Chris Kubecka is an American

computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...

researcher and

cyberwarfare Cyberwarfare is the use of cyberattack, cyber attacks against an enemy State (polity), state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, ...

specialist. In 2012, Kubecka was responsible for getting the

Saudi Aramco Saudi Aramco ( ') or Aramco (formerly Arabian-American Oil Company), officially the Saudi Arabian Oil Company, is a majority state-owned petroleum and natural gas company that is the national oil company of Saudi Arabia. , it is the fourth- l ...

network running again after it was hit by one of the world's most devastating

Shamoon Shamoon (), also known as W32.DistTrack, is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit architecture of Windows NT, NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature ...

cyberattacks A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...

. Kubecka also helped halt a second wave of July 2009 cyberattacks against

South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia. It constitutes the southern half of the Korea, Korean Peninsula and borders North Korea along the Korean Demilitarized Zone, with the Yellow Sea to the west and t ...

. Kubecka has worked for the

US Air Force The United States Air Force (USAF) is the Air force, air service branch of the United States Department of Defense. It is one of the six United States Armed Forces and one of the eight uniformed services of the United States. Tracing its ori ...

as a

Loadmaster A loadmaster is an aircrew member on military transport aircraft or civilian aircraft (with cargo ramp) tasked with the safe loading, transport and unloading of aerial cargoes. Loadmasters serve in the militaries and civilian airlines of many nat ...

, the

United States Space Command United States Space Command (USSPACECOM or SPACECOM) is a unified combatant command of the United States Department of Defense, responsible for military operations in outer space, specifically all operations 100 kilometers (62 miles) and greater ...

and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.

Early life

Kubecka's Puerto Rican mother became a

robotics Robotics is the interdisciplinary study and practice of the design, construction, operation, and use of robots. Within mechanical engineering, robotics is the design and construction of the physical structures of robots, while in computer s ...

programmer A programmer, computer programmer or coder is an author of computer source code someone with skill in computer programming. The professional titles Software development, ''software developer'' and Software engineering, ''software engineer' ...

and lacking money for daycare would take Kubecka to work with her. Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". She learned to program and at the age of 10 hacked the

US Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the U.S. government that oversees the domestic enforcement of federal laws and the administration of justice. It is equ ...

. At 18, she began working for the

Saudi Aramco security work

In 2012,

's network experienced one of the worst hacks in history and Kubecka was contacted then contracted to get the company's systems back up and running. Kubecka explained that the Saudi Aramco network was flat so hackers were able to roll through quickly and infected close to 35,000 of its computers. Facing the emergency and immediately following the hardware attack, Saudi Aramco purchased 50,000 computer

hard disk drives A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...

(off a production line).

Cyber Terrorism work

In 2014, Kubecka fixed an email and

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...

attack on the Royal Saudi Arabian Embassy in

The Hague The Hague ( ) is the capital city of the South Holland province of the Netherlands. With a population of over half a million, it is the third-largest city in the Netherlands. Situated on the west coast facing the North Sea, The Hague is the c ...

Netherlands , Terminology of the Low Countries, informally Holland, is a country in Northwestern Europe, with Caribbean Netherlands, overseas territories in the Caribbean. It is the largest of the four constituent countries of the Kingdom of the Nether ...

. The first phase of the attack was caused by a weak email password of 123456 used on the official business embassy email. An Embassy

insider Insider(s) or The Insider(s) may refer to: Arts, entertainment, and media Comics * ''Insiders'', a comic series by Mark Millar and Paul Grist, published in ''Crisis'' * The Insiders, a team of DC Comics characters in the Brainiac stories * ''I ...

and

ISIS Isis was a major goddess in ancient Egyptian religion whose worship spread throughout the Greco-Roman world. Isis was first mentioned in the Old Kingdom () as one of the main characters of the Osiris myth, in which she resurrects her sla ...

collaborator attempted to

extort Extortion is the practice of obtaining benefit (e.g., money or goods) through coercion. In most jurisdictions it is likely to constitute a criminal offence. Robbery is the simplest and most common form of extortion, although making unfounded t ...

money from Prince Mohammed bin Nawwaf bin Abdulaziz, Sumaya Alyusuf and from the Royal Saudi Arabian Embassy of The Hague. During the second phase of the attack, the insider sent an extortion demand of 25,000 USD each from several Middle Eastern and Turkish Embassies. The third phase of the attack was caused by the

Diplomatic Corps The diplomatic corps () is the collective body of foreign diplomats accredited to a particular country or body. The diplomatic corps may, in certain contexts, refer to the collection of accredited heads of mission ( ambassadors, high commis ...

sending a warning notification to all The Hague embassies via email using CC not BCC, exposing the other official embassy email accounts to the attacker. During the fourth phase of the attack, the insider taunted the Diplomatic Corps, The Hague embassies and hacked into the Secretary to the Ambassador of Saudi Arabia personal Gmail account. The attacker rose the extortion demand to $35,000,000, then to $50,000,000 saying ISIS would destroy the

Kurhaus of Scheveningen The Kurhaus of Scheveningen, The Hague in the Netherlands is a hotel which has been called the Grand Hotel Amrâth Kurhaus The Hague since October 2014. It is located in the main seaside resort area, near the beach. History The Kurhaus was bu ...

during the planned National Saudi Day celebrations to which over 400 dignitaries had been invited. After the Shamoon attack and Dutch Embassy hacks, the Kingdom of Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed an MoU ( memorandum of understanding) with one of the security colleges of Saudi Arabia in 2018.

Career

Kubecka was at Saudi Aramco until the mid-2015 and then founded HypaSec. Kubecka is considered an expert on cyberwarfare and has been a keynote speaker at trainings, and conferences on

cyber espionage Cyber espionage, cyber spying, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers th ...

security information and event management Security information and event management (SIEM) is a field within computer security that combines security information management (SIM) and security event management (SEM) to enable real-time analysis of security alerts generated by applications an ...

Industrial Control Systems An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and int ...

Supervisory Control and Data Acquisition SCADA (an acronym for supervisory control and data acquisition) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also cove ...

(ICS SCADA), IT and IOT security topics. Kubecka was the keynote speaker at Security BSides security conference in London in 2017 and a featured speaker at OWASP's Global AppSec Amsterdam 2019.

Works

* Down the Rabbit Hole An OSINT Journey: Open Source Intelligence Gathering for Penetration Testing (2017) * Hack the World with OSINT. Learn how to discover and exploit IT, IOT and ICS SCADA systems with ease (2019) * Santa AI 2.0

References

External links

Chris Kubecka interviewed on Paul's Security Weekly Episode 498

Chris Kubecka answers readers questions on goodreads

How to Start a Cyber War - Lessons from Brussels, by Chris Kubecka (powerpoint on Research Gate)
{{DEFAULTSORT:Kubecka, Chris Living people Chief technology officers of computer security companies American chief technology officers Computer science writers Year of birth missing (living people)