Samsung Banner sticky Advertisement
  • Home
  • Articles
  • The life of hackers who legally hack StopCovid

The life of hackers who legally hack StopCovid

30th May 2020
"Bug hunter has been peeling the StopCovid application, whose launch is scheduled for Tuesday."

A report in AFP states that during the day, Adrien Jeanneau, is a cybersecurity consultant. At night, behind the alias Hisxo, it is a "bug hunter": it tracks the faults of the websites of large companies or the State ... with their consent. Since Wednesday, he has been peeling the StopCovid application, whose launch is scheduled for Tuesday.

The 27-year-old young man from Rennes is one of about twenty ethical hackers handpicked to "pentester" - perform an intrusion test - this contact-tracing application supposed to help fight against the coronavirus.

"I started to take a look at the source code and try to spot small security weaknesses. There are some interesting leads," he says.

His first feat goes back to college, in 3rd. "Computers were loaned to students for the year, but they were scheduled to turn off at 10 p.m.", he rewinds. It only took him "a few days" to get around this limit and share the trick with his classmates.

For the past few years, he has been registered on the Yes We Hack (YWH) platform, a French company that organizes vulnerability research campaigns - called "bug bounty" - at the request of private or public customers.

"I like the legal side, it's reassuring. And then behind, there are rewards," he said. Each flaw uncovered receives a score of 0 to 10, which corresponds to a bonus paid to the hacker, fixed according to a price list. "My record is 15,000 euros," says Adrien Jeanneau.

A sum that can turn the heads of apprentice geeks but "we must not let people think that we can get rich", warns Lucas Philippe, alias "BitK", ambassador of Yes We Hack and "bug hunter". For StopCovid, the premiums have been capped at 2,000 euros and will be paid by YWH.

He first practices for "fun". "I'm in my room, in my pajamas, I legally attack boxes that are worth several million dollars and I find bugs in them. The balance of power is nice," laughs this Lyonnais.

"It's a game, it's curiosity, it's forbidden" that motivates Thibeault Chenut, 21. "And then I'm still a student, in a weekend and a few evenings I can afford a vacation."

He is impatiently waiting for the StopCovid application to be public. "I like what is done by the state because it affects everyone. I feel more useful."

In June 2019, he notably reported a flaw at France Connect, the digital identity solution that allows connection to official sites, in particular taxes or health insurance.

The State, via its interdepartmental digital department, thanked him in a letter, accompanied by an external computer battery, even though no "bug bounty" had been opened.

This "wild" hunt, which is occasionally carried out by ethical hackers without profiting from it, is also illegal: it is punishable by two years' imprisonment, up to five years when the victim is the State.

"When I do, I report it to Anssi (National Agency for Information Systems Security), it proves my good faith. I have never had a problem, but I know that other + hunters + yes ", reports Léo Jorand, 24, alias Gromak123.

This cybersecurity consultant, on the other hand, never thought of becoming a "black hat", an outlaw who monetizes his hacks with blackmail. "I do this to protect people, in all kindness, I'm not trying to make money."

Clément Domingo, alias SaXx, confesses that it could have gone wrong: "I was lucky to come across people who were on the good side of force. If I had come across people who were less commendable, which I 've gained experience, maybe I would use it to do devious things, loot and resell data ".

Today, this recognized expert in cybersecurity of 29 years multiplies the conferences and intervenes in schools of engineers to sensitize the future ethical hackers.

"The key word is self-denial. Sometimes spending six months, a year, without result. And not making it a full-time activity because to pay their bills, some people lock themselves in a vicious circle, until 'burnout', he warns.

Also Read:

APPLE LAUNCH COVID-19 SELF-SCREENING APP & WEBSITE | HOW TO USE

TDO NEPAL LAUNCH COVID-19 SELF-SCREENING APP & WEBSITE 

NAMECHEAP BLOCKS DOMAIN REGISTRATION WITH NAMES ‘CORONAVIRUS’, 'COVID' AND ‘VACCINE’

COVID-19 CTI LEAGUE: CYBER-SECURITY EXPERTS COME TOGETHER TO FIGHT CORONAVIRUS RELATED HACKING

CORONAVIRUS : APPLE AND GOOGLE PARTNER ON CONTACT TRACING TECH VIA APIS, BLUETOOTH

OVER 500,000 ZOOM ACCOUNTS SOLD ON HACKER FORUMS, THE DARK WEB

 

 

  • Tags :
Compiled by : Debashish S Neupane Debashish S Neupane