Security News > 2022 > May > Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker behind this hijack has now broken silence and explained his reasons to BleepingComputer.
The hijacker of these libraries is an Istanbul-based security researcher, Yunus Aydın aka SockPuppets, who has attested to the fact when approached by BleepingComputer.
In the case of 'ctx' and 'PHPass,' the hijacked versions didn't stop at basic PoC-these stole the developer's environment variables and AWS credentials, casting doubts on the intention of the hijacker or if this was even ethical research.
Stealing secrets stored in environment variables such as passwords and API keys could very well cross the line, especially when hijacking popular libraries like 'ctx' and 'PHPass' that have been downloaded millions of times.
Some even took notice of Aydın's vanishing online presence after reports of the hijacked libraries picked up steam.
Hijacking PHPass as BleepingComputer explained yesterday, was more akin to repo-jacking or "Chainjacking" in which an abandoned GitHub repository is claimed by another user who can now republish the versions of this package to the PHP/Composer registry, Packagist.