An ethical hacker developed a novel supply chain attack that allowed him to gain access to the systems of more than 35 technology companies, including Microsoft, PayPal, Apple, Shopify, Netflix, Uber, and Tesla.
Alex Birsan developed a technique that involved injecting malicious code into open source developer tools commonly used to install dependencies in developer projects. Dependencies are blocks of code that are shared across different projects and are often tied to public code repositories such as GitHub. Anyone can upload code packages to these repositories for others to use, and that code may not necessarily be authentic.
Birsan decided to explore whether the trust developers place in these tools could potentially be abused to gain access to enterprise networks. Birsan received $130,000 in bug bounties and had financial agreements with several companies including PayPal, Apple, and Spotify to test whether his technique would allow him to gain access to their networks.
Birsan had discovered that developers trust a simple command – pip install package_name – to install dependencies across multiple programming languages. Installers such as Python Package Index, npm, and npm registry for Node are tied to public repositories and trust that the code is authentic and not malicious.
In the summer of 2020, Birsan and the ethical hacker Justin Gardner tried to gain access to PayPal’s systems. Gardner had shared some Node.js source code that he found on GitHub that was meant for internal PayPal use. Within the package.json file there were public and private dependencies. Some were public packages from npm and others were non-public package names that he figured were most likely internally hosted by PayPal as they did not exist on the public npm registry. Birsan then explored whether malicious code uploaded to the npm under those names would start to be used in some of PayPal’s internal projects instead of the private packages.
Birsan scanned millions of domains owned by large companies and extracted JavaScript package names that had not been claimed on the npm registry. Birsan then created malicious node packages which were uploaded to the npm registry under unclaimed JavaScript package names. The packages had a preinstall script that would call back from each computer it was installed on.
Birsan used DNS exfiltration for the callbacks since he figured this method would most likely not be detected and blocked. The data was hex-coded and used as part of a DNS query to his custom authoritative name server, either directly or via intermediate resolvers, with the server configured to log the queries to keep a record of where the packages were installed.
Birsan found it was possible to propagate the malicious code through the targeted companies’ internal applications and systems using his method. While he found it easiest to extract private package names from JavaScript, because the package.json files often contained the names of JavaScript project dependencies, it was also possible to extract package names from Python and ruby and upload malicious packages to Python Package Index and RubyGems.
“Squatting valid internal package names was a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds,” said Biran. “This type of vulnerability, which I have started calling dependency confusion, was detected inside more than 35 organizations to date, across all three tested programming languages.”
Birsan is an ethical hacker who developed this technique to upload a simple phone home script, but the vulnerability could easily have been exploited by an APT group to upload malware to steal highly sensitive data.