Rodney Joffe

Last updated
Rodney Joffe
Rodney Joffe in 2007.jpg
Born
Rodney Lance Joffe

1954 (age 6869)
South Africa
Other namesMax
CitizenshipAmerican [1]
Occupation Computer scientist
Known for Computer security

Rodney Joffe is a South African/American entrepreneur and cybersecurity expert. [2] He is a recipient of the FBI's Director's Award for Outstanding Cyber Investigation for his role in uncovering the Mariposa botnet. [3]

Contents

Early life

Joffe was born in South Africa. [4] He has been involved in information technology since 1973, when he trained as a systems analyst and programmer in the pensions actuarial group of the Old Mutual Life Insurance Company in Cape Town. [5]

Career

Joffe is credited with creating web site hosting company Genuity (Internet company), as well as UltraDNS, a domain name service company which was sold to Neustar in 2006. He retired from Neustar in September, 2021. [6]

From 2009-2010, Joffe was Director of the Conficker Working Group. [7]

Durham inquiry

On September 15, 2021, Internet researchers successfully extrapolated information from civil litigation brought by Alfa Bank and other open source data to identify Joffe as "Max" from Dexter Filkins' New Yorker articles about Alfa-Bank and The Trump Organization, in addition to being a client of Michael Sussmann. [8] [9] [10]

On September 30, 2021, Joffe was confirmed to be Tech Executive-1. [11] [12] [13] [2]

In a February 2022 court motion related to Michael Sussmann's prosecution, Special Counsel Durham alleged that Joffe and his associates had exploited access his company had through a pending cybersecurity contract with the Executive Office of the President (EOP) to acquire nonpublic government domain name system and other data traffic "for the purpose of gathering derogatory information about Donald Trump." [14] [15] Durham did not allege that any eavesdropping of Trump communications content occurred, [16] and on March 4, 2022, he dropped these claims against Joffe. [17] [18]

A spokesman for Joffe released a statement asserting that his client had lawful access under a contract to analyze White House DNS data for potential security threats. [19] The spokesman stated that Joffe's work was in response to hacks of the EOP in 2015 and of the DNC in 2016, as well as Russian YotaPhone queries in proximity to the EOP and the Trump campaign, that raised "serious and legitimate national security concerns about Russian attempts to infiltrate the 2016 election". According to Joffe's spokesman, "deeply concerned" cybersecurity researchers prepared a report "about the anomalies they found in the data" and shared it with the CIA. [20]

Awards

In 2013, Joffe received the FBI's Director's Award for Outstanding Cyber Investigation for his role in uncovering the Mariposa botnet. [21]

In 2015, Joffe received the Mary Litynski Lifetime Achievement Award from M3AAWG, for his lifetime work in fighting text spam, malware and DDoS attacks. [22]

In 2018, Joffe received the Contribution to Cyber Security Award, presented at the 2018 Computing Security Awards. [23]

Three years in a row from 2018-2020, Joffe was named Cybersecurity Professional of the Year, at the Cybersecurity Excellence Awards. [24]

Patents

  1. Distributed computing system and method for distributing user requests to replicated network servers - Hopscotch - US 8,683,075 [25]
  3. Domain name system and method of operating using restricted channels - US 9,871,794 [26]
  5. Domain name system and method of operating using restricted channels - US 10,356,097 [27]
  7. Method And System For Detecting Network Compromise - US 9,356,942 [28]
  9. Method And System For Detecting Network Compromise - Continuation - US 9,674,222 [29]
  11. Method and apparatus for balancing the process load on network servers according to network and serve based policies - US 6,185,619 [30]
  13. Method and system for detecting network compromise - US 10,230,761 [31]
  15. Multi-tenant unit - US 6,144,638 [32]
  17. Secure Domain Name System - US 9,648,004 [33]
  19. Secure Domain Name System - US 9,172,713 [34]

Related Research Articles

Neustar, Inc. is an American technology company that provides real-time information and analytics for risk, digital performance, defense, telecommunications, entertainment, and marketing industries, and also provides clearinghouse and directory services to the global communications and Internet industries. Neustar was the domain name registry for a number of top-level domains, including .biz, .us, .co, .nyc, and .in until the sale of the division to GoDaddy in 2020.

<span class="mw-page-title-main">Akamai Technologies</span> American computer networking company

Akamai Technologies, Inc. is an American content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services. The company operates a network of servers worldwide and rents the capacity of the servers to customers wanting to increase the efficiency of their websites by using Akamai owned servers located near the user. When a user navigates to the URL of an Akamai customer, their browser is directed by Akamai's domain name system to a proximal edge server that can serve the requested content. Akamai's mapping system assigns each user to a proximal edge server using sophisticated algorithms such as stable matching and consistent hashing, enabling more reliable and faster web downloads. Further, Akamai implements DDoS mitigation and other security services in its edge server platform.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is a multinational cyber security software company with global headquarters in Tokyo, Japan and in Dallas/Fort Worth Metroplex, United States. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

<span class="mw-page-title-main">James A. Baker (government attorney)</span> American lawyer

James Andrew Baker is a former American government official at the Department of Justice who served as general counsel for the Federal Bureau of Investigation (FBI) and later served as deputy general counsel at Twitter, Inc. before being fired by Elon Musk in December 2022.

Perkins Coie is an American multinational law firm headquartered in Seattle, Washington. Founded in 1912, it is recognized as an Am Law 50 firm. It is the largest law firm headquartered in the Pacific Northwest and has 20 offices across the United States and Asia. The firm provides corporate, commercial litigation, intellectual property, and regulatory legal advice to a broad range of clients, including prominent technology companies like Google, Twitter, Intel, Facebook, and Amazon. In addition to its corporate representation, the firm has represented political clients. The firm is known for its pro bono work.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the government of China of attempting unlawfully to acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc.

<span class="mw-page-title-main">Democratic National Committee cyber attacks</span> 2015-16 data breaches by Russian hackers as part of US election interference

The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.

<span class="mw-page-title-main">Guccifer 2.0</span> Pseudonymous Russian hacker/hacker group who conducted the 2015-16 DNC data breaches

"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.

<span class="mw-page-title-main">DCLeaks</span> Hacker group

DCLeaks was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms determined the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. Its activities are a continuation of the National Protection and Programs Directorate (NPPD), and was established by the Cybersecurity and Infrastructure Security Agency Act of 2018.

Charming Kitten is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Russia investigation origins counter-narrative</span> Conspiracy theory concerning the 2016 US elections

U.S. government investigations into Russian interference in the 2016 elections, and the links between Russian intelligence and Trump associates, started with the FBI's Crossfire Hurricane investigation, and continued with the "Mueller investigation" which was established after President Donald Trump fired the director of the FBI James Comey,. The Mueller investigation concluded that Russian interference was "sweeping and systematic" and "violated U.S. criminal law", and indicted Russian citizens and Russian organizations. The investigation "identified numerous links between the Russian government and the Trump campaign". The investigation resulted in charges against 34 individuals and 3 companies, 8 guilty pleas, and a conviction at trial. However it concluded that though the Trump campaign welcomed the Russian activities and expected to benefit from them, there was insufficient evidence to bring any conspiracy or coordination charges against Trump or his associates, and that they were prevented from reaching a conclusion on whether Trump had obstructed justice by a Justice Department guideline prohibiting the federal indictment of a sitting president.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Michael A. Sussmann is an American former federal prosecutor and a former partner at the law firm Perkins Coie, who focused on privacy and cybersecurity law. Sussmann represented the Democratic National Committee (DNC) and retained CrowdStrike to examine its servers after two Russian hacker groups penetrated DNC networks and stole information during the 2016 U.S. elections.

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

<span class="mw-page-title-main">Durham special counsel investigation</span> Investigation of FBI investigation of Trump-Russia ties

The Durham special counsel investigation began in 2019 when the U.S. Justice Department designated federal prosecutor John Durham to review the origins of an FBI investigation into Russian interference in the 2016 United States elections. Durham was given authority to examine the government's collection of intelligence about interactions between the 2016 presidential campaign of Donald Trump and Russians, and to review government documents and request voluntary witness statements. In December 2020, Attorney General William Barr announced that he had elevated Durham's status and authority by appointing him as a special counsel, allowing him to continue the investigation after the end of the Trump presidency.

References

  1. "Memo of Law Re Sussmann 10.12.21 Exhibits - Part 1". p. 93. Retrieved October 15, 2021. Did you understand why Mr. Sussmann was using a pseudonym for Rodney Joffe? [...] To the best of my recollection, it was described to me as this is an individual [Joffe] who is a senior official who has both significant government and nongovernment contracts. Someone who has no interest in being part of a news cycle, but yet as a patriotic American, felt it was his duty to provide this information to the government in some way for them to take some further research action.
  2. 1 2 Perez, Evan; Polantz, Katelyn (September 30, 2021). "Durham issues fresh round of subpoenas in his continuing probe of FBI investigation into Trump, Russia". CNN. Archived from the original on September 30, 2021. While working for Perkins Coie, Sussmann also represented Rodney Joffe, a cybersecurity expert referred to in Durham's indictment as "Tech Executive-1." In 2016, Joffe, who has not been previously identified, worked with researchers to collect internet data about the Trump Organization that Sussmann took to the FBI.
  3. "StackPath".
  4. Butterworth, Trevor (September 27, 2010). "Computer Worm Invaded Iranian Nuke Plant". The Daily Beast. Archived from the original on September 18, 2021. Charming and quick-witted, Joffe, who is 55 and originally hails from South Africa...
  5. "Nominating Committee – Members 2005". www.icann.org. ICANN . Retrieved February 13, 2022.
  6. Blackwell, Evelyn (30 September 2021). "Who is Rodney Joffe, aka 'Tech Executive-1' in Durham indictment?". World News Era. Joffe retired earlier this month from Neustar Inc., a Reston, Va.-based company that provides various internet-related services.
  7. "Conficker still a threat, says Working Group". Infosecurity Magazine. 2010-06-14. Retrieved 2022-06-17.
  8. Filkins, Dexter (October 8, 2018). "Was There a Connection Between a Russian Bank and the Trump Campaign?". The New Yorker . Archived from the original on October 8, 2018. In June, 2016, after news broke that the Democratic National Committee had been hacked, a group of prominent computer scientists went on alert. Reports said that the infiltrators were probably Russian, which suggested to most members of the group that one of the country's intelligence agencies had been involved. They speculated that if the Russians were hacking the Democrats they must be hacking the Republicans, too. "We thought there was no way in the world the Russians would just attack the Democrats," one of the computer scientists, who asked to be identified only as Max, told me. [...] (Max described himself as "a John McCain Republican.") [...] Max's group began combing the Domain Name System, a worldwide network that acts as a sort of phone book for the Internet, translating easy-to-remember domain names into I.P. addresses, the strings of numbers that computers use to identify one another. [...] Max and his group are part of a community that has unusual access to these records, which are especially useful to cybersecurity experts who work to protect clients from attacks. Max and the other computer scientists asked me to withhold their names, out of concern for their privacy and their security. I met with Max and his lawyer repeatedly, and interviewed other prominent computer experts.
  9. @Fool_Nelson (September 15, 2021). "3/ Given "Max/@michaelsuss's client" was a "John McCain Republican", Joffe is a good candidate given he donated to a Republican while living in Arizona and his company @Neustar has been represented by Perkins Coie" (Tweet). Archived from the original on September 21, 2021 via Twitter.
  10. "Identity of 'Tech Executive' in Durham indictment over Alfa Bank claims revealed". Washington Examiner. September 30, 2021. Archived from the original on October 1, 2021. Online sleuths figured out earlier this month Joffe was likely the unnamed technology executive.
  11. Savage, Charlie; Goldman, Adam (September 30, 2021). "Trump Server Mystery Produces Fresh Conflict". The New York Times. Archived from the original on September 30, 2021. [T]hree of their names have appeared among a list of data experts in a lawsuit brought by Alfa Bank, and Trump supporters have speculated online about their identities. The Times has confirmed them, and their lawyers provided statements defending their actions. [...] "Tech Executive-1" is Mr. Joffe, who in 2013 received the F.B.I. Director's Award for helping crack a cybercrime case, and retired this month from Neustar, another information services company.
  12. McIntyre, Stephen [@ClimateAudit] (September 30, 2021). "ALL of the identifications of co-conspirators and participants in the Sussmann Indictment previously proposed in this corner of Twitter have been confirmed by Savage (just as he grudgingly confirmed identifications of Danchenko etc last year)" (Tweet). Archived from the original on September 30, 2021 via Twitter.
  13. Ross, Chuck [@ChuckRossDC] (September 30, 2021). "CNN confirms what @FOOL_NELSON sleuthed a while back -- "Tech executive 1" in the Sussmann indictment is Rodney Joffe of the firm Neustar. Alfa Bank had subpoenaed Joffe earlier this year in its lawsuit against Fusion GPS" (Tweet) via Twitter.
  14. Neidig, Harper (February 14, 2022). "Durham alleges cyber analysts 'exploited' access to Trump White House server". The Hill.
  15. Alexander Mallin; Jack Date (February 15, 2022). "Special counsel, Democratic lawyer clash over new allegations regarding data purported to tie Trump to Russia". ABC News.
  16. Katelyn Polantz; Evan Perez (February 14, 2022). "Special counsel Durham alleges Clinton campaign lawyer used data to raise suspicions about Trump". CNN.
  17. emptywheel (2022-03-06). "John Durham Drops Claim that Rodney Joffe "Mined" EOP Data for Derogatory Information on Trump from Boilerplate". emptywheel. Retrieved 2022-06-17.
  18. "Michael Sussmann's Attorneys: John Durham Engaged in 'Extraordinary Prosecutorial Overreach' and Failed to Cite a 'Single Analogous Precedent' for Indictment". Law & Crime. 2022-03-12. Retrieved 2022-06-17.
  19. Savage, Charlie (February 14, 2022). "Court Filing Started a Furor in Right-Wing Outlets, but Their Narrative Is Off Track". The New York Times .
  20. Alexander Mallin; Jack Date (February 15, 2022). "Special counsel, Democratic lawyer clash over new allegations regarding data purported to tie Trump to Russia". ABC News. As a result of the hacks of EOP and DNC [Democratic National Committee] servers in 2015 and 2016, respectively, there were serious and legitimate national security concerns about Russian attempts to infiltrate the 2016 election. Upon identifying DNS queries from Russian-made Yota phones in proximity to the Trump campaign and the EOP, respected cybersecurity researchers were deeply concerned about the anomalies they found in the data and prepared a report of their findings, which was subsequently shared with the CIA.
  21. "Neustar's Rodney Joffe Receives Prestigious FBI Director's Award". October 29, 2013. Archived from the original on September 21, 2021.
  22. Group (M3AAWG), Messaging Anti-Abuse Working (2015-06-10). "Rodney Joffe Receives 2016 M3AAWG Mary Litynski Award for Lifetime Work in Fighting Text Spam, Malware and DDoS Attacks". GlobeNewswire News Room. Retrieved 2022-06-17.
  23. 2018 Computing Security Awards: The Contribution to Cyber Security Award , retrieved 2022-06-17
  24. "Rodney Joffe Named a 2020 Cybersecurity Professional of the Year by the Cybersecurity Excellence Awards". I-COM. Retrieved 2022-06-17.
  25. "United States Patent: 8683075 - Distributed computing system and method for distributing user requests to replicated network servers".
  26. "United States Patent: 9871794 - Domain name system and method of operating using restricted channels".
  27. "United States Patent: 10356097 - Domain name system and method of operating using restricted channels".
  28. "United States Patent: 9356942 - Method and system for detecting network compromise".
  29. "United States Patent: 9674222 - Method and system for detecting network compromise".
  30. "United States Patent: 6185619 - Method and apparatus for balancing the process load on network servers according to network and serve based policies".
  31. "United States Patent: 10230761 - Method and system for detecting network compromise".
  32. "United States Patent: 6144638 - Multi-tenant unit".
  33. "United States Patent: 9648004 - Secure domain name system".
  34. "United States Patent: 9172713 - Secure domain name system".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.