Elliot Alderson, aka @fs0c131y, is an independent security researcher. In his threads, he shares his finds and experiences. He covers various topics such as flaws found in the French government messaging app, data leaks from an Indian oil company and users manipulating Twitter.
Interview published on June 13, 2019
Q. Can you introduce yourself in a few sentences?
A. My name is Baptiste Robert, I’m a French independent security researcher. For almost 2 years, I’ve been sharing my research to my 110K followers on Twitter under the pseudonym @fs0c131y. You can find a subset of news articles about my research on my website fs0c131y.com.
Q. How did you get into security?
A. In October 2017, I was bored so instead of watching TV I decided to analyse the firmware of my phone, a OnePlus 5. I found this nice EngineeringMode backdoor. I published it on Twitter and it blow up. In 2 days, my tweets had been seen 6 millions of time. It was crazy for a newbie like me.
Q. Recently you wrote many threads about the Yellow Jackets, what did you find out?
A. Contrary to what some "big players" said, I didn't find any notable influence of Russia in the Yellow Vest movement. I found that a lot of nationalists from everywhere (polish nationalist, brexiter, QAnon lover, ...) tried to exaggerate the situation in France to push their own propaganda.
Q. Do you notice differences between French and American companies and the way they deal with security?
A. Hum not really to be honest.
Q. What do you think about the rules regarding flaws and how to inform companies about them?
A. The debate around the "responsible disclosure" is very hot. I always try to responsibly disclose the flaws I found first. BUT sometimes if the company is "aggressive" or doesn’t care about the security of their users I'm using my Twitter account to publicly expose the issue. As a technical person, we need to use communication as a weapon too. Companies don't like to have their "bad behaviours" exposed and it pushes them to fix the security issues which is the only thing that matters.
Q. What’s the most common reaction of companies when you tell them about a flaw you found?
A. In general, the reaction is very good. People are interested to know the details of the flaws I found and thank me. Technical people want to understand the issue and how they can make their company more secure. I do have some aggressive answers sometimes but this is very rare.
Q. You recently became a member of the Illuminati on Twitter. Which organization do you plan to join next?
A. Lol, I'm open to everything :D
Q. Do you have any other shows to recommend about infosec, aside from Mr. Robot?
A. Actually I don't. To be honest I still need to watch the end of season 3 of Mr Robot.
Q. What are your favorite Twitter accounts?
A. I have a lot of Twitter accounts in mind. @conspirator0 is doing an awesome job in the Twitter analysis field, @hackerfantastic is a must follow account in the infosec community for example.