Last updated: Sun Jan 19 22:28:15 EST 2014

About me

I spend my time trying to understand how bad people harm others over the internet, and finding ways to lessen the damage by the bad guys (on purpose) or the good guys (on accident). I do this as a Principal Software Engineer/Computer Specialist in the Applied Physics Laboratory at the University of Washington and a security consultant. I've given away much of my knowledge and tools, for free, for years because I believe everyone has a responsibility for helping make the internet a safer place, but they need to learn how from those who have figured out how to do it.

I started working at the UW in 1990. My background is in computer programming and UNIX system administration on several platforms. From 1996 until 2003, I was the senior computer security incident response analyst and system/network security consultant for the UW. Since then, I have focused on research and development of tools/techniques dealing with advanced threats.

Many years ago, I also supported World Wide Web services including the initial prototype and subsequent support of UW's original (now retired) Weber web service (and proud father of the Weber Guy). The Weber Guy

I taught the R870: Unix System Administration - A Survival Course Education & Training course for about 10 years, lead the team that developed the first course on Cyberterrorism for UW Educational Outreach and in Autumn 2003 co-taught the initial offering of INFO 498AA special topics course on Computer Security Incident Response.

I was a founding member, and currently serve as Chief Legal and Ethics Officer, of the Honeynet Project, as well as a long-standing member of Seattle's Agora computer security group.


The following bios are usable for conference organizers, etc.

Short form bio 1


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He is also a
member of the Honeynet Project and Seattle's "Agora" comptuer security group.
Dave has also served as a member on one of the University of Washington's
Institutional Review Board (IRB) Committees since 2009.

Dave is perhaps most widely known for his research into Distributed
Denial of Service (DDoS) attack tools and host/network forensics. He
was one of the first to lead workshops on "Active Defense" and to
consider the legal and ethical boundaries of computer network defense.
He has presented talks and courses at dozens of computer security
conferences, workshops, and government/private organizations world
wide, contributed articles and chapters to several magazines and
books, and co-authored the first complete book on DDoS, titled
"Internet Denial of Service: Attack and Defense Mechanisms."
He, along with Erin Kenneally, is a co-author of the Department of
Homeland Security document, "The Menlo Report: Ethical Principles
Guiding Information and Communication Technology Research,"
published in the Federal Register in December, 2011.

His home page can be found at http://staff.washington.edu/dittrich/

Short form bio 2


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington and has served on
one of the UW's Institutional Review Board (IRB) Committees since 2009. His
background is in computer security incident response and dealing with massive
distributed attack tools that take over the computers of millions of
individuals on a regular basis for all kinds of financial crimes, political
protests, or just fighting in online forums by disrupting services for extended
periods of time.  This led him in turn to research the ethical and legal bounds
within which "white hat" researchers can justifiably act to respond to "black
hat" hackers and criminals.


Short form bio 3


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He has been
involved in investigating and countering computer crimes going back to the
late-1990s.  Dave was the first person to describe the technical details of
DDoS attack tools in 1999, was an early researcher into bots and botnets, and
one of the first to study P2P for botnet command and control.  Dave has pushed
the limits, but he tries to do it in a way that is ethically defensible.  He
has written extensively on ethics and the "Active Response Continuum," serves
on one of the UW's Institutional Review Boards evaluating human subjects
research, and he and Erin Kenneally recently co-authored the Department of
Homeland Security document, "The Menlo Report: Ethical Principles Guiding
Information and Communication Technology Research."


Long form bio 1


David Dittrich has been actively involved in security operations for
nearly 20 years. He got his start supporting others whose computers
had been compromised and maintains an applied focus to his research,
striving to teach others what he has learned. Dave was the first
person to publicly describe Distributed Denial of Service (DDoS)
attacks in 1999, precursors to today's botnets, and has a keen
interest in identifying technical, legal, and ethical options to allow
advanced responses to advanced threats. Dave was one of the original
members of the Honeynet Project and has served as an Officer for much
of the group's history (currently as Chief Legal and Ethics Officer).
He coined the term "Active Response Continuum" in 2005 to describe the
socio-technical hurdles that defenders must overcome and to guide
researchers and security operators in bridging the gaps between skill
levels of responders and between private actors and law enforcement,
all the while acting in ways that maintain trust and confidence from
the general public.  Recently, Dave has published several documents
concerning the ethical issues faced by computer security researchers
and others responding to advanced malware threats, and has served as a
member on one of the University of Washington's Institutional Review
Board (IRB) Committees since 2009.  He, along with Erin Kenneally, are
co-authors of the Department of Homeland Security document, "The Menlo
Report: Ethical Principles Guiding Information and Communication
Technology Research," published in the Federal Register in December,
2011.

His home page is http://staff.washington.edu/dittrich/

Long form bio 2


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He has worked at
the University of Washington in several positions since 1990.  He is a member
and Cheif Legal and Ethics Officer for the Honeynet Project, member of
Seattle's "Agora" computer security group, and has served as a member on one of
the University of Washington's Institutional Review Board (IRB) Committees
since 2009.

Dave is perhaps most widely known for his research into Distributed
Denial of Service attack tools, starting with the first public
analyses of DDoS and an invited talk at the November 1999 CERT
Distributed System Intruder Tools Workshop and leading to talks at
SANS, the USENIX Security Symposium, JASON summer workshop, DDoS BoF
sessions at RSA 2000, NANOG, and SANS. Dave recieved one of SANS'
Security Technology Leadership Awards in 2000 for his work in
understanding DDoS tools, and was named by Information Security
Magazine as one of the "Security Seven" for 2005 (representing the
education sector.)

Dave has authored chapters in the first edition of the Honeynet
Project's "Know Your Enemy" and "The Hacker's Challenge", co-authored
two articles with Kenneth Himma -- "Active Response to Computer
Intrusions" and "Hackers, Crackers, and Computer Criminals" -- for the
"Handbook on Information Security" (John Wiley and Sons, 2003) and
co-authored the first complete book on DDoS, titled "Internet Denial
of Service: Attack and Defense Mechanisms" (Mirkovic, Dietrich,
Dittrich, and Ryher, Prentice Hall PTR, December, 2004.)

In the area of Computer Forensics, Dave has taught Unix Forensic
Analysis at the Black Hat Briefings, lead the Honeynet Project's
popular Forensic Challenge in 2001, and both taught in and co-chaired
SANS' first forensic track at SANS FIRE '01, and has guest lectured
and collaborated on labs with faculty at several Universities and
Community Colleges.

Dave is a leading researcher of the Active Response Continuum",
involving the legal, ethical, and technical frameworks for responding
to large-scale computer attacks.  He has presented on the topic at an
I4 meeting; several Agora workshops in 2001 and 2003; a workshop at
George Mason University in 2005; panels at SecureWorld Expo Seattle,
Washington State Bar Association Cybercrime III conference, and
American Bar Association summer meeting in 2004; a keynote address at
the 2003 Society for the Policing of Cyberspace (POLCYB) conference in
Richmond, BC, Canada; and a talk at AusCERT 2005 in Brisbane,
Australia.  Board (IRB) Committees since 2009.  He, along with Erin
Kenneally, are co-authors of the Department of Homeland Security
document, "The Menlo Report: Ethical Principles Guiding Information
and Communication Technology Research," published in the Federal
Register in December,
 
Dave has also spoken at CanSecWest in Vancouver, Canada, OlymFair in
Seoul, South Korea, HAL 2001 in the Netherlands, AusCERT in Brisbane,
Australia, and to groups at the NSA, CIA, DoD, and the FBI Academy.

In his "spare" time, Dave enjoys photography (a side business),
hiking, rock climbing, and ski mountaineering the volcanoes and
Cascade mountain range in the Pacific Northwest.

His massive home page can be found at http://staff.washington.edu/dittrich/

Back to home page