The Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) is proud to announce Paul Vixie as this year’s winner of the Mary Litynski Award. The award was presented at the 60th General Meeting, Feb. 19 - 22, 2024, in San Francisco, California.
The Litynski Award is given to those who have dedicated their lives to making the online community a safer place for all. Vixie’s early days as a programmer and analyst led to the start of his first business, Vixie Enterprises, in 1981. When the Internet debuted in 1983, Vixie positioned himself as an early advocate for the protection of online users.
Nearly five decades in, Vixie is still at it. This decade’s mantra is emblazoned across his LinkedIn page: “Restoring Human Security to Pre-Internet Levels.” Today, Vixie serves as Vice President, Distinguished Engineer and Deputy Chief Information Security Officer at Amazon Web Services. His journey has always been about a safe and secure online community.
DEC and BIND – Vixie Makes DNS Safer
While his first company was still growing, Vixie went to work for Digital Equipment Corporation (DEC) as a software engineer in 1988. DEC had an established employee exchange program with the University of California and by the time Vixie began work there, the U.C. Berkeley Internet Name Domain (BIND) package was a shared project.
Vixie, Rick Adams and Carl Malamud thought an independent entity could better manage BIND’s maintenance and improvements. Together, they established the Internet Systems Consortium (ISC) in 1994. As co-architects/programmers, Bob Halley and Paul Vixie released BIND version 8 in May 1997.
The Internet Hall of Fame said, “Vixie’s extensions allowed the Domain Name System (DNS) to scale beyond the original design and added the first elements of security. He created the first system that used DNS as a database for reputation information, and more recently (with co-architect Vernon Schryver) for response policy and rate limiting.”
Vixie led the team at ISC for nearly 16 years. During that time, he started MAPS (Mail Abuse Prevention System) with co-founder Dave Rand. The first anti-spam company was focused on stopping email abuse. In case you missed it, MAPS is spam spelled backwards. He also worked for several Internet service providers and co-founded two ISPs himself. In 1999, he became a founding member of the Internet Corporation for Assigned Names and Numbers (ICANN) Root Server System (RSSAC) and Security and Stability (SSAC) advisory committees. In 2005, he became a trustee with the American Registry for Internet Numbers (ARIN) and would later serve as its Chairman.
Early Battles: The Conficker Virus
The Conficker Virus was first discovered in November 2008. The virus exploited vulnerabilities in Windows software that allowed it to gain access to personal computers and secretly linked them all together for a purpose that had yet to reveal itself. At its height, it consisted of at least 10 million individual IP addresses across 190 countries. Vixie worked on the takedown team.
“I had a hands-on-keyboard role in operating the data collection and measurement infrastructure for the takedown team, in which competing commercial security companies and Internet Service Providers – most being members of M3AAWG – cooperated with each other and with the academic research and law enforcement communities to mitigate this global threat,” said Vixie.
In 2011, experts identified a small cybercriminal ring operating out of Ukraine as the architects of the Conficker Virus. The criminals had used encryption so sophisticated, it narrowed the possibilities of origin to a public release of code by Ron Rivest at the Massachusetts Institute of Technology. When Rivest published a correction to the original code, the Conficker Virus was updated too, and the Federal Bureau of Investigation (F.B.I.) followed the breadcrumbs.
DNSChanger Takedown
DNSChanger was a DNS hijacking Trojan that was deployed in 2007 by the cyber gang known as Rove Digital from Estonia. The malware modified a system’s DNS settings and diverted traffic to fraudulent websites. They lured a user into clicking on a link or pop-up to enable viewing of a video, and then the infected download began.
Once the malware changed the DNS configuration of the infected computer, it could redirect them to rogue name servers operated by affiliates of Rove Digital. The primary function of these name servers was to facilitate the distribution of advertising sold by Rove. Advertisers made payments for the traffic, believing it had originated from valid clicks.
DNSChanger affected over 4 million computers across more than 100 countries. In the U.S., there were about 500,000 infections, impacting computers owned by individuals, businesses, and government agencies, including NASA.
In November 2011, the F.B.I. asked ISC to assist in a takedown operation. Vixie caught a plane to New York City, and immediately established replacement servers. When the F.B.I. seized illegal computing assets, Vixie moved the infected systems to the new servers, maintaining evidence for prosecution and connectivity for users. Vixie added, “None of us wanted a half a million DNSChanger victims to go dark.”
It soon became obvious that victim notification and remediation procedures would need to be developed and the DNSChanger Working Group (DCWG) was established. Remediation included reinstalling Windows and sometimes reconfiguring a modem.
A half dozen Internet security teams around the world created special websites that would display a warning message to potential victims of the DNS Changer infection, and DCWG published the full list on their website. According to Security Intelligence, “Estimates suggest that the initiative was successful in an overwhelming number of instances, with just 41,800 systems still affected when the F.B.I. pulled the plug on their servers.”
Congressional Testimony
Vixie continued at ISC for a few more years and then left to start Farsight Security in 2013.
In 2014 (the same year he was inducted into the Internet Hall of Fame) Vixie testified before the U.S. Senate. He appeared before the Judiciary Hearing on Taking Down Botnets: Public and Private Efforts to Disrupt and Dismantle Cybercriminal Networks, at the request of M3AAWG.
In his testimony, Vixie provided the U.S. government examples of botnet takedowns and described the most successful approach to fighting online abuse: multilateralism.
We have found that when a single company or a single agency or nation ‘goes it alone’ in a takedown action, the result has usually been catastrophe. The Internet is hugely interdependent and many rules governing its operation are unwritten. No amount of investment or planning can guarantee good results from a unilateral takedown action. Rather, takedown actors must work in concert and cooperation with a like-minded team representing many crafts and perspectives, in order to maximize benefit and minimize cost.
Vixie explained the partnerships that are the essence of M3AAWG and like organizations:
Each of these examples shows an ad-hoc public/private partnership in which trust was established and sensitive information including strategic planning was shared without any contractual framework. These takedowns were so-called “handshake deals” where personal credibility, not corporate or government heft, was the glue that held it together and made it work. And in each case, the trust relationships we had formed as members of M3AAWG were key enablers for rapid and coherent reaction.
The 2024 Mary Litynski Award for Lifetime Achievement
Through these endeavors, and his work with ARIN and ICANN, Vixie has made considerable contributions to core Internet technology and anti-abuse efforts (more than 100 artifacts are archived on Vixie at the ICANN website).
Perhaps the statement he made about the dedication of Farsight employees (he called them ‘farseers’) encapsulates his lifetime passion: “Dedicated to the proposition that all Internet users deserve a reasonable expectation of safety and having the mission of inventing and delivering observational services and tools for Internet defenders.”
Farsight Security was acquired by Domain Tools in 2021. Dr. Vixie continues his work in security at Amazon Web Services.
M3AAWG specifically called out Vixie’s work on DNSChanger in his award:
Dr. Vixie was chosen for his work in leading the DCWG and bringing together subject matter experts from the industry to fight the Internet public health menace known as DNSChanger, believed to have infected millions of computers worldwide. Through his efforts and those of the DCWG, hundreds of thousands of infected systems were remediated, and numerous innovative approaches to victim notification were utilized. Additionally, this work helped forestall the “Internet Doomsday” scenario that many were worried about and prevented hundreds of thousands of victims from going dark simultaneously.
Congratulations from M3AAWG Friends
Sean Zadig, Chief Information Security Officer at Yahoo, had this to say:
Dr. Vixie’s selection as the Mary Litynski Award recipient is a testament to his life’s work of making the Internet safe for all. From his foundational development of the building blocks of the technology that enables the Internet, to his trailblazing work on antispam technologies, and his expertise at tackling large-scale abuse problems, Dr. Vixie’s passion for a clean and fair Internet embodies the spirit of this award.
M3AAWG Expert Advisor Joe St. Sauver, was recruited by Vixie to work at Farsight:
Paul has always devoted himself to making sure the Internet worked and scaled well, while also being safe and secure. He well deserves this recognition for a lifetime body of work that is simultaneously creative, technically innovative, and operationally impactful.
Much of what Paul’s done has been out-of-the-limelight, solving difficult (and sometimes delicate) problems with elegance and discretion, demonstrating an ability to do the right thing for the right reasons in the right way. I’m tremendously proud to have him as a friend and trusted colleague, and I congratulate him on earning this year’s Mary Litynski award! Bravo!
M3AAWG Expert Advisor Rod Rasmussen has worked with Vixie for 25 years:
Even more important and inspiring to me over the years has been all the work Paul has done in the broader security industry through formal groups like M3AAWG, APWG (Anti-Phishing Working Group), ICANN’s SSAC, and many more, and, of course, the vetted trust groups that Paul has been so instrumental in creating and fostering. I’ve had the privilege of working on many projects, from takedowns to policy with Paul over the years and watched in amazement as he drove major efforts all while running a demanding company. I’m not sure if or when Paul sleeps, but his unique ability to do all those things, all while still hacking code and troubleshooting esoteric DNS and software issues is truly amazing and inspiring. And always for a good cause. While I’ve had many friends who very deservedly win the Mary Litynski Award, I can’t think of any that are more deserving than Paul. Congratulations my friend!
M3AAWG established this award in 2010 to honor Mary Litynski’s work to make the internet safe for all. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period -- work undertaken by dedicated and driven individuals for the greater good.