The Funny Life Of An “Ethical” Hacker
You think you do not know him. And yet. Most of the viruses that have rocked the Net since 2000 – and therefore your computer – have used flaws found by this hacker who works for your good without your knowledge by getting certified ethical hacker courses.
There is often a lot of fantasy when you imagine what the life of a top hacker might look like . Hollywood films such as Operation Espadon or Takedown have contributed greatly. The reality is often simpler, less glamorous. And yet, the life of Marc Maiffret could easily be adapted to the cinema and it would undoubtedly be a cardboard.
It all started on the day of his 13th birthday, in 1994. Marc was offered his first computer. But his family having modest means, the machine is not as powerful as that of his friends. The teenager can not play the games his friends use. He is interested then other resources of the “bike”. “I learned to code my own games, and therefore, to code programs , ” he recalls. “I’ve always been naturally curious, so the next step was to test to see what could happen when you used a computer program.
From rhino9 to EEYE by the fbi box
Marc Maiffret enters the world of hacking by the “phreaking” , hacking of telephone networks. Already with some “hacks” of prestigious sites using Microsoft software to his credit, Marc Maiffret met in 1996 members of a group of hackers: Rhino9. “It was not a hacker collective, but a lot of people working on computer security, publishing warnings and software that could be used to check for system vulnerabilities. like the L0pht group, with the difference that Rhino9 was only interested in Windows ” , says the one who took the nickname Chameleon.
Why this nickname? “I chose her when I was 16. One of the girls in my class told me that with my way of hacking some sites, I was ‘like a chameleon.’ You know how boys love girls that age. so I chose this nickname … ” .
Soon after, he leaves the family home where life is not simple. He took a bus from California to Florida where he moved to Neonsurge, one of the leaders of the Rhino9 group. In one year, it goes from outright hacking of sites of prestigious or governmental companies, to publications of flaws within the group in which it has integrated. Neonsurge takes him under his wing, explaining that there are “better ways to use [his] skills instead of hacking networks and servers” .
A strange combination of circumstances makes him definitely go from shadow to light. On the good side of the force. A year later, back in California, Marc Maiffret talks with one of his friends who downloaded a satellite satellite tracking program. He asks him to answer in his place an interview with Dan Rather on CBS. A few weeks after his appearance on television, he is approached on the IRC (Internet Relay Chat) by a certain “Ibrahim” who wants to buy him the software of the army. Chameleon gets caught up in the game, accepts and sends $ 1,000 in the remaining mail.”I did not have this software and even if I had it, I would never have given it or sold,” he says. With the money, he offers a game console to his sister. It does not follow the increasingly pressing demands of “Ibrahim”. But he does not hear it that way. And promises to Chameleon some unpleasant visit. “I learned later that he was part of a terrorist organization linked to Al Qaeda,” said Marc Maiffret today. “The game had become a little too real.”
The FBI who monitored his activity on the Internet for a while is invited to Marc Maiffret a little less than a month later. He is not finally charged because he “did not have this software” . “I was very close to having big trouble but I will not exchange these experiences for anything in the world, they made me who I am and it suits me very well,” he explains. . “I was a teenager looking for some sort of ultimate truth, I just did not realize that you could have those kinds of goals trying to reach them through legal channels.”
EEYE, the trublion of computer security
At 17, a few months after the FBI visit, Marc Maiffret found a new mentor, “a father in a way, or a big brother” , in the person of Firas Bushnaq. With him, he founded eEye. This company, newcomer in the world of computer security and whose chief hacking officer Marc Maiffret, is developing a new vulnerability scanner. And is very quickly noticed . “We have been able to publish many critical vulnerabilities related to Microsoft products.” So much so that most viruses and other “worms” – Code Red, Sasser , etc. – who will shake the nascent Web will rely on these flaws.
The press does not fail to relay the findings of the young eEye, which quickly counts 80 employees and garners comfortable incomes, “several million dollars in turnover , ” says Marc Maiffret.
“THE HACKING GOLDEN AGE IS REVOLVED”
The many end-users who have been victims of viruses or site administrators who have suffered the effects of worms based on the flaws found by Marc Maiffret’s teams do not thank him. For all that, it defends itself: “The flaws are discovered by the bad guys, whatever companies do like eEye.” What is important, he continues, is that “thanks to us, Microsoft and others can create patches before the bad guys discover flaws . ” And it’s happy, because according to him, “today, the golden age of hacking is over, there are not many kids doing that ‘for fun’.information to large companies or personal data of individuals ” .
He does not fear the effects of a cyberwar announced. “Some well-placed bombs or the destruction of submarine cables would be more effective than what we are described as cyberwar, but our growing reliance on technology is worrisome. technology is lacking, and recurring ‘crashes’ may become terribly damaging in the future . ”
In fact, technologies are becoming more and more complex. In addition, the way they are deployed, especially on the Web, opens up new opportunities for hackers. Thus, the “web services”, that is to say the fact of delegating to external companies “services” – as the management of our applications – create new risks for our personal data. This is the case for example of Google Apps, Microsoft Live or all the “social networks” type MySpace or Facebook.