Last updated: Sun Jan 19 22:28:15 EST 2014

About me

I spend my time trying to understand how bad people harm others over the internet, and finding ways to lessen the damage by the bad guys (on purpose) or the good guys (on accident). I do this as a Principal Software Engineer/Computer Specialist in the Applied Physics Laboratory at the University of Washington and a security consultant. I've given away much of my knowledge and tools, for free, for years because I believe everyone has a responsibility for helping make the internet a safer place, but they need to learn how from those who have figured out how to do it.

I started working at the UW in 1990. My background is in computer programming and UNIX system administration on several platforms. From 1996 until 2003, I was the senior computer security incident response analyst and system/network security consultant for the UW. Since then, I have focused on research and development of tools/techniques dealing with advanced threats.

Many years ago, I also supported World Wide Web services including the initial prototype and subsequent support of UW's original (now retired) Weber web service (and proud father of the Weber Guy). The Weber Guy

I taught the R870: Unix System Administration - A Survival Course Education & Training course for about 10 years, lead the team that developed the first course on Cyberterrorism for UW Educational Outreach and in Autumn 2003 co-taught the initial offering of INFO 498AA special topics course on Computer Security Incident Response.

I was a founding member, and currently serve as Chief Legal and Ethics Officer, of the Honeynet Project, as well as a long-standing member of Seattle's Agora computer security group.


The following bios are usable for conference organizers, etc.

Short form bio 1


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He is also a
member of the Honeynet Project and Seattle's "Agora" comptuer security group.
Dave has also served as a member on one of the University of Washington's
Institutional Review Board (IRB) Committees since 2009.

Dave is perhaps most widely known for his research into Distributed
Denial of Service (DDoS) attack tools and host/network forensics. He
was one of the first to lead workshops on "Active Defense" and to
consider the legal and ethical boundaries of computer network defense.
He has presented talks and courses at dozens of computer security
conferences, workshops, and government/private organizations world
wide, contributed articles and chapters to several magazines and
books, and co-authored the first complete book on DDoS, titled
"Internet Denial of Service: Attack and Defense Mechanisms."
He, along with Erin Kenneally, is a co-author of the Department of
Homeland Security document, "The Menlo Report: Ethical Principles
Guiding Information and Communication Technology Research,"
published in the Federal Register in December, 2011.

His home page can be found at http://staff.washington.edu/dittrich/

Short form bio 2


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington and has served on
one of the UW's Institutional Review Board (IRB) Committees since 2009. His
background is in computer security incident response and dealing with massive
distributed attack tools that take over the computers of millions of
individuals on a regular basis for all kinds of financial crimes, political
protests, or just fighting in online forums by disrupting services for extended
periods of time.  This led him in turn to research the ethical and legal bounds
within which "white hat" researchers can justifiably act to respond to "black
hat" hackers and criminals.


Short form bio 3


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He has been
involved in investigating and countering computer crimes going back to the
late-1990s.  Dave was the first person to describe the technical details of
DDoS attack tools in 1999, was an early researcher into bots and botnets, and
one of the first to study P2P for botnet command and control.  Dave has pushed
the limits, but he tries to do it in a way that is ethically defensible.  He
has written extensively on ethics and the "Active Response Continuum," serves
on one of the UW's Institutional Review Boards evaluating human subjects
research, and he and Erin Kenneally recently co-authored the Department of
Homeland Security document, "The Menlo Report: Ethical Principles Guiding
Information and Communication Technology Research."


Long form bio 1


David Dittrich has been actively involved in security operations for
over 20 years. He got his start supporting others whose computers
had been compromised and maintains an applied focus to his research,
striving to teach others what he has learned. Dave was the first
person to publicly describe Distributed Denial of Service (DDoS)
attacks in 1999, precursors to today's botnets, and has a keen
interest in identifying technical, legal, and ethical options to allow
advanced responses to advanced threats. Dave was one of the original
members of the Honeynet Project and has served as an Officer for much
of the group's history (currently as Chief Legal and Ethics Officer).
He coined the term "Active Response Continuum" in 2005 to describe the
socio-technical hurdles that defenders must overcome and to guide
researchers and security operators in bridging the gaps between skill
levels of responders and between private actors and law enforcement,
all the while acting in ways that maintain trust and confidence from
the general public.  Recently, Dave has published several documents
concerning the ethical issues faced by computer security researchers
and others responding to advanced malware threats, and has served as a
member on one of the University of Washington's Institutional Review
Board (IRB) Committees since 2009.  He, along with Erin Kenneally,
co-authored the Department of Homeland Security document, "The Menlo
Report: Ethical Principles Guiding Information and Communication
Technology Research," published in the Federal Register in December,
2011.

His home page is http://staff.washington.edu/dittrich/

Long form bio 2


Dave Dittrich is a Principal Software Engineer/Computer Specialist in the
Applied Physics Laboratory at the University of Washington.  He has worked at
the University of Washington in several positions since 1990.  He is a member
and Cheif Legal and Ethics Officer for the Honeynet Project, member of
Seattle's "Agora" computer security group, and has served as a member on one of
the University of Washington's Institutional Review Board (IRB) Committees
since 2009.

Dave is perhaps most widely known for his research into Distributed Denial of
Service attack tools, starting with the first public analyses of DDoS and an
invited talk at the November 1999 CERT Distributed System Intruder Tools
Workshop and leading to talks at SANS, the USENIX Security Symposium, JASON
summer workshop, DDoS BoF sessions at RSA 2000, NANOG, and SANS. Dave recieved
one of SANS' Security Technology Leadership Awards in 2000 for his work in
understanding DDoS tools, and was named by Information Security Magazine as one
of the "Security Seven" for 2005 (representing the education sector.)

Dave has authored chapters in the first edition of the Honeynet Project's "Know
Your Enemy" and "The Hacker's Challenge", co-authored two articles with Kenneth
Himma -- "Active Response to Computer Intrusions" and "Hackers, Crackers, and
Computer Criminals" -- for the "Handbook on Information Security" (John Wiley
and Sons, 2003) and co-authored the first complete book on DDoS, titled
"Internet Denial of Service: Attack and Defense Mechanisms" (Mirkovic,
Dietrich, Dittrich, and Ryher, Prentice Hall PTR, December, 2004.)

In the area of Computer Forensics, Dave has taught Unix Forensic Analysis at
the Black Hat Briefings, lead the Honeynet Project's popular Forensic Challenge
in 2001, and both taught in and co-chaired SANS' first forensic track at SANS
FIRE '01, and has guest lectured and collaborated on labs with faculty at
several Universities and Community Colleges.

Dave is a leading researcher of the Active Response Continuum", involving the
legal, ethical, and technical frameworks for responding to large-scale computer
attacks.  He has presented on the topic at an I4 meeting; several Agora
workshops in 2001 and 2003; a workshop at George Mason University in 2005;
panels at SecureWorld Expo Seattle, Washington State Bar Association Cybercrime
III conference, and American Bar Association summer meeting in 2004; a keynote
address at the 2003 Society for the Policing of Cyberspace (POLCYB) conference
in Richmond, BC, Canada; and a talk at AusCERT 2005 in Brisbane, Australia.
Board (IRB) Committees since 2009.  He, along with Erin Kenneally, co-authored
the Department of Homeland Security document, "The Menlo Report: Ethical
Principles Guiding Information and Communication Technology Research,"
published in the Federal Register in December,
 
Dave has also spoken at CanSecWest in Vancouver, Canada, OlymFair in Seoul,
South Korea, HAL 2001 in the Netherlands, AusCERT in Brisbane, Australia, and
to groups at the NSA, CIA, DoD, and the FBI Academy.

In his "spare" time, Dave enjoys photography (a side business), hiking, rock
climbing, and ski mountaineering the volcanoes and Cascade mountain range in
the Pacific Northwest.

His massive home page can be found at http://staff.washington.edu/dittrich/

Back to home page