Surfing the dark web to analyze hacker chatter is just another day on the job for Alexander Heid.
He recalls one of his first major counter-offensive hacks. Back in 2010, he infiltrated the command-and-control center of a malicious network of zombie machines called the Zeus botnet, which was developed by Russian hackers. It had been stealing bank login information and initiating wire transfers in the background. According to an article from the BBC, the FBI reports that, “the crime ring attempted to steal around $220m.”
The malware was first identified in 2007. “The bank started sending out advisories about the Zeus botnet and it intrigued me, causing me to look in the criminal underground for discussion about this particular malware until I found a copy of it to reverse engineer,” he says. This allowed Heid to seize control of the servers running this botnet and extract information that assisted law enforcement to identify their location and respond appropriately.
When he presented his research to his employer, a major bank that he declines to name, he recalls that, “They looked at me like how a pet owner looks at their cat who has brought home a dead bird. It wasn’t my job to do that.”
Heid, a former student at Florida International University, is well known not only for hacking the stealthy Zeus botnet, a job credited to him by Rolling Stone magazine, but also for being a founding member of the Prolexic Technologies PLXSERT, a team dedicated to forensic analysis and counter-measures on incoming DDoS attacks (Distributed Denial of Service) that incapacitate servers on the internet by flooding them with junk traffic. He has spoken dozens of times at hacker conferences worldwide such as DefCon in Las Vegas, B-Sides in Austin Texas, and Security Zone in Colombia.
These days Heid, 39, lives on the gulf coast of Florida, but doesn’t want the public to know exactly where. But his story begins in South Florida. He was raised in Hialeah on a steady supply of video games. He loves hacker movies like WarGames and Sneakers. His first operating system at the age of four was a five-and-a-quarter-inch floppy disk boot loader that provided access to the BASIC programming language. In middle school, he acquired a hand-me-down Packard Bell computer with MS-DOS and Windows 3.1.
He graduated from Barbara Goleman Senior High School in 2001, then at FIU majored in political science. For fun, he joined student clubs where he met James Ball. The two shared a passion for computers. Along with various others, they founded HackMiami.
“HackMiami started meeting at Florida International University unofficially to give presentations and have hands-on hacking,” says Heid, who was a student at the time. Eventually, they hosted a talk called how to hack terrorist networks that went viral and attracted the professional curiosity of the FBI.
Heid adds, “The purpose of this organization was to promote cybersecurity knowledge and skill-sharing among its participants. The meeting and workshop format is how we began and how we continue to operate to this day.”
After FIU, Heid worked as a fire alarm safety engineer from 2005 to 2009 at what he calls a “critical infrastructure location in Miami” that he declined to name. There he discovered vulnerabilities in their fire alarm network. He later developed talents in web application security, malware analysis, and counter-intelligence methodologies.
Much of this work with the Zeus botnet came after this period. That earned him some notoriety in the hacker community.
These investigations by Heid were a precursor to his career in counterintelligence, which included time at a company called Prolexic from 2011 to 2013 on their PLXSERT (Prolexic Security Emergency Response Team). His primary job was full-time reverse engineering DDoS (Distributed Denial of Service) botnets, identifying vulnerabilities and engaging in counterattacks
His biggest presentation came in 2013 at DefCon in Las Vegas, Nevada, then among the world’s largest annual hacker conventions. On stage, he says he took over the command-and-control server of a major DDoS botnet.
In 2014, he joined SecurityScorecard, a firm that calculates cybersecurity ratings. There his job was – and continues today to identify emerging threats to their customers, their partners, and the internet overall.
Today at age 39, he is the president and CEO of HackMiami. It specializes in cybersecurity as well as everything related to penetration testing, vulnerability analysis, and digital forensics. Members have biweekly meetings in Broward County and annual conferences in Miami Beach.
Secretary of the Board of HackMiami, Rod Soto says that “The decision to make HackMiami was driven from the need to share and learn with minds alike. Then he adds: “Alex is brilliant. He is incredibly smart and will figure out anything you send his way. I’ve seen this firsthand. I always listen to his opinions although I don’t always agree yet I do take his perspective on things.”
Heid plans to host another annual conference in Miami Beach at Marenas Beach Resort from May 19-20 in 2023. Tickets can be found at hackmiami.com and local meetups can be found at meetup.com/hackmiami.
