HOME

TheInfoList



Click Here for Items Related To - Chris Kubecka
OR:
Chris Kubecka on:   [Wikipedia]   [Google]   [Amazon]

Chris Kubecka is an American computer security researcher and
cyberwarfare Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic ...
specialist. In 2012, Kubecka was responsible for getting the
Saudi Aramco Saudi Aramco ( ar, أرامكو السعودية '), officially the Saudi Arabian Oil Company (formerly Arabian-American Oil Company) or simply Aramco, is a Saudi Arabian public petroleum and natural gas company based in Dhahran. , it is one of ...
network back up and running after it was hit by one of the world's most devastating Shamoon
cyberattacks A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
. Kubecka also helped halt a second wave of July 2009 cyberattacks against
South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia, constituting the southern part of the Korea, Korean Peninsula and sharing a Korean Demilitarized Zone, land border with North Korea. Its western border is formed ...
. Kubecka has worked for the
US Air Force The United States Air Force (USAF) is the air service branch of the United States Armed Forces, and is one of the eight uniformed services of the United States. Originally created on 1 August 1907, as a part of the United States Army Sig ...
as a
Loadmaster A loadmaster is an aircrew member on civilian aircraft or military transport aircraft tasked with the safe loading, transport and unloading of aerial cargoes. Loadmasters serve in the militaries and civilian airlines of many nations. Duties ...
, the
United States Space Command United States Space Command (USSPACECOM or SPACECOM) is a unified combatant command of the United States Department of Defense, responsible for military operations in outer space, specifically all operations 100 kilometers (62 miles) and grea ...
and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.


Early life

Kubecka's Puerto Rican mother became a
robotics Robotics is an interdisciplinary branch of computer science and engineering. Robotics involves design, construction, operation, and use of robots. The goal of robotics is to design machines that can help and assist humans. Robotics integrat ...
programmer A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software. A programmer is someone who writes/creates ...
and lacking money for daycare would take Kubecka to work with her. Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". She learned to program and at the age of 10 hacked the
US Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United Stat ...
. At 18, she began working for the
US Air Force The United States Air Force (USAF) is the air service branch of the United States Armed Forces, and is one of the eight uniformed services of the United States. Originally created on 1 August 1907, as a part of the United States Army Sig ...
.


Saudi Aramco security work

In 2012,
Saudi Aramco Saudi Aramco ( ar, أرامكو السعودية '), officially the Saudi Arabian Oil Company (formerly Arabian-American Oil Company) or simply Aramco, is a Saudi Arabian public petroleum and natural gas company based in Dhahran. , it is one of ...
's network experienced one of the worst hacks in history and Kubecka was contacted then contracted to get the company's systems back up and running. Kubecka explained that the Saudi Aramco network was flat so hackers were able to roll through quickly and infected close to 35,000 of its computers. Facing the emergency and immediately following the hardware attack, Saudi Aramco purchased 50,000 computer
hard disk drives A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magn ...
(off a production line).


Cyber Terrorism work

In 2014, Kubecka fixed an email and
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
attack on the Royal Saudi Arabian Embassy in
The Hague The Hague ( ; nl, Den Haag or ) is a city and municipality of the Netherlands, situated on the west coast facing the North Sea. The Hague is the country's administrative centre and its seat of government, and while the official capital o ...
,
Netherlands ) , anthem = ( en, "William of Nassau") , image_map = , map_caption = , subdivision_type = Sovereign state , subdivision_name = Kingdom of the Netherlands , established_title = Before independence , established_date = Spanish Netherl ...
. The first phase of the attack was caused by a weak email password of 123456 used on the official business embassy email. An Embassy
insider ''Insider'', previously named ''Business Insider'' (''BI''), is an American financial and business news website founded in 2007. Since 2015, a majority stake in ''Business Insider''s parent company Insider Inc. has been owned by the German publ ...
and
ISIS Isis (; ''Ēse''; ; Meroitic: ''Wos'' 'a''or ''Wusa''; Phoenician: 𐤀𐤎, romanized: ʾs) was a major goddess in ancient Egyptian religion whose worship spread throughout the Greco-Roman world. Isis was first mentioned in the Old Kin ...
collaborator attempted to
extort Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, al ...
money from Prince Mohammed bin Nawwaf bin Abdulaziz, Sumaya Alyusuf and from the Royal Saudi Arabian Embassy of The Hague. During the second phase of the attack, the insider sent an extortion demand of 25,000 USD each from several Middle Eastern and Turkish Embassies. The third phase of the attack was caused by the
Diplomatic Corps The diplomatic corps (french: corps diplomatique) is the collective body of foreign diplomats accredited to a particular country or body. The diplomatic corps may, in certain contexts, refer to the collection of accredited heads of mission ( ...
sending a warning notification to all The Hague embassies via email using CC not BCC, exposing the other official embassy email accounts to the attacker. During the fourth phase of the attack, the insider taunted the Diplomatic Corps, The Hague embassies and hacked into the Secretary to the Ambassador of Saudi Arabia personal Gmail account. The attacker rose the extortion demand to $35,000,000, then to $50,000,000 saying ISIS would destroy the Kurhaus of Scheveningen during the planned National Saudi Day celebrations to which over 400 dignitaries had been invited. After the Shamoon attack and Dutch Embassy hacks, the Kingdom of Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed an MoU ( memorandum of understanding) with one of the security colleges of Saudi Arabia in 2018.


Career

Kubecka was at Saudi Aramco until the mid-2015 and then founded HypaSec. Kubecka is considered an expert on cyberwarfare and has been a keynote speaker at trainings, and conferences on
cyber espionage Cyber may refer to: Computing and the Internet * ''Cyber-'', from cybernetics, a transdisciplinary approach for exploring regulatory and purposive systems Crime and security * Cyber crime, crime that involves computers and networks ** Conventio ...
,
security information and event management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...
,
Industrial Control Systems An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and in ...
Supervisory Control and Data Acquisition Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors an ...
(ICS SCADA), IT and IOT security topics. Kubecka was the keynote speaker at Security BSides security conference in London in 2017 and a featured speaker at OWASP's Global AppSec Amsterdam 2019.


Works

* Down the Rabbit Hole An OSINT Journey: Open Source Intelligence Gathering for Penetration Testing (2017) * Hack the World with OSINT. Learn how to discover and exploit IT, IOT and ICS SCADA systems with ease (2019)


References


External links


Chris Kubecka Distinguished Chair of the Cyber Program at the Middle East Institute

Chris Kubecka interviewed on Paul's Security Weekly Episode 498

Chris Kubecka answers readers questions on goodreads

How to Start a Cyber War - Lessons from Brussels, by Chris Kubecka (powerpoint on Research Gate)
{{DEFAULTSORT:Kubecka, Chris Living people Chief technology officers of computer security companies Computer science writers Year of birth missing (living people)