Content Archive for @nptacek

Nicholas Ptacek
16 min readOct 28, 2021

--

I wear a lot of hats and have picked up a lot of skills over the years, so I don’t really fit very neatly in any one category. Here’s some of what I’ve done:

  • Helped stop a 4-million strong botnet that was responsible for at least $14 million in click-fraud.
  • Helped identify and shut down a trojan horse responsible for the theft of 20 BTC.
  • Full-stack developer with expert knowledge of the entire software development lifecycle; designed, developed, and shipped multiple award-winning security and privacy apps for the Mac platform.
  • Created a number of free malware removal tools.
  • I’ve written and spoken extensively about cybersecurity topics including ransomware, spyware, and digital privacy; my work has been cited extensively in print and on the web.
  • I’m particularly proud of my time co-hosting The Checklist Podcast, during which I made it a goal to help make complex computer security topics accessible to as wide an audience as possible.
  • Extensive experience with malware research and analysis, utilizing a variety of reverse-engineering and OSINT techniques to determine capabilities, advise on and implement appropriate response, and publish both technical and accessible research on a variety of threats.
  • Extensive experience working with a diverse array of platforms and APIs across a number of e-commerce backends (eSellerate, FastSpring, DevMate, Paddle, MailChimp).
  • I tend to see trends before others.
  • I like helping people and sharing knowledge.
  • I like to come up with novel solutions to unique problems.
  • I work best in a fast-paced environment that is still guided by long-term vision.
  • I’ve most recently been spending my spare time hard at work in the web3 space.

contact info: @nptacek on twitter, DMs are always open

Want to learn more about my work? Dive into the archive below.

Awards and Reviews

In Print

External Citations

2005–2007 | Overview

I spent most of 2005 working on the design, code, and e-commerce integration for MacScan 2, initially conceived as an anti-spyware app for the Mac platform. MacScan 2 was released online near the end of the year, and officially debuted at Macworld Expo in early 2006. Over the next two years I worked on building out major new features for the program, including the transition from PowerPC to Intel architecture, support for Korean language localization, malware scan scheduling and tracking cookie identification and removal. End user support, bug fixes, and malware analysis continued to be part of my everyday work throughout the duration of my time with SecureMac.

When I first came across a Mac sample of the DNSChanger Trojan Horse in late 2007, I had no idea that it would end up becoming a major focus for the next few years of my professional career. The DNSChanger trojan horse is now considered one of the major hacking incidents of the early 2000's.

2008 | Overview

After releasing a free tool to remove the DNSChanger Trojan Horse from infected systems, I participated in the DNS Changer Working Group (DCWG), helping provide technical analysis, mitigation strategies, and support for users with infected systems. This work was essential to the success of Operation Ghost Click and in the years to come as we worked to clean a large number of infected systems from around the globe.

Later in the year I brought attention to another new piece of malware affecting Macs, and released a number of version updates for MacScan 2.

2008 | Writing

2008 | In The News

2009 | Overview

During this time I created the iWorkServices Trojan Horse removal tool, a free release from SecureMac, which served to blunt the impact of a botnet of infected machines that came online a few months later.

This year also saw a continuing game of cat-and-mouse with the DNSChanger malware authors as they worked to evade detection by MacScan 2 with new variants.

2009 | Writing

2009 | In The News

2010 | Overview

Right before Halloween 2010, I identified a brand new family of Mac malware, the Boonana trojan horse, and created another free removal tool, which was released by SecureMac. There was a bit of uncertainty in the media after misidentification by another security vendor, but I was confident in my analysis, which was later confirmed by Microsoft.

Much of my time coding was spent working on what would later be released as PrivacyScan, my second major commercial app. In addition, I continued to to work on MacScan 2, analyze malware, and provide customer support.

2010 | Writing

2010 | In The News

2011 | Overview

I spent much of 2011 in another game of cat-and-mouse with malware developers, this time with the Mac Defender family of fake anti-virus apps. During this time I released multiple version updates for MacScan 2, and continued working on PrivacyScan, which was starting to really come together.

2011 | Writing

2012 | Overview

PrivacyScan was released at Macworld | iWorld Expo 2012 to broad critical acclaim, winning a Best of Show Award from Macworld UK, and later selected as a Mac Gem for Macworld Gemfest 2012. The rest of the year was spent updating and supporting PrivacyScan in addition to MacScan 2, along with my normal malware analysis responsibilities.

2012 | Writing

2012 | Awards

2013 | Overview

I continued malware research, along with my work on MacScan 2 and PrivacyScan.

Adware had by now become widespread, and I brought attention to Mac adware being distributed from CNET’s Download.com site.

During this time I learned to navigate the process of a Mac App Store release, continuing to support both Mac App Store and non-Mac App Store versions of PrivacyScan for the lifespan of the program.

Around this time I started working on what would later become MacScan 3, a major version upgrade to a flagship product with a sizable active user base. The process of taking MacScan 3 from initial product concept, through design, development, testing, and on to successful commercial release became the focus of my work for the next few years, and constitutes my largest single creative output to date.

2013 | Writing

2013 | Awards

2014 | Overview

Early in the year I discovered a new piece of crypto-stealing Mac malware after seeing a post on reddit. 20 BTC didn’t seem like quite as big of a deal back then!

I continued working on MacScan 3, mostly focusing on the necessary backend infrastructure and tools needed to support a commercial anti-malware program, including the migration from a perpetual license to SaaS sales model. I continued to provide malware analysis, updates, and support for MacScan 2 and PrivacyScan throughout the year.

In 2014, I built a small flappy bird clone called Dizzy Duck. Sadly, it is no longer in the App Store, but I feel I did justice to the attempt and had fun learning how to design and code something a bit outside of my normal area of expertise.

2014 | Writing

2014 | In The News

2015 | Overview

My major work focus in 2015 involved getting MacScan 3 across the finish line and ready to ship while continuing to provide support for existing product lines. I focused on frontend work, e-commerce integration, anti-piracy measures, and product testing throughout the year.

I was in full creative mode during this time period.

2016 | Overview

After officially launching MacScan 3 at Macworld San Francisco 2016, I found myself in charge of supporting three active commercial apps at the same time. I spearheaded the initiative to provide a clear end-of-life strategy to gracefully retire support for MacScan 2, which was successfully implemented over the course of the year. I facilitated the App Store takedown of an iOS app caught stealing Instagram passwords, gave an interview on ransomware, and started getting serious with my written work.

Additionally, I helped start The Checklist podcast, which turned out to be another major shift in my work focus over the next few years, as I started exploring other ways to share knowledge in an accessible format. Initial shows focused on core computer security concepts and best practices, laying a foundation for some of the more complex topics covered in later shows.

2016 | Writing

2016 | Podcasts

2016 | In The News

2017 | Overview

I wrote a major piece on spyware (now more commonly known as stalkerware); a portion of this primer was republished as the feature article in the Fall issue of MacDirectory magazine.

I focused on current events in my writing this year, documenting emerging Mac malware threats, major security incidents, and answering questions received from podcast listeners. The podcast followed a similar pattern, while also covering some important topics in keeping kids and elders safe online. I continued commercial support for both MacScan 3 and PrivacyScan during this time, along with malware analysis.

2017 | Writing

2017 | Podcasts

2018 | Overview

Continued support and development for both MacScan 3 and PrivacyScan, along with malware analysis. During this time I helped facilitate the takedown of multiple subscription scam apps that had made it through Apple’s review process and into the App Store. I continued to cover a mix of both current events and core cybersecurity concepts through my writing as well as my spoken work on The Checklist.

I scaled back on my creative output as I unexpectedly ended up as executor of my father’s estate, and the work to settle his probate case occupied much of my free time over the next two years.

During this time I also started an in-depth exploration of VR/AR/XR hardware, software, and development platforms, accessories, and experiences, exploring the capabilities of the Microsoft Hololens, Magic Leap, and PlayStation VR platforms in detail.

2018 | Writing

2018 | Podcasts

2019 | Overview

During this time I concentrated on my core responsibilities supporting the existing commercial products, worked on an e-commerce platform migration for PrivacyScan, and continued administering my father’s estate.

In my free time, I continued my research with a deep-dive into VR/AR/XR and similar metaverse-adjacent areas.

2020 | Overview

I realized Covid would be a thing a number of months before it was on most peoples’ radar, and updated my plans for 2020 accordingly. Having worked remote for years at this point, not much changed for me on the day-to-day. I continued to support my existing projects, continued my exploration of VR/AR/XR, and navigated the chaotic year as best I could.

2020 | Writing

2020 | Podcasts

2021 | Overview

My SecureMac work continued apace in 2021, and I appeared in a couple articles from Vice.

I spent 2021 further engaging with topics in education through active exploration and experimentation in a novel pedagogical system that blends virtual learning in a small group environment with software tools to enable accessible discourse.

I helped set up, moderate, and run multiple Discord servers throughout 2021.

I took an interest in Dogecoin in early January 2021, and crypto was the focus of much of my personal research during the course of the year. I was incredibly excited by some of the possibilities unlocked by Loot Project and was inspired to focus my creative output on the web3/metaverse space.

Some of the things I’ve done in my free time over the past two months:

  • Focus on outreach and community building efforts within the NFT space.
  • I was selected as one of the first moderators for the Loot Project Forums, where I helped set up the initial mod team structure, goals, and code of conduct, helped onboard new mods, and where I continue to perform routine forum moderation responsibilities (Volunteer position).
  • Wrote a couple onboarding pieces on NFTs.
  • Found and responsibly disclosed a security hole I found in a live smart contract, working with the contract authors to mitigate the threat after verifying it was not otherwise exploited.
  • Did a deep dive on NFT rarity analysis.
  • Designed and developed an NFT market analytics and arbitrage app that offers a number of improvements over the native OpenSea experience. More information on this project coming soon.

I’m excited to see where this space goes from here.

Interested in my work? My DMs are always open over on Twitter.

2021 | Writing

2021 | In The News

2022 | Writing

2022 | In The News

2023 | Writing

2023 | In The News

--

--