Hacking large companies can pay off big! A security researcher successfully hacked into the infrastructure of 35 companies. A reward of 130,000 dollars up for grabs.
A virtuous hacker
35 world famous companies have been hacked by a hacker. Fortunately, this hacker was none other than a cybersecurity researcher named Alex Birsan. We call this way of doing a “bug bounty”.
Alex Birsan has managed to break the protection of internal systems of companies like Apple, Microsoft, Uber, Spotify, Tesla… He used a common flaw in the package managers of several programming languages like npm for NodeJS, PyPi for Python and RubyGems for Ruby. Indeed, to create their software, companies use reputable open source code, available on digital platforms. The developers of the companies add their own private package to make the infrastructures as secure as possible.
The cybersecurity researcher, once he identified the open source code that is public, only had to find the private code of these high-tech companies that was hiding in the first code and steal their identity.
A fairly simple trick that Alex Birsan was the first to find. This type of hacking is called a “supply chain attack”. Unlike other cyber attacks, Alex Birsan did not have to reenter a user’s workstation to trigger this attack. He took advantage of this flaw to enter the code directly and inject his own code into it. He then warned international firms of their vulnerability and received the sum of $ 130,000 as a reward.