Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:35 AM
Connect Directly

From Script Kiddie to CTO

eEye co-founder, CTO and chief hacking officer Marc Maiffret talks phreaking, FBI raids, and zero-day attacks

Marc Maiffret knew it was time to grow up when he awoke one morning in 1998 to an FBI agent holding a gun to his head. "All that hacking had caught up with me," says Maiffret, CTO and chief hacking office at eEye Digital Security .

The then 17-year-old high school dropout and hacker had just moved back into his mother's Orange County, Calif., home and ironically had landed his first real job after a year living as a runaway in Florida at a hacker buddy's home.

Figure 1:
Marc Maiffret

"He [the FBI agent] had a gun to my head and said, 'Don't move,' and yanked my covers off," says Maiffret, now 25. "And there was this guy running past my room with a shotgun like [it was] a drug [bust]. This was extreme, because I was just some computer nerd."

The FBI confiscated Maiffret's computer equipment, but he was never charged or arrested. Maiffret still really isn't sure what they were after, although the agents told him it had to do with government-related information. "It was just everything I was doing then" in hacking, he says. "But I wasn't doing anything destructive."

He calls the incident a turning point. "I was about to turn 18 and I needed to stop screwing around with all of this," he says.

So practically overnight, Maiffret converted from teen hacker/phone phreaker/script kiddie to a real researcher. Just a few weeks after the FBI raid, he teamed up with Firas Bushnaq, who he met through his job at Bushnaq's Web hosting company, to found eEye Digital Security, an endpoint security and vulnerability management software company. eEye's flagship product, Retina Network Scanner, was based on tools Maiffret had written in his hacker days.

"I had shown him the tools I was making, which later became [the basis] for Retina," Maiffret says. "For whatever reason, he saw something in me and trusted this punk kid with red hair."

Maiffret quickly found his feet as a researcher, discovering several critical Windows vulnerabilities in the late '90s. And he and a team of eEye researchers were the first to detect the first major Microsoft worm, the infamous Code Red that spread around the globe in 2001. (They named the worm after the cherry Mountain Dew soft drink of the same name that they were downing while they picked apart the worm).

"That's when everyone was having their doorknob jingled or kicked down" by worms, he says.

Maiffret says these days, it's the silent threat that worries him most. Since there hasn't been a major worm nor a widespread attack for some time, IT has gotten a bit complacent, he says. "Today we have zero-day attacks, which are a wakeup call," he says. "You have to realize that just by being on the Net, you are a target and vulnerable. We're actually worse off today" than in the worm era, he says.

He doesn't do much research these days -- Maiffret is the front man for eEye on the business side and his sales staff joke that he's their top guy. Maiffret reminisces longingly about the simple "old days" of hacking, where it was more about sending a message or making a name for yourself rather than profiteering with someone's identity or other cybercrimes that now motivate bad hackers. "Hacking is a business now," he says. "I wish kids out there were passionate about doing for the sake of doing it. But I [suppose] if you have the skills, why not make a living doing it."

Meanwhile, Maiffret says he takes pride in trying to spot and hire the next generation of white hat hackers to carry the torch. Like Maiffret, some don't come with diplomas from big-name universities -- one researcher he hired worked at a video store. "I like finding that next guy, with not exactly the right college degree, but who wants to be the next crazy researcher," he says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

* * *

Personality Bytes

  • How it All Began: " 'Phone phreaking' in eighth grade, then dial-up bulletin boards and eventually, the Internet and Rhino9 hacker group. We weren't defacing Websites or any of that crap. We were making and giving away tools and writing papers."

  • Worst Day Ever at Work: "It was not only one of the hardest days at work, but one of the hardest days of my life was when eEye had to lay some people off. There is nothing more painful then looking good, hard-working people in the eye and letting them know they are being let go because of company performance."

  • What Maiffret's co-workers don't know about him: "I actually like wearing suits. It is hard not to feel confident wearing a nice suit. In reality, I have only worn a suit a few times -- the first time being when I flew to Jordan to be the minister at my friend's wedding, which may be something else they don't know about me."

  • Favorite team: "The eEye Drinking Team. Respekt."

  • Hangout: "Hennesys Tavern, Laguna Beach, Calif. Myself and the eEye collective have had many a good time and story there. I think we mostly like it because it is the only bar we can consistently get kicked out of one night and get let back into the next."

  • In his iPod right now: "Tool's 10,000 Days."

  • PC or Mac? "PC. Not that I am not a fan of all these college chicks running around with more processing power than they know to do with, and style 'toboot'..."

  • Wheels: "Range Rover Sport. I bought it because I was going to lose my license from all the speeding tickets I got in my BMW M3, so I went domesticated with an SUV. My tickets clear soon, though, so who knows..."

  • Actor Who Would Play Maiffret in a Film: "Huge Jackman in Swordfish, but really only for the first hacking scene he has to do. Then I would opt for Johnny Depp because he is the man."

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    For Cybersecurity to Be Proactive, Terrains Must Be Mapped
    Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
    A Realistic Threat Model for the Masses
    Lysa Myers, Security Researcher, ESET,  10/9/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-10-14
    JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
    PUBLISHED: 2019-10-14
    There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
    PUBLISHED: 2019-10-14
    There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
    PUBLISHED: 2019-10-14
    A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
    PUBLISHED: 2019-10-14
    The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.