Mustafa Al-Bassam

Last updated

Mustafa Al-Bassam
2017-12-27 Mustafa Al-Bassam 7793.jpg
Mustafa Al-Bassam giving a talk at the 34th Chaos Communication Congress (2017)
BornJanuary 1995 (age 29)
Other namestflow
Citizenship
Alma mater
Awards Forbes 30 Under 30
Scientific career
Fields Computer science
Thesis Securely scaling blockchain base layers  (2020)
Doctoral advisor George Danezis

Mustafa Al-Bassam (born January 1995) is an Iraqi- British computer security researcher, hacker, and co-founder of Celestia Labs. [1] Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. [2] [3] He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. [4] [5] In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. [6] [7] In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology. [8]

Contents

Early life and education

Al-Bassam was born in Baghdad, Iraq in January 1995, and migrated to London, United Kingdom when he was five years old. [9] He received a BSc in Computer Science from King's College London, [10] [11] and subsequently completed a PhD at University College London. [12]

Hacktivism

In 2011 as a 16 year old teenager, Al-Bassam was one of the six core members of LulzSec during its 50-day hacking spree, going by the alias "tflow". The group used denial-of-service attacks and compromised a number of high profile organizations and corporations, including Sony, Fox, News International, Nintendo and the CIA. [3]

He was also affiliated with the online association of hacktivists known as Anonymous, where he was involved with the hacking of emails from HBGary Federal, an intelligence contractor for the U.S. government. [13] The emails revealed that HBGary Federal was working to develop astroturfing software to create an "army" of fake social media profiles, [14] and was hired by the U.S. Chamber of Commerce to spy on and smear political opponents with fake documents and communications. [15] As a result, members of the U.S. Congress called for an investigation into HBGary Federal. [15]

On 20 July 2011, it was announced on Fox News and other press outlets [16] [17] [18] that London's Metropolitan Police had arrested a 16-year-old student in London who was alleged to have used the nickname "Tflow" in a series of high-profile attacks on fox.com, [19] the FBI affiliate "Infragard", [20] PBS [21] [22] and Sony. [23] For legal reasons, his name could not be disclosed for nearly two more years. On 9 April 2013, Tflow's full name was revealed along with his picture on multiple news outlets throughout the Internet. [24] He pleaded guilty to computer misuse and received a 20-month suspended sentence with 320 hours of unpaid community service work. [25] A nearly two-year internet ban imposed by police has since expired. [26] [27]

Career and research

Distributed ledgers

Al-Bassam has published research on scaling blockchains and cryptocurrencies. [28] He contributed to the design and implementation of Chainspace, a blockchain protocol that makes use of sharding to increase transaction throughput. [29] Chainspace was later spun-out into a commercial company he co-founded, and was then acquired by Facebook in 2019 to become a part of the Libra project. [4] [5] Al-Bassam has since been critical of Libra, stating that "the road to dystopia is paved with good intentions, and I'm concerned about Libra's model for decentralization". [4]

Privacy and surveillance

In 2014 Al-Bassam volunteered for Privacy International, [2] where he released research on the computer destruction techniques that GCHQ used when forcing journalists at The Guardian's London headquarters to destroy the computers on which they stored copies of classified documents provided by NSA whistleblower Edward Snowden. [30]

In an article for Motherboard, he revealed that GCHQ's Joint Threat Research Intelligence Group (JTRIG), had been involved with online sockpuppetry by creating a series of fake Twitter accounts and an URL shortener which was used as a honeypot for dissidents during the Arab spring, having been targeted by JTRIG himself. [31]

Awards and honours

In 2016, Al-Bassam was listed in the Forbes 30 Under 30 in the technology section for his work on uncovering government surveillance. [8]

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">InfraGard</span> FBI Initiative for Public-Private Sector Infrastructure protection

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Alexander Hammond, also known by his online moniker sup_g, is an American anarchist activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT. For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak. HBGary was later acquired by a large defense contractor.

<span class="mw-page-title-main">420chan</span> Anonymous forums where users can discuss drugs and alcohol

420chan was an anonymous imageboard founded on 20 April 2005 by hacker and freelance web developer Aubrey Cottle. According to its founder, its name was a portmanteau of 420, a slang word originating in cannabis culture but now applicable to drug culture more generally, and 4chan, another imageboard website. Discussion on the site was primarily focused around recreational drug use and wrestling, with other boards related to topics including humor and academia.

The Jester is a self-identified grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks and Islamist websites. He claims to be acting out of American patriotism.

Jake Leslie Davis, best known by his online pseudonym Topiary, is a British hacktivist. He has worked with Anonymous, LulzSec, and other similar groups. He was an associate of the Internet group Anonymous, which has publicly claimed various online attacks, including hacking HBGary, Westboro Baptist Church, and Gawker. They have also claimed responsibility for the defacing of government websites in countries such as Zimbabwe, Syria, Tunisia, Ireland, and Egypt.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July, they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Hector Xavier Monsegur, known also by the online pseudonym Sabu, is an American computer hacker and co-founder of the hacking group LulzSec. Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups while facing a sentence of 124 years in prison. LulzSec intervened in the affairs of organizations such as News Corporation, Stratfor, UK and American law enforcement bodies and Irish political party Fine Gael.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

Ryan Ackroyd, a.k.a.Kayla and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

The Joint Threat Research Intelligence Group (JTRIG) is a unit of the Government Communications Headquarters (GCHQ), the British intelligence agency. The existence of JTRIG was revealed as part of the global surveillance disclosures in documents leaked by the former National Security Agency contractor Edward Snowden.

<span class="mw-page-title-main">Andreas Antonopoulos</span> British-Greek Bitcoin advocate

Andreas Markos Antonopoulos is a British-Greek Bitcoin advocate, tech entrepreneur, and author. He is a host on the Speaking of Bitcoin podcast and a teaching fellow for the M.Sc. Digital Currencies at the University of Nicosia.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Cryptocurrency and crime describe notable examples of cybercrime related to theft of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

<span class="mw-page-title-main">HMA (VPN)</span> Virtual private network service founded in 2005

HMA is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.

<span class="mw-page-title-main">George Danezis</span> Computer scientist

George Danezis, FBCS is a computer scientist and Professor of Security and Privacy Engineering at the Department of Computer Science, University College London where he is part of the Information Security Research Group, and a fellow at the Alan Turing Institute. He co-founded Chainspace, a sharded smart contract platform, and was Head of Research before it was acquired by Facebook. After leaving Facebook he co-founded MystenLabs and is one of the designers of the Sui Blockchain. He currently works part-time as a Professor at University College London and as Chief Scientist at MystenLabs.

References

  1. "Celestia". celestia.org. Retrieved 29 August 2022.
  2. 1 2 Coleman, E. Gabriella, 1973- (2014). Hacker, hoaxer, whistleblower, spy : the many faces of Anonymous . London. ISBN   9781781685839. OCLC   890807781.{{cite book}}: CS1 maint: location missing publisher (link) CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)
  3. 1 2 Robertson, Adi (16 May 2013). "LulzSec hackers sentenced to between one and three years in prison by UK court". The Verge. Retrieved 21 July 2019.
  4. 1 2 3 Field, Matthew (26 June 2019). "The tiny UK start-up founded by UCL scientists now at the heart of Facebook's Libra currency". The Telegraph. ISSN   0307-1235 . Retrieved 21 July 2019.
  5. 1 2 "Facebook Makes First Blockchain Acquisition With Chainspace: Sources". Cheddar. Retrieved 21 July 2019.
  6. Al Bassam, Mustafa (28 December 2020). "Securely Scaling Blockchain Base Layers". UCL (University College London).
  7. "Mustafa Al-Bassam - Research Homepage". www0.cs.ucl.ac.uk. Retrieved 29 August 2022.
  8. 1 2 "Mustafa Al-Bassam". Forbes. Retrieved 21 July 2019.
  9. Miller, Carl (Researcher on social media) (2018). The death of the gods : the new global power grab. London. ISBN   9781785151330. OCLC   1051237704.{{cite book}}: CS1 maint: location missing publisher (link)
  10. Bano, Shehar, Mustafa Al-Bassam, and George Danezis. "The road to scalable blockchain designs." USENIX; login: magazine (2017).
  11. "Cyber defence unit 'may use hackers'". 22 October 2013. Retrieved 21 July 2019.
  12. "Despite high-profile hacks, companies still aren't behaving securely: ex-LulzSec hacker". www.cso.com.au. Retrieved 21 July 2019.
  13. Bright, Peter (10 March 2012). "With arrests, HBGary hack saga finally ends". Ars Technica. Retrieved 21 July 2019.
  14. Monbiot, George (23 February 2011). "The need to protect the internet from 'astroturfing' grows ever more urgent | George Monbiot". The Guardian. ISSN   0261-3077 . Retrieved 21 July 2019.
  15. 1 2 Fogarty, Kevin (4 March 2011). "Congress eyes dirty tricks from HBGary, Chamber of Commerce". ITworld. Retrieved 21 July 2019.
  16. "Leading Member of LulzSec Hacker Squad Arrested in London". Fox News. 19 July 2011. Retrieved 30 October 2013.
  17. Bright, Peter (20 July 2011). "FBI arrests 16 Anons across US; UK police pick up LulzSec member". Ars Technica. Retrieved 30 October 2013.
  18. "Hacker Arrests May Have Included Core Member Of LulzSec". Forbes. 19 July 2011. Retrieved 30 October 2013.
  19. "Fox.com Hacked By Group Lulz Security". Huffingtonpost.com. 10 May 2011. Retrieved 30 October 2013.
  20. Satter, Raphael G. (5 June 2011). "LulzSec Hackers Claim Breach Of FBI Affiliate Infragard Atlanta". Huffingtonpost.com. Retrieved 30 October 2013.
  21. "PBS website hacked, defaced after WikiLeaks documentary evokes online ire". Latimesblogs.latimes.com. 30 May 2011. Retrieved 30 October 2013.
  22. "Sites Hacked; Readers' Data Not Compromised". PBS NewsHour. 30 May 2011. Retrieved 30 October 2013.
  23. Albanesius, Chloe (3 June 2011). "Sony LulzSec Hack: What You Need to Know". PCMag.com. Retrieved 30 October 2013.
  24. "Mustafa Al-Bassam". NakedSecurity.sophos.com. Retrieved 30 October 2013.
  25. How I Hacked The US Government Aged 16 | Minutes With | @LADbible TV , retrieved 11 September 2021
  26. "Mustafa Al-Bassam (musalbas) on Twitter". Twitter.com. Retrieved 30 October 2013.
  27. "Were you banned from the internet for two years like Jake Davis? | ask.fm/musalbas". Ask.fm. Archived from the original on 31 October 2013. Retrieved 30 October 2013.
  28. "Mustafa Al-Bassam - Google Scholar Citations". scholar.google.com. Retrieved 21 July 2019.
  29. Al-Bassam, Mustafa; Sonnino, Alberto; Bano, Shehar; Hrycyszyn, Dave; Danezis, George (2018). "Chainspace: A Sharded Smart Contracts Platform" (PDF). Proceedings 2018 Network and Distributed System Security Symposium. San Diego, CA: Internet Society. doi: 10.14722/ndss.2018.23241 . ISBN   9781891562495. S2CID   1360317.
  30. McLaughlin, Jenna (26 August 2015). "The Way GCHQ Obliterated The Guardian's Laptops May Have Revealed More Than It Intended". The Intercept. Retrieved 21 July 2019.
  31. Al-Bassam, Mustafa (29 July 2016). "British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents". Vice. Retrieved 21 July 2019.