Stanford student who recovered $27,000 for ransomware victims talks ethical hacking

June 2, 2021, 11:13 p.m.

As a high school student, Jack Cable ’21 hacked the Pentagon through a government-sponsored program created to find bugs in Air Force security networks. Upon arriving at Stanford, he set up a bug bounty program and worked with large enterprises to secure their digital systems. In April, he hacked ransomware, saving victims over $27,000.

Certainly, Cable isn’t your ordinary student. In 2018, Time Magazine named him among the world’s 25 most influential teens. In his spare time, he consulted for the Department of Homeland Security, working to secure election systems.

The Daily sat down with Cable to discuss his latest achievement: hacking the QLocker ransomware, work for which the Secretary of Homeland Security recognized him as a “tremendous example of how even a single person can make a huge difference.”

The ransomware, which Cable said likely originated from eastern Europe, locked victims’ files until they paid the hackers.

Cable first heard about the ransomware from a family friend whose computer was affected by the attack. The family friend, who is a physician, was ready to pay the requested 0.01 Bitcoin for the laptop’s release, as he had sensitive patient data on his laptop. 

When Cable heard about the incident, he tried his hand at cracking the ransomware. After trying an arsenal of techniques to crack the system, it came to him. 

“Thinking through some of the stuff I’ve seen with bug bounties — that people don’t consider all the edge cases — I tried changing a letter in the bitcoin address from lowercase to uppercase,” he said.

The subtle change immediately unlocked the files, fooling the system into thinking the victims had paid for their laptops’ release.

Cable took it a step further, tweeting that any others affected by the virus should contact him. He was able to recover $27,000 before the hackers fixed their vulnerabilities.

Cable has made a name for himself in the world of “white hat,” or ethical hacking, both in and out of Stanford. Stanford Chief Information Security Officer Michael Tran Duff wrote that Cable helped inaugurate the University’s bug bounty program, one of the first of its kind in higher education. The program offers up to $1,000 per vulnerability that students, postdocs or full-time benefits employees uncover in the University’s security system. 

“Thanks in large part to Jack’s guidance and support, Stanford’s bug bounty program has been a resounding success,” Duff wrote. “We will continue to expand the program, and it has served as a model for several other universities.”

Outside of school, Cable is producing large waves. For the last year, he has been working to secure American election security with the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.

Riana Pfefferkorn, a research scholar at Stanford’s Internet Observatory, said that despite his modesty, Cable is truly special in his commitment to ethical hacking.

“While there are certainly other bright young minds out there when it comes to hacking, they aren’t usually as public-spirited as Jack — they’re more apt to use their skills to, say, change their grades in the school’s system,” Pfefferkorn said. “His dedication to service is what I find most impressive about Jack.”

In the future, Cable said he hopes to continue working for the public good, continuing his journey in the world of ethical hacking. “There’s just no replacement for knowing that you’re actually helping people and preventing harm on the Internet,” he said.

One future career consideration is working for the federal government, where he said he has the potential to “enact change at a wide scale.”

“You can really do a lot in the government if you’re in the right position,” Cable said.

Login or create an account