Is Kuwait Under a Cyber Attack?

Post by Mark

Around 10 days back there was a rumor going around that Talabat went under a cyberattack. I got a few messages saying that Talabat accounts were hacked and that users credit card and Knet information was compromised. I figured that was bullshit because Talabat doesn’t save our bank details, I wish it did so I wouldn’t have to enter my Knet information every single damn time I order something. A couple of days later, the Talabat CEO issued the following statement:

“We are aware of the rumors circulating today around Talabat, and would like to reassure our customers that these are absolutely false. We have experienced no disruption within our system and no customer issues have been reported around this. Our online payment is processed via trusted third party platforms and we do not store any banking information on our system. As a business that was established in Kuwait in 2004, data security is paramount to our business model and we have made security and privacy a core part of our structure.” Abdulhamid Alomar, CEO, Talabat

After that things kinda went quiet until yesterday people started leaving comments on the blog and emailing me asking me if Knet was down. Then, this morning a reader emailed me telling me the twitter user DedSec (@DedSecIsHere) had been taking credit for the recent attacks. Based on what I could put together from his tweets, he had previously contacted people at the various institutes warning them of security holes only to be ignored. So I decided to get in touch with him via Twitter and find out what was going on.

First thing I needed to do was verify he was who he says he was and not just someone pretending to be the hacker involved in the recent attacks. So I asked him if he could prove it to me and he replied asking if he should bring down my banks website. Literally 45 seconds later, my banks website was down. Freaky.

According to DedSec, he had been contacting and warning different government and private institutes of their cybersecurity flaws for months now, only to be ignored or told they would fix them soon. But none of them fixed any of the issues he highlighted which left their security vulnerabilities wide open for other hackers who didn’t have the institutes best intention in mind to exploit. Since everyone was ignoring him, DedSec decided to bring down their servers himself so he could grab their attention and hopefully listen to him. He shared with me a list of different businesses that included banks, food ordering websites and telecoms that had security holes, and according to him, the institute with the weakest security system was a payment gateway (lawyer told me I can’t mention which), even though they had received a lot of warnings.

DedSec explained to me that by having a weak security system, it would make it easy to launch attacks on, including “man-in-the-middle attacks” where a hacker can spy on the connection and get the data that is not encrypted properly. So even though your information isn’t saved on their system, there is a potential for it to be read as the information is relayed from your end to their servers end.

The more I spoke to DedSec, the more I realized how frustrated he was with the lack of qualified people involved in securing some of our important websites. His pinned tweet states that Kuwait has talented young people with cyber intelligence that are being ignored. He told me there were hacker groups from Iraq, Iran and the USA who have been penetrating our systems and quietly stealing our data. I asked him how he knew that and he replied telling me that he did what IT departments haven’t been doing, and that is checking the server logs for unusual activity.

As I finish up this post, DedSec’s last tweet states that he has now teamed up with Raed Alroomi (@master_roomi), a retired Colonel and information security and cyber crime consultant to fix the exploits he’s found instead of attacking the websites. Hopefully now with Raed’s help, local institutes will finally patch up their vulnerabilities.

Update: Here is an interview with Raed Alroomi that was just posted onto YouTube that discusses the recent attacks. It’s in Arabic but in short, the attacks this week were DDoS attacks, he recommends you don’t use your Knet card online for the next few days until things settle down, and finally he wants to bring all the Kuwaiti hackers and Kuwaiti IT specialist together to volunteer and run penetration tests on the important government websites. He thinks the government should support the local talent and that they should be more involved in securing important local websites.

Share on Facebook Share on Twitter

37 comments, add your own...

  1. R says:

    We need further updates on that please!

  2. Abdulaziz says:

    Get him on the blog, let him post what he did exactly! now thats a story!

  3. k says:

    personally i think this is one of your best posts in a while. youre giving off a journo vibe lol.

  4. Abdullateef says:

    He exposed what many have been saying for years, we are living in our own little bubble, pretending that all is well when overnight the whole online banking infrastructure was taken down via a simple DDOS attack.

    The wake up call many needed to spring into action. Necessary evil!

  5. whitehats says:

    not to disparage the work he’s doing, but the whole #tangodown thing is cheesy, considering it was originally thej35t3r’s thing ( )

  6. Nicolas says:

    This is what happens when average IT “specialist” salary is 300-400 KD in the country. No one on right mind would work for this kind of salary if they actually knew something.

    Anyone who knows how to install cracked Windows 7 and printer drivers, considered as IT “specialist” in Kuwait and good enough for 99% IT jobs over here.

  7. Ozzy Ozbourn says:

    Have any watched Citizenfour? do you really think those internet disruptions Kuwait had were because of the under water fiber cables damaged by a ship?

    • Mark says:

      obviously not… the cables were eaten by sharks

      • Ozzy Ozbourn says:

        Can’t tell if that was sarcasm?!
        If you did watch the documentary and if you realize that Germany, UK and other first world countries were being spied on, what does that make other middleeastern countries who has US Marines patrolling their shores and Rangers in camps?

        *Insert we have nothing to hide argument here*

  8. Copy cat says:

    This is a very serious issue..When the world is talking about cashless society,where is the security???
    It’s a high time that the officials responsible for this lapses in the banks and payment gateway will be questioned and a strict action should be taken …
    To be very frank I don’t even feel paying by knet in any website because u never know whats going on …If one guy can do this much of damage ..Think of companies or group of hacker ..Banks please invest better in security infrastructure ,hire experts ..

  9. The Other Ahmed says:

    This is an interesting episode of Mr. Robot.

  10. Ozzy says:

    It’s really because of stuff like this that I never buy online products, or even put anything to do with banking info the extent that I don’t even buy apps from the AppStore. It goes even further where I’d rather have my money in Gold because I don’t trust banks lol. You can say I’m very untrustworthy of things I don’t understand..

  11. NQ says:

    Keep us posted on any developments!!

  12. Essam says:

    From now on, I will never use my Knet card in Kuwait, I’ll just stick with credit cards, much safer.

    • Burhan says:

      Good luck with that, since your credit card also uses the same KNET network.

      • Essam says:

        True, but most, if not all, credit cards are insured against theft and have purchase/fraud protection, ATM/debit cards do not. Plus, if somehow your card was stolen and you couldn’t get your money back, the maximum amount that will be stolen is your card’s limit as opposed to your entire bank account if you’re using a knet card.

        • Burhan says:

          Only true if somehow your debit card and your debit card PIN was stolen; since without the PIN the card is useless.

          Your credit card, however, can be charged online even without your PIN.

          From a technical point of view, a credit card is at a higher risk for fraud than a simple debit card.

    • Tk says:

      Very interesting. If you go through more emails you can see Roumi via Al Rashed consulting company were contracting with Italian hackers to provide hacking software and training to MoI. Could this stunt be a PR move to scare the Kuwaiti populace and Gov’t into contracting with the same guys instigating the attacks?

    • BSe says:

      Fucking interesting :D

  13. The PI says:

    cyber power… niiice!

  14. Noel says:

    Thanks Mark very informative. Some of the online sites i used to used were offline and are back today.

  15. Ahmad says:

    all isps in kuwait suck big time

  16. Noura says:

    Impressive. Most of IT departments in local bank are too lazy and know nothing about cyber security

  17. Ahmad says:

    lool noura true true

  18. Burhan Khalid says:

    This is just a script kid who rented a bot net. Something anyone can do. I, for one, am not impressed at his “hacking skills”.

    Surprised that anyone with any creditability is giving this guy the time of day.

    • DedSecisHere says:

      I’m sorry I didn’t impress you perhaps if you checked some of the dumps I posted you will be interested, if that wasn’t good enough for you maybe my python bots will pay you a visit

  19. Eman says:

    You’ve explained what my bank couldn’t explain. I’m not able to do any online purchase for almost a week and when I called the bank they asked me to come to any branch. When I went there, they scanned my ID and asked me to fill a form and told me that I can use the online Knet service as usual the next day. I’m still not able to pay anything online till today, and whenever I call the bank they keep me on waiting and never answer. This is such an inconvenience that I hope will be solved soon.

    Thanks to those guys for the efforts to maximize security though. These security measures should’ve been there by default, the weakness is so frustrating.

Leave a Reply

Commenting is a privilege not a right. I allow comments on the site because I believe that you can make a valuable contribution but in return I expect that you comment responsibly.


If you have anything you think would be interesting to share on this blog
[Email Me]