Northeastern student’s code could’ve stopped the Equifax hack

When Equifax was hacked last year, sensitive information from more than 143 million Americans was at risk of being stolen. Now Northeastern student Blue Gaston is making sure that can never happen again. Photo by Kristoffer Tripplaar(Sipa via AP Images)

When Blue Gaston started her co-op at Polyverse Corp., she was given the simple task to “fix the internet.”

A tall order, but one made easier with the development of polyscripting, a cybersecurity tool that could save us from future hacks.

“If polyscripting existed, the Equifax hack would have never happened,” said Archis Gore, the company’s chief technology officer. So that’s what he asked Gaston, a graduate student in her final year at Northeastern, to develop.

Polyscripting makes it impossible for hackers to take advantage of computer vulnerabilities to corrupt or steal huge amounts of data, Gaston said. That is exactly what happened in the Equifax hack last year, which exposed the sensitive information of more than 143 million Americans to the risk of theft. The particular type of hacking it prevents is called code injection, and it’s the No. 1 cybersecurity risk out there, according to the Open Web Application Security Project, a nonprofit organization dedicated to improving the security of software.

A hacker uses code injection to exploit vulnerabilities in programming language, including design flaws and implementation bugs. Once they find these vulnerabilities, these tiny windows of opportunity, they inject their own code—disguised as the program’s language—into the program with new instructions to deliver sensitive data. Polyscripting, however, scrambles the program’s native language into its own distinct, secret language, rendering the malicious instructions incompatible.

When Blue Gaston started her co-op at Polyverse Corp., she was asked to “fix the internet.” Photo courtesy of Blue Gaston.

So if hackers were to insert their own code, the program wouldn’t understand the new instructions. It’s like redirecting traffic with a false road sign. If drivers can’t read the language on the sign, they won’t understand what it means and won’t follow it.

Gore said it’s been a goal of Polyverse to develop polyscripting for some time. When Gaston began her co-op in June, the company gave her the assignment and she ran with it. Although she received guidance, the project is completely her own. It’s not just Polyverse that benefits, either. Her work is done on open source software, so it can already be implemented on any website that uses PHP coding language.

Gaston created the method of preventing future hacks in under a month, surpassing all of Gore’s expectations. Perhaps it’s a surprise, then, that Gaston hasn’t been coding all her life. Her undergraduate degree from Gonzaga University is in philosophy.

Gaston didn’t realize she wanted to work in the tech industry until halfway through her undergraduate studies, and by then it was too late to switch majors. After graduation, she considered joining a tech boot camp until she found out about Northeastern’s Align program.

Align is an accelerated master’s degree program designed for non-computer science majors who want to learn computer programing to transition to a career in tech.

“I never thought I would get the opportunity to get a degree in computer science,” said Gaston, who is taking classes at Northeastern’s campus in Seattle. “I’ve learned two new programming languages since starting a month ago, but I had the knowledge and resources to figure out what I needed to know,” she said.

If polyscripting existed, the Equifax hack would have never happened.

Archis Gore, Chief Technology Officer of Polyverse Corp

Gaston is Polyverse’s first intern, and Gore said the company always intended their interns to do important work. “We were all interns on high-profile projects at one point and that’s how we got our big starts,” he said.

Next month, Polyverse CEO Alex Gounares will be presenting Gaston’s project to Facebook. Gaston said the project is being pitched to other major companies as well.

“I get to see how this can make an impact not only at the company but throughout cybersecurity across the board,” she said. “It’s kind of unreal that I’m working on this.”

Gaston said that she will spend the rest of her co-op working on perfecting and further developing polyscripting. She’s also making strides in narrowing the gender disparity in tech, a problem that persists when women self-select out of trying out computer science as undergraduates.

“There’s not a lot of women in cybersecurity, so it would be cool if I could continue down this path,” said Gaston.