YOU ARE HERE: LAT HomeCollections

Hacker Key to Firm's Future

Security: Marc Maiffret turned a mischievous hobby into a lucrative consulting enterprise.


By his own account, Marc Maiffret had been up to no good. In and out of several computer hacker groups, the high school dropout realized his life had to change one morning shortly after he turned 17 when he was awakened by an FBI agent holding a gun to his head.

Today, at 21, Maiffret consults on computer matters with the Federal Bureau of Investigation and other federal agencies and earns a six-figure salary at a privately held Aliso Viejo company he co-founded, EEye Digital Security Inc.

"I never thought I would have been where I am today. It's such an amazing feeling," Maiffret (pronounced MAY-fray) said. "It's been like a crazy, crazy, crazy journey."

Although many hackers have turned up as security consultants, few have helped put a new company on track for success. EEye has garnered accolades both for its knack for finding major flaws in popular software programs and for the cutting-edge products it develops to help halt hacker attacks.

And EEye is starting to flourish, with sales running at about $1 million a month and profit rolling in since midsummer, said Firas Bushnaq, the company's co-chief executive. Industry experts say the company is well-positioned to take advantage of the rapid growth in what is expected to be a $6.6-billion industry this year.

Since its start in 1998, EEye has uncovered a dozen problems with Microsoft Corp. software--from the Windows XP operating system to programs for Web servers, which manage access and interaction for Internet sites.

Three weeks ago, the Redmond, Wash., behemoth came out with a patch to fix an EEye-discovered flaw in Web server software that could have given a hacker control of servers. And last fall, right after Microsoft released its XP operating system as its most secure ever, EEye found a gaping hole that could allow hackers to take control of individual personal computers.

"They do their homework," said Steven B. Lipner, director of security assurance for Microsoft, which this year made security a top priority. "The reports [on flaws] they send us have been well-researched and are high-quality."

Maiffret and his colleagues--20 engineers and 14 staff workers in Orange County and 16 salespeople in Europe, mostly in their 20s--even earned grudging praise from bigger competitor Internet Security Systems Inc. in Atlanta, which itself had to fix flaws EEye found in its products last month.

"They're very skilled at what they do," said Chris Rouland, director of Internet Security's X-Force research group.

Security Initially Was a Sideline for Company

The hacking work has helped EEye develop tools that now are used by such major companies as Edison International, AT&T Corp., Honeywell Inc., Wells Fargo & Co. and Microsoft, as well as by federal agencies, which EEye wouldn't name.

Its Retina network scanner is widely regarded as one of the better tools at uncovering security vulnerabilities on a network. Its SecureIIS network firewall for Microsoft Web servers uses a new method of identifying attacks to block not only known viruses but also new ones that follow hacking patterns. Its Iris program analyzes network traffic for bugs as data comes in. A new product, Blink, due out this summer, is a firewall for individual workstations.

Bushnaq, 34, whose ECompany Inc. created EEye, credits Maiffret for helping redirect operations. ECompany started out in the 1990s as yet another electronic-commerce firm, offering several services to online businesses. Security was a sideline until one employee asked Bushnaq in early 1998 if his 17-year-old roommate could try hacking into the firm's computers.

"The next day, Marc walks in with a listing of all my workstations and other information I thought was secure," said Bushnaq, a native Jordanian who moved to the U.S. when he was 16 and earned a degree in computer engineering. "I said, 'Would you like a job?' and he said, 'That's why I did this.'"

After Maiffret joined ECompany, the sideline quickly took center stage, and the baby-faced kid with spiked hair--colored green this month--took the unique title of chief hacking officer. EEye has picked up two rounds of venture financing totaling $7 million and is looking for a partner to help it build the company. Bushnaq said EEye has just signed a distribution contract with Ingram Micro Inc., the world's largest distributor of computer products.

For Maiffret, the job became a liberating experience after he'd been engulfed by cyberspace for three years, learning to write codes and hanging out with hacking groups.

"I was up to no good, but it was more for research," he maintains. "I never destroyed anything."

Los Angeles Times Articles