The internet security researcher Daniel Kaminsky died last Friday aged 42. Kaminsky came to prominence in 2008 when he “found a way that thieves or spies could covertly manipulate DNS traffic so that a person typing the website for a bank would instead be redirected to an impostor site that could steal the user’s account number and password”, the New York Times reported in their obituary published Tuesday.
At the start of their obituary, the Times wrote “If you are reading this obituary online, you owe your digital safety to him.”
When he found the serious flaw in the internet’s infrastructure, “that could allow skilled coders to take over websites, siphon off bank credentials or even shut down the internet … Kaminsky alerted the Department of Homeland Security, executives at Microsoft and Cisco, and other internet security experts to the problem and helped spearhead a patch.”
He got his start when at the age of 4 when his father gave him a computer form Radio Shack and by the age of 5 had taught himself to code. Then at the age of 11 “his mother said she received an angry phone call from someone who identified himself as a network administrator for the Western United States. The administrator said someone at her residence was ‘monkeying around in territories where he shouldn’t be monkeying around.’”
“Without her knowledge, Mr. Kaminsky had been examining military websites. The administrator vowed to ‘punish’ him by cutting off the family’s internet access. Mrs. Maurer warned the administrator that if he made good on his threat, she would take out an advertisement in The San Francisco Chronicle denouncing the Pentagon’s security.”
“I will take out an ad that says, ‘Your security is so crappy, even an 11-year-old can break it,’” Mrs. Maurer recalled telling the administrator, in an interview on Monday.
They settled on a compromise punishment: three days without internet.
Two decades later when he discovered the flaw in the domain name system (DNS) Kaminsky effectively saved the internet. But as the Times notes “while the DNS fix was Mr. Kaminsky’s most celebrated contribution to internet security, it was hardly his only one. In 2005, after researchers discovered Sony BMG was covertly installing software on PCs to combat music piracy, Sony executives played down the move. Mr. Kaminsky forced the issue into public awareness after discovering that Sony’s software had infected more than 568,000 computers.”
Kaminsky refused to profit from the flaws he found saying that doing so would have been morally wrong, and that he did not want his mother to have to visit him in prison. “Silicon Valley’s giants sought Mr. Kaminsky’s expertise and often tried to recruit him with lucrative offers to serve as their chief information security officer. He politely declined, preferring the quiet yeoman’s work of internet security.”
He was also noted for his generosity, helping others in need of support “and served as a mentor to journalists and aspiring hackers.”
The obituary in the New York Times is much more detailed and can be found in full here.