California biker lets Satan ride out on the Internet

Click to follow
The Independent Online
Software that will put enormous power into the hands of malicious hackers will be released on the Internet today by a Californian biker whose actions have been described by one industry newspaper as "mailing assault rifles to 5,000 random homes".

Dan Farmer wrote Satan, the Security Administrator's Tool for Analysing Networks, when in charge of network security at a successful Silicon Valley firm. It operates across the Internet to give a quick and comprehensive list of security flaws in any system at which it is pointed.

The flaws that Satan identifies had all been published before Mr Farmer wrote the program. But the knowledge was not easy to find or collate, and in practice only dedicated network administrators knew where to find it. Satan uses a primitive form of artificial intelligence to make the knowledge available to anyone who uses it.

Once it has analysed the network it is probing, Satan produces a list of all the security flaws it has found, along with a description and an account of how to fix them. The program drew gasps of admiration when Mr Farmer demonstrated it at the Computers, Freedom and Privacy conference in San Francisco last week. Everyone who has seen it agrees it will be a powerful tool in the right hands. What is controversial is his decision to release it across the Internet. His previous employers, Silicon Graphics, fired him when he made the plan known, or, as he puts it, "We came to a mutual agreement to get the hell out away from each other."

With thick red hair falling past his shoulders and an ear-ring in his left eyebrow, Mr Farmer looks more like a heavy metal guitarist than a former manager of network security. He has been furiously attacked for his decision to release Satan on to an unsuspecting world - one prominent Internet figure said last week: "The little bastard ought to be shot." But he defends himself with equal vigour.

Asked whether he is worried that the information will get into the wrong hands, he says: "I firmly believe that most people will do right. The real problem are the wrong types of people. But who are the bad guys anyway? The real damage on the Internet is not done by the system crackers. It is the billion-dollar companies who are the bad guys on the Internet. Satan is not a system that tells you to break into other systems. It just gives you information. People should be able to make informed choices."

Administrators of computer networks will have no choice but to make informed choices after the program is generally released. The only factor likely to slow down Satan's spread in the hands of dark-side hackers is that it runs only under Unix, an operating system which is seldom found outside universities and large companies, though it will analyse the flaws in any sort of computer.