Ethical hacker, Alex Birsan, has demonstrated that it is possible to breach the systems of tech giants by utilizing a novel supply chain attack by exploiting public, open-source developer tools. These tech companies include giants such as Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber.
The attack injects malicious code into common tools for installing dependencies for ones projects from public code repositories such as Github. When we use any package from such sources, we trust that the uploader has no malicious intent and download and use it with utmost faith. But, what if this was not the case? What if this blind trust and faith is misplaced and is being exploited?
Python, Ruby and Java were the three programming languages used across these 35 organizations where he had found the vulnerabilities.
Birsan decided to explore the trust exploited by the malicious actors when he was hacking PayPal with Justin Gardner, in the summer of 2020, who had shared with him “an…