Chris Kubecka

Last updated
Chris Kubecka
Other names@SecEvangelism
Occupation(s)Author, security researcher, speaker, adviser
Employer(s)HypaSec NL, Aramco, Unisys, USAF
Known forRe-establishing Saudi Aramco international business networks and establishing security after a cyberwarfare attack

Chris Kubecka is an American computer security researcher and cyberwarfare specialist. In 2012, Kubecka was responsible for getting the Saudi Aramco network back up and running after it was hit by one of the world's most devastating Shamoon cyberattacks. Kubecka also helped halt a second wave of July 2009 cyberattacks against South Korea. [1] Kubecka has worked for the US Air Force as a Loadmaster, the United States Space Command and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.

Contents

Early life

Kubecka's Puerto Rican mother became a robotics programmer and lacking money for daycare would take Kubecka to work with her. Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". She learned to program and at the age of 10 hacked the US Department of Justice. At 18, she began working for the US Air Force. [2] [3] [4]

Saudi Aramco security work

In 2012, Saudi Aramco's network experienced one of the worst hacks in history and Kubecka was contacted then contracted to get the company's systems back up and running. Kubecka explained that the Saudi Aramco network was flat so hackers were able to roll through quickly and infected close to 35,000 of its computers. [5] [6] [7] [8] Facing the emergency and immediately following the hardware attack, Saudi Aramco purchased 50,000 computer hard disk drives (off a production line). [9]

Cyber Terrorism work

In 2014, Kubecka fixed an email and rootkit attack on the Royal Saudi Arabian Embassy in The Hague, Netherlands. [10] [11] The first phase of the attack was caused by a weak email password of 123456 used on the official business embassy email. An Embassy insider and ISIS collaborator attempted to extort money from Prince Mohammed bin Nawwaf bin Abdulaziz, Sumaya Alyusuf and from the Royal Saudi Arabian Embassy of The Hague. During the second phase of the attack, the insider sent an extortion demand of 25,000 USD each from several Middle Eastern and Turkish Embassies. The third phase of the attack was caused by the Diplomatic Corps sending a warning notification to all The Hague embassies via email using CC not BCC, exposing the other official embassy email accounts to the attacker. During the fourth phase of the attack, the insider taunted the Diplomatic Corps, The Hague embassies and hacked into the Secretary to the Ambassador of Saudi Arabia personal Gmail account. The attacker rose the extortion demand to $35,000,000, then to $50,000,000 saying ISIS would destroy the Kurhaus of Scheveningen during the planned National Saudi Day celebrations to which over 400 dignitaries had been invited.[ citation needed ]

After the Shamoon attack and Dutch Embassy hacks, the Kingdom of Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed an MoU (memorandum of understanding) with one of the security colleges of Saudi Arabia in 2018. [12] [13] [14]

Career

Kubecka was at Saudi Aramco until the mid-2015 and then founded HypaSec. [15] Kubecka is considered an expert on cyberwarfare and has been a keynote speaker at trainings, [16] and conferences on cyber espionage, [17] security information and event management, [18] Industrial Control Systems Supervisory Control and Data Acquisition (ICS SCADA), IT and IOT security topics. [2] [19] Kubecka was the keynote speaker at Security BSides security conference in London in 2017 [20] [21] and a featured speaker at OWASP's Global AppSec Amsterdam 2019. [22]

Works

Related Research Articles

<span class="mw-page-title-main">Saudi Aramco</span> Saudi Arabian petroleum company

Saudi Aramco, officially the Saudi Arabian Oil Group or simply Aramco, is a petroleum and natural gas company that is the national oil company of Saudi Arabia. As of 2022, it is the second-largest company in the world by revenue and is headquartered in Dhahran. It has repeatedly achieved the largest annual profits in global corporate history. Saudi Aramco has both the world's second-largest proven crude oil reserves, at more than 270 billion barrels, and largest daily oil production of all oil-producing companies.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Saudi Arabia–United Arab Emirates relations</span> Bilateral relations

Saudi Arabia and the United Arab Emirates (U.A.E.) are neighbouring countries in the Middle East and Persian Gulf region, and share extensive political and cultural ties. Saudi Arabia maintains an embassy in Abu Dhabi and a consulate in Dubai of the U.A.E., while the U.A.E. has an embassy in Riyadh and a consulate in Jeddah, Saudi Arabia.

Shamoon, also known as W32.DistTrack, is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature of the attack and the cost of recovery. Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unusable.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

<span class="mw-page-title-main">Seculert</span> Israeli cloud-based cyber security technology

Seculert is a cloud-based cyber security technology company based in Israel. The company's technology is designed to detect breaches and Advanced Persistent Threats (APTs), attacking networks. Seculert's business is based on malware research and the ability to uncover malware that has gone undetected by other traditional measures.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Operation Cleaver, as labelled in a report by American firm Cylance Inc. in late 2014, was a cyberwarfare covert operation targeting critical infrastructure organizations worldwide, allegedly planned and executed by Iran.

Advanced Persistent Threat 33 (APT33) is a hacker group identified by FireEye as being supported by the government of Iran. The group has also been called Refined Kitten, Magnallium, and Holmium.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

<span class="mw-page-title-main">National Cybersecurity Authority (Saudi Arabia)</span> Cybersecurity entity of the government of Saudi Arabia

National Cybersecurity Authority, National Cyber Security Authority, or the Saudi National Cybersecurity Authority, is a government security entity in Saudi Arabia which focuses primarily on the country's computer security. Created in 2017, it is directly linked to the office of the king.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

Charming Kitten is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Capture the flag (cybersecurity)</span> Computer security exercise

Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A combination of those two styles would be called mixed. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport of the same name.

<span class="mw-page-title-main">MBS College for Cybersecurity and Advanced Technologies</span> Cybersecurity and artificial intelligence college in Riyadh, Saudi Arabia

The Prince Mohammed Bin Salman College for Cybersecurity, Artificial Intelligence and Advanced Technologies is a higher education technological college in Riyadh, Saudi Arabia. Established by Saud al-Qahtani in 2018, it is named after Mohammed bin Salman, the Crown Prince of Saudi Arabia since 2017. It is the first academic institute in Saudi Arabia dedicated for the study of cybersecurity and artificial intelligence.

Black Hat Middle East and Africa formerly @HACK is a three-day cybersecurity and hacking convention that annually takes place in Riyadh, Saudi Arabia, during Riyadh Season. It is one of the largest conventions in its industry.

References

  1. "PSU@Shamoon". sites.psu.edu. Archived from the original on 2019-07-22. Retrieved 2019-09-07.
  2. 1 2 "APPSEC Cali 2018 - Women In Security Panel". March 19, 2018 via Internet Archive.
  3. "Paul's Security Weekly #498 - Chris Kubecka" via www.youtube.com.
  4. "How A 10-Year-Old War Dialer Became A Top Cybersecurity Expert". July 11, 2019.
  5. Jose Pagliery (2015-08-05). "The inside story of the biggest hack in history" . Retrieved 2012-08-19.
  6. "Black Hat USA 2015 Highlights". The State of Security. August 11, 2015.
  7. "Black Hat 2015: Rebuilding IT security after a cyber disaster". searchsecurity.techtarget.com. 10 February 2016. Retrieved 2019-09-07.
  8. "Shamoon – Darknet Diaries". darknetdiaries.com. Archived from the original on 2019-01-27.
  9. Pagliery, Jose (August 5, 2015). "The inside story of the biggest hack in history". CNNMoney.
  10. "Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security". CyberScoop. August 8, 2019.
  11. J.M. Porup (7 August 2019). "Inside the 2014 hack of a Saudi embassy". CSO Online. Retrieved 2019-09-07.
  12. "Prince Mohammed bin Salman College of Cybersecurity and Stanford University Sign MoU The official Saudi Press Agency". spa.gov.sa. Retrieved 2019-09-07.
  13. Yang, Daniel; Knowles, Hannah (April 25, 2019). "Despite political tensions, Stanford's Saudi partnerships continue with little scrutiny".
  14. "Prince Muhammed Bin Salman College signs key pact with Stanford University". Saudi Gazette. 23 June 2018. Retrieved 2019-09-07.
  15. "Ladies in Cyber Security by DefCamp". ladies.def.camp.
  16. "SANS Institute: Summit Archives". sans.org. Archived from the original on 2019-09-26. Retrieved 2019-09-07.
  17. "NATO explores the rules of cyber spying". Sky News. Retrieved 2019-09-25.
  18. 28C3: Security Log Visualization with a Correlation Engine (en) , retrieved 2019-09-25
  19. "28c3: Security Log Visualization with a Correlation Engine". YouTube . December 29, 2011. Retrieved 2017-11-04.
  20. "Cybersecurity pros: We'd help the government, but can't". Sky News.
  21. "Naming Russia as a perpetrator offers cybersecurity its #MeToo moment". Sky News. Retrieved 2019-09-25.
  22. "I've got a working title: The woman who squashed terrorists: When an Embassy gets hacked". Global AppSec. Retrieved 2019-09-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.