Stanford student who recovered $27,000 for ransomware victims talks ethical hacking

As a high school student, Jack Cable ’21 hacked the Pentagon through a government-sponsored program created to find bugs in Air Force security networks. Upon arriving at Stanford, he set up a bug bounty program and worked with large enterprises to secure their digital systems. In April, he hacked ransomware, saving victims over $27,000.

Certainly, Cable isn’t your ordinary student. In 2018, Time Magazine named him among the world’s 25 most influential teens. In his spare time, he consults for the Department of Homeland Security, working to secure election systems.

The Daily sat down with Cable to discuss his latest achievement: hacking the QLocker ransomware, work for which the Secretary of Homeland Security recognized him as a “tremendous example of how even a single person can make a huge difference.”

The ransomware, which Cable said likely originated from eastern Europe, locked victims’ files until they paid the hackers.

Cable first heard about the ransomware from a family friend whose computer was affected by the attack. The family friend, who is a physician, was ready to pay the requested 0.01 Bitcoin for the laptop’s release, as he had sensitive patient data on his laptop. 

When Cable heard about the incident, he tried his hand at cracking the ransomware. After trying an arsenal of techniques to crack the system, it came to him. 

“Thinking through some of the stuff I’ve seen with bug bounties — that people don’t consider all the edge cases — I tried changing a letter in the bitcoin address from lowercase to uppercase,” he said.

The subtle change immediately unlocked the files, fooling the system into thinking the victims had paid for their laptops’ release.

Cable took it a step further, tweeting that any others affected by the virus should contact him. He was able to recover $27,000 before the hackers fixed their vulnerabilities.

Cable has made a name for himself in the world of “white hat,” or ethical hacking, both in and out of Stanford. Stanford Chief Information Security Officer Michael Tran Duff wrote that Cable helped inaugurate the University’s bug bounty program, one of the first of its kind in higher education. The program…