- My name is Alexandru Colțuneac and I am a white hacker and Co-Founder of LooseByte, a cybersecurity company from Romania
- I have found and reported vulnerabilities in Google, Microsoft, eBay, Adobe, Facebook, Paypal, UBER
- Through my work, I want to change Romanian entrepreneurs’ perception of cybersecurity and make them see its real value.
I assume that you might be one of those people that believe that their online data is quite safe and that cybersecurity is no more than an antivirus app that you can simply install on your computer or phone.
Mind you, I am not here to judge you. I used to think the same until I discovered that we as users are not the only potential victims of cyberattacks. There are bigger targets out there in the digital world, like that e-commerce store where you’ve been doing your shopping for a while now.
I am one of the ‘good’ guys
My name is Alexandru Colțuneac and I am a white hacker, aka one of the good guys. I hope that this dispelled the vision that might have appeared in the back of your mind – you know, the guy in a hoodie lurking in a dark corner of a room behind his computer.
I have been passionate about computers since I was a child and I’ve always found the hackers from movies and TV series fascinating. I just couldn’t understand how they could breach into the systems of big global companies only by pressing a few buttons on their keyboard.
When I was 7 years old, I breached the access to my home computer, I say ‘breached’ as my parents used to limit the time I spent in front of the screen by adding a password. It wasn’t a difficult password to guess as you can imagine, but it didn’t matter – the digital world had me hooked already. My adventure was only beginning.
When I decided that the dark side wasn’t for me
As a teenager, I used to surf the internet (is this still a thing?) in search of games or forums that would entertain me in my free time.
That’s how I came across one of the most popular online communities of Romanian hackers. There, IT people – and not only – used to approach various topics in this field and even organize hacking contests between them. It sounded great so I decided to give hacking a try.
The first virus I created and published on the internet had a very short life as my conscience wouldn’t let me alone until I deleted it. I still remained a loyal visitor on that forum but never tried to play the bad guy again.
When I first found out that there is such a thing as white hackers
One day, while browsing that same forum, a particular thread caught my attention. There was this guy that was telling other members of the community how he succeeded to find a vulnerability in Yahoo and how excited he was that after he reported it, the team at Yahoo thanked him.
Although I couldn’t understand what he had done there due to my lack of technical knowledge at the time, I was surprised by the fact that a representative from a company so big and popular answered his email.
I want to be able to do that too, I said to myself. So I decided there and then that there’s only one way to do it: I will hack Google.
You’ve got mail…from Google
Everything related to security and vulnerabilities was uncharted territory for me, so I chose the easiest solution. I downloaded an automated vulnerability scanning app from the Internet and I set Google as a testing ground.
In less than a couple of minutes, the program had already found a vulnerability. I didn’t know what it did but I was over the moon that it had actually worked.
I didn’t lose too much time wondering what the program found, I immediately started writing an email addressed to those at Google. It sounded something like this: Hi there, My name is Alex and I found something in your systems. I don’t really know how it impacts your infrastructure but it might be a vulnerability. Very smooth and professional, wasn’t it?
Anyhow, the next day, while I was coming back from school, I received a notification on my phone that said the following: Congrats! What you have discovered is indeed a vulnerability and we want to reward you for helping us. I couldn’t believe it. I’ve made it, I ‘hacked’ Google.
I reread that message several times to make sure that I wasn’t missing anything. But I wasn’t, it was all there – as was my new passion for the years to come.
A white hacker in the making
With the money received from Google, I bought my first laptop and I decided not only that I’m going to learn more about vulnerabilities but also that I will find one for every big company out there.
That’s how I started to understand what ethical hacking really meant. In the following years, I achieved my goal of helping global businesses such as Facebook, Microsoft, Adobe, eBay, and Uber fix some of their vulnerabilities.
Nevertheless, Google will always hold a special place in my heart. Today I am proud to say that I am part of Google’s Hall of Fame which mentions all the people that have helped them in making the internet a safer place.
How I started my first cybersecurity company
All the all-nighters I pulled over the years and the vulnerability reports I wrote helped me with both my personal and professional development. During that whole period, I had the opportunity to collaborate with and work alongside various companies, all of which shared my main goal – users’ safety.
With that in mind, last year I started LooseByte together with a friend of mine. Our main focus is to improve the efficiency of security measures that information systems and networks currently have. We aim to help companies both from Romania and from abroad to stay protected against cyber attacks.
The status of cybersecurity in Romania
Although at a global level, companies have come to consider cyberattacks as serious threats that can endanger the safety and stability of a business, in Romania, cybersecurity still holds a secondary place.
Many businesses strive to provide their customers with high-quality services, however, it often happens that, during the process of designing and implementing a service, some specific scenarios are overlooked – for example, when the client could actually be a hacker.
Whether extracting all the data from a database, accessing other clients’ sensitive data or just gaining access to the servers, these are all possible cases where the actions of hackers can have a major impact on a business. It has been proven over time that cyber attackers know exactly how to take advantage of these opportunities while being emboldened by the continuous technological development and the large amounts of data that companies have come to own.
According to a recent report on cybersecurity, 2 out of 3 cyberattacks target small and medium-sized companies and 60% of these businesses risk going bankrupt in the next 6 months, if they don’t have the right security measures in place. Moreover, hackers are much more tempted to target these companies due to their carefree approach to cybersecurity.
LooseByte is here to save the day and your data
The services we offer mainly involve the simulation of real-life cyberattacks that aim to identify potential security breaches. We essentially put ourselves in the shoes of real hackers attacking a particular company but we perform the attacks in an organized and controlled manner so that no user’s data is harmed.
We have a typical attacker approach, that is, we try to find all the available information about the tested systems and then we focus on identifying any security vulnerability such as the unauthorized access to a user’s confidential data, obtaining admin permissions, malicious extraction of the information stored in the database.
Thus, companies become more aware of the dangers to which they are exposed and gain an overview of the overall level of security of their systems. Also, with the help of the technical details and action steps presented in the security report we write, developers can better understand the most common methods used by attackers to breach a system. This way they’ll be able to implement efficient security measures that will keep the users and their data safe in the long term.
The role of cybersecurity in a GDPR world
According to the GDPR requirements, European companies are obliged to make sure that the personal data of their clients are safely handled while also setting up security measures and procedures. In case of non-compliance to these rules, they are liable to fines which can reach up to 4% of their turnover.
In the case of IT systems, these measures also include the evaluation and testing of technical security measures. Therefore, every company that processes or stores personal data through information technology systems (such as web applications, mobile applications, and cloud services) should take into consideration Penetration Testing or Vulnerability Assessment services.
However, neither internal networks nor Wi-Fi networks should be excluded from security tests, as they might represent a potential target to attackers, especially when they allow access to high-risk databases or services.
If needed, a security audit can also include Secure Code Review services where we inspect the source code of the applications in order to identify security vulnerabilities. Also, if a company wants to train employees so that they don’t fall victim to malicious emails, we organize simulated Phishing campaigns.
What’s next then?
Due to the rapid pace of technological advancements, investing in cybersecurity has become a necessity that every company must meet sooner or later. Apart from considerable financial losses, a security breach can negatively affect a company’s image, thus reducing its credibility.
If you are looking for security solutions that fit your business needs and keep you protected against cybercrimes, contact us at firstname.lastname@example.org or by using the form below.