Hacker Trackers Software Author ‘Mixter’ Says He Shouldn’T Bear Responsibility
The weapons used to bring down some of the most powerful companies on the Internet bear the markings of a small circle of anonymous programmers who create hostile technologies in the name of security research.
Although none of these individuals is accused of any wrongdoing, at least one name has emerged in interviews in relation to the recent wave of “denial of service” assaults.
A computer expert in Germany who goes only by the name “Mixter” is believed by some to be the author of the type of software that has been used to attack Yahoo, eBay, Amazon.com and other online giants.
No one has suggested that Mixter or any of his peers carried out the assaults, but some of the tools used in these incidents appear to carry his technological signature.
His software could have been easily replicated by others in today’s trend toward “open source” coding on the Net, but security analysts say certain signs point to Mixter as the author of the original programs.
In an e-mail interview with CNET News.com, Mixter denied any responsibility in the incidents but confirmed that he has written programs that appear similar to those used in the attacks.
“He’s the author. Absolutely,” said Gia Threatte, an expert at a computer security site called Packet Storm who said she communicates with Mixter by phone and e-mail. “When he was coming out with the tools, he worked with us” so that the site could post his software, she said. Packet Storm is a division of security firm Kroll-O’Gara Co.
Regardless of who is behind these particular incidents, the weapons used in them can be traced to a loosely knit nether-community whose work can raise troubling ethical - if not criminal - questions.
These technophiles, and the programs they create, stand at the nexus of the underground Internet of years past and the profit-obsessed enterprises that are driving much of its growth today. That dichotomy makes it difficult to determine who’s on which side, especially when politically charged issues such as commerce vs. community come into play.
Robert Clyde, vice president at security company Axent Technologies Inc., said programmers generally can be divided into “white hats” and “black hats” - those who write software to expose vulnerabilities and those who use them to exploit vulnerabilities.
As with most things in life, however, things aren’t so simple. While the white hats like to portray themselves as above the fray, he said, they often know how their work will be used after they post potentially malicious programs on the Web.
“This is in the same spirit as the people on the Internet who post how to build pipe bombs. You do bear some responsibility,” Clyde said. “But the advantage is that (others) have a chance to protect against it.”
These white hats, whose technical backgrounds vary widely, work with security professionals, ostensibly to identify potential threats. In doing so, they regularly create hostile technologies that are used to test the security of firewalls.
But such programs can fall into the wrong hands. And once they are “in the wild,” as researchers call it, anything can happen.
Even Mixter, for example, said he was stunned by the events.
“The fact that I authored these tools does in no way mean that I condone their active use,” he wrote in his e-mail exchange. “I must admit I was quite shocked to hear about the latest attacks. It seems that the attackers are pretty clueless people who misuse powerful resources and tools for generally harmful and senseless activities just because they can.”
Ironically, Mixter has been working to protect against the very attacks his software makes easier.
Threatte said he is the winner of a $10,000 Packet Storm contest for the best way to defend against distributed “denial of service” attacks, which swamp a computer with improperly encoded packets of information that eventually render it unable to respond to regular network traffic.
A security consultant at Security Focus said the tools used in the attacks look like the software from a group of technologies known as the Tribe Flood Network family. These software tools have been attributed to Mixter, whose name appears in their code.
“I can’t say for certain, but it looks just like the ones we’ve seen in the past,” said the security consultant, Ryan Russell. “There is no reason to believe it is any different.”
The exact nature and identity of the software used in the attacks won’t be pinned down until one of the relay computers used in the incidents is examined.
And Mixter isn’t the only author of these types of tools. A program of undetermined origin called Trinoo came before Mixter’s Tribe Flood Network, and a later one known as Stacheldraht Flood Network Demon was authored by someone who goes by the name “randomizer,” according to the programming code.
One reason Mixter’s work has become known is through his postings on sites like Packet Storm and the Bugtraq computer security mailing list.
Threatte said the Packet Storm site has posted his attack tools so security professionals can examine them, adding that Mixter posts the tools elsewhere.
Threatte said she believes that Mixter isn’t involved in the attacks beyond writing software that may have been used in them.