DeepSec 2021 Talk: Revenge is Best Served over IOT – Chris Kubecka
Welcome to the new Cold War in the Middle East. In 2012, Iran’s first Shamoon attacks almost crashed every world economy, nearly bringing the world to its knees. Since then, the game of spy vs. spy has intensified digitally with the pandemic accelerating connectivity. Join Chris on a 2.5 year Iranian espionage campaign attempting to recruit her for the most innocent of jobs: teaching critical infrastructure hacking with a focus on nuclear facilities. A journey of old school espionage with a cyber twist. Bribery, sockpuppets, recruitment handlers, propaganda VVIP luxury trip mixed with a little IOT camera revenge and 2021 police protection.
We asked Chris a few more questions about her talk.
Please tell us the top 5 facts about your talk.
- Our skills as ethical hackers are in high demand, especially by sanctioned countries. But be careful, using our skills for a foreign country can lead to legal implications.
- The S in IOT means security. There is barely if any security or privacy testing for the vast majority of IOT or IIOT.
- No matter how much money is offered, teaching how to hack critical infrastructure for a sanctioned country is illegal and will lead to a tiny, dehumanizing jail cell or worse.
- If you feel your life may be at risk, going public can save it. It can take the heat off. Keep a trusted list of journalists as a just in case.
- Ethical hacking laws can vary by country. If you want or feel a need to take some IOT revenge do it from the Netherlands and follow the ethical hacking laws closely.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
In 2020 I decided to go public with the story as a protection mechanism after the Iranian government decided to take pictures outside my house, dox me on religious extremist websites & call for my death. The initial spark was to show others a normally hidden world of recruitment of highly skilled ethical hackers.
Why do you think this is an important topic?
To open the eyes of other ethical hackers to how easily we can be swept up in geopolitics and espionage. More importantly, how to stay alive after getting swept up in nation-state craziness.
Is there something you want everybody to know – some good advice for our readers maybe?
If you get a dodgy LinkedIn request resulting in ilegal jobs record names, keep detailed records and contact high level police and/or an embassy. Local police has no experience and generally cannot help.
You never know if your next LinkedIn request could pull you into international espionage.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
As technology shifts more and more to machine learning diversify traditional ethical hacking and keep adding relevant skills. Don’t let the robots win.
Chris is the Distinguished Chair of the Middle East Institute’s Cyber Program and CEO of HypaSec. She has practical and strategic hands-on experience in several cyber warfare and cyber terrorism incidents. Previous USAF aviator and USAF Space Command. Detecting and helping to halt the July 2009 Second Wave attacks from the DPKR against South Korea and helping to recover and reestablish international business operations after the world’s most devastating cyber warfare attack, Shamoon in 2012. Leading the incident management when the Saudi Arabian Embassy in The Netherlands was hacked in 2014 which involved the ISIS terrorist group, the city of The Hague, all embassies in the city, negotiating and discovery of evidence of a diplomatic insider that saved over 400 dignitaries lives.