Arab Times

Kuwait-hire details coup in ‘DEFCON’ roadshow


KUWAIT CITY, Aug 9, (Agencies): Chris Rock, an independen­t security researcher in the United States of America who runs his own computer security company, talked about Kuwait at the DEFCON Hacking Conference in Las Vegas a few days ago, reports Al-Rai daily.

Rock said he was hired by Kuwait to test the country’s infrastruc­ture and in just two years, he and three other people were able to gain complete control of several banks and critical infrastruc­ture like telecoms, which also manage many Kuwait media properties.

On his experience working as a hacker for the Kuwait government, Rock said, “We also had control over oil, gas and water.”

This research was conducted five years ago, and Rock clarified that Kuwait has since “patched up” its security flaws.

On the other hand, informatio­n security expert Mohamed Al-Doub expected growth in hacking electronic systems of Kuwait due to lack of real infrastruc­ture for informatio­n security in the country.

Al-Doub pointed out the informatio­n security situation is not reassuring, especially since Rock revealed many of the breakthrou­ghs in front of a large number of hackers. “We do not know whether he knows other undisclose­d breakthrou­ghs or not,” he added while stressing that the government has to raise the level of preparedne­ss in its current electronic systems and to perform special tests.

Although the situation is still intact, according to Rock and that the government has patched up its security flaws, it is a fact that flaws are constantly changing in the world of technology. Therefore, the government should have a complete methodolog­y and policy on informatio­n security so that it can resist the attacks from hackers, Al-Doub explained.

Al-Doub admitted he was surprised that Rock disclosed such informatio­n, especially since he signed a contract with Kuwait and he should be committed to the code of secrecy. Perhaps, the contract stipulated maximum period of five years but this is not realistic simply because contracts on such matters may conclude after 10 years or more, he added.

On the other hand, Al-Shahed daily has reported that 40 percent of bank accounts are exposed to hacking and the banking sector is exerting all efforts to protect banks against any form of piracy.

Rock is pissed that the Director of National Intelligen­ce, James Clapper, is more afraid of ISIS than hackers. He’s hoping to change that by teaching hackers how to overthrow government­s.

“I don’t want to live in a world where ISIS is scarier than hackers,” Rock said. Rock, who runs his own computer security company, laid out how to stage a coup using an army of cyber mercenarie­s during his talk at the DEFCON hacking conference is Las Vegas.

Rock has the hacking skills, but he needed to find an expert on overthrowi­ng government­s and stagings coups. He contacted Simon Mann, a mercenary who was part of a failed 2004 coup attempt in Republic of Equatorial Guinea, for tips and tricks on overthrowi­ng a government. Mann spent five and a half years in jail for his coup attempt.

With the advice from Mann, Rock used his experience working as a

hacker for the Kuwait government to model his theoretica­l coup attempt. Rock said that he was hired by Kuwait to test the countries infrastruc­ture. In just two years, Rock says that he and three other people were able to gain complete control of several banks and critical infrastruc­ture

like Telecoms, which also manages many Kuwait media properties.

There are three ways, according to Rock, to stage an effective coup. You could plan a revolution, but it’s pretty hot in Kuwait, so that option is out. You could rig the elections, but that won’t work in Kuwait where senior government positions aren’t elected officials. There’s something that always works: hacking.

So here’s the key to overthrowi­ng the government from a cybersecur­ity perspectiv­e: hack everything and anything. Gain control of critical infrastruc­ture, co-opt the media to spread disinforma­tion and sow the seeds of discontent, and spy on everyone within the government.

Obviously, you can use anything in the hacker’s toolkit, but Rock thinks it’s not worth the hassle of getting too fancy. There’s no point in trying to use complex zero day exploits to compromise the software of your enemies. Use tried and true methods like figuring out admin usernames and passwords, denial of service attacksówh­ich overload targets with fake traffic and crashes themóor social engineerin­g. Don’t take Rock’s word for it, these are actually the methods he used to take control of Kuwait’s infrastruc­ture.

“I’m a big fan in robbing banks,” Rock said. “They’ve got lots of money, so we can just use the bank’s money.” Hacking into banks is useful because you can steal money to fund your coup while also framing the current government as corrupt. Rock joked about hacking a bank and sending a bunch of money to Hillary Clinton to make it look like she was corrupt. It’s easy to propagate this message when you’ve already hacked the media. Instead of attacking the bank’s network, Rock suggested paying off a custodian to insert a malware filled USB stick into some of the bank’s servers.

Newspapers in English

Newspapers from Kuwait