Pulling the plug on a huge hacking.
LOS ANGELES — Salim Neino had been waiting for something like WannaCry.
Fast, indiscriminate and disruptive, the computer infection locked up computers in British hospitals and was spreading across the world when Neino’s company, Kryptos Logic, stepped into the ring.
One of his researchers found a so-called kill switch in the WannaCry code and pounced. “We put it in a triangle choke!” joked Neino, a mixed-martial-arts fan.
Not bad for a 33-year-old Lawndale native and Cal State Long Beach grad, who co-founded Kryptos eight years ago with $120,000.
The mid-May episode thrust the small Los Angeles cybersecurity company onto a world stage. At the same time, it has opened a new era of broad-scale ransomware attacks — a fact driven home last week when a second worm, exploiting the same methods as WannaCry, briefly seized computers worldwide again, this time hitting oil, electric and shipping operations.
Neino has been quick to capitalize on the business opportunities from his new prominence. But he has also tried to use this status as ransomware wrangler to push for policy changes — measures he says are needed to cope with this new landscape of cybermayhem.
Testifying before Congress between attacks, Neino spelled out his proposal for a cybersecurity “Richter scale” — a triage system to help the public prioritize threats — and warned lawmakers against underrating the peril.
With WannaCry, and the June 27 reprise of it, the world got off easy, he insisted: “They had the bomb; they didn’t have the GPS.”
Until May, Kryptos was just another little-known boutique cybersecurity company operating, as much as possible, “in stealth mode,” Neino said. It does no marketing, employs no sales force and its workers guard their anonymity. The reason is that revenge hackers commonly target cybersecurity companies.
Genial, earnest and still fit from his wrestling days, Neino is the son of a Jordanian immigrant father and a Mexican-American mother from Montebello. His father came to LA as a young man with no English but talent enough to rise in the region’s aerospace industry.
Neino was raised speaking Arabic and Spanish, but he can’t remember either language now. Maybe code took over that brain space, he said. He got his start as a self-taught teenage programmer, landed his first computer job at age 15, and became — after a sister — the second person in his family to go to college.
The background, he said, is typical of Angelenos his age raised by aerospace workers to whom cybertinkering came naturally.
After a few years as an independent cybersecurity specialist, Neino co-founded Kryptos while still in his twenties with friends-andfamily seed money, and has used its revenue to expand ever since.
At first, Kryptos struggled. Neino could show potential clients that they had been hacked, but he couldn’t persuade them to care.
The problem is rife in cybersecurity, a vast but fuzzily defined industry sector worth perhaps hundreds of billions of dollars in the near future — if only its purveyors could explain what it’s for.
People who are good at cybersecurity tend to speak in jargon; people who aren’t good at cybersecurity can’t understand them. Meanwhile, the fire hose of botnets and malware gushing through the internet these days leaves victims feeling helpless. Throngs of companies peddle a mishmash of remedies: gadgets, software and services, in various combinations.
Then, on a lark, Neino joined a team that competed at the 2011 Defcon 19 hacking contest in Las Vegas and won a coveted Black Badge, a tchotchke shaped like a skull, almost actual size, designed to hang around the neck. The boost to Kryptos’ reputation brought new clients and lucrative contracts.
Today, privately held Kryptos has about 25 employees and annual revenue in the tens of millions of dollars. The company gathers information about who is trying to hack its clients and why. Then it helps them decide how to fight back.
Day to day, its researchers spend their time reporting on malware to subscribers and tracking the tens of thousands of new malware codes that surface daily on the web.
In essence, they operate like zoologists in the field: They detect malicious sequences by the signals they emit, catalog them and try to lure them into simulated targets so they can be dissected.
As computers in Britain’s hospitals locked up and companies in Europe started to report problems, Marcus Hutchins, a Kryptos researcher in Ilfracombe, England, conferred with Neino, who was in a hotel in Munich, Germany, on his way to catch his plane to Venice, Italy. Hutchins began analyzing samples of the malware code, sharing information via Twitter with other cyber researchers.
WannaCry is a self-replicating worm that attacks a basic file-sharing protocol on older Windows operating systems. If successfully loaded, the ransomware spreads to any connected vulnerable terminal, locking files and demanding, in slightly broken English, a $300 to $600 ransom to release them.
The worm exploits a vulnerability embedded in the very bones of the world’s most popular operating system.
The code used in WannaCry, which can crack Windows systems, was stolen from the U.S. National Security Agency and shared on the Internet.
Like many in his industry, Neino knew that it was only a matter of time before ordinary bandits or terrorists put these militarygrade spy tools to work. WannaCry, he realized, signaled that the moment had arrived.
From now on, he thought, vast sophisticated hacks, once limited to nation states, would be in reach of just about anyone.