{{short description|American computer security researcher}} {{Infobox person | name = Chris Kubecka | other_names = | occupation = Author, security researcher, speaker, adviser | employer = HypaSec NL, Aramco, Unisys | known_for = Re-establishing Saudi Aramco international business networks and establishing security after a cyberwarfare attack | image = Selfie of Chris Kubecka.jpg | caption = Kubecka in 2024 }} '''Chris Kubecka''' is a Puerto Rican [[computer security]] researcher and [[cyberwarfare]] specialist. In 2012, Kubecka was responsible for getting the [[Saudi Aramco]] network running again after it was hit by one of the world's most devastating [[Shamoon]] [[cyberattacks]]. Kubecka also helped halt a second wave of [[July 2009 cyberattacks]] against [[South Korea]].<ref name="PSU EDU">{{cite web|url=https://sites.psu.edu/psy533wheeler/2019/04/14/saudi-aramco-crisis-and-critical-infrastructure/|title=PSU@Shamoon|publisher=sites.psu.edu|accessdate=2019-09-07|archive-date=2019-07-22|archive-url=https://web.archive.org/web/20190722065811/https://sites.psu.edu/psy533wheeler/2019/04/14/saudi-aramco-crisis-and-critical-infrastructure/|url-status=dead}}</ref> Kubecka has worked for the [[United States Air Force|US Air Force]] as a [[Loadmaster]], the [[United States Space Command]] and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.
==Early life==
Kubecka’s mother, who was Puerto Rican, worked as a robotics programmer. Due to financial constraints, she often brought Kubecka to her workplace instead of using daycare. Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". At 18, she began working for the [[US Air Force]] as a military aviator.<ref name="APPSEC">{{Cite web|url=http://archive.org/details/youtube-56ze8cggM3c|title=APPSEC Cali 2018 - Women In Security Panel|date=March 19, 2018|via=Internet Archive}}</ref><ref name="Interview with Paul">{{Cite web|url=https://www.youtube.com/watch?v=MUORUW9BcIo|title=Paul's Security Weekly #498 - Chris Kubecka|via=www.youtube.com}}</ref><ref name="Ventures">{{Cite web|url=https://cybersecurityventures.com/how-a-10-year-old-war-dialer-became-a-top-cybersecurity-expert/|title=How A 10-Year-Old War Dialer Became A Top Cybersecurity Expert|date=July 11, 2019}}</ref><ref>{{Cite web |title=About, Chris Kubecka |url=https://www.hypasec.com/ |access-date=2026-02-06 |website=www.hypasec.com |language=en-US}}</ref>
== Career ==
Kubecka worked at Saudi Aramco until the mid-2015, before she founded HypaSec.<ref name="Ladies Def Camp">{{Cite web |title=Ladies in Cyber Security by DefCamp |url=https://ladies.def.camp/speakers.php |website=ladies.def.camp}}</ref> Kubecka is considered an expert on cyberwarfare and has been a keynote speaker at trainings,<ref name="sans">{{cite web |title=SANS Institute: Summit Archives |url=https://www.sans.org/cyber-security-summit/archives/not-found |url-status=dead |archive-url=https://web.archive.org/web/20190926004959/https://www.sans.org/cyber-security-summit/archives/not-found |archive-date=2019-09-26 |accessdate=2019-09-07 |website=sans.org}}</ref> and conferences on [[cyber espionage]],<ref name="auto">{{Cite web |title=NATO explores the rules of cyber spying |url=https://news.sky.com/story/nato-explores-the-rules-of-cyber-spying-10914604 |access-date=2019-09-25 |website=Sky News |language=en}}</ref> [[security information and event management]],<ref>{{Citation |title=28C3: Security Log Visualization with a Correlation Engine (en) |url=https://www.youtube.com/watch?v=P9x7P4dqEEE |access-date=2019-09-25 |language=en}}</ref> [[Industrial Control Systems]] [[Supervisory Control and Data Acquisition]] (ICS SCADA), IT and IOT security topics.<ref name="APPSEC" /><ref name="Log Visualization">{{cite web |date=December 29, 2011 |title=28c3: Security Log Visualization with a Correlation Engine |url=https://www.youtube.com/watch?v=j4pF9VUdphc |accessdate=2017-11-04 |website=[[YouTube]]}}</ref> Kubecka was the keynote speaker at Security BSides security conference in London in 2017<ref>{{Cite web |title=Cybersecurity pros: We'd help the government, but can't |url=https://news.sky.com/story/cybersecurity-pros-wed-help-the-government-but-cant-10909362 |website=Sky News}}</ref><ref>{{Cite web |title=Naming Russia as a perpetrator offers cybersecurity its #MeToo moment |url=https://news.sky.com/story/naming-russia-as-a-perpetrator-offers-cybersecurity-its-metoo-moment-11254385 |access-date=2019-09-25 |website=Sky News |language=en}}</ref> and a featured speaker at OWASP's Global AppSec Amsterdam 2019.<ref>{{Cite web |title=I've got a working title: The woman who squashed terrorists: When an Embassy gets hacked |url=https://ams.globalappsec.org/program/keynotes |access-date=2019-09-27 |website=Global AppSec |language=en}}</ref>
== Saudi Aramco security work ==
In 2012, [[Saudi Aramco]]'s network experienced one of the worst hacks in history and Kubecka was then contracted to get the company's systems back up and running. Kubecka explained that the Saudi Aramco network was flat so hackers were able to roll through quickly and infected close to 35,000 of its computers.<ref name="Pagliery2015">{{cite news |title= The inside story of the biggest hack in history |author=Jose Pagliery |url= https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html |archive-url= https://web.archive.org/web/20150808020211/http://money.cnn.com/2015/08/05/technology/aramco-hack/index.html |url-status= dead |archive-date= August 8, 2015 |date=2015-08-05 |accessdate=2012-08-19}}</ref><ref name="TripWire">{{Cite web|url=https://www.tripwire.com/state-of-security/off-topic/black-hat-2015-highlights/|title=Black Hat USA 2015 Highlights|date=August 11, 2015|website=The State of Security}}</ref><ref name="Tech Target">{{cite web|url=https://searchsecurity.techtarget.com/news/4500251309/Black-Hat-2015-Rebuilding-IT-security-after-a-cyber-disaster|website=searchsecurity.techtarget.com|title=Black Hat 2015: Rebuilding IT security after a cyber disaster|date=10 February 2016 |accessdate=2019-09-07}}</ref><ref name="Darknet Diaries">{{Cite web|url=https://darknetdiaries.com/episode/30/|title=Shamoon – Darknet Diaries|last=|first=|date=|website=darknetdiaries.com|url-status=live|archive-url=https://web.archive.org/web/20190127150430/https://darknetdiaries.com/episode/30/ |archive-date=2019-01-27 |access-date=}}</ref> Facing the emergency and immediately following the hardware attack, Saudi Aramco purchased 50,000 computer [[hard disk drives]] (off a production line).<ref>{{Cite web|url=https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html|archive-url=https://web.archive.org/web/20150808020211/http://money.cnn.com/2015/08/05/technology/aramco-hack/index.html|url-status=dead|archive-date=August 8, 2015|title=The inside story of the biggest hack in history|first=Jose|last=Pagliery|date=August 5, 2015|website=CNNMoney}}</ref>
== Cyber terrorism work == In 2014, Kubecka fixed an email and [[rootkit]] attack on the Royal Saudi Arabian embassy in [[The Hague]], [[Netherlands]].<ref>{{Cite web|url=https://www.cyberscoop.com/saudi-arabia-email-extortion-chris-kubecka/|title=Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security|date=August 8, 2019|website=CyberScoop}}</ref><ref name="csoonline">{{cite web|url=https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html|author=J.M. Porup|title=Inside the 2014 hack of a Saudi embassy|website=CSO Online|date=7 August 2019 |accessdate=2019-09-07}}</ref> The first phase of the attack was caused by a weak email password of 123456 used on the official business embassy email. An Embassy [[Insider threat|insider]] and [[Islamic State of Iraq and the Levant|ISIS]] collaborator attempted to [[Extortion|extort]] money from [[Mohammed bin Nawwaf bin Abdulaziz|Prince Mohammed bin Nawwaf bin Abdulaziz]], [[Sumaya Alyusuf]] and from the Royal Saudi Arabian embassy of The Hague. During the second phase of the attack, the insider sent an extortion demand of 25,000 USD each from several Middle Eastern and Turkish embassies. The third phase of the attack was caused by the [[Diplomatic corps|Diplomatic Corps]] sending a warning notification to all The Hague embassies via email using CC not BCC, exposing the other official embassy email accounts to the attacker. During the fourth phase of the attack, the insider taunted the Diplomatic Corps, The Hague embassies and hacked into the Secretary to the Ambassador of Saudi Arabia personal Gmail account. The attacker rose the extortion demand to $35,000,000, then to $50,000,000 saying ISIS would destroy the [[Kurhaus of Scheveningen]] during the planned National Saudi Day celebrations to which over 400 dignitaries had been invited.{{citation needed|date=September 2019}}
After the Shamoon attack and Dutch embassy hacks, the Kingdom of Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed a [[memorandum of understanding]] with one of the security colleges of Saudi Arabia in 2018.<ref name="spa">{{cite web|url=https://www.spa.gov.sa/viewfullstory.php?lang=en&newsid=1778091|website=spa.gov.sa|title=Prince Mohammed bin Salman College of Cybersecurity and Stanford University Sign MoU The official Saudi Press Agency|accessdate=2019-09-07}}</ref><ref>{{Cite web|url=https://www.stanforddaily.com/2019/04/25/despite-political-tensions-stanfords-saudi-partnerships-continue-with-little-scrutiny/|title=Despite political tensions, Stanford's Saudi partnerships continue with little scrutiny|first1=Daniel|last1=Yang|first2=Hannah|last2=Knowles|date=April 25, 2019}}</ref><ref name="saudigazette">{{cite web|url=http://saudigazette.com.sa/article/537401|title=Prince Muhammed Bin Salman College signs key pact with Stanford University|website=Saudi Gazette|date=23 June 2018 |accessdate=2019-09-07}}</ref>
==Works==
* ''Down the Rabbit Hole: An OSINT Journey'' (2017). {{ISBN|978-0-9956875-4-7}} * ''Hack the World with OSINT'' (2019). {{ISBN|978-0-9956875-9-2}} * ''Santa AI 2.0'' (2023). {{ISBN|978-0-9956875-9-2}} * ''How to Hack a Modern Dictatorship with AI: The Digital CIA/OSS Sabotage Manual'' (2025). {{ISBN|978-19164666-9-2}}<ref name="DictatorshipRG">{{Cite web |title=How to Hack a Modern Dictatorship With AI: The Digital CIA/OSS Sabotage Manual |url=https://www.researchgate.net/publication/391452490_HOW_TO_HACK_A_MODERN_DICTATORSHIP_WITH_AI_THE_DIGITAL_CIAOSS_SABOTAGE_MANUAL_CHRIS_KUBECKA |website=ResearchGate |author=Kubecka, Chris |date=2025 |access-date= }}</ref><ref name="DictatorshipDOI">{{Cite web |title=How to Hack a Modern Dictatorship with AI: The Digital CIA/OSS Sabotage Manual |author=Chris Kubecka |year=2025 |doi=10.5281/zenodo.15342994 |url=https://doi.org/10.5281/zenodo.15342994 |publisher=Zenodo |access-date= }}</ref><ref name="EuroDIG">{{Cite web |title=EuroDIG 2025 – WS 08: How AI impacts society and security: opportunities and vulnerabilities |url=https://eurodigwiki.org/wiki/How_AI_impacts_society_and_security:_opportunities_and_vulnerabilities_%E2%80%93_WS_08_2025 |website=EuroDIG Wiki |publisher=European Dialogue on Internet Governance |date=13 May 2025 |access-date= }}</ref> * ''The Drone Wars: OSINT Field Guide to Russian Drone Footage & Verification'' (2025). {{ISBN|978-17384762-2-0}}<ref name="DroneWarsRG">{{Cite web |title=The Drone Wars: OSINT Field Guide to Russian Drone Footage & Verification |url=https://www.researchgate.net/publication/394355297_The_Drone_Wars_OSINT_Field_Guide_to_Russian_Drone_Footage_Verification_A_Field_Intelligence_Handbook_for_Investigators_Journalists_Defenders_in_Conflict_Zones |website=ResearchGate |author=Kubecka, Chris |date=2025 |access-date= }}</ref> * ''The Hacktress Intel Brief: FPV Doctrine: From Swarms to Psychological Warfare'' (2025). {{ISBN|978-17384762-4-4}}
==References== {{Reflist}}
==External links== * [https://medium.com/@SecEvangelism Chris Kubecka de Medina] - [[Medium (website)|Medium]] * [https://www.youtube.com/watch?v=MUORUW9BcIo Chris Kubecka interviewed on Paul's Security Weekly Episode 498] * [https://www.goodreads.com/author/17044584.Chris_Kubecka/questions Chris Kubecka answers readers questions on goodreads] * [https://www.researchgate.net/publication/332877673_How_to_Start_a_Cyber_War_-_Lessons_from_Brussels How to Start a Cyber War - Lessons from Brussels, by Chris Kubecka (powerpoint on Research Gate)]
{{Authority control}}
{{DEFAULTSORT:Kubecka, Chris}} [[Category:Living people]] [[Category:Chief technology officers of computer security companies]] [[Category:American chief technology officers]] [[Category:Computer science writers]] [[Category:Year of birth missing (living people)]]