Post by Mark
Around 10 days back there was a rumor going around that Talabat went under a cyberattack. I got a few messages saying that Talabat accounts were hacked and that users credit card and Knet information was compromised. I figured that was bullshit because Talabat doesn’t save our bank details, I wish it did so I wouldn’t have to enter my Knet information every single damn time I order something. A couple of days later, the Talabat CEO issued the following statement:
“We are aware of the rumors circulating today around Talabat, and would like to reassure our customers that these are absolutely false. We have experienced no disruption within our system and no customer issues have been reported around this. Our online payment is processed via trusted third party platforms and we do not store any banking information on our system. As a business that was established in Kuwait in 2004, data security is paramount to our business model and we have made security and privacy a core part of our structure.” Abdulhamid Alomar, CEO, Talabat
After that things kinda went quiet until yesterday people started leaving comments on the blog and emailing me asking me if Knet was down. Then, this morning a reader emailed me telling me the twitter user DedSec (@DedSecIsHere) had been taking credit for the recent attacks. Based on what I could put together from his tweets, he had previously contacted people at the various institutes warning them of security holes only to be ignored. So I decided to get in touch with him via Twitter and find out what was going on.
First thing I needed to do was verify he was who he says he was and not just someone pretending to be the hacker involved in the recent attacks. So I asked him if he could prove it to me and he replied asking if he should bring down my banks website. Literally 45 seconds later, my banks website was down. Freaky.
According to DedSec, he had been contacting and warning different government and private institutes of their cybersecurity flaws for months now, only to be ignored or told they would fix them soon. But none of them fixed any of the issues he highlighted which left their security vulnerabilities wide open for other hackers who didn’t have the institutes best intention in mind to exploit. Since everyone was ignoring him, DedSec decided to bring down their servers himself so he could grab their attention and hopefully listen to him. He shared with me a list of different businesses that included banks, food ordering websites and telecoms that had security holes, and according to him, the institute with the weakest security system was a payment gateway (lawyer told me I can’t mention which), even though they had received a lot of warnings.
DedSec explained to me that by having a weak security system, it would make it easy to launch attacks on, including “man-in-the-middle attacks” where a hacker can spy on the connection and get the data that is not encrypted properly. So even though your information isn’t saved on their system, there is a potential for it to be read as the information is relayed from your end to their servers end.
@AzizAlW My main goal is to show how bad is the protection, Kuwait has a strong youth with cyber intelligence who are ignored
— DedSec (@DedSecIsHere) February 16, 2017
The more I spoke to DedSec, the more I realized how frustrated he was with the lack of qualified people involved in securing some of our important websites. His pinned tweet states that Kuwait has talented young people with cyber intelligence that are being ignored. He told me there were hacker groups from Iraq, Iran and the USA who have been penetrating our systems and quietly stealing our data. I asked him how he knew that and he replied telling me that he did what IT departments haven’t been doing, and that is checking the server logs for unusual activity.
me and @master_roomi are fixing those problems that i found in the websites instead of attacking them, have a chill day everyone
— DedSec (@DedSecIsHere) February 17, 2017
As I finish up this post, DedSec’s last tweet states that he has now teamed up with Raed Alroomi (@master_roomi), a retired Colonel and information security and cyber crime consultant to fix the exploits he’s found instead of attacking the websites. Hopefully now with Raed’s help, local institutes will finally patch up their vulnerabilities.
Update: Here is an interview with Raed Alroomi that was just posted onto YouTube that discusses the recent attacks. It’s in Arabic but in short, the attacks this week were DDoS attacks, he recommends you don’t use your Knet card online for the next few days until things settle down, and finally he wants to bring all the Kuwaiti hackers and Kuwaiti IT specialist together to volunteer and run penetration tests on the important government websites. He thinks the government should support the local talent and that they should be more involved in securing important local websites.