Elie Bursztein, born 1 June 1980 in

France France (), officially the French Republic ( ), is a country primarily located in Western Europe. It also comprises of Overseas France, overseas regions and territories in the Americas and the Atlantic Ocean, Atlantic, Pacific Ocean, Pac ...

, is a French

computer scientist A computer scientist is a person who is trained in the academic study of computer science. Computer scientists typically work on the theoretical side of computation, as opposed to the hardware side on which computer engineers mainly focus (al ...

and

software engineer Software engineering is a systematic engineering approach to software development. A software engineer is a person who applies the principles of software engineering to design, develop, maintain, test, and evaluate computer software. The term ''p ...

. He currently leads

Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...

’s Security and Anti-Abuse Research Team.

Education and early career

Bursztein obtained a computer engineering degree from EPITA in 2004, a master’s degree in computer science from

Paris Diderot University Paris Diderot University, also known as Paris 7 (french: Université Paris Diderot), was a French university located in Paris, France. It was one of the inheritors of the historic University of Paris, which was split into 13 universities in 197 ...

/ENS in 2005, and a PhD in computer science from

École normale supérieure Paris-Saclay The École normale supérieure Paris-Saclay (also ENS Paris-Saclay or Normale Sup' Paris-Saclay), formerly ENS Cachan, is a grande école and a constituent member of Paris-Saclay University. It was established in 1892. It is located in Gif-sur-Yv ...

in 2008 with a dissertation titled ''Anticipation games: Game theory applied to network security''. His PhD advisor was Jean Goubault-Larrecq. Before joining Google, Bursztein was a post-doctoral fellow at

Stanford University Stanford University, officially Leland Stanford Junior University, is a private research university in Stanford, California. The campus occupies , among the largest in the United States, and enrolls over 17,000 students. Stanford is consider ...

's Security Laboratory, where he collaborated with

Dan Boneh Dan Boneh (; he, דן בונה) is an Israeli-American professor in applied cryptography and computer security at Stanford University. In 2016, Boneh was elected a member of the National Academy of Engineering for contributions to the theory an ...

and John Mitchell on

web security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...

, game security, and applied

cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

research. His work at Stanford University included the first cryptanalysis of the inner workings of Microsoft’s

DPAPI Data Protection Application Programming Interface (DPAPI) is a simple cryptography, cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems. In the ...

(Data Protection Application Programming Interface), the first evaluation of the effectiveness of

private browsing Private browsing is a privacy feature in some web browsers. When operating in such a mode, the browser creates a temporary session that is isolated from the browser's main session and user data. Browsing history is not saved, and local data as ...

, and many advances to

CAPTCHA A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 ...

security and usability. Bursztein has discovered, reported, and helped fix hundreds of vulnerabilities, including securing Twitter’s frame-busting code, exploiting Microsoft's location service to track the position of mobile devices, and exploiting the lack of proper encryption in the Apple

App Store An App Store (or app marketplace) is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the co ...

to steal user passwords and install unwanted applications.

Career at Google

Bursztein joined

in 2012 as a research scientist. He founded the Anti-Abuse Research Team in 2014 and became the lead of the Security and Anti-Abuse Research Team in 2017. Bursztein's notable contributions at Google include: * 2020 Developing a deep-learning engine that helps to block malicious documents targeting Gmail users. * 2019 Developing a password-checking service that has allowed hundreds of millions of users to check whether their credentials have been stolen in a data breach while preserving their privacy. * 2019 Developing a

Keras Keras is an open-source software library that provides a Python interface for artificial neural networks. Keras acts as an interface for the TensorFlow library. Up until version 2.3, Keras supported multiple backends, including TensorFlow, Mic ...

tuner that became the default hypertuner for

TensorFlow TensorFlow is a free and open-source software library for machine learning and artificial intelligence. It can be used across a range of tasks but has a particular focus on training and inference of deep neural networks. "It is machine learnin ...

and TFX. * 2018 Conducting the first large-scale study on the illegal online distribution of child sexual abuse material in partnership with

NCMEC The National Center for Missing & Exploited Children (NCMEC) is a private, nonprofit organization established in 1984 by the United States Congress. In September 2013, the United States House of Representatives, United States Senate, and the Pres ...

. * 2017 Finding the 1st

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...

full collision. * 2015 Deprecating security questions at Google after completing the first large in-the-wild study on the effectiveness of security questions, which showed that they were both insecure and had a very low recall rate. * 2014 Redesigning Google

to make it easier for humans, resulting in a 6.7% improvement in the pass rate. * 2013 Strengthening Google accounts protections against hijackers and fake accounts.

Awards and honors

Best academic papers awards

* 2021 USENIX Security distinguished paper award for ''"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns'' * Bursztein 2019 USENIX Security distinguished paper award for ''Protecting accounts from credential stuffing with password breach alerting'' * 2019 CHI best paper award for ''“They don’t leave us alone anywhere we go”: Gender and digital abuse in South Asia'' * 2017 Crypto best paper award for ''The first collision for full SHA-1'' * 2015 WWW best student paper award for ''Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at Google'' * 2015 S&P Distinguished Practical Paper award for ''Ad Injection at Scale: Assessing Deceptive Advertisement Modifications'' * 2011 S&P best student paper award for ''OpenConflict: Preventing real time map hacks in online games'' * 2008 WISPT best paper award for ''Probabilistic protocol identification for hard to classify protocol''

Industry awards

* 2019 Recognized as one of the 100 most influential French people in

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

* 2017 BlackHat Pwnie award for the first practical SHA-1 collision * 2015 IRTF Applied Networking Research Prize for ''Neither snow nor rain nor MITM … An empirical analysis of email delivery security'' * 2010 Top 10 Web Hacking Techniques for ''Attacking HTTPS with cache injection''

Trivia

Bursztein is an accomplished magician and posted magic tricks weekly on Instagram during the 2019 pandemic. In 2014, following his talk on hacking

Hearthstone ''Hearthstone'' is a free-to-play online digital collectible card game developed and published by Blizzard Entertainment. Originally subtitled ''Heroes of Warcraft'', ''Hearthstone'' builds upon the existing lore of the ''Warcraft'' series by u ...

using machine learning, he decided not to make his prediction tool open source, because of the Hearthstone’s community disappointment and at

Blizzard Entertainment Blizzard Entertainment, Inc. is an American video game developer and publisher based in Irvine, California. A subsidiary of Activision Blizzard, the company was founded on February 8, 1991, under the name Silicon & Synapse, Inc. by three graduat ...

’s request.

Selected publications

References

External links

Elie Bursztein's personal site
*
Elie Bursztein on Google Scholar
{{DEFAULTSORT:Bursztein, Elie Living people 1980 births Hackers Modern cryptographers Computer security academics French computer scientists French cryptographers Google employees