Photo: THOMAS SAMSON/AFP (Getty Images)
Alex Birsan, a Romanian threat researcher, recently made over $130,000 by virtuously breaking into IT systems at dozens of major tech companies.
Advertisement
Birsan used a single innovative supply chain attack to compromise Tesla, Netflix, Microsoft, Apple, Paypal, Uber, Yelp, and at least 30 other firms. In the process, the researcher exposed a major vulnerability and earned large sums via multiple bug bounties the fees companies pay “white hat” hackers who successfully test their online defenses.
How Birsan did it is pretty interesting. It involves the manipulation of code in development projects, specifically dependencies certain augmentative code that is used to successfully run a program. Threatpost notes that the attack would inject malicious code “into common tools for installing dependencies in developer projects which typically use public depositories from sites like GitHub. The malicious code then uses these dependencies to