Marc Maiffret is a hacker. Maiffret started hacking about six years ago, at age 16, when a friend at school introduced him to computers, and he got hooked on a digital-age narcotic: information. He consumed what he could about the Internet, computers, networks, and phone systems. "I wanted to learn more," says the guy whose teenage handle was "Chameleon" and whose hair color shifts from black to green to blue. Maiffret says some of his actions back then wouldn't meet with widespread approval. "When I was younger, I was up to no good," he admits.
Today, Maiffret could be considered one of the good guys. In 1998, when he was 17, Maiffret co-founded eEye Digital Security, which makes security software that has been adopted by companies such as Prudential Financial. Now he has the title of chief hacking officer, and he and his co-workers help to discover security flaws in software.
Hacker is a loaded word. The hacker community--and it's a thriving online community--includes technophiles, curiosity seekers, cybervandals, and outright thieves and fraudsters. The technophiles love to take apart software to see how it works or what they can make it do. Some write tools and applications such as password crackers, vulnerability scanners, and anonymity tools, and make them freely available on the Internet or hacker Web sites and message boards. Some devote long hours to uncovering flaws in software that make systems less secure by allowing destructive worms and viruses to gain access.
The others--the intruders, vandals, virus writers, and thieves--are criminals, pure and simple. At their most benign, they are trespassers, rummaging through proprietary systems and databases. Hackers also are responsible for Web defacements, denial-of-service attacks, and identity theft. Some see themselves as rebels or revolutionaries, "hactivists" spreading a message of anarchy and freedom. Some are simple mercenaries who write tools, known as exploits, to take advantage of security flaws and make it easier to penetrate systems. In some cases, they sell that information to spammers, organized crime, other hackers, or the intelligence services of foreign countries.
Hackers are blamed for unleashing worms and viruses that have cost businesses billions of dollars a year in damages. The problems they cause have gotten so bad that Microsoft last week created a $5 million fund to provide rewards for information leading to the capture of the people responsible for those attacks. Fed up with the damage done to its reputation and, increasingly, to its revenue stream, Microsoft, working with the FBI, the U.S. Secret Service, and Interpol, is offering a bounty of $250,000 to people who help capture those responsible for the Blaster worm and the Sobig virus, which wreaked havoc this past summer on systems and networks worldwide.
