Five years ago, French programmers Bejamin Delpy created a program that was designed to pull a Windows user’s password out of a computer’s memory to gain repeated access to it. While visiting Russia, the 25-year-old walked back into his hotel room to find a man in a dark suit on Delpy’s laptop. He was most likely trying to steal the program, called Mimikatz, reports Wired.
Since then, Delpy released Mimikatz to the public and it has become a tool for all hackers. Delpy originally built the program as a side project, according to Wired, because he wanted to learn more about Windows security and the C programming language. He also wanted to prove that Windows had a serious security flaw in the way it handled passwords. Microsoft eventually changed its authentication system to make Mimikatz-attacks more difficult, but not before the program had been put into every hacker’s toolbox. Even today, Wired reports, Mimikatz is an all-too-useful hacker tool, according to Jake Williams, a penetration tester and founder of security firm Rendition Infosec.
Microsoft seems to have learned to appreciate what Delpy did, however, and this year he was invited to join one of the company’s review boards for new research submissions. Even though he was stalked by Russian hackers, Delpy said he is glad he was able to show the gaping vulnerability to Microsoft.
“I created this to show Microsoft this isn’t a theoretical problem, that it’s a real problem,” he told Wired. “Without real data, without dangerous data, they never would have done anything to change it.”
This article was featured in the InsideHook newsletter. Sign up now.
