Logo

120: Voulnet

en-us

June 28, 2022

TLDR: Mohammed Aldoub found a vulnerability on Virus Total and Tweeted about it after learning from his experience in Kuwait. This case's outcome was reported by Cybereason and Varonis support this episode.

1Ask AI
  • The Danger of Anonymity Online and the Power of Uncovering User DetailsThe internet may give an illusion of anonymity, but digital trails can be used to identify individuals. Technical skills can uncover user details to stop cyberbullying. Remember to treat others with respect and kindness online.

    The internet provides an illusion of anonymity, but there is always a digital trail that can be used to identify individuals and their personal information. This can be particularly dangerous in online spaces with toxic behavior, where the anonymity emboldens people to make vile and hurtful statements. However, as the story shows, with technical skills and knowledge of network traffic, it's possible to uncover user details beyond what is available in-game. This can be a valuable tool for stopping cyberbullying or harassment. It's also a reminder to be careful online and to treat others with the same respect and kindness one would want for themselves.

  • Cyber security expert on building a career in the industryWith dedication, expertise, and social media presence, a career in cyber security can be achieved. VirusTotal is a vital resource for staying up-to-date on the latest malware threats.

    Mohammed, a cyber security expert from Kuwait, entered the field around 2010 and gained immense knowledge. He provided awareness on cyber security through social media and built his Twitter following. He got a job in the Kuwaiti government to secure systems and analyze malware. After building his popularity and scaling up, he left his job in 2018 and gave his first official cyber security training in the Netherlands. He got accepted as a trainer in Black Hat, an annual security conference in Las Vegas, and planned on teaching API endpoint security. He examined malware, mainly targeting the Gulf region, and used VirusTotal to stay up-to-date. VirusTotal was a new fascinating website to him.

  • Premium members of VirusTotal get alerts about unseen malware. Experts analyze the files to prevent potential attacks.Using VirusTotal's premium membership, security researchers can detect and analyze unknown malware, providing better security and prevention against potential attacks.

    VirusTotal offers a free malware upload service to help security teams identify the type of malware present on their network. However, premium members get a bonus feature alerting them about newly uploaded, unseen malware files. Security researchers like Mohammed use this feature to discover and analyze unknown malware targeting their region, such as a suspicious banking malware uploaded from Kuwait. By analyzing the malware's strings or file hashes, they can determine whether it's infected their system and take necessary action. Posting file hashes is a safe way to share findings without revealing sensitive information. This malware discovery work leads to better security and prevention against potential attacks.

  • The Importance of Transparency in Cybersecurity IncidentsMaintaining transparency with employees and taking corrective measures can help organizations avoid cybersecurity incidents caused by internal notes in code, leading to loss of trust and money.

    Mohammed's tweet about malware with the word 'GBKADMIN' caught the attention of people, and two days later, the Gulf Bank of Kuwait reported a loss of $9 million. While Mohammed didn't publicly announce his theories, he observed that there was a possible connection between the malware and the bank loss. Furthermore, the bank fired its general manager of IT without providing transparent information. The incident didn't just catch the attention of the citizens but also the cybercrime department. It's crucial to note that internal notes in code or other information that's human-readable can cause cybersecurity incidents. Therefore, organizations need to maintain transparency with their employees and take corrective measures to avoid such incidents.

  • Understanding the Limits of Free Speech in Kuwaiti Law.Exercising free speech comes with responsibility. In Kuwait, there are limitations to what can and cannot be said about public figures and minorities. It is crucial to be aware of the laws and consequences.

    Mohammed's tweets led to him being accused of abusing a mobile phone device and leaking trade secrets. He hires a lawyer to navigate the criminal charge properly and discovers the fine line between freedom of speech and restrictions set by the Kuwaiti laws. There are certain public figures and minorities in Kuwait that can't be talked about in a bad manner, and hate speech is also prohibited. It shows the importance of being mindful of the laws while exercising freedom of speech and the consequences of undermining a bank's security, even unintentionally, which led to Mohammed's legal trouble and the need for a solid defense.

  • The abuse of cyber crime law in Kuwait and an attempted entrapment of a man who spoke out.The misuse of laws to suppress free speech is a prevalent issue in some countries. However, individuals can still defend their rights by providing solid evidence and standing their ground. Stay alert and cautious when facing suspicious phone calls or messages, especially when attending public events.

    The cyber crime law of 2014 in Kuwait was abused by people, such as government officials and social media figures, to sue anyone who spoke negatively about them. This often resulted in verdicts where people had to pay fines. Mohammed's trial was an example of this. However, he provided a solid defense that his tweets were protected speech, did not mention any specific bank or trademark, and came from public sources. The judge seemed convinced and on his side, allowing Mohammed to attend the Black Hat conference in the US. Before leaving, though, Mohammed received a suspicious phone call and telegram that tried to entrap him into revealing information about the Gulf Bank hack. He realized it was an entrapment attempt and played it cool, but still wonders who would benefit from targeting him.

  • The Consequences of Publicly Sharing Cybersecurity FindingsCybersecurity researchers should carefully consider the legal and financial implications of sharing their findings and take measures to avoid revealing sensitive information or causing harm.

    Mohammed's legal battle after finding malware on VirusTotal and tweeting about it highlights the potential consequences of sharing cybersecurity findings publicly. Even after being cleared of all wrongdoing, he still had to endure a year-long appeals court process due to the public prosecutors' formalities. The UN report also sheds light on a possible bank robbery in Kuwait, suggesting that cybersecurity threats can lead to real-world financial losses. As such, it is important for cybersecurity researchers to consider the potential legal and financial implications of sharing their findings before doing so, as well as taking steps to ensure that they do not inadvertently reveal sensitive information or cause harm.

Was this summary helpful?

Recent Episodes

122: Lisa

122: Lisa

Darknet Diaries

Host Lisa Forte shares insider threat stories in this podcast episode, which includes support content from Axonius, Varonis, and Snyk, as well as details on editing and sound design by various individuals.

August 23, 2022

121: Ed

121: Ed

Darknet Diaries

Penetration test stories are heard from Ed Skoudis and Beau Woods is interviewed. Sponsors include Axonius for their Cybersecurity Asset Management Platform, Zscaler's Zero Trust Exchange for traffic permitting and denying rules, and Cybereason to reverse cyber attorney's advantage.

July 26, 2022

Presenting: Click Here "Lapsus$"

Presenting: Click Here "Lapsus$"

Darknet Diaries

The podcast features two stories, including a tale from Click Here hosted by Dina Temple Raston and another about an Australian sewage plant. Support comes from Snyk, Linode, and Cybereason.

July 12, 2022

119: Hot Wallets

119: Hot Wallets

Darknet Diaries

In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what he’s found. Much of what we talk about in this episode has been published in Geoff’s new book The Lazarus Heist: From Hollywood to High Finance: Inside North Korea’s Global Cyber War (https://amzn.to/3mKf1qB). Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. axonius.com/darknet Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Learn more about your ad choices. Visit podcastchoices.com/adchoices

June 14, 2022

Related Episodes

149: Mini-Stories: Vol 3

149: Mini-Stories: Vol 3

Darknet Diaries

EvilMog shares his network troubleshooting story in Afghanistan, and Joe discusses a penetration test experience.

September 03, 2024

113: Adam

113: Adam

Darknet Diaries

Adam got a job doing IT work at a learning academy. He liked it and was happy there and feeling part of the team. But a strange series of events took him in another direction, that definitely didn’t make him happy. Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attacker’s advantage and puts the power back in the defender’s hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

March 22, 2022

144: Rachel

144: Rachel

Darknet Diaries

Rachel Tobac shares her journey as a social engineer and stories of hacking using voice and charm, with Daniel Miessler talking about AI in the background.

April 02, 2024

122: Lisa

122: Lisa

Darknet Diaries

Host Lisa Forte shares insider threat stories in this podcast episode, which includes support content from Axonius, Varonis, and Snyk, as well as details on editing and sound design by various individuals.

August 23, 2022

AI

Ask this episodeAI Anything

Darknet Diaries

Hi! You're chatting with Darknet Diaries AI.

I can answer your questions from this episode and play episode clips relevant to your question.

You can ask a direct question or get started with below questions -

Sign In to save message history