• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Brilliant hacker Zatko confirms ending of Cyber Fast Track program

Brilliant hacker Zatko confirms ending of Cyber Fast Track program

Pierluigi Paganini March 08, 2013

The popular white hat hacker Peiter C. Zatko, aka Mudge, confirms to have ended his experience with the Cyber Fast Track program.

The story has begun when one of the most famous US hackers Peiter C. Zatko, also known as Mudge and a member of the hacking group The Cult of the Dead Cow, decided to leave underground to work for private industry and government.

He is considered the “intellectual father” of the concept of buffer overflow, in 1995 he published the work “How to Write Buffer Overflows” explaining the potentiality of exploiting these categories of vulnerabilities.

Several years ago Peiter Zatko started a prolific collaboration with the US government and in particular with Defense Advanced Research Projects Agency (DARPA) supporting the authorities to improve their cyber capabilities. His contribution was crucial for the Department of Defense, his program known as Cyber ​​Fast Track (CTF) has gained in have great success, but like any story, it has an end that is taking place in a few weeks.

MudgeAccording official source the program CFT “funds research to be performed by boutique security companies, individuals, and hacker/maker-spaces, and allow them to keep the commercial Intellectual Property for what they create. The goal is not to have these entities focus on solving DoD problems, but rather to fund research efforts these organizations would have considered on their own but are not pursuing due to complexity/cost/time/etc. Where it is an effort that may help the community at large it is almost by definition within the running lanes of CFT to consider. What’s good for the community is good for DARPA “

The intent was to funds multiple small projects for all technologies related in the area of cyber characterized by high value-added in shorter time frames, limited cost and with the expectation of results demonstrated in less than 12-month period … and there have been many success stories as we will see shortly.

“For the time and money currently invested for one program, the government is striving to engage in dozens of programs,” “The government needs agile cyber projects that are smaller in effort, have a potential for large payoff, and result in a rapid turnaround, creating a greater cost to the adversary to counter.” DARPA explained.

The project deadline is April 1st this is the last day for submission of new proposals, but many security specialists including Zatko, are sure that the soul of the CFT project will reincarnate in new activities equally prolific. Until now CFT program has received around 400 proposals and sustained 101 of them.

During a talk at the CanSecWest conference, Zatko announced:

“CFT is ending because it was an experiment. DARPA isn’t an open organization. We were looking for a new way to work with people,” “The back end is what’s designed to transition so other large organizations can use this. I hope they look for more people who look at this and say, Mudge did it and he got out mostly intact.”

To provide some samples on the activities promoted by the program let’s remind the Convergence system for replacing the CA infrastructure designed by Moxie Marlinspike and the research conducted by popular security expert Charlie Miller on security of NFC (near-field communication) communication protocol.

According to various sources such as Nexgov portal recent and “ongoing projects include investigating forensic evidence on Mac OS X-based machines, and developing software in support of a  command and control system for disposable computers that are dropped from a drone into an area of interest”.

In my opinion, the program represents excellence in the research sector, contrary to the guideline of the majority of programs of DARPA that have a long duration, it finances only projects focused on short-term goals, do not forget that today’s technological scenario has the same dynamic with a short timeline, this is a revolutionary approach.

Why think of projects with huge investments that go on for years, when the technology may become obsolete due to the disproportionate length of research activities?

The philosophy behind the approach of Zatko is synthesized in an exceptional way by the following statement of the popular hacker:

“Trying to reduce predictable complexity with more predictable complexity is a bad strategy,”

This is a radical change of thought, exactly what the US government desired for its research, the cyber threat is increasing in complexity and attackers explore everyday new tactics, a continuous evolution that have to be mitigated with a dynamic and adaptive approach.

“We often times forget in security that your adversary has good ideas too. People forget that their are game theoretics involved. If you make a change, they don’t just pack up their ball and go home.”

“When you see that more and more money is being invested and the problem is getting worse, people ask whether we should invest more or none at all,” “Why are we not making progress? There’s a whole bunch of factors involved.”

Apparently, the decision of DARPA to turn off funding for hackers pursuing cyber security research appears a contradiction, the US has one of the most careful governments on the necessity to grow up cyber army and increase cyber capabilities. The hacker’s skills are fundamental to increase the cyber capabilities of the countries, and investments are necessary but they are unless guided in the wrong way, the “Resilient Military Systems and the Advanced Cyber Threat” written  by Defense Science Board (DSB) highlighted it

“Current DoD actions, though numerous, are fragmented. Thus, DoD is not  prepared to defend against this threat DoD red teams, using cyber attack tools which can be downloaded from the Internet, are very successful at defeating our systems”

The statement is eloquent, skilled hackers using resources commonly available on the internet are able to create serious damage to American infrastructures, the report also sustains the need to invest a huge quantity of money to improve US cyber capabilities … so why suppress so interesting and cheap cyber security research?

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Zatko)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Convergence cyber capabilities Cyber Fast Track DARPA Mudge underground Zatko

you might also like

Pierluigi Paganini July 03, 2025
China-linked group Houken hit French organizations using zero-days
Read more
Pierluigi Paganini July 03, 2025
Europol shuts down Archetyp Market, longest-running dark web drug marketplace
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    China-linked group Houken hit French organizations using zero-days

    APT / July 03, 2025

    Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

    Data Breach / July 03, 2025

    Europol shuts down Archetyp Market, longest-running dark web drug marketplace

    Cyber Crime / July 03, 2025

    Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

    Uncategorized / July 03, 2025

    Cisco removed the backdoor account from its Unified Communications Manager

    Security / July 02, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT