Dan’s Letter of Recommendation

This was written in 2019 support of my successful application for a Tier 1 (Exceptional Talent) visa in the UK. I’ve shared it privately with a few people in the past, but I’m now publishing it because it shows a side of Dan that not enough people saw. Though I was working for his company at the time, I doubt that’s why he wrote it.

He mentions we met at an “event” in 2007. That was the inaugural “Hackers on a Plane” group trip to Chaos Communication Camp. The two of us were seated next to each other on one of the flights. We talked for hours. Over the years he was my friend and mentor. Eventually, “found family”.

Like all people, Dan had his flaws — some of what I learned from him was by counterexample — but he was a good person and I miss him.

– Ryan

For the attention of Tech Nation:

Regarding the application of Mx. Ryan Castellucci for Exceptional Talent / Exception Promise status in the UK in the field of digital technology.

I, Dan Kaminsky, Chief Scientist and Co-Founder of White Ops, Inc, have come to know the applicant since 2007 in the capacity of peer researcher, and 2014 as my protege at White Ops. I am a well known researcher in the world of computer security, and have spent the last twenty years working to make the Internet a safer place. I am best known for my work leading one of the largest synchronized fixes to the Internet of all time, for which I was named one of the world’s seven Recovery Key Shareholders for our Internet’s Domain Name System.

Ryan is a rare talent in the world of computer security, for while many “hackers” have found many interesting problems, Ryan is actually an engineer, who sees the detection of faults as only the first step in a long process of correction and repair. I want to be clear, they discover extraordinary failures too, but it’s not enough to point out a fire. Someone has to put it out. Someone has to think it’s their job to.

Ryan was my first major technical hire at White Ops, which has become the standard bearer for validating that people on the Internet are actually people. Sometimes they are not. I could not have built White Ops without Ryan’s technical expertise, and breadth of knowledge across the entire domain of software engineering. They have been designing and deploying significant systems for over two decades. We met at an event in 2007, and it was remarkable how much of the “lore” they understood around not just making secure systems (a thing that is already difficult), but systems that scaled to support global traffic (a thing that is difficult even without security concerns). I learned to recognize this talent consulting for several years at Microsoft, one of the few institutions that has no choice but to simultaneously balance these concerns. Even within Microsoft, seeing both perspectives in one person was a rare gift. Finding it in the outside world was notable. It’s why I hired them, at my earliest opportunity.

The United Kingdom is a nation of remarkable resources and intellect, with talent known throughout the world. We designed White Ops to be able to integrate talent wherever it might be, and our London office is a lynchpin of our work to secure the Internet. We see Ryan as a profoundly useful asset, cross-training our Data Science team in the very different nature of actively malicious data. A rarely noted property of needles in haystacks is that they’re still sharp. Ryan of course works closely, and well, with the London team. There is however, real and mutual benefit to them working in the same office.

It is worth discussing the nature of cybersecurity losses to the digital economy. It goes without saying that they are extraordinary and they are growing. What is not often realized is that, eventually, the viability of having a digital economy at all is threatened. Every day, more people decide maybe things were better before, when everything ran on paper. It’s unlikely that there’s any path back to that era. But we are working in intolerable conditions. It is my sincere belief that Ryan is a rare asset, that can see themself, and can train others, in the viable changes that can be made to deliver effective security for the digital economy. In precise terms, Ryan understands how computers speak to one another, and what the implications of that communication is. It’s impossible to secure anything if you don’t know what you’re saying – thus the concept of White Ops, figure out when a computer is telling us it’s not a real person.

Ryan is also deeply versed in cryptographic arcana. As you may be aware, the world of cryptocurrency has many fraudsters, one of whom goes by the name of Craig Wright. He has spent several years running a scam, pretending to be the pseudonymous inventor of Bitcoin, Satoshi Nakomoto. I do not speak with this level of confidence frequently, however, Mr. Wright did go out of his way to generate a cryptographic proof of his identity. As a fair and neutral public skeptic in this space, I sought to validate and reproduce his proof.

It was not functional, but it was not obviously provably impossible. People leave things out of proofs accidentally with some frequency. We don’t normally presume malice.

Mr. Wright’s fraud only needed to be plausible for some period of days, maybe a week, before it was “true enough” for PR purposes. It took Ryan less than a day to generate the precise cryptographic construction that showed Mr. Wright’s claim not simply indeterminate, but deterministically, provably false. (They also recognized how Mr. Wright could have defeated their work, and arguably would have known to do so if he was in fact the creator of Bitcoin.)

That was no small feat. I know of no other engineers who could have carried this work, on this timescale, this...automatically. I include myself in this determination.

Ryan’s talents are not limited to technical achievement. At White Ops, they are one of the driving forces behind our successful collaborations with global law enforcement. It’s a thing that’s been remarked upon, that working with our firm yields enough data for enforcement efforts surprisingly quickly. This isn’t luck, or even the nature of the criminal activity we target. Ryan has a unique grasp of the technical infrastructure hackers need to build in order to profit at scale. (We call this “Crime Ops”). Ryan actually knows how the Internet works, and how the software that can corrupt it en masse is itself corrupted – in ways that provide attribution to criminal actors that are uncommonly decisive. Ryan models not merely computers, but the people using them. The results are extraordinary. Their work with the FBI (much of it involving flying to New York on short notice) was specifically acclaimed to have accelerated many months off of a major investigation that yielded successful capture and extradition of suspects. As part of this work against a highly proficient technical advensary, they developed new and profoundly useful defensive technologies against global scale corruption of core Internet routing mechanisms, and published them in a white paper White Ops wrote in partnership with Google.

Ultimately, Ryan is a highly regarded member of the cybersecurity community, known for the software they write (not all of it public) and for the research they present all over the globe. I would like to conclude this letter with a unique situation that I feel best describes the value Ryan brings to the table. The cryptocurrency community, aware that computers get hacked frequently, attempted to tie the ability to access digital funds directly to passwords.

Passwords don’t even work well as passwords, but that’s not the interesting part.

A mechanism known as Brainwallets became popular. I myself had worked on this sort of “password as cryptographic key” technology, but I did it well. They did not – it was quite practical to try to rob every cryptocurrency user in the world at once, and it was happening. Ryan was horrified. So they did what many wouldn’t: They worked to identify who was at risk of being robbed (their advanced knowledge of cryptography meant Ryan found them first), and at some risk to themselves and no formal means of communication, invented entirely new ways to let people know harm was coming.

It worked. Then they worked with me to develop StoryBits, a password handling system that could function in this capacity. And they also achieved something few in security have – in response to giving a talk, during the talk, the primary Brainwallet site shut down, never to harm another user.

Ryan genuinely cares about the intersection of technology and society, and has used their talents unfailingly in the pursuit of good, with remarkable effectiveness. They have been an anchor hire at White Ops, and any nation would be lucky to have them. I highly encourage your consideration in this matter. I am of course available to answer any questions you might have.

Yours Truly,
Dan Kaminsky
Chief Scientist and Co-Founder
White Ops, Inc.