Chris Kubecka

Last updated
Chris Kubecka
Selfie of Chris Kubecka.jpg
Kubecka in 2024
Other names@SecEvangelism
Occupation(s)Author, security researcher, speaker, adviser
Employer(s)HypaSec NL, Aramco, Unisys, USAF
Known forRe-establishing Saudi Aramco international business networks and establishing security after a cyberwarfare attack

Chris Kubecka is an American computer security researcher and cyberwarfare specialist. In 2012, Kubecka was responsible for getting the Saudi Aramco network running again after it was hit by one of the world's most devastating Shamoon cyberattacks. Kubecka also helped halt a second wave of July 2009 cyberattacks against South Korea. [1] Kubecka has worked for the US Air Force as a Loadmaster, the United States Space Command and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.

Contents

Early life

Kubecka's Puerto Rican mother became a robotics programmer and lacking money for daycare would take Kubecka to work with her. Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". She learned to program and at the age of 10 hacked the US Department of Justice. At 18, she began working for the US Air Force. [2] [3] [4]

Saudi Aramco security work

In 2012, Saudi Aramco's network experienced one of the worst hacks in history and Kubecka was contacted then contracted to get the company's systems back up and running. Kubecka explained that the Saudi Aramco network was flat so hackers were able to roll through quickly and infected close to 35,000 of its computers. [5] [6] [7] [8] Facing the emergency and immediately following the hardware attack, Saudi Aramco purchased 50,000 computer hard disk drives (off a production line). [9]

Cyber Terrorism work

In 2014, Kubecka fixed an email and rootkit attack on the Royal Saudi Arabian Embassy in The Hague, Netherlands. [10] [11] The first phase of the attack was caused by a weak email password of 123456 used on the official business embassy email. An Embassy insider and ISIS collaborator attempted to extort money from Prince Mohammed bin Nawwaf bin Abdulaziz, Sumaya Alyusuf and from the Royal Saudi Arabian Embassy of The Hague. During the second phase of the attack, the insider sent an extortion demand of 25,000 USD each from several Middle Eastern and Turkish Embassies. The third phase of the attack was caused by the Diplomatic Corps sending a warning notification to all The Hague embassies via email using CC not BCC, exposing the other official embassy email accounts to the attacker. During the fourth phase of the attack, the insider taunted the Diplomatic Corps, The Hague embassies and hacked into the Secretary to the Ambassador of Saudi Arabia personal Gmail account. The attacker rose the extortion demand to $35,000,000, then to $50,000,000 saying ISIS would destroy the Kurhaus of Scheveningen during the planned National Saudi Day celebrations to which over 400 dignitaries had been invited.[ citation needed ]

After the Shamoon attack and Dutch Embassy hacks, the Kingdom of Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed an MoU (memorandum of understanding) with one of the security colleges of Saudi Arabia in 2018. [12] [13] [14]

Career

Kubecka was at Saudi Aramco until the mid-2015 and then founded HypaSec. [15] Kubecka is considered an expert on cyberwarfare and has been a keynote speaker at trainings, [16] and conferences on cyber espionage, [17] security information and event management, [18] Industrial Control Systems Supervisory Control and Data Acquisition (ICS SCADA), IT and IOT security topics. [2] [19] Kubecka was the keynote speaker at Security BSides security conference in London in 2017 [20] [21] and a featured speaker at OWASP's Global AppSec Amsterdam 2019. [22]

Works

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

<span class="mw-page-title-main">Saudi Aramco</span> Saudi Arabian state-owned petroleum company

Saudi Aramco, officially the Saudi Arabian Oil Group or simply Aramco, is a state-owned petroleum and natural gas company that is the national oil company of Saudi Arabia. As of 2022, it is the second-largest company in the world by revenue and is headquartered in Dhahran. Saudi Aramco has both the world's second-largest proven crude oil reserves, at more than 270 billion barrels, and largest daily oil production of all oil-producing companies. It is the single greatest contributor to global carbon emissions of any company in the world since 1965.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a state

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Computer security conference</span> Convention for individuals involved in computer security

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conventions may include:

<span class="mw-page-title-main">Saudi Arabia–United Arab Emirates relations</span> Bilateral relations

Saudi Arabia and the United Arab Emirates (UAE) are neighbouring countries in the Middle East and Persian Gulf region, and share extensive political and cultural ties. Saudi Arabia maintains an embassy in Abu Dhabi and a consulate in Dubai of the UAE, while the UAE has an embassy in Riyadh and a consulate in Jeddah, Saudi Arabia.

Shamoon, also known as W32.DistTrack, is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature of the attack and the cost of recovery. Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unusable.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

<span class="mw-page-title-main">Seculert</span> Israeli cloud-based cyber security technology

Seculert was a cloud-based cyber security technology company based in Petah Tikva, Israel. The company's technology was designed to detect breaches and advanced persistent threats (APTs), attacking networks. Seculert's business was based on malware research and the ability to uncover malware that has gone undetected by other traditional measures.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Operation Cleaver, as labelled in a report by American firm Cylance Inc. in late 2014, was a cyberwarfare covert operation targeting critical infrastructure organizations worldwide, allegedly planned and executed by Iran.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is an American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

National Cybersecurity Authority, National Cyber Security Authority, or the Saudi National Cybersecurity Authority, is a government security entity in Saudi Arabia which focuses primarily on the country's computer security. Created in 2017, it is directly linked to the office of the king.

The 2019 cyberattacks on Sri Lanka were a series of powerful cyberattacks on at least 10 Sri Lankan domestic websites with the public domains of .lk and .com. The cyberattack is speculated to have been conducted on 18 and 19 May 2019, the day following the Vesak festival and amid the persistent temporary social media ban in the country. The website of the Kuwaiti Embassy operating in Sri Lanka was also affected by the cyberattacks. The investigations are currently carried out by Sri Lanka Computer Emergency Readiness Team along with Sri Lanka Signals Corps.

Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware."

<span class="mw-page-title-main">Capture the flag (cybersecurity)</span> Computer security exercise

Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A mixed competition combines these two styles. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport of the same name.

<span class="mw-page-title-main">MBS College for Cybersecurity and Advanced Technologies</span> Cybersecurity and artificial intelligence college in Riyadh, Saudi Arabia

The Prince Mohammed Bin Salman College for Cybersecurity, Artificial Intelligence and Advanced Technologies is a higher education technological college in Riyadh, Saudi Arabia. Established by Saud al-Qahtani in 2018, it is named after Mohammed bin Salman, the Crown Prince of Saudi Arabia since 2017. It is the first academic institute in Saudi Arabia dedicated for the study of cybersecurity and artificial intelligence.

<span class="mw-page-title-main">Black Hat Middle East and Africa</span> Cybersecurity convention in Saudi Arabia

Black Hat Middle East and Africa, formerly @HACK, is a three-day cybersecurity and hacking convention held annually in Riyadh, Saudi Arabia, during Riyadh Season. It is one of the largest conventions in its industry.

References

  1. "PSU@Shamoon". sites.psu.edu. Archived from the original on 2019-07-22. Retrieved 2019-09-07.
  2. 1 2 "APPSEC Cali 2018 - Women In Security Panel". March 19, 2018 via Internet Archive.
  3. "Paul's Security Weekly #498 - Chris Kubecka" via www.youtube.com.
  4. "How A 10-Year-Old War Dialer Became A Top Cybersecurity Expert". July 11, 2019.
  5. Jose Pagliery (2015-08-05). "The inside story of the biggest hack in history" . Retrieved 2012-08-19.
  6. "Black Hat USA 2015 Highlights". The State of Security. August 11, 2015.
  7. "Black Hat 2015: Rebuilding IT security after a cyber disaster". searchsecurity.techtarget.com. 10 February 2016. Retrieved 2019-09-07.
  8. "Shamoon – Darknet Diaries". darknetdiaries.com. Archived from the original on 2019-01-27.
  9. Pagliery, Jose (August 5, 2015). "The inside story of the biggest hack in history". CNNMoney.
  10. "Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security". CyberScoop. August 8, 2019.
  11. J.M. Porup (7 August 2019). "Inside the 2014 hack of a Saudi embassy". CSO Online. Retrieved 2019-09-07.
  12. "Prince Mohammed bin Salman College of Cybersecurity and Stanford University Sign MoU The official Saudi Press Agency". spa.gov.sa. Retrieved 2019-09-07.
  13. Yang, Daniel; Knowles, Hannah (April 25, 2019). "Despite political tensions, Stanford's Saudi partnerships continue with little scrutiny".
  14. "Prince Muhammed Bin Salman College signs key pact with Stanford University". Saudi Gazette. 23 June 2018. Retrieved 2019-09-07.
  15. "Ladies in Cyber Security by DefCamp". ladies.def.camp.
  16. "SANS Institute: Summit Archives". sans.org. Archived from the original on 2019-09-26. Retrieved 2019-09-07.
  17. "NATO explores the rules of cyber spying". Sky News. Retrieved 2019-09-25.
  18. 28C3: Security Log Visualization with a Correlation Engine (en) , retrieved 2019-09-25
  19. "28c3: Security Log Visualization with a Correlation Engine". YouTube . December 29, 2011. Retrieved 2017-11-04.
  20. "Cybersecurity pros: We'd help the government, but can't". Sky News.
  21. "Naming Russia as a perpetrator offers cybersecurity its #MeToo moment". Sky News. Retrieved 2019-09-25.
  22. "I've got a working title: The woman who squashed terrorists: When an Embassy gets hacked". Global AppSec. Retrieved 2019-09-27.