looking for holes." Bot networks aggregate computers that have been compromised by Trojans, allowing them to be remotely controlled by hackers. In the past year, he says, the proliferation of e-mail-borne viruses and auto-downloading trojans has dramatically increased the number and size of botnets.
"These rogue networks now have economic value," he says. "Compro-mised zombie machines were recently found on the networks of the U.S. Defense Department and Senate."
Does Dittrich have a silver-bullet solution?
"No, but I am focusing on flow analysis of these networks so that I can find patterns to the hackers' behavior. The big challenge is keeping up with the bad guys, who focus on developing very advanced tools."
This was first published in September 2005