Computer Security Legend Mudge Leaves DARPA for Google Job
Zatko joined DARPA, the research arm of the U.S. Department of Defense in 2010 and was a program manager in its Strategic Technologies Office, where he oversaw research intended to help government agencies fend off cyber attacks.
Here’s the original tweet:
Zatko first came to fame as a member of the Cambridge, Mass.-based hacking group The L0pht, a sort of unofficial think tank for hackers whose members at the time included people who went on to distinguished careers in computer security, like Chris Wysopal, Joe Grand, and Christien Rioux. He was also a member of The Cult of the Dead Cow, another hacker collective known for mixing hacking prowess with an ability to get media attention.
In the mid-1990s he did some of the early fundamental research on a type of computer security vulnerability known as a buffer overflow, and published some of the first papers on the topic. He later was the principal creator of some important security tools, including L0phtcrack . In 1998 he and other members of L0pht testified before the U.S. Senate, a session in which the group famously proclaimed that with its combined expertise, it could “bring down the Internet in about 30 minutes.”
After that, he and other L0pht members were occasionally summoned to Washington whenever senior officials, including President Clinton (he’s the long-haired guy in the picture), wanted to be seen discussing computer security issues.
In 1999, L0pht went legit and joined with the Cambridge-based computer security firm @Stake, which in 2004 became part of Symantec. In 2005 Zatko joined BBN Technologies as a research scientist.
Inside DARPA, an agency known more for its secrecy and occasionally for the cool things it does, Zatko created a Cyber Fast Track Program, through which hackers working outside government with good security ideas could get funding to work on projects that could help secure Defense Department systems.
Zatko didn’t specify what he’ll be doing at Google, and he didn’t immediately answer an email from me asking for a little more detail, though its a pretty sure bet it will involve doing some kind of research on security. I’ll add more if I hear back from him.