Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:35 AM
Connect Directly

From Script Kiddie to CTO

eEye co-founder, CTO and chief hacking officer Marc Maiffret talks phreaking, FBI raids, and zero-day attacks

Marc Maiffret knew it was time to grow up when he awoke one morning in 1998 to an FBI agent holding a gun to his head. "All that hacking had caught up with me," says Maiffret, CTO and chief hacking office at eEye Digital Security .

The then 17-year-old high school dropout and hacker had just moved back into his mother's Orange County, Calif., home and ironically had landed his first real job after a year living as a runaway in Florida at a hacker buddy's home.

Figure 1:
Marc Maiffret

"He [the FBI agent] had a gun to my head and said, 'Don't move,' and yanked my covers off," says Maiffret, now 25. "And there was this guy running past my room with a shotgun like [it was] a drug [bust]. This was extreme, because I was just some computer nerd."

The FBI confiscated Maiffret's computer equipment, but he was never charged or arrested. Maiffret still really isn't sure what they were after, although the agents told him it had to do with government-related information. "It was just everything I was doing then" in hacking, he says. "But I wasn't doing anything destructive."

He calls the incident a turning point. "I was about to turn 18 and I needed to stop screwing around with all of this," he says.

So practically overnight, Maiffret converted from teen hacker/phone phreaker/script kiddie to a real researcher. Just a few weeks after the FBI raid, he teamed up with Firas Bushnaq, who he met through his job at Bushnaq's Web hosting company, to found eEye Digital Security, an endpoint security and vulnerability management software company. eEye's flagship product, Retina Network Scanner, was based on tools Maiffret had written in his hacker days.

"I had shown him the tools I was making, which later became [the basis] for Retina," Maiffret says. "For whatever reason, he saw something in me and trusted this punk kid with red hair."

Maiffret quickly found his feet as a researcher, discovering several critical Windows vulnerabilities in the late '90s. And he and a team of eEye researchers were the first to detect the first major Microsoft worm, the infamous Code Red that spread around the globe in 2001. (They named the worm after the cherry Mountain Dew soft drink of the same name that they were downing while they picked apart the worm).

"That's when everyone was having their doorknob jingled or kicked down" by worms, he says.

Maiffret says these days, it's the silent threat that worries him most. Since there hasn't been a major worm nor a widespread attack for some time, IT has gotten a bit complacent, he says. "Today we have zero-day attacks, which are a wakeup call," he says. "You have to realize that just by being on the Net, you are a target and vulnerable. We're actually worse off today" than in the worm era, he says.

He doesn't do much research these days -- Maiffret is the front man for eEye on the business side and his sales staff joke that he's their top guy. Maiffret reminisces longingly about the simple "old days" of hacking, where it was more about sending a message or making a name for yourself rather than profiteering with someone's identity or other cybercrimes that now motivate bad hackers. "Hacking is a business now," he says. "I wish kids out there were passionate about doing for the sake of doing it. But I [suppose] if you have the skills, why not make a living doing it."

Meanwhile, Maiffret says he takes pride in trying to spot and hire the next generation of white hat hackers to carry the torch. Like Maiffret, some don't come with diplomas from big-name universities -- one researcher he hired worked at a video store. "I like finding that next guy, with not exactly the right college degree, but who wants to be the next crazy researcher," he says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

* * *

Personality Bytes

  • How it All Began: " 'Phone phreaking' in eighth grade, then dial-up bulletin boards and eventually, the Internet and Rhino9 hacker group. We weren't defacing Websites or any of that crap. We were making and giving away tools and writing papers."

  • Worst Day Ever at Work: "It was not only one of the hardest days at work, but one of the hardest days of my life was when eEye had to lay some people off. There is nothing more painful then looking good, hard-working people in the eye and letting them know they are being let go because of company performance."

  • What Maiffret's co-workers don't know about him: "I actually like wearing suits. It is hard not to feel confident wearing a nice suit. In reality, I have only worn a suit a few times -- the first time being when I flew to Jordan to be the minister at my friend's wedding, which may be something else they don't know about me."

  • Favorite team: "The eEye Drinking Team. Respekt."

  • Hangout: "Hennesys Tavern, Laguna Beach, Calif. Myself and the eEye collective have had many a good time and story there. I think we mostly like it because it is the only bar we can consistently get kicked out of one night and get let back into the next."

  • In his iPod right now: "Tool's 10,000 Days."

  • PC or Mac? "PC. Not that I am not a fan of all these college chicks running around with more processing power than they know to do with, and style 'toboot'..."

  • Wheels: "Range Rover Sport. I bought it because I was going to lose my license from all the speeding tickets I got in my BMW M3, so I went domesticated with an SUV. My tickets clear soon, though, so who knows..."

  • Actor Who Would Play Maiffret in a Film: "Huge Jackman in Swordfish, but really only for the first hacking scene he has to do. Then I would opt for Johnny Depp because he is the man."

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    44% of Security Threats Start in the Cloud
    Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
    Zero-Factor Authentication: Owning Our Data
    Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    How Enterprises Are Developing and Maintaining Secure Applications
    How Enterprises Are Developing and Maintaining Secure Applications
    The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-02-25
    An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
    PUBLISHED: 2020-02-25
    An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
    PUBLISHED: 2020-02-25
    A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
    PUBLISHED: 2020-02-24
    An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
    PUBLISHED: 2020-02-24
    When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...