Who is Joanna Rutkowska?

Note to censors: the purpose of this page is not to make libelous accusations or pass judgments. The only reason it was set up is to document a perplexing level of similarity between the public work of two security researchers, and note that they might be the same person, though this is not proven.

Joanna Rutkowska is a female security researcher who authored a controversial Blue Pill "100% undetectable" backdoor. She is enjoying genuine recognition for her technical contributions, but is also basking in the glory afforded by one of the very few female information security geeks out there. She even got a pink-themed fan-site. Unfortunately for fan-club members, her sex might be a more complext issue than previously thought.

Until July 2003, a computer security researcher Jan Krzysztof Rutkowski used his school-provided e-mail account at Warsaw University of Technology (jkrutkowski@elka.pw.edu.pl) to publish various security materials on Windows kernel rootkit hiding and detection, such as this: He also gave a presentation on Black Hat Briefings in 2003 (Advanced Windows 2000 Rootkits Detection, Jan K. Rutkowski, Black Hat Briefings 2003). This person had ceased all public security research mid-2003 (Jan K. Rutkowski's last BUGTRAQ post).

Within less than two months, a previously unknown researcher named Joanna Rutkowska began to publish papers on Windows rootkit detection and hiding techniques (Concepts for the Stealth Windows Rootkit, first paper by Joanna Rutkowska) that were very closely related to earlier contributions by Jan and extended some of his ideas, referencing previous work (e.g., Detecting Windows Server Compromises with Patchfinder 2).

Since then, various sources interchangeably attribute pre-2003 materials signed as Jan to Joanna (example, example). Even a research paper uploaded by Joanna herself to her rootkit.com vault was once marked as Joanna's own, despite being authored by Jan: This does not look conincidental, but draw your own conclusions.