Cryptography, University of California, Berkeley
His mile-long rap sheet began when he was 21. September 1995: Cracks Netscape security system, gaining access to credit card numbers and bank accounts. March 1997: Finds a way to steal personal digital cellphone codes and charge calls to strangers. The list goes on. You might expect to find the perp doing time in some penitentiary. But David Wagner is a free man and a rising computer science star at the University of California, Berkeley.
Wagner, 28, who has tinkered with computers since childhood, never broke any laws, but he's broken more than a few codes in his ongoing research to identify security holes in software, particularly software that safeguards large amounts of money or information relevant to national security. "David is an amazing scientist," says Alex Aiken, a Berkeley colleague. "The thing that's unusual about him is that he's a really good pure mathematician and also an extremely good hacker. It's rare to see these qualities in one person."
The security lapses Wagner has identified are endemic, he says. "Our computer software is really crummy. There are a lot of bugs." This sorry state exists because the basis of most software code has barely changed since the dawn of the Web. Back then, the only people sharing information electronically were scientists; security wasn't an issue. Now, though, more than 900,000 commercial transactions occur daily on the Web. Most Internet businesses safeguard customers' incoming credit card numbers using an essentially foolproof means of hiding information that's based on the difficulty of factoring very large numbers. But once an order has been received, the card number is usually stored unencrypted in the company's system. And breaking into a corporate network is often as easy as guessing an employee's password, which can be something as simple as "hello."
What most worries Wagner, though, is the prospect of cyberterror. He's less afraid of purely online acts than what hacking can do to amplify a conventional terror strike: "If a bomb goes off in a building along with cellphone systems and 911 systems in the area shut down by a cyberattack, that could raise the death toll and spread even more fear." Wagner points out that a recent government study found that cyberterrorists have such capabilities. "Things are going to get worse before they get better. It might take a few disasters before people put more effort into security."
Wagner does lots of behind-the-scenes work, advising government agencies and software companies on how to make digital cellphones, wireless networks, encryption standards, and next-gen Internet protocols more secure. Despite the dire scenarios, he loves what he does. "As far as I'm concerned, it's the best job in the world, although sometimes I feel like the little Dutch boy with his finger in the hole in the dike."