Kuwait-hire details coup in ‘DEFCON’ roadshow
KUWAIT CITY, Aug 9, (Agencies): Chris Rock, an independent security researcher in the United States of America who runs his own computer security company, talked about Kuwait at the DEFCON Hacking Conference in Las Vegas a few days ago, reports Al-Rai daily.
Rock said he was hired by Kuwait to test the country’s infrastructure and in just two years, he and three other people were able to gain complete control of several banks and critical infrastructure like telecoms, which also manage many Kuwait media properties.
On his experience working as a hacker for the Kuwait government, Rock said, “We also had control over oil, gas and water.”
This research was conducted five years ago, and Rock clarified that Kuwait has since “patched up” its security flaws.
On the other hand, information security expert Mohamed Al-Doub expected growth in hacking electronic systems of Kuwait due to lack of real infrastructure for information security in the country.
Al-Doub pointed out the information security situation is not reassuring, especially since Rock revealed many of the breakthroughs in front of a large number of hackers. “We do not know whether he knows other undisclosed breakthroughs or not,” he added while stressing that the government has to raise the level of preparedness in its current electronic systems and to perform special tests.
Although the situation is still intact, according to Rock and that the government has patched up its security flaws, it is a fact that flaws are constantly changing in the world of technology. Therefore, the government should have a complete methodology and policy on information security so that it can resist the attacks from hackers, Al-Doub explained.
Al-Doub admitted he was surprised that Rock disclosed such information, especially since he signed a contract with Kuwait and he should be committed to the code of secrecy. Perhaps, the contract stipulated maximum period of five years but this is not realistic simply because contracts on such matters may conclude after 10 years or more, he added.
On the other hand, Al-Shahed daily has reported that 40 percent of bank accounts are exposed to hacking and the banking sector is exerting all efforts to protect banks against any form of piracy.
Rock is pissed that the Director of National Intelligence, James Clapper, is more afraid of ISIS than hackers. He’s hoping to change that by teaching hackers how to overthrow governments.
“I don’t want to live in a world where ISIS is scarier than hackers,” Rock said. Rock, who runs his own computer security company, laid out how to stage a coup using an army of cyber mercenaries during his talk at the DEFCON hacking conference is Las Vegas.
Rock has the hacking skills, but he needed to find an expert on overthrowing governments and stagings coups. He contacted Simon Mann, a mercenary who was part of a failed 2004 coup attempt in Republic of Equatorial Guinea, for tips and tricks on overthrowing a government. Mann spent five and a half years in jail for his coup attempt.
With the advice from Mann, Rock used his experience working as a
hacker for the Kuwait government to model his theoretical coup attempt. Rock said that he was hired by Kuwait to test the countries infrastructure. In just two years, Rock says that he and three other people were able to gain complete control of several banks and critical infrastructure
like Telecoms, which also manages many Kuwait media properties.
There are three ways, according to Rock, to stage an effective coup. You could plan a revolution, but it’s pretty hot in Kuwait, so that option is out. You could rig the elections, but that won’t work in Kuwait where senior government positions aren’t elected officials. There’s something that always works: hacking.
So here’s the key to overthrowing the government from a cybersecurity perspective: hack everything and anything. Gain control of critical infrastructure, co-opt the media to spread disinformation and sow the seeds of discontent, and spy on everyone within the government.
Obviously, you can use anything in the hacker’s toolkit, but Rock thinks it’s not worth the hassle of getting too fancy. There’s no point in trying to use complex zero day exploits to compromise the software of your enemies. Use tried and true methods like figuring out admin usernames and passwords, denial of service attacksówhich overload targets with fake traffic and crashes themóor social engineering. Don’t take Rock’s word for it, these are actually the methods he used to take control of Kuwait’s infrastructure.
“I’m a big fan in robbing banks,” Rock said. “They’ve got lots of money, so we can just use the bank’s money.” Hacking into banks is useful because you can steal money to fund your coup while also framing the current government as corrupt. Rock joked about hacking a bank and sending a bunch of money to Hillary Clinton to make it look like she was corrupt. It’s easy to propagate this message when you’ve already hacked the media. Instead of attacking the bank’s network, Rock suggested paying off a custodian to insert a malware filled USB stick into some of the bank’s servers.